This is to announce the release of Pound v1.6. Changes in this version: - Callback for RSA ephemeral keys: - generated in a separate thread - used if required this will allow certain versions of IE to work correctly with Pound/SSL. - New X-SSL-cipher header encryption level/method - Added CheckURL parameter in config file - perform syntax check only if value 1 (default 0) - Allow for empty query/param strings in URL syntax - Additional SSL engine loading code - Added parameter for CA certificates - CA list is sent to client - Verify client certificates up to given depth - Fixed critical security vulnerability in syslog handling: this may allow a remote exploit, though none has been observed to date. The danger is minimised if you run Pound in a root-jail and/or as non-root user. Anyone using a version prior to 1.6 should upgrade as soon as possible. The software is at version 1.6 (production quality). Further testing (especially under heavy loads), improvements and suggestions are welcome. What is Pound (from the Web page) - a reverse-proxy: it passes requests from client browsers to one or more back-end servers. - a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information. - an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end browsers. - an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones. - an HTTP/1.1 to 1.0 proxy. - a fail-over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers. - a request redirector - it will pass client requests to separate groups of servers, based on required URL and the presence or absence of headers (pattern matching) Pound was specifically developed to serve as a front-end for multiple instances of Zope running on top of a common ZEO storage, but can be used with any other web server. A patch for the Python source of z2.py is available as part of the distribution to allow using Pound's SSL capabilities. Pound is currently in use in several medium to large volume sites and seems to be holding up quite well: largest reported site does about 5.5 million requests per day, peaking at over 450 requests per second. The speed is well superior to other, equivalent solutions, the configuration is much simpler and the necessary resources (CPU, RAM, disk) are much, much lower. Pound is distributed under the GPL. For further information, download, etc. please see http://www.apsis.ch/pound Pound now has its own mailing-list - just send a message to pound-subscribe@apsis.ch in order to join. Enjoy and let me know how it works for you. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-1-920 4904