1 Changes in squid-5.0.4 (23 Aug 2020):
3 - Bug 5054: mark dns_v4_first as obsolete in cf.data.pre
4 - Bug 5048: ResolvedPeers.cc:35: "found != paths_.end()" assertion
5 - Reforward CONNECT after TLS handshake failure with peer
6 - Do not send keep-alive in 101 (Switching Protocols) responses
7 - Add http_port sslflags=CONDITIONAL_AUTH
8 - ... and several documentation changes
9 - ... and some compile fixes
10 - ... and all fixes from 4.13
12 Changes in squid-5.0.3 (05 Jun 2020):
14 - Bug 5046: FreeBSD lacks open(2) O_DSYNC flag
15 - Happy Eyeballs: Do not discard viable reforwarding destinations
16 - Reduced startup time with large rock cache_dirs
17 - Fix the ABA problem with Ipc::Mem::PageStack::pop() in v5.0.1
18 - Fix sending of unknown validation errors to certificate validator
19 - ... and several debug improvements
20 - ... and all fixes from 4.12
22 Changes in squid-5.0.2 (18 Apr 2020):
24 - Bug 5030: Negative responses are never cached
25 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
26 - Support worker-dedicated listening queues (SO_REUSEPORT)
27 - High precision time units
28 - Ban reserved annotations in "note", "adaptation_meta" directives
29 - ESI: convert parse exceptions into 500 status response
30 - Fix PURGE error responses
31 - ... and several documentation changes
32 - ... and some compile fixes
33 - ... and all fixes from 4.11
35 Changes in squid-5.0.1 (14 Jan 2020):
37 - Bug 4989: Leaking StoreEntry objects on Cache Digest rebuilds
38 - Bug 4912: same-name notes being appended instead of replaced
39 - Bug 4864: !Comm::MonitorsRead assertion in maybeReadVirginBody()
40 - Bug 4579: cannot hit an entry being written by another worker
41 - ICAP: Initial support for trailers
42 - Add auth_schemes to control schemes presence and order in 401s/407s
43 - Make CONNECT ACL a built-in default
44 - Remove USE_CHUNKEDMEMPOOLS compiler flag
45 - Two new ACLs implemented: annotate_transaction and annotate_client
46 - Add response delay pools feature for Squid-to-client speed limiting
47 - QA: allow test-suite to be run without a full build
48 - Happy Eyeballs: Use each fully resolved forwarding destination ASAP
49 - Support selective CF: collapsed_forwarding_access
50 - Reworked packet/connection marking
51 - Add new deny_info %A macro
52 - Identify collapsed transactions
53 - Add sample Kerberos group authentication external_acl helper
54 - Optimization: Fewer memory (re)allocations for HTTP headers
55 - Add TrivialDB support
56 - Do not send Content-Length in 1xx or 204 responses
57 - negotiate_kerberos_auth: fix memory leaks
58 - ntlm_fake_auth: add ability to test delayed responses
59 - Add %ssl::<cert macro for logging server X.509 certificate
60 - Reuse reserved Negotiate and NTLM helpers after an idle timeout
61 - Log PROXY protocol v2 TLVs
62 - Support logformat %codes in error page templates
63 - Fix incremental parsing of chunked quoted extensions
64 - Peering support for SslBump
65 - RFC 8586: Loop Detection in Content Delivery Networks
66 - Prevent TLS transaction stalls by preserving flags.read_pending
67 - Fix "BUG: Lost previously bumped from-Squid connection"
68 - Add %master_xaction logformat code
69 - Log "-" instead of the made-up method "NONE"
70 - Add GeneratingCONNECT step for the existing at_step ACL
71 - Report context of level-0/1 cache.log messages
72 - Re-enabled updates of stored headers on HTTP 304 responses
73 - Translations: Fix grammatical error in French error pages
74 - Smarter auth_param utf8 handling, including CP1251 support
75 - Fix rock disk entry contamination related to aborted swapouts
76 - Send HTTP/500 (Internal Server Error) when lacking peers
77 - Fix prohibitively slow search for new SMP shm pages
78 - Centralized PagePool/PageStack ID generation
79 - ... and many documentation changes
80 - ... and much code cleanup and polishing
81 - ... and all fixes from 4.10
83 Changes to squid-4.13 (23 Aug 2020):
85 - Regression Fix: Support parsing GREASEd (and future) TLS handshakes
86 - Bug 5051: Some collapsed revalidation responses never expire
87 - HTTP: Enforce token characters for field-name
88 - HTTP: Forbid obs-fold and bare CR whitespace in framing header fields
