squid (5.9-0ubuntu0.22.04.1) jammy; urgency=medium
The 5.9 release of Squid introduced more strict defaults when it comes
to blocking traffic to localhost and to link-local network address
ranges. In order to guarantee that existing Squid deployments on Ubuntu
22.04 Jammy systems continue to work as expected, we decided to disable
these defaults and retain the behaviour from previous Ubuntu Squid versions.
We do recommend, however, that users take a moment to analyze the new
version of the Squid configuration file and determine whether enabling
these extra restrictions can be beneficial for their deployments.
You can see below the excerpt of the Squid configuration file where
these restrictions are defined. In the excerpt below they are enabled,
but in the configuration file shipped with the package they will be
commented out.
# Protect web applications running on the same server as Squid. They often
# assume that only local users can access them at "localhost" ports.
http_access deny to_localhost
# Protect cloud servers that provide local users with sensitive info about
# their server via certain well-known link-local (a.k.a. APIPA) addresses.
http_access deny to_linklocal
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 11 Apr 2024 14:13:43 -0400
squid (5.1-2) unstable; urgency=medium
ext_session_acl and ext_time_quota_acl helpers have been switched from
deprecated BerkleyDB storage format to Samba TrivialDB. If issues are
encountered after upgrade the helper DB file(s) should be manually
removed and Squid restarted so the helper can rebuild a clean database.
-- Amos Jeffries <amosjeffries@squid-cache.org> Thu, 16 Sep 2021 04:18:00 +1300
squid (4.13-9) unstable; urgency=medium
Current package flavours: squid (GnuTLS) and squid-openssl share config,
logs and cache. Since 4.13-6 none of them removes the logs on purge, so
that you can purge one flavour when switching to the other without loosing
the logs. If you don't need them anymore and want them removed you'll
have to do it yourself.
-- Santiago Garcia Mantinan <manty@debian.org> Tue, 23 Mar 2021 00:07:36 +0100
squid (4.13-6) unstable; urgency=medium
If you want to transition from squid to squid-openssl or vice versa you
should first make sure you have at least version 4.13-6 of the packages
installed or don't purge your packages, as older packages will remove
logs and config file on purge.
-- Santiago Garcia Mantinan <manty@debian.org> Thu, 04 Mar 2021 15:36:44 +0100
squid (4.13-2) unstable; urgency=high
Starting from this release we ship the old squid package compiled against
GnuTLS and a new brand, the new squid-openssl package which is compiled
against OpenSSL, this new brand allows the intercept mode with ssl-bump.
Both packages have the squid binary and service so conflict with each
other, the feature set of each build is different, choose the one that
suits you better.
-- Santiago Garcia Mantinan <manty@debian.org> Sun, 07 Feb 2021 01:43:37 +0100
squid (4.13-1ubuntu2) groovy; urgency=medium
Disable the NIS basic authentication helper, as it no longer builds with
glibc 2.32.
-- Andreas Hasenack <andreas@canonical.com> Thu, 17 Sep 2020 18:17:53 -0300
squid (4.1-1) unstable; urgency=medium
Starting from this release support for systemd init has been added to the
packaging. On machines running systemd as their init system this has
several side effects which may need manual attention.
The systemd service is enabled by default. If you had previously disabled
the Squid service with in /etc/default/squid or init script edits then
you will need to manually disable the systemd service again after upgrade.
This can be done with the command:
systemctl disable squid
or
update-rc.d squid disable
The /etc/default/squid file as a whole is not used by systemd. Kerberos
environment variable for keytab elsewhere documented as being set there
now need to be set using the available squid.conf options instead.
For example; these lines in /etc/default/squid:
KRB5_KTNAME=/etc/squid/PROXY.keytab
export KRB5_KTNAME
should instead be configured in squid.conf as a parameter for the
kerberos helper:
negotiate_kerberos_auth -k /etc/squid/PROXY.keytab
Custom modifications can also be added in the form of a local .service
file for systemd if you are familiar with those.
-- Amos Jeffries <amosjeffries@squid-cache.org> Sat, 21 Apr 2018 18:53:00 +1300
squid3 (3.5.6-1) unstable; urgency=medium
Starting from this release, packages names are being changed from squid3*
to squid*. This change also affects directories for configuration files
and data:
/etc/squid3 -> /etc/squid
/var/spool/squid3 -> /var/spool/squid
/usr/lib/squid3 -> /usr/lib/squid
Configuration file migration is automatically handled by
dpkg-maintscript-helper and previous version of squid.conf from /etc/squid3
is moved over to /etc/squid, ensuring service functionality after upgrade.
If both squid 2.x and squid 3.x are installed on the local machine a
configuration check is mandatory after upgrade. Purging the unwanted package
before the upgrade is recommended to make the transition smoother.
If the local administrator has made any customization to configuration files
or helper locations, the migrated squid.conf should be manually checked and
path to helper programs fixed.
Data in /var/spool/squid3 is not moved automatically. If the cache store has
to be retained, the local administrator should move it over (usually to
/var/spool/squid) and change the cache_dir setting accordingly. Please note
that cache store format changed from squid 2.x and cannot be reused with
squid 3.x
-- Luigi Gangitano <luigi@debian.org> Wed, 22 Jul 2015 15:48:13 +0200
squid3 (3.0.STABLE15-1) unstable; urgency=low
Since version 3.0.STABLE15-1 error pages are not included in squid3-common
anymore, but are instead shipped in a separate package (squid-langpack).
If the error_directory option in /etc/squid3/squid.conf was customized, it
should be checked against the new directory layout of squid-langpack; if
it is not set correctly, squid3 will refuse to start.
-- Luigi Gangitano <luigi@debian.org> Mon, 6 Jul 2009 13:29:10 +0200
Generated by dwww version 1.14 on Thu Jan 23 03:43:30 CET 2025.