Prep for 3.2.0.19

diff --git a/ChangeLog b/ChangeLog
index 599bda4c539bc10fcab9726354c8dde37688175e..7e89a1642ac7081ae36d923eb2c37223ac9a7b24 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+Changes to squid-3.2.0.19 (02 Aug 2012):
+
+       - Regression Bug 3580: IDENT request makes squid crash
+       - Regression Bug 3577: File Descriptors not properly closed
+       - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
+       - Regression Fix: Restore memory caching ability
+       - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
+       - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
+       - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
+       - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
+       - Support custom headers in [request|reply]_header_* manglers
+       - ... and much code polishing
+
 Changes to squid-3.2.0.18 (29 Jun 2012):
 
        - Bug 3576: ICY streams being Transfer-Encoding:chunked

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml
index 75aff34f3fbe5e273e526f22a30bf47d2fc2208c..4fd4bd804cb51f3f7405deb9a42338ac9d903554 100644 (file)
--- a/doc/release-notes/release-3.2.sgml
+++ b/doc/release-notes/release-3.2.sgml
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 3.2.0.18 release notes</title>
+<title>Squid 3.2.0.19 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -13,7 +13,7 @@ for Applied Network Research and members of the Web Caching community.
 
 <sect>Notice
 <p>
-The Squid Team are pleased to announce the release of Squid-3.2.0.18 for testing.
+The Squid Team are pleased to announce the release of Squid-3.2.0.19 for testing.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.2/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
 
@@ -26,13 +26,18 @@ report with a stack trace.
 <p>
 Although this release is deemed good enough for use in many setups, please note the existence of <url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&amp;short_desc_type=allwordssubstr&amp;short_desc=&amp;target_milestone=3.2&amp;long_desc_type=allwordssubstr&amp;long_desc=&amp;bug_file_loc_type=allwordssubstr&amp;bug_file_loc=&amp;status_whiteboard_type=allwordssubstr&amp;status_whiteboard=&amp;bug_status=NEW&amp;bug_status=ASSIGNED&amp;bug_status=REOPENED&amp;emailtype1=substring&amp;email1=&amp;emailtype2=substring&amp;email2=&amp;bugidtype=include&amp;bug_id=&amp;votes=&amp;chfieldfrom=&amp;chfieldto=Now&amp;chfieldvalue=&amp;cmdtype=doit&amp;order=bugs.bug_severity&amp;field0-0-0=noop&amp;type0-0-0=noop&amp;value0-0-0=" name="open bugs against Squid-3.2">.
 
+<p>Some issues to note as currently known in this release which are not able to be fixed in the 3.2 series are:
+
+<itemize>
+       <item>CVE-2009-0801 : interception proxies cannot relay certain requests to peers safely. see the CVE section below for details.
+       <item>TCP logging of access.log does not recover from broken connections well.
+</itemize>
+
 <p>Currently known issues which only depends on available developer time and may still be resolved in a future 3.2 release are:
 
 <itemize>
-       <item>CVE-2009-0801 : interception proxies cannot relay certain requests to peers. see the CVE section below for details.
        <item>SMP Support still has a number of important bugs needing to be resolved. see the bugs list above for details.
        <item>Windows support is still incomplete.
-       <item>TCP logging of access.log does not recover from broken connections well.
        <item>The lack of some features available in Squid-2.x series. See the regression sections below for full details.
 </itemize>
 
@@ -46,7 +51,7 @@ The 3.2 change history can be <url url="http://www.squid-cache.org/Versions/v3/3
 
 <p>The most important of these new features are:
 <itemize>
-       <item>Fixed CVE-2009-0801 : NAT interception vulnerability to malicious clients.
+       <item>CVE-2009-0801 : NAT interception vulnerability to malicious clients.
        <item>SMP scalability
        <item>Helper Multiplexer and On-Demand
        <item>Helper Name Changes
@@ -62,7 +67,7 @@ The 3.2 change history can be <url url="http://www.squid-cache.org/Versions/v3/3
 Most user-facing changes are reflected in squid.conf (see below).
 
 
-<sect1>Fixed CVE-2009-0801 : NAT interception vulnerability to malicious clients.
+<sect1>CVE-2009-0801 : NAT interception vulnerability to malicious clients.
 <p>Details in Advisory <url url="http://www.squid-cache.org/Advisories/SQUID-2011_1.txt" name="SQUID-2011:1">
 
 <p>Squid locates the authority-URL details available in an HTTP request as
@@ -82,8 +87,9 @@ Most user-facing changes are reflected in squid.conf (see below).
   can not be used as feeder gateways into a cluster or peer hierarchy without strict validation.
 
 <p>Known Issue: When non-strict validation fails Squid will relay the request, but can only do
-  so to the orginal destination IP the client was contacting. This means that interception
-  proxy Squid are unable to pass traffic reliably to peers in a cache hierarchy.
+  so safely to the orginal destination IP the client was contacting. The client original
+  destinatio IP is lost when relayign to peers in a hierarchy. This means the upstream peers
+  are at risk of cache poisoning from CVE-2009-0801 vulnerability.
   Developer time is required to implement safe transit of these requests.
   Please contact squid-dev if you are able to assist or sponsor the development.