89 - HTTP: Improve Transfer-Encoding handling
90 - WCCP: Fix GCC-10 -Wstringop-truncation failures
91 - Honor on_unsupported_protocol for intercepted https_port
92 - Fix livelocking in peerDigestHandleReply
93 - Do not stall while debugging a scan of an empty store_table
95 Changes to squid-4.12 (05 Jun 2020):
97 - Regression Fix: Revert to slow search for new SMP shm pages
98 - Bug 5045: ext_edirectory_userip_acl is missing include files
99 - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
100 - Bug 5030: Negative responses are never cached
101 - HTTP: validate Content-Length value prefix
102 - HTTP: add flexible RFC 3986 URI encoder
103 - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic
104 - Tests: Support passing a custom config.cache to test builds
105 - Fix IPFilter IPv6 detection, especially on NetBSD
106 - Fix stall if transaction overwrites a recently active cache entry
107 - ... and some compile fixes
109 Changes to squid-4.11 (18 Apr 2020):
111 - Bug 5036: capital 'L's in logs when daemon queue overflows
112 - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
113 - Bug 5016: systemd thinks Squid is ready before Squid listens
114 - kerberos_ldap_group: fix encryption type for cross realm check
115 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
116 - Fix Digest authentication nonce handling
117 - Supply ALE to request_header_add/reply_header_add
118 - ... and some documentation updates
119 - ... and some compile fixes
121 Changes to squid-4.10 (14 Jan 2020):
123 - Bug 5009: Build failure with older clang libc++
124 - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size
125 - Bug 5007: Docs: Fix max_filedescriptors description
126 - Bug 4735: Truncated chunked responses cached as whole
127 - ext_lm_group_acl: Improved username handling
128 - Fix FTP buffers handling
129 - Fix shared memory size calculation on 64-bit systems
130 - Fix server_cert_fingerprint on cert validator-reported errors
131 - Fix request URL generation in reverse proxy configurations
132 - ... and several documentation updates
133 - ... and several compile fixes
135 Changes to squid-4.9 (05 Nov 2019):
137 - Bug 4978: eCAP crash after using MyHost().newRequest()
138 - Bug 4970: excessive gnutls_certificate_credentials debug msgs
139 - Bug 4969: GCC-9 build failure: stringop-truncation
140 - Bug 4966: Lower cache_peer hostname
141 - Bug 4918: Crashes when using OpenSSL prior to v1.0.2
142 - TLS: Fix parsing of certificate validator responses
143 - TLS: Fix parsing of TLS messages that span multiple records
144 - TLS: Fix on_unsupported_protocol tunnel action
145 - TLS: Fix expiration of self-signed generated certs to be 3 years
146 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
147 - HTTP: RFC 7230: server MUST reject messages with BWS after field-name
148 - HTTP: Fix URN response handling
149 - HTTP: Hash Digest noncedata
150 - Update URI parser to use SBuf parsing APIs
151 - Prevent truncation for large origin-relative domains
152 - Fix several rock cache_dir corruption issues
153 - Debug detail validation errors for loaded-from-file certificate chains
154 - smblib: Improve SMB server name maintenance
155 - cachemgr.cgi: Add validation for hostname parameter
156 - ... and several compile issues
157 - ... and some documentation updates
159 Changes to squid-4.8 (09 Jul 2019):
161 - Bug 4957: Multiple XSS issues in cachemgr.cgi
162 - Bug 4953: to_localhost does not include ::
163 - Bug 4937: cachemgr.cgi: unallocated memory access
164 - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH
165 - Bug 4889: Ignore ECONNABORTED in accept(2)
166 - Bug 4842: Memory leak when http_reply_access uses external_acl
167 - TLS: Fix tls-min-version= being ignored
168 - TLS: Add the NO_TLSv1_3 option to available tls-options values
169 - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL
170 - HTTP: Remove userinfo support from old protocols
171 - HTTP: Fix Digest auth parameter parsing
172 - HTTP: Send Connection:close with the known-last request on a connection
173 - HTTP: Fix handling of tiny invalid responses
174 - Replace uudecode with libnettle base64 decoder
