<p>The most important of these new features are:
<itemize>
<item>CVE-2009-0801 : NAT interception vulnerability to malicious clients.
+ <item>NCSA helper DES algorithm password limits
<item>SMP scalability
<item>Helper Multiplexer and On-Demand
<item>Helper Name Changes
Please contact squid-dev if you are able to assist or sponsor the development.
+<sect1>NCSA helper DES algorithm password limits
+<p>Details in Advisory <url url="http://www.squid-cache.org/Advisories/SQUID-2011_2.txt" name="SQUID-2011:2">
+
+<p>The DES algorithm used by the NCSA Basic authentication helper has an
+ limit of 8 bytes but some implementations do not error when truncating
+ longer passwords down to this unsafe level.
+
+<p>This both significantly lowers the threshold of difficulty decrypting
+ captured password files and hides from users the fact that the extra bits
+ of their chosen long password is not being utilized.
+
+<p>The NCSA helper bundled with Squid will prevent passwords longer than 8
+ characters being sent to the DES algorithm. The MD5 hash algorithm which
+ supports longer than 8 character passwords is also supported by this helper
+ and should be used instead.
+
+
<sect1>SMP scalability
<p>The new "workers" squid.conf option can be used to launch multiple worker
processes and utilize multiple CPU cores. The overall intent is to make
projects / thirdparty / squid.git / commitdiff
