Are we going to see updates soon?
Advisory ID: SQUID-2002:3
Date: July 3, 2002
Summary: Squid-2.4.STABLE7 released to address a
number of security related issues.
Affected versions: Squid-2.x up to and including 2.4.STABLE6
Security related changes in the 2.4.STABLE7 release:
- Several bugfixes and cleanup of the Gopher client, both
to correct some security issues and to make Squid properly
render certain Gopher menus.
- Security fixes in how Squid parses FTP directory listings into
HTML
- FTP data channels are now sanity checked to match the address
of the requested FTP server. This to prevent theft or injection
of data. See the new ftp_sanitycheck directive if this sanity
check is not desired.
- The MSNT auth helper has been updated to v2.0.3+fixes for
buffer overflow security issues found in this helper.
- A security issue in how Squid forwards proxy authentication
credentials has been fixed
Other changes in the 2.4.STABLE7 release:
- Squid now correctly rejects any requests using transfer-
encoding. Squid is a HTTP/1.0 proxy and as such does not
implement or support transfer-encoding.
- Minor changes to support Apple MAC OS X and some other
platforms more easily.
- The client -T option has been implemented
- HTCP related bugfixes in "squid -k reconfigure"
