Wishlist - Please update dansguardian to stable release DansGuardian 2.10.1.1 or newer

Binary package hint: dansguardian

the current version ( 2.9.9.7) is "near" stable. The dansguadian team has released several stable releases incluiding a security work around to squid vulnerability in version DansGuardian 2.10.1.1(US-CERT VU#435052)

except from dansguardian changelog:

Thu 11th September 2008 - DansGuardian 2.9.9.8
Assume that content with no Content-Type header is HTML, so that it doesn't bypass the phrase filter. Fix some incorrect usage of integer types in ListManager and ListContainer which can lead to crashes in some rare cases. Escape certain characters in URLs when displaying the HTML template to prevent XSS. Don't add responses other than "200 OK" to the clean URL cache.

Wed 8th October 2008 - DansGuardian 2.10 - STABLE!
Fixed handling of content with no MIME type: it will be phrase filtered, but no Content-Type header will be inserted into the response, so a browser's own automatic type detection doesn't get interfered with. Fixed a performance issue with CONNECT requests being incorrectly marked s persistent, identified by Jason Deasi. Updated the man page (Jens Wilke) and French messages file (Jeanuel). Clarifications to some of the included documents (INSTALL, UPGRADING). Considered stable (future planned changes are fairly wide reaching, so work will continue in a new series of beta releases).

Tue 21st October 2008 - DansGuardian 2.10.0.1 - stable
Improve malformed URL detection (dc2008.de no longer incorrectly classed as malformed). Improve persistent connection detection, correcting some situations in which DG would return a blank page to browsers. Updated "proxies" weighted phrase list. Updated Chinese Big-5 messages file from Vicente Chua.

Wed 26th November 2008 - DansGuardian 2.10.0.2 - stable
Fix persistent connection detection to resolve issues with HTTP 1.1 browsers (Firefox), NTLM authentication and HTTPS websites. Change supported syntax for blocking HTTPS site access by IP to match that documented in the default bannedsitelist (use "*ips", as documented, NOT "**ips").

Wed 21st January 2009 - DansGuardian 2.10.0.3 - stable
uClibc++ compilation patch from Natanael Copa. Fix crash on exit when running out of memory during phrase tree preparation, from Victor Stinner. Clean up destructors for various objects, removing code duplication with reset() methods. Compilation fixes from Jeffrey A. Young. Better handling of whitespace (tab characters) in configuration files. Fix HTTPS access for unauthenticated users when using basic or NTLM authentication plugins. Reload list files on soft restart if cached (".processed") files have been updated directly, from Harry Mason. Chop carriage return off useragent strings when "loguseragent" is enabled. Don't force contents of dansguardianf*.conf files to lower-case on loading, so as not to destroy the case of group names. Make temporary bypass cookies valid for subdomains of the original bypassed domain, including stripping "www.".

Fri 5th June 2009 - DansGuardian 2.10.1.1 - stable
Add "originalip" option to dansguardian.conf, for determining the original destination IP in transparent proxy set-ups, and ensuring that the destination domain of the request resolves to that IP. This can help to address a particular transparent proxy security vulnerability (US-CERT VU#435052), but because of certain limitations - only implemented on Linux/Netfilter; potential breakage of websites using round-robin DNS - the code is not enabled by default. Enable by passing "--enable-orig-ip" to the configure script. Fix a crash which could occur when dealing with simultaneous incoming connections in configurations using more than one listening socket. Fix a crash when checking time limits on item lists. Fix potential usage of uninitialised memory during phrase filtering.