175 - Update HttpHeader::getAuth to SBuf
176 - ... and some compile issues
178 Changes to squid-4.7 (06 May 2019):
180 - Bug 4942: --with-filedescriptors does not do anything
181 - Bug 4928: Cannot convert non-IPv4 to IPv4
182 - Bug 4823: assertion failed: "lowestOffset () <= target_offset"
183 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
184 - Fix squidclient authentication to origin servers
185 - Fix stack-based buffer-overflow when parsing SNMP messages
186 - Add support for buffer-size= to UDP logging
187 - TLS: When using OpenSSL, trust intermediate CAs from trusted store
189 Changes to squid-4.6 (19 Feb 2019):
191 - Bug 4915: Detect IPv6 loopback binding errors
192 - Bug 4914: Do not call setsid() in --foreground mode
193 - Bug 4875 pt2: GCC-8 compile errors with -O3 optimization
194 - Bug 4856: Exit when GoIntoBackground() fork() call fails
195 - basic_ldap_auth: Return BH on internal errors; polished messages
196 - Fix BodyPipe/Sink memory leaks associated with auto-consumption
197 - Fix OpenSSL builds that define OPENSSL_NO_ENGINE
198 - Fix several cases of rock cache corruption
199 - Add Georgian (ka) language translation
201 Changes to squid-4.5 (01 Jan 2019):
203 - Bug 4253: ssl_bump prevents access to some web contents
204 - TLS: add %>handshake logformat code
205 - Redesign forward_max_tries to count TCP connection attempts
206 - Fix client_connection_mark ACL handling of clientless transactions
207 - Fix netdb exchange with a TLS cache_peer
208 - Update netdb when tunneling requests
209 - Use pkg-config for detecting libxml2
210 - ... and some documentation updates
211 - ... and some code compile fixes
213 Changes to squid-4.4 (28 Oct 2018):
215 - Bug 4893: Malformed %>ru URIs for CONNECT requests
216 - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes
217 - SSL: support compilation with minimal OpenSSL
218 - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL
219 - Fix netdb not saving to disk
220 - Fix memory leak when parsing SNMP packet
221 - ... and some compile issues
223 Changes to squid-4.3 (01 Oct 2018):
225 - Bug 4885: Excessive memory usage when running out of descriptors
226 - Bug 4877: Add missing text about external_acl_type %DATA changes
227 - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
228 - Bug 4716: Blank lines in cachemgr.conf are not skipped
229 - Bug 4691: balance_on_multiple_ip config option docs
230 - basic_pop3_auth: fix startup errors
231 - langpack: Add missing dialect aliases
232 - Fix range_offset_limit debugging
233 - Fix icc build errors
234 - Update systemd dependencies in squid.service
236 Changes to squid-4.2 (04 Aug 2018):
238 - Regression fix: support for https_port clientca= option
239 - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces
240 - Bug 4861: HTTPMSGLOCK missing pointer safety
241 - Bug 4843 pt3: GCC-8 fixes and refactoring
242 - HTTP: Do not update stored headers on 304 responses
243 - Fix segmentation fault on -k parse
244 - Fix %>ru logging of huge URLs
245 - ... and several performance optimizations
246 - ... and some documentation updates
247 - ... and all fixes from 3.5.28
249 Changes to squid-4.1 (02 Jul 2018):
251 - Bug 4223: fixed retries of failed re-forwardable transactions
252 - Bug 4791: Build failure on MacOS
253 - Fix --with-netfilter-conntrack error message
254 - ... and many documentation updates
256 Changes to squid-4.0.25 (11 Jun 2018):
258 - Regression Bug 4855: querying private entries for HTCP/ICP
259 - Regression Bug 4852: deny_info %R macro not being expanded
260 - Regression Bug 4847: proxy_auth ACL -i/+i flags not working
261 - Regression Bug 4831: filter chain certificates for validity when loading
262 - Regression fix: Transient reader locking broken in 4.0.24
263 - Bug 4845: NegotiateSsl crash on aborting transaction
264 - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8
265 - Bug 4843 pt2: squidclient refactoring for GCC-8
266 - Bug 4829: IPC shared memory leaks when disker queue overflows
267 - Bug 4828: Use feature detection for IPFilter API/ABI checks
268 - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4
269 - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks
