Hello, I believe I have found the underlying problem that caused the strange http://:0 responses. Apparently the patch CVE-2019-12523-bug965012.patch, which fixed the original icap error, introduced this one then. The modified code in src/adaptation/icap/ModXact.cc was responsible for that.
I have uploaded a new version for testing to https://people.debian.org/~apo/lts/squid3/stretch/ It also contains new patches for four security vulnerabilities namely CVE-2020-15049, CVE-2020-15810, CVE-2020-15811 and CVE-2020-24606. If I hear no negative feedback I intend to upload this version to fix your problem. Regards, Markus
signature.asc
Description: OpenPGP digital signature
