Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 16. Servers and Services
squid rebased to version 3.5.20
Squid is a fully-featured HTTP proxy, which offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. The squid packages have been upgraded to version 3.5.20. The most notable changes include:
- Support for
libecapversion 1.0 - Authentication helper query extensions
- Support for named services
- Upgraded the
squidclientutility - Helper support for concurrency channels
- Native FTP Relay
- Receive PROXY protocol, versions 1 and 2
- SSL server certificate validator
- Note directive for annotating transactions
- TPROXY support for BSD systems
spoof_client_ipdirective for managing TPROXY spoofing- Various Access Control updates
- Support for the OK, ERR, and BH response codes and the
kv-pairoptions from any helper - Improved pipeline queue configuration.
- Multicast DNS
IMPORTANT: Note that when updating squid, certain configuration directives will be changed to their more recent versions. These modifications are backward-compatible, but if you want to prevent unexpected configuration changes, you can use the squid-migration-script package to preview the results of updating your squid configuration. For further information, see https://access.redhat.com/solutions/2678941 . (BZ#1273942)
PHP cURL module now supports TLS 1.1 and TLS 1.2
Support for the TLS protocol version 1.1 and 1.2, which was previously made available in the
curl library, has been added to the PHP cURL extension. (BZ#1291667)
SCTP in OpenSSL is now supported
The
SCTP (Stream Control Transmission Protocol) support in the OpenSSL library is now enabled for the OpenSSL DTLS (Datagram Transport Layer Security) protocol implementation. (BZ#1225379)
Dovecot has tcp_wrappers support enabled
Dovecot is an
IMAP server, primarily written with security in mind. It also contains a small POP3 server and supports e-mail in either the Maildir or Mbox format.
In this update, Dovecot is built with tcp_wrappers support enabled. You can now limit network access to Dovecot using tcp_wrappers as an additional layer of security. (BZ#1229164)
Necessary classes added to allow log4j as Tomcat logging mechanism
Due to missing
tomcat-juli.jar and tomcat-juli-adapters.jar files, the log4j utility could not be used as Tomcat logging mechanism. The necessary classes have been added and log4j can now be used for logging. Also, the symlinks utility has to be installed or updated to point in extras folder with the described .jar files. (BZ#1133070)
MySQL-python rebased to version 1.2.5
The MySQL-python packages have been upgraded to upstream version 1.2.5, which provides a number of bug fixes and enhancements over the previous version. Notably, a bug causing
ResourceClosedError in neutron and cinder services has been fixed. (BZ#1266849)
BIND now supports GeoIP-based ACLs
With this update, the BIND DNS server is able to use GeoIP databases. The feature enables administrators to implement client access control lists (ACL), based on client's geographical location. (BZ#1220594)
The BIND server now supports CAA records
Certification Authority Authorization (CAA) support has been added to the Berkeley Internet Name Domain (BIND) server. Users can now restrict Certification Authorities by specifying the DNS record. (BZ#1306610)
The Unbound DNS validating resolver now supports ECDSA cipher for DNSSEC
This update enables the ECDSA cipher in the Unbound DNS validating resolver. As a result, the DNS resolver is now able to validate DNS responses signed using DNSSEC with ECDSA algorithm. (BZ#1245250)
tomcat rebased to version 7.0.69
The tomcat packages have been rebased to version 7.0.69. Notable changes include:
- Resolved numerous bugs and vulnerabilities
- Added the HSTS and VersionLoggerListener features
- Resolved the NoSuchElementException bug outlined in BZ#1311622 (BZ#1287928)
servicelog rebased to version 1.1.14
The servicelog packages have been upgraded to upstream version 1.1.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1182028)