270 - Bug 4707: purge tool does not obey --sysconfdir= build option
271 - Bug 4171: checking for log_file_daemon despite disabling logging
272 - Bug 4042: ext_kerberos_ldap_group: add -P principal option
273 - TLS: avoid "ssl_crtd" assertions on reconfiguration
274 - Add timestamps to (most) FATAL messages
275 - Add "--kid role-ID" command line option
276 - ... and many documentation updates
278 Changes to squid-4.0.24 (07 Mar 2018):
280 - Bug 4822: Build failure (-Wformat) where time_t is not long int
281 - Bug 4505: SMP caches sometimes do not purge entries
282 - TLS: GnuTLS implementation for listening ports and client connections
283 - TPROXY: Fix clientside_mark and client port logging
284 - Native FTP: Fix "Cannot assign requested address" with TPROXY
285 - SSL-Bump: Fix authentication with types other than Basic
286 - ... and many small compile and stability fixes
287 - ... and some documentation fixes
289 Changes to squid-4.0.23 (19 Jan 2018):
291 - Bug 4715: security_file_certgen: Remove -g and -n options docs
292 - Bug 4679: User names not sent to url_rewrite_program
293 - Bug 4631: security_file_certgen helper without disk cache
294 - Bug 3911: clang -fsanitize warnings
295 - Bug 2378: Duplicates in selected peer destinations
296 - Nettle v3.4 support
297 - Fix Squid FTP server dying because of an unhandled exception
298 - Automatically revive hopeless kids on reconfigure and after a timeout
299 - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
300 - ... and many documentation updates
301 - ... and some stability fixes
303 Changes to squid-4.0.22 (07 Dec 2017):
305 - Regression fix: Relay peer CONNECT error status line and headers to clients
306 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
307 - Bug 4718: support filling raw buffer space of shared SBufs
308 - Bug 4648: object revalidation for HTTPS scheme
309 - Bug 4616: store_client.cc:92: "mem" assertion
310 - Bug 2821: ignore Content-Range in non-206 responses
311 - HTCP: Ignore packets with invalid URI
312 - TLS: Validate the shortest certificate chain
313 - TLS: Add checks for OpenSSL 1.1.0f API changes
314 - TLS: Fix reporting of validation errors for downloaded intermediate certs
315 - TLS: Fix SSL certificate cache refresh and collision handling
316 - Fix backwards compatibility for Squid-3.5 external_acl_type formats
317 - Fix invalid mime icon URLs in cache
318 - Do not die silently when dying early
319 - Docs: update translation files
321 Changes to squid-4.0.21 (02 Jul 2017):
323 - Bug 4730: segfault while processing internal HTTP requests
324 - Bug 4492: Chunk extension parser is too pedantic
325 - Bug 1961: Redesign urlParse() API
326 - TLS: recognise tls:: namespace on logformat tokens
327 - SSL-Bump: tproxy does not spoof spliced connections
328 - security_file_certgen: collapse queued requests
329 - Add a basic apparmour profile
330 - Add transaction_initiator ACL for detecting various unusual transactions
331 - Add ssl::server_name options to control matching logic
332 - Support for --long-acl-options
333 - Do not die silently when dying via std::terminate()
334 - Fix option --foreground to implement expected behavior
335 - Translations: update .po and .pot to latest texts
336 - ... and some documentation updates
337 - ... and many code cleanup and stability fixes
338 - ... and all fixes from 3.5.27
340 Changes to squid-4.0.20 (01 Jun 2017):
342 - Bug 4692: SslBump breaks intercepted IPv6 connections
343 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
344 - Bug 4662: build errors with LibreSSL 2.4.4
345 - Bug 4659: sslproxy_foreign_intermediate_certs does not work
346 - Bug 4321: ssl_bump terminate does not terminate at step1
348 - Do not forward HTTP requests to dead idle peers
349 - Do not unconditionally revive dead peers after a DNS refresh
350 - Make PID file check/creation atomic to avoid associated race conditions
351 - Count failures and use peer-specific connect timeouts when tunneling
352 - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0
353 - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny()
354 - SSL-Bump: Second adaptation missing for CONNECTs
