Are we going to see updates soon? Advisory ID: SQUID-2002:3 Date: July 3, 2002 Summary: Squid-2.4.STABLE7 released to address a number of security related issues. Affected versions: Squid-2.x up to and including 2.4.STABLE6
Security related changes in the 2.4.STABLE7 release: - Several bugfixes and cleanup of the Gopher client, both to correct some security issues and to make Squid properly render certain Gopher menus. - Security fixes in how Squid parses FTP directory listings into HTML - FTP data channels are now sanity checked to match the address of the requested FTP server. This to prevent theft or injection of data. See the new ftp_sanitycheck directive if this sanity check is not desired. - The MSNT auth helper has been updated to v2.0.3+fixes for buffer overflow security issues found in this helper. - A security issue in how Squid forwards proxy authentication credentials has been fixed Other changes in the 2.4.STABLE7 release: - Squid now correctly rejects any requests using transfer- encoding. Squid is a HTTP/1.0 proxy and as such does not implement or support transfer-encoding. - Minor changes to support Apple MAC OS X and some other platforms more easily. - The client -T option has been implemented - HTCP related bugfixes in "squid -k reconfigure"