squid (5.9-0ubuntu0.22.04.1) jammy; urgency=medium The 5.9 release of Squid introduced more strict defaults when it comes to blocking traffic to localhost and to link-local network address ranges. In order to guarantee that existing Squid deployments on Ubuntu 22.04 Jammy systems continue to work as expected, we decided to disable these defaults and retain the behaviour from previous Ubuntu Squid versions. We do recommend, however, that users take a moment to analyze the new version of the Squid configuration file and determine whether enabling these extra restrictions can be beneficial for their deployments. You can see below the excerpt of the Squid configuration file where these restrictions are defined. In the excerpt below they are enabled, but in the configuration file shipped with the package they will be commented out. # Protect web applications running on the same server as Squid. They often # assume that only local users can access them at "localhost" ports. http_access deny to_localhost # Protect cloud servers that provide local users with sensitive info about # their server via certain well-known link-local (a.k.a. APIPA) addresses. http_access deny to_linklocal -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 11 Apr 2024 14:13:43 -0400 squid (5.1-2) unstable; urgency=medium ext_session_acl and ext_time_quota_acl helpers have been switched from deprecated BerkleyDB storage format to Samba TrivialDB. If issues are encountered after upgrade the helper DB file(s) should be manually removed and Squid restarted so the helper can rebuild a clean database. -- Amos Jeffries <amosjeffries@squid-cache.org> Thu, 16 Sep 2021 04:18:00 +1300 squid (4.13-9) unstable; urgency=medium Current package flavours: squid (GnuTLS) and squid-openssl share config, logs and cache. Since 4.13-6 none of them removes the logs on purge, so that you can purge one flavour when switching to the other without loosing the logs. If you don't need them anymore and want them removed you'll have to do it yourself. -- Santiago Garcia Mantinan <manty@debian.org> Tue, 23 Mar 2021 00:07:36 +0100 squid (4.13-6) unstable; urgency=medium If you want to transition from squid to squid-openssl or vice versa you should first make sure you have at least version 4.13-6 of the packages installed or don't purge your packages, as older packages will remove logs and config file on purge. -- Santiago Garcia Mantinan <manty@debian.org> Thu, 04 Mar 2021 15:36:44 +0100 squid (4.13-2) unstable; urgency=high Starting from this release we ship the old squid package compiled against GnuTLS and a new brand, the new squid-openssl package which is compiled against OpenSSL, this new brand allows the intercept mode with ssl-bump. Both packages have the squid binary and service so conflict with each other, the feature set of each build is different, choose the one that suits you better. -- Santiago Garcia Mantinan <manty@debian.org> Sun, 07 Feb 2021 01:43:37 +0100 squid (4.13-1ubuntu2) groovy; urgency=medium Disable the NIS basic authentication helper, as it no longer builds with glibc 2.32. -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Sep 2020 18:17:53 -0300 squid (4.1-1) unstable; urgency=medium Starting from this release support for systemd init has been added to the packaging. On machines running systemd as their init system this has several side effects which may need manual attention. The systemd service is enabled by default. If you had previously disabled the Squid service with in /etc/default/squid or init script edits then you will need to manually disable the systemd service again after upgrade. This can be done with the command: systemctl disable squid or update-rc.d squid disable The /etc/default/squid file as a whole is not used by systemd. Kerberos environment variable for keytab elsewhere documented as being set there now need to be set using the available squid.conf options instead. For example; these lines in /etc/default/squid: KRB5_KTNAME=/etc/squid/PROXY.keytab export KRB5_KTNAME should instead be configured in squid.conf as a parameter for the kerberos helper: negotiate_kerberos_auth -k /etc/squid/PROXY.keytab Custom modifications can also be added in the form of a local .service file for systemd if you are familiar with those. -- Amos Jeffries <amosjeffries@squid-cache.org> Sat, 21 Apr 2018 18:53:00 +1300 squid3 (3.5.6-1) unstable; urgency=medium Starting from this release, packages names are being changed from squid3* to squid*. This change also affects directories for configuration files and data: /etc/squid3 -> /etc/squid /var/spool/squid3 -> /var/spool/squid /usr/lib/squid3 -> /usr/lib/squid Configuration file migration is automatically handled by dpkg-maintscript-helper and previous version of squid.conf from /etc/squid3 is moved over to /etc/squid, ensuring service functionality after upgrade. If both squid 2.x and squid 3.x are installed on the local machine a configuration check is mandatory after upgrade. Purging the unwanted package before the upgrade is recommended to make the transition smoother. If the local administrator has made any customization to configuration files or helper locations, the migrated squid.conf should be manually checked and path to helper programs fixed. Data in /var/spool/squid3 is not moved automatically. If the cache store has to be retained, the local administrator should move it over (usually to /var/spool/squid) and change the cache_dir setting accordingly. Please note that cache store format changed from squid 2.x and cannot be reused with squid 3.x -- Luigi Gangitano <luigi@debian.org> Wed, 22 Jul 2015 15:48:13 +0200 squid3 (3.0.STABLE15-1) unstable; urgency=low Since version 3.0.STABLE15-1 error pages are not included in squid3-common anymore, but are instead shipped in a separate package (squid-langpack). If the error_directory option in /etc/squid3/squid.conf was customized, it should be checked against the new directory layout of squid-langpack; if it is not set correctly, squid3 will refuse to start. -- Luigi Gangitano <luigi@debian.org> Mon, 6 Jul 2009 13:29:10 +0200
Generated by dwww version 1.14 on Thu Jan 23 03:24:37 CET 2025.