355 - ext_session_acl: cope with new logformat inputs
356 - ... and some documentation updates
357 - ... and some code stability fixes
358 - ... and all fixes from 3.5.26
360 Changes to squid-4.0.19 (02 Apr 2017):
362 - Bug 4674: delay_parameters for class 3 and 4 assertion failed
363 - Bug 4671: GCC 7 compile errors
364 - Bug 4663: GCC 5+ compile errors with optimization level -O3
365 - Bug 4657: delay IDENT until after PROXY protocol handling
366 - Bug 4610: cleanup of BerkleyDB related checks
367 - squidclient: Fix missing error handling on PUT
368 - digest_ldap_auth: Add -r option to clamp the realm to a fixed value
369 - TLS: initial GnuTLS support for encrypted server connections
370 - Fix appending Http::HdrType::VIA code
371 - Fix URI scheme case-sensitivity treatment
372 - Fix two read-ahead problems related to delay pools (or lack thereof)
373 - Detail swapfile header inconsistencies
374 - ... and several build fixes
375 - ... and many code polishing updates
376 - ... and all fixes from 3.5.25
378 Changes to squid-4.0.18 (06 Feb 2017):
380 - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10
381 - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()'
382 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
383 - Bug 4599: support OpenSSL 1.1
384 - squidclient: link GnuTLS library debugs to -v level display
385 - Fix GCC6: unused local variable 'weInitiatedThisClosure'
386 - ... and some code polishing
387 - ... and some copyright updates
388 - ... and all fixes from 3.5.24
390 Changes to squid-4.0.17 (16 Dec 2016):
392 - Bug 4630: user credentials cache cleanup not re-scheduled
393 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
394 - Bug 4599 partial: initial support for OpenSSL v1.1
395 - TLS: Support tunneling of bumped non-HTTP traffic
396 - ... and many code polishing and performance updates
397 - ... and some documentation updates
398 - ... and some fixes from 3.5.23
400 Changes to squid-4.0.16 (30 Oct 2016):
402 - Avoid segfaults when lacking the server name for certificate validator
403 - HTTP: initial support for Cache-Control:immutable
404 - Fix ssl::server_name ACL
405 - ... and many code polishing updates
406 - ... and some fixes from 3.5.23
408 Changes to squid-4.0.15 (09 Oct 2016):
410 - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured
411 - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5
412 - Bug 4581: Secure ICAP segfault in checkForMissingCertificates
413 - Bug 4578: changes required to install squid.service
414 - Fix crash on shutdown while cleaning up idle ICAP connections
415 - Fix memory leak of Downloader-related objects
416 - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions
417 - Log TCP client port for error:transaction-end-before-headers and such
418 - ... and many portability and build fixes
419 - ... and some documentation updates
420 - ... and all fixes from 3.5.22
422 Changes to squid-4.0.14 (08 Sep 2016):
424 - Regression Bug 4570: crash after rev.14755
425 - Regression Bug 4561: Replace use of default move operators with explicit implementation
426 - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes
427 - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix
428 - Fix crashes on shutdown while cleaning up idle ICAP connections
429 - Fix logformat unable to configure codes with /-escape
430 - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits
431 - HTTP: validate Content-Length header values
432 - Make Squid death due to overloaded helpers optional
433 - Better support for unknown URL schemes
434 - Do not log error:transaction-end-before-headers after invalid requests
435 - ... and many portability and build fixes
436 - ... and some documentation updates
437 - ... and all fixes from 3.5.21
439 Changes to squid-4.0.13 (05 Aug 2016):
441 - Regression Bug 4540: revert r14720 buffer update
442 - Bug 4555: Minor improvements to error pages CSS
443 - Bug 4551: fix exceptions in new chunked decoder
444 - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches)
445 - Fix Certificate Validator buffer-overflow crashes Squid
446 - Fix some failed transactions not being logged
447 - Fix segfault via Ftp::Client::readControlReply().
