v7.2

Changes in squid-7.2 (15 Oct 2025):

	- Bug 3390: Proxy auth data visible to scripts
	- Bug 5504: Document that Squid discards invalid rewrite-url
	- Bug 5407: Support at least 1000 groups per Kerberos user
	- Fix parsing of malformed quoted squid.conf strings
	- Fix off-by-one in helper args count assertion
	- Fix UDP log module opening and closing code
	- Fix BodyPipe debugging in handleChunkedRequestBody()
	- Fix debugging of Eui48::lookup() problems
	- Fix memory leak when parsing deprecated %rG logformat code
	- Fix SQUID_YESNO 'syntax error near unexpected token'
	- DNS: fix RRPack memcpy
	- DNS: Do not leak RR data upon RR data unpacking errors
	- FTP: Avoid null dereferences when handling ftp_port traffic
	- FTP: fix response parsing and error handling memory leaks
	- HTCP: Check for too-small packed and too-large unpacked fields
	- HTTP: fix purging of entries by relative [Content-]Location URLs
	- SNMP: Improve parsing of malformed ASN.1 object identifiers
	- SNMP: Check for objid memory allocation failures
	- SNMP: Fix ASN.1 encoding of long OIDs
	- SNMP: Do not assert when debugging requests with long OIDs
	- SNMP: Match Var allocation/deallocation methods
	- digest_edirectory_auth: null-terminate NMAS values array
	- digest_edirectory_auth: safely return password
	- ext_ad_group_acl: Fix domain lookup error handling
	- ext_edirectory_userip_acl: Redact password from stdout
	- ext_file_userip_acl: harden lookups and memory handling
	- ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer
	- ext_kerberos_ldap_group_acl: Improve LDAPMessage freeing
	- ext_ldap_group_acl: avoid infinite loop on login containing '%s'
	- negotiate_kerberos_auth: Properly align NDR data
	- negotiate_sspi_auth: Do not exit on the first request
	- ntlm_sspi_auth: memcmp not memcpy, send newline, no uninit mem
	- text_backend: avoid memory leaks when reload/clearing
	- Reduce UDS/segment name clashes across same-service instances
	- Reject eui64 ACL addresses with trailing garbage
	- Validate raw-IPv4 when parsing hostnames
	- Avoid memory leaks when logging to MS Windows syslog
	- Flip configure --enable-arch-native default
	- Support no-digest X509 certificate keys like ML-DSA/EdDSA
	- Do not allow client_ip_max_connections+1 connections
	- Remove bundled smblib and librfcnb
	- ... and several code cleanups
	- ... and some documentation improvements

diff --git a/ChangeLog b/ChangeLog
index 212011bc4654af1543751e056f4151cebb0e7b5c..f9eaa2ea15eaddb0b043985fa8e84fbf0794ec0b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,49 @@
+Changes in squid-7.2 (15 Oct 2025):
+
+       - Bug 3390: Proxy auth data visible to scripts
+       - Bug 5504: Document that Squid discards invalid rewrite-url
+       - Bug 5407: Support at least 1000 groups per Kerberos user
+       - Fix parsing of malformed quoted squid.conf strings
+       - Fix off-by-one in helper args count assertion
+       - Fix UDP log module opening and closing code
+       - Fix BodyPipe debugging in handleChunkedRequestBody()
+       - Fix debugging of Eui48::lookup() problems
+       - Fix memory leak when parsing deprecated %rG logformat code
+       - Fix SQUID_YESNO 'syntax error near unexpected token'
+       - DNS: fix RRPack memcpy
+       - DNS: Do not leak RR data upon RR data unpacking errors
+       - FTP: Avoid null dereferences when handling ftp_port traffic
+       - FTP: fix response parsing and error handling memory leaks
+       - HTCP: Check for too-small packed and too-large unpacked fields
+       - HTTP: fix purging of entries by relative [Content-]Location URLs
+       - SNMP: Improve parsing of malformed ASN.1 object identifiers
+       - SNMP: Check for objid memory allocation failures
+       - SNMP: Fix ASN.1 encoding of long OIDs
+       - SNMP: Do not assert when debugging requests with long OIDs
+       - SNMP: Match Var allocation/deallocation methods
+       - digest_edirectory_auth: null-terminate NMAS values array
+       - digest_edirectory_auth: safely return password
+       - ext_ad_group_acl: Fix domain lookup error handling
+       - ext_edirectory_userip_acl: Redact password from stdout
+       - ext_file_userip_acl: harden lookups and memory handling
+       - ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer
+       - ext_kerberos_ldap_group_acl: Improve LDAPMessage freeing
+       - ext_ldap_group_acl: avoid infinite loop on login containing '%s'
+       - negotiate_kerberos_auth: Properly align NDR data
+       - negotiate_sspi_auth: Do not exit on the first request
+       - ntlm_sspi_auth: memcmp not memcpy, send newline, no uninit mem
+       - text_backend: avoid memory leaks when reload/clearing
+       - Reduce UDS/segment name clashes across same-service instances
+       - Reject eui64 ACL addresses with trailing garbage
+       - Validate raw-IPv4 when parsing hostnames
+       - Avoid memory leaks when logging to MS Windows syslog
+       - Flip configure --enable-arch-native default
+       - Support no-digest X509 certificate keys like ML-DSA/EdDSA
+       - Do not allow client_ip_max_connections+1 connections
+       - Remove bundled smblib and librfcnb
+       - ... and several code cleanups
+       - ... and some documentation improvements
+
 Changes in squid-7.1 (10 Jul 2025):
 
        - Bug 5497: Fix detection of duped IPs returned by getaddrinfo()

diff --git a/configure.ac b/configure.ac
index c15e6bb6a4cd4f4b0e0c0487e56cd51f2396590b..51ce5d5721d48209948e06398cb7ffd2494533c6 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[7.1-VCS],[https://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[7.2-VCS],[https://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)