22.10.2025 12:55, Stuart Henderson пишет:
On 2025-10-22, Dmitry Melekhov <[email protected]> wrote:
22.10.2025 08:17, Amos Jeffries пишет:
Any server could easily respond with HTTPS on port 80 - especially
since the domain "http" is rare and likely crafted to exist by an
attacker.
Sorry, I don't see any real problem here, otherwise all squids before 7
are affected.
"all squids before 7 are affected" - surely that's exactly why this was
tightened up?
I didn't see any CVE about this.
And 6 blocked not allowed urls, 7 just allows them without any info to user.
So which one is more secure?
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