448 - basic_db_auth: add support for unsalted SHA1 passwords
449 - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server
450 - TLS: Add missing 'tls' option for cache_peer
451 - TLS: Do not hang when 'connector' fails
452 - TLS: Add support for fetching missing certificates
453 - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while
454 - ... and many code polishing updates
455 - ... and some documentation updates
457 Changes to squid-4.0.12 (01 Jul 2016):
459 - Regression Fix: shell issues with require_smblib definition
460 - Regression Bug 4532: pid_filename not working as documented
461 - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations
462 - Bug 4516: security_file_certgen man page update
463 - Bug 4446: undefined reference to 'libecap::Name::Name'
464 - Bug 4376: clang cannot build Squid eCAP code
465 - HTTP/1.1: Update all stored headers on 304 revalidation
466 - TLS: Authority Key Identifier certificate extension
467 - Add a script to find kid-specific cache.log lines
468 - Cleanup cppunit detection and use
469 - ... and several performance improvements
470 - ... and some unit test updates
471 - ... and all fixes from 3.5.20
473 Changes to squid-4.0.11 (09 Jun 2016):
475 - Bug 4517: error: comparison between signed and unsigned integer
476 - Bug 4492: chunked parser needs to accept BWS after chunk size
477 - HTTP/1.1: allow chunking the last HTTP response on a connection
478 - HTTP/1.1: unfold mime header blocks
480 - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL()
481 - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically
482 - squidclient: improve shell-escape support in -H option
483 - Do not allow low-level debugging to hide important/critical messages
484 - Replace new/delete operators using modern C++ rules
485 - Remove ie_refresh configuration option
486 - Deprecating SMB LanMan helpers
487 - Mark refresh-waiting transactions with REFRESH
488 - ... and some code cleanup and polishing
490 Changes to squid-4.0.10 (06 May 2016):
492 - Accumulate fewer unknown-size responses to avoid overwhelming disks.
493 - Fix shared memory corruption when storing multi-slot (>32KB) shm misses.
494 - ... and some documentation and code cleanup
495 - ... and all fixes from 3.5.18
497 Changes to squid-4.0.9 (20 Apr 2016):
499 - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)"
500 - Add a new error page token for unquoted external ACL messages.
501 - Stop parsing response prefix after discovering an "HTTP/0.9" response.
502 - ... and some documentation updates
503 - ... and some code polishing
504 - ... and all fixes from 3.5.17
506 Changes to squid-4.0.8 (02 Apr 2016):
508 - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid
509 - Bug 4458: Behaviour change with external ACL arguments
510 - Bug 4450: wait() related cleanup
511 - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart
512 - Bug 4312: Support disabling collapsed forwarding SMP cooperation
513 - Bug 3826: SMP compatibility with systemd and --foreground option
514 - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive
515 - Bug 7 (partial): Update cached entries on 304 responses
516 - Add reply_header_add directive
517 - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses
518 - Fix memory leaks of lastAclData and AccessLogentry::url
519 - Fix clang -Winconsistent-missing-override warning
520 - Tests: update test suite for GnuTLS
521 - ... and some documentation updates
522 - ... and some code cleanup and polishing
523 - ... and all fixes from squid 3.5.16
525 Changes to squid-4.0.7 (23 Feb 2016):
527 - Regression Fix: external_acl parameters separated by %20 instead of space
528 - Bug 4432: assertion failed: store.cc:1919: "isEmpty()"
529 - Bug 4111: leave_suid() does not properly handle error codes returned by setuid
530 - Fix propagation of response status line parsing error details
531 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
532 - ... and some code SourceLayout project cleaning
533 - ... and all fixes from squid 3.5.15
535 Changes to squid-4.0.6 (16 Feb 2016):
537 - Regression Bug 4436: Fix DEFAULT_SSL_CRTD
538 - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL"
539 - ... and some documentation updates
540 - ... and all fixes from squid 3.5.14
542 Changes to squid-4.0.5 (09 Feb 2016):
544 - Regression Bug 4429: http(s)_port options= error message missing characters
545 - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth
546 - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454
547 - Regression Bug 4401: compile error on Solaris
548 - Regression Fix: TLS/SSL flags parsing
549 - Regression Fix: cert validadator always disabled in 4.x
550 - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m)
551 - Regression Fix: external_acl problems after 4.0.1 rev.14351
552 - Bug 4409 (partial): compile error when two Heimdal libraries are installed
553 - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size
554 - SMP: Fix cleanup of a shared memory segment in an unusual configuration
555 - SSL-Bump: Fix step3 splicing.
