Thank you. I have merged this into Core Update 198.
> On 20 Oct 2025, at 11:48, Adolf Belka <[email protected]> wrote:
>
> - The full fix for CVE-2025-62168 is in version squid-7.2
> - However there are a lot of changes in squid from version 6 to 7 with all
> the error
> language files no longer provided directly, they have to be obtained from
> separate
> langauage packs now. Also several tools like cachmgr.cgi have been removed
> as the
> options can be obtained via different approaches.
> - I have had a look at squid-7.2 and I believe I can do the upgrade but it
> will take some
> time to be sure it is working properly.
> - In the interim, this patch adds the mitigation "email_err_data off" into
> squid.conf
> that is referenced in the CVE report.
> - If someone else has already worked on squid-7.2 and has it ready to go now
> or soon,
> then this patch can be dropped.
>
> Signed-off-by: Adolf Belka <[email protected]>
> ---
> html/cgi-bin/proxy.cgi | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> index fdb7c6a77..f0547e249 100644
> --- a/html/cgi-bin/proxy.cgi
> +++ b/html/cgi-bin/proxy.cgi
> @@ -3109,6 +3109,7 @@ sub writeconfig
> shutdown_lifetime 5 seconds
> icp_port 0
> httpd_suppress_version_string on
> +email_err_data off
>
> END
> ;
> --
> 2.51.1.dirty
>
>
