Dear Mr. Negi Reference to email received from Squid forum regarding Squid-4.13 release package by Mr. Amos Jeffries.
See below information. I am planning to upgrade my server by trying it soon COPIED ........ On Sun, Aug 23, 2020 at 1:35 PM Amos Jeffries <squ...@treenet.co.nz> wrote: > The Squid HTTP Proxy team is very pleased to announce the availability > of the Squid-4.13 release! > > > This release is a security release resolving several issues found in > the prior Squid releases. > > > The major changes to be aware of: > > * SQUID-2020:8 HTTP(S) Request Splitting > (CVE-2020-15811) > > This problem is serious because it allows any client, including > browser scripts, to bypass local security and poison the browser > cache and any downstream caches with content from an arbitrary > source. > > See the advisory for patches: > < > https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv > > > > > * SQUID-2020:9 Denial of Service processing Cache Digest Response > (CVE pending allocation) > > This problem allows a trusted peer to deliver to perform Denial > of Service by consuming all available CPU cycles on the machine > running Squid when handling a crafted Cache Digest response > message. > > This attack is limited to Squid using cache_peer with cache > digests feature. > > See the advisory for patches: > < > https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg > > > > > * SQUID-2020:10 HTTP(S) Request Smuggling > (CVE-2020-15810) > > This problem is serious because it allows any client, including > browser scripts, to bypass local security and poison the proxy > cache and any downstream caches with content from an arbitrary > source. > > > See the advisory for patches: > < > https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m > > > > > * Bug 5051: Some collapsed revalidation responses never expire > > This bug appears as a 4xx or 5xx status response becoming the only > response delivered by Squid to a URL when Collapsed Forwarding > feature is used. > > It primarily affects Squid which are caching the 4xx/5xx status > object since Bug 5030 fix in Squid-4.11. But may have been > occurring for short times on any proxy with Collapsed Forwarding. > > > > * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes > > Chrome Browser intentionally sends random garbage values in the > TLS handshake to force TLS implementations to cope with future TLS > extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3 > caused our parser to be extra strict and reject this TLS garbage. > > This release adds explicit support for Chrome, or any other TLS > agent performing these "GREASE" behaviours. > > > * Honor on_unsupported_protocol for intercepted https_port > > This behaviour was one of the intended use-cases for unsupported > protocol handling, but somehow was not enabled earlier. > > Squid should now be able to perform the on_unsupported_protocol > selected action for any traffic handled by SSL-Bump. > > > All users of Squid are urged to upgrade as soon as possible. > > > See the ChangeLog for the full list of changes in this and earlier > releases. > > Please refer to the release notes at > http://www.squid-cache.org/Versions/v4/RELEASENOTES.html > when you are ready to make the switch to Squid-4 > > This new release can be downloaded from our HTTP or FTP servers > > http://www.squid-cache.org/Versions/v4/ > ftp://ftp.squid-cache.org/pub/squid/ > ftp://ftp.squid-cache.org/pub/archive/4/ > > or the mirrors. For a list of mirror sites see > > http://www.squid-cache.org/Download/http-mirrors.html > http://www.squid-cache.org/Download/mirrors.html > > If you encounter any issues with this release please file a bug report. > http://bugs.squid-cache.org/ > > > Amos Jeffries > _______________________________________________ > squid-announce mailing list > squid-annou...@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-announce > On Mon, Aug 24, 2020 at 9:07 AM <rahul.n...@orange.com> wrote: > Hi Team, > > Can anyone please share squid latest stable version 4.13 RPM packaged > files for CentOS7 distribution and x86_64 architecture. > > > > *Thanks and Regards,* > > *Rahul Negi* > > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- With Regards, *Arsalan Hussain* *Assistant Director, Networks & Information System* *PRESTON UNIVERSITY* *Complaining is finding faults, wisdom is finding solutions*
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