556 - Add connections_encrypted ACL
557 - Make %<a and %<p details available to [eCAP] RESPMOD services
558 - Rename cert_valid.pl to security_fake_certverify
559 - Rename ssl_crtd helper to security_file_certgen
560 - ... and a lot of code SourceLayout project cleaning
561 - ... and some documentation updates
562 - ... and all fixes from squid 3.5.13 up to rev.13979
564 Changes to squid-4.0.4 (06 Jan 2016):
566 - Regression Bug 4393: compile fails on OS X
567 - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed
568 - Support use of Kerberos credentials cache instead of keytab
569 - Support logging of TLS Cryptography Parameters
570 - Support substring matching in Note ACL
571 - ... and some code cleanup and polishing
572 - ... and all fixes from squid 3.5.13
574 Changes to squid-4.0.3 (28 Nov 2015):
576 - Bug 4372: missing template files
577 - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o
578 - Bug 4368: A simpler and more robust HTTP request line parser
579 - Fix compile erorr on clang undefined reference to '__atomic_load_8'
580 - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos
581 - ext_ldap_group_acl: Allow unlimited LDAP search filter
582 - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames
583 - ... and much code cleanup and polishing
584 - ... and all fixes from squid 3.5.12
586 Changes to squid-4.0.2 (01 Nov 2015):
588 - Regression Bug 4351: compile errors when authentication modules disabled
589 - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
590 - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout
591 - Bug 4356: segmentation fault using proxy_auth ACL
592 - Bug 4352: compile errors in OS X 10.11
593 - Bug 4021: ext_user_regex does exact match
594 - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown
595 - Support re-assigning delay pools based on HTTP reply details
596 - ... and all fixes from squid 3.5.11
598 Changes to squid-4.0.1 (14 Oct 2015):
600 - Bug 4329: GCC 5.2 no known conversion for argument
601 - Bug 4292: negotiate_wrapper: Unreleased Resources
602 - Bug 4269: ignore-must-revalidate broken
603 - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
604 - Bug 3920: Splay::remove() reference counting inconsistent
605 - Bug 3069: CONNECT method bytes sent logging
606 - Bug 2741 partial: libsecurity API for GnuTLS support
607 - Bug 1961 partial: redesign of URL handling
608 - Fix crash when parsing invalid squid.conf
609 - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
610 - Remove unused OS detection: Sun, SysV, Ultrix, BSDi
611 - Remove cache_peer_domain directive
612 - RFC 6176 compliance: Remove SSLv2 support
613 - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
614 - Remove GCC 2.x and 3.x detection and support
615 - C++11 compiler support is now mandatory
616 - Enable flexible transport protocol
617 - Enable long (--foo) command line parameters on squid binary
618 - Add per-rule refresh_pattern matching statistics
619 - Replace sslversion=N with tls-min-version=1.N
620 - Replace sslproxy_* directives with tls_outgoing_options
621 - Replace GNU atomics and related hacks with C++11 std::atomic
622 - Replace external_acl_type format %macros with logformat codes
623 - Support Secure ICAP services
624 - Support rotate=N option on access_log
625 - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
626 - Support lifetime timeout for persistent connections (pconn_lifetime)
627 - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
628 - Support logging fast things (nanosecond log resolution)
629 - Support ICAP/eCAP adaptation for 100-continue responses
630 - Support configurable helper queue size, with consistent defaults
631 and better overflow handling.
