Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 16. Servers and Services

squid rebased to version 3.5.20

Squid is a fully-featured HTTP proxy, which offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. The squid packages have been upgraded to version 3.5.20. The most notable changes include:
  • Support for libecap version 1.0
  • Authentication helper query extensions
  • Support for named services
  • Upgraded the squidclient utility
  • Helper support for concurrency channels
  • Native FTP Relay
  • Receive PROXY protocol, versions 1 and 2
  • SSL server certificate validator
  • Note directive for annotating transactions
  • TPROXY support for BSD systems
  • spoof_client_ip directive for managing TPROXY spoofing
  • Various Access Control updates
  • Support for the OK, ERR, and BH response codes and the kv-pair options from any helper
  • Improved pipeline queue configuration.
  • Multicast DNS
IMPORTANT: Note that when updating squid, certain configuration directives will be changed to their more recent versions. These modifications are backward-compatible, but if you want to prevent unexpected configuration changes, you can use the squid-migration-script package to preview the results of updating your squid configuration. For further information, see https://access.redhat.com/solutions/2678941 . (BZ#1273942)

PHP cURL module now supports TLS 1.1 and TLS 1.2

Support for the TLS protocol version 1.1 and 1.2, which was previously made available in the curl library, has been added to the PHP cURL extension. (BZ#1291667)

SCTP in OpenSSL is now supported

The SCTP (Stream Control Transmission Protocol) support in the OpenSSL library is now enabled for the OpenSSL DTLS (Datagram Transport Layer Security) protocol implementation. (BZ#1225379)

Dovecot has tcp_wrappers support enabled

Dovecot is an IMAP server, primarily written with security in mind. It also contains a small POP3 server and supports e-mail in either the Maildir or Mbox format.
In this update, Dovecot is built with tcp_wrappers support enabled. You can now limit network access to Dovecot using tcp_wrappers as an additional layer of security. (BZ#1229164)

Necessary classes added to allow log4j as Tomcat logging mechanism

Due to missing tomcat-juli.jar and tomcat-juli-adapters.jar files, the log4j utility could not be used as Tomcat logging mechanism. The necessary classes have been added and log4j can now be used for logging. Also, the symlinks utility has to be installed or updated to point in extras folder with the described .jar files. (BZ#1133070)

MySQL-python rebased to version 1.2.5

The MySQL-python packages have been upgraded to upstream version 1.2.5, which provides a number of bug fixes and enhancements over the previous version. Notably, a bug causing ResourceClosedError in neutron and cinder services has been fixed. (BZ#1266849)

BIND now supports GeoIP-based ACLs

With this update, the BIND DNS server is able to use GeoIP databases. The feature enables administrators to implement client access control lists (ACL), based on client's geographical location. (BZ#1220594)

The BIND server now supports CAA records

Certification Authority Authorization (CAA) support has been added to the Berkeley Internet Name Domain (BIND) server. Users can now restrict Certification Authorities by specifying the DNS record. (BZ#1306610)

The Unbound DNS validating resolver now supports ECDSA cipher for DNSSEC

This update enables the ECDSA cipher in the Unbound DNS validating resolver. As a result, the DNS resolver is now able to validate DNS responses signed using DNSSEC with ECDSA algorithm. (BZ#1245250)

tomcat rebased to version 7.0.69

The tomcat packages have been rebased to version 7.0.69. Notable changes include:
  • Resolved numerous bugs and vulnerabilities
  • Added the HSTS and VersionLoggerListener features
  • Resolved the NoSuchElementException bug outlined in BZ#1311622 (BZ#1287928)

servicelog rebased to version 1.1.14

The servicelog packages have been upgraded to upstream version 1.1.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1182028)