From: Joshua Rogers Date: Mon, 8 Sep 2025 14:43:54 +0000 (+0000) Subject: Do not allow client_ip_max_connections+1 connections (#2168) X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=059faae39c9f19885fea4bf6e3b2b52c8c127b89;p=thirdparty%2Fsquid.git Do not allow client_ip_max_connections+1 connections (#2168) Previously, setting client_ip_max_connections to a non-negative N would allow N+1 client connections, due to an off-by-one error. --- diff --git a/doc/release-notes/release-8.sgml.in b/doc/release-notes/release-8.sgml.in index 4655df84a4..2c7a44edd1 100644 --- a/doc/release-notes/release-8.sgml.in +++ b/doc/release-notes/release-8.sgml.in @@ -95,6 +95,15 @@ This section gives an account of those changes in three categories: src_as and dst_as ACLs, Squid no longer initiates ASN lookups. + client_ip_max_connections + +

Fixed off-by-one enforcement. Squid now allows at most N + concurrent connections per client IP (not N+1), where N + is the configured directive value. Deployments that relied on the extra + connection should increase the configured limit by one to preserve + previous behavior. + + Removed directives