+Changes to squid-4.8 (09 Jul 2019):
+
+ - Bug 4957: Multiple XSS issues in cachemgr.cgi
+ - Bug 4953: to_localhost does not include ::
+ - Bug 4937: cachemgr.cgi: unallocated memory access
+ - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH
+ - Bug 4889: Ignore ECONNABORTED in accept(2)
+ - Bug 4842: Memory leak when http_reply_access uses external_acl
+ - TLS: Fix tls-min-version= being ignored
+ - TLS: Add the NO_TLSv1_3 option to available tls-options values
+ - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL
+ - HTTP: Remove userinfo support from old protocols
+ - HTTP: Fix Digest auth parameter parsing
+ - HTTP: Send Connection:close with the known-last request on a connection
+ - HTTP: Fix handling of tiny invalid responses
+ - Replace uudecode with libnettle base64 decoder
+ - Update HttpHeader::getAuth to SBuf
+ - ... and some compile issues
+
Changes to squid-4.7 (06 May 2019):
- Bug 4942: --with-filedescriptors does not do anything
- Add support for buffer-size= to UDP logging
- TLS: When using OpenSSL, trust intermediate CAs from trusted store
-Changes to squid-4.6 (08 Feb 2019):
+Changes to squid-4.6 (19 Feb 2019):
- Bug 4915: Detect IPv6 loopback binding errors
- Bug 4914: Do not call setsid() in --foreground mode
<!doctype linuxdoc system>
<article>
-<title>Squid 4.7 release notes</title>
+<title>Squid 4.8 release notes</title>
<author>Squid Developers</author>
<abstract>
<toc>
<sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-4.7 for testing.
+<p>The Squid Team are pleased to announce the release of Squid-4.8 for testing.
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v4/"> or the
<url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
<p>New <em>--consensus</em>, <em>--client-requested</em> and
<em>--server-provided</em> flags for the <em>ssl::server_name</em>
type to control which server name to match against.
+ <p>Added <em>::/128</em> IPv6 range to <em>to_localhost</em> ACL.
<tag>auth_param</tag>
<p>New parameter <em>queue-size=</em> to set the maximum number
<p>New option <em>tls-min-version=1.N</em> to set minimum TLS version allowed.
<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>
<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+ <p>New <em>tls-options=</em> option value to disable TLS/1.3.
<p>All <em>ssloptions=</em> values for SSLv2 configuration or disabling
have been removed.
<p>Removed <em>sslversion=</em> option. Use <em>tls-options=</em> instead.
<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>,
the default is also changed to OFF.
<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+ <p>New <em>tls-options=</em> option value to disable TLS/1.3.
<p>All <em>option=</em> values for SSLv2 configuration or disabling
have been removed.
<p>Removed <em>version=</em> option. Use <em>tls-options=</em> instead.
<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>,
the default is also changed to OFF.
<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+ <p>New <em>tls-options=</em> option value to disable TLS/1.3.
<p>All <em>options=</em> values for SSLv2
configuration or disabling have been removed.
<p>Removed <em>version=</em> option. Use <em>tls-options=</em> instead.
<p>New <em>tls-min-version=1.N</em> option to set minimum TLS version allowed
on server connections.
<p>New <em>tls-options=</em> option to set OpenSSL library parameters.
+ <p>New <em>tls-options=</em> option value to disable TLS/1.3.
<p>New <em>tls-flags=</em> option to set flags modifying Squid TLS operations.
<p>New <em>tls-cipher=</em> option to set a list of ciphers permitted.
<p>New <em>tls-cafile=</em> option to set a file with additional CA
projects / thirdparty / squid.git / commitdiff
