Since version 6, some previously deprecated features have been removed:
* Edge Side Includes (ESI)
* access to the cache manager using the cache_object:// scheme - use http instead
* the squdclient tool - use curl http://<squid-address>/squid-internal-mgr/menu instead
* the cachemgr.cgi tool
* the purge tool - use the http PURGE method instead
* Ident protocol support
* basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's ntlm_auth instead
- Update to 7.3
- Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit
- Quit NTLM authenticate() on missing NTLM authorization header
- Fix Auth::User::absorb() IP list transfer logic
- Fix type mismatch in new/delete of addrinfo::ai_addr
- Fix libntlmauth string parsing on big-endian machines
- ... and some code cleanups
- ... and some CI improvements
- changes since squid 6.14 (bsc#1252281, CVE-2025-62168)
- Bug 3390: Proxy auth data visible to scripts
- Bug 5504: Document that Squid discards invalid rewrite-url
- Bug 5407: Support at least 1000 groups per Kerberos user
- Fix parsing of malformed quoted squid.conf strings
- Fix off-by-one in helper args count assertion
- Fix UDP log module opening and closing code
- Fix BodyPipe debugging in handleChunkedRequestBody()
- Fix debugging of Eui48::lookup() problems
- Fix memory leak when parsing deprecated %rG logformat code
- Fix SQUID_YESNO 'syntax error near unexpected token'
- DNS: fix RRPack memcpy
- DNS: Do not leak RR data upon RR data unpacking errors
- FTP: Avoid null dereferences when handling ftp_port traffic
OBS-URL: https://build.opensuse.org/request/show/1316100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=124
* Edge Side Includes (ESI)
* access to the cache manager using the cache_object:// scheme - use http instead
* the squdclient tool - use curl http://<squid-address>/squid-internal-mgr/menu instead
* the cachemgr.cgi tool
* the purge tool - use the http PURGE method instead
* Ident protocol support
* basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's ntlm_auth instead
- Update to 7.3
- Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit
- Quit NTLM authenticate() on missing NTLM authorization header
- Fix Auth::User::absorb() IP list transfer logic
- Fix type mismatch in new/delete of addrinfo::ai_addr
- Fix libntlmauth string parsing on big-endian machines
- ... and some code cleanups
- ... and some CI improvements
- changes since squid 6.14 (bsc#1252281, CVE-2025-62168)
- Bug 3390: Proxy auth data visible to scripts
- Bug 5504: Document that Squid discards invalid rewrite-url
- Bug 5407: Support at least 1000 groups per Kerberos user
- Fix parsing of malformed quoted squid.conf strings
- Fix off-by-one in helper args count assertion
- Fix UDP log module opening and closing code
- Fix BodyPipe debugging in handleChunkedRequestBody()
- Fix debugging of Eui48::lookup() problems
- Fix memory leak when parsing deprecated %rG logformat code
- Fix SQUID_YESNO 'syntax error near unexpected token'
- DNS: fix RRPack memcpy
- DNS: Do not leak RR data upon RR data unpacking errors
- FTP: Avoid null dereferences when handling ftp_port traffic
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=304
- Updated harden_squid.service.patch to include new startup sequence
local-fs.target
- Update to 6.14
- Bug 5352: Do not get stuck in RESPMOD after pausing peer read(2)
- Bug 5489: Fix "make check" linking on Solaris
- Fix SNMP cacheNumObjCount -- number of cached objects
- Do not duplicate received Surrogate-Capability in sent requests
- Fix Mem::Segment::open() stub to fix build without shm_open()
- ... and CI and documentation updates
- changes since squid-6.13
- Bug 5352: Do not get stuck when RESPMOD is slower than read(2)
- Bug 5405: Large uploads fill request buffer and die
- Bug 5093: List http_port params that https_port/ftp_port lack
- Bug 5311: clarify configuration byte units
- Bug 5091: document that changes to workers require restart
- Bug 5481: Fix GCC v14 build [-Wmaybe-uninitialized]
- Nil request dereference in ACLExtUser and SourceDomainCheck ACLs
- Fix GCC v14 [-Wanalyzer-null-dereference] warnings in Kerberos
- Clarify --enable-ecap failure on missing shared library support
- Fix syntax error in configure.ac
- Remove GNU'ism in release notes Makefile
- Annotate PoolMalloc memory in valgrind builds
- Fix systemd startup sequence to require active Local Filesystem
- Display Linux variant at ./configure time
- Refactor peerRefreshDNS() to clarify its (void*)1 logic
- Portability: remove explicit check for libdl
- ext_time_quota_acl: remove -l option
- ... and some documentation updates
- ... and some CI updates
OBS-URL: https://build.opensuse.org/request/show/1313240
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=303
- Update to 6.12
- Fix validation of Digest auth header parameters
- changes since squid-6.11:
- Fix Kerberos detection when cross-compiling
- Improve robustness of DNS code on reconfigure
- Prevent slow memory leak in TCP DNS queries
- Improve errors emitted when invalid ACLs are parsed
- Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802)
OBS-URL: https://build.opensuse.org/request/show/1229399
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=123
- Fix validation of Digest auth header parameters
- changes since squid-6.11:
- Fix Kerberos detection when cross-compiling
- Improve robustness of DNS code on reconfigure
- Prevent slow memory leak in TCP DNS queries
- Improve errors emitted when invalid ACLs are parsed
- Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=301
- update to 6.8
- Fix marking of problematic cached IP addresses (#1691)
- Bug 5344: mgr:config segfaults without logformat (#1680)
- Fix infinite recursion when parsing HTTP chunks (#1553)
(bsc#1216715, CVE-2024-25111)
- changes in 6.7
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- squid.keyring: updated
- header_fixups.patch: added
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on
client errors
- Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617)
OBS-URL: https://build.opensuse.org/request/show/1155563
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=120
- Fix marking of problematic cached IP addresses (#1691)
- Bug 5344: mgr:config segfaults without logformat (#1680)
- Fix infinite recursion when parsing HTTP chunks (#1553)
(bsc#1216715, CVE-2024-25111)
- changes in 6.7
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=291
- move pidfile back to /run/squid.pid and not in the directory
owned by squid. The purpose of /run/squid/ is to facilitate
SMP worker's IPC and not for the PID file. The PID file can
live just fine in /run since it's written by root. (bsc#1210960)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=273
- update to 5.8:
* Bug 5162: mgr:index URL do not produce MGR_INDEX template
* Bug 5241: Block all non-localhost requests by default
* Bug 5241: Block to-localhost, to-link-local requests by
default
* ext_kerberos_ldap_group_acl: Support -b with -D
* Fix ACL type typo in req_header, rep_header key-changing
ERRORs
* ... and several compile fixes
* ... and some code cleanup and polishing
OBS-URL: https://build.opensuse.org/request/show/1079299
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=271