632 - Support named service PID file by default (pid_filename)
633 - url_lfs_rewrite: Add URL-rewriter based on local file existence
634 - negotiate_kerberos_auth: output group= kv-pair
635 - helper-mux: add man(8) page
636 - purge: convert README to man(1) page
637 - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
638 - basic_sspi_auth: fix MinGW compile errors
639 - negotiate_sspi_auth: fix various build errors
640 - Crypto-NG: libnettle Base64 algorithm support
641 - Parser-NG: HTTP Parser structural redesign
642 - libltdl: copyright updated to LGPL version 2.1
643 - ... and several performance optimizations
644 - ... and many documentation changes
645 - ... and much code cleanup and polishing
647 Changes to squid-3.5.28 (15 Jul 2018):
649 - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI
650 - SQUID-2018:2: crash handling responses to internally generated requests
651 - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing
652 - Bug 4861: HTTPMSGLOCK missing pointer safety
653 - Bug 4829: IPC shared memory leaks when disker queue overflows
654 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
655 - Bug 2821: Ignore Content-Range in non-206 responses
656 - HTCP: Ignore HTCP packets with invalid URI
657 - SSL-Bump: fix authentication with schemes other than Basic
658 - TPROXY: Fix clientside_mark and client port logging
659 - Fix "Cannot assign requested address" for to-origin TPROXY FTP data
660 - Fix --with-netfilter-conntrack error message
661 - Validate mime icon URL before allocating store entries
662 - ... and many documentation changes
664 Changes to squid-3.5.27 (20 Aug 2017):
666 - Regression Bug #4112: ssl_engine does not accept cryptodev
667 - Bug 4687: Wrong names of components in man page, section SEE ALSO
668 - Bug 4671: various GCC 7 compile errors
669 - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions
670 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
671 - Bug 2833: Do not respond with HTTP/304 to unconditional requests
672 - Fix message packing error handling in mgr and snmp SMP Forwarders
673 - Fix mgr query handoff from the original recipient to Coordinator.
674 - ... and some documentation updates
676 Changes to squid-3.5.26 (01 Jun 2017):
678 - Bug 4711: SubjectAlternativeNames is missing in some generated certificates
679 - Bug 4695: squidpurge: GCC 7 build errors
680 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
681 - Bug 4682: Fix ssl_bump "bump" action documentation
682 - Bug 4653: %st lies about tunneled traffic volumes
683 - Bug 4589: ssl_crtd: returning zero on failure
684 - Bug 3772: message from FTP server gets mangled
685 - Bug 3102: FTP directory listing drops fist character of file names
686 - Add OpenSSL library details to -v output
687 - ... and some documentation updates
689 Changes to squid-3.5.25 (02 Apr 2017):
691 - Bug 4688: various typo error(s) in man page(s)
692 - Bug 4508: Host forgery stalls intercepted being-spliced connections
693 - Native FTP relay: NAT and TPROXY interception fixes
694 - Fix missing CRLF on FTP timeout ABORT commands
695 - TLS: Bump client on errors encountered before ssl_bump evaluation
696 - ext_kerberos_ldap_group_acl: fix unused value warnings
697 - Fix crash when configuring with invalid delay_parameters restore value.
698 - Check that -k argument is provided before trying to use it.
699 - ... and some build fixes
701 Changes to squid-3.5.24 (28 Jan 2017):
703 - Regression Bug 3940: Make 'cache deny' do what is documented
704 - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule
705 - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation
706 - Fix "Source and destination overlap in memcpy" Valgrind errors
707 - Reduce crashes due to unexpected ClientHttpRequest termination
708 - Update External ACL helpers error handling and caching
709 - Detect HTTP header ACL issues
710 - ... and some documentation fixes
712 Changes to squid-3.5.23 (16 Dec 2016):
714 - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
715 - Bug 4620: NetBSD build error with --enable-ipf-transparent
716 - Bug 4567: Strange IPv6 shown in access.log
717 - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
718 - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
719 - Bug 4169: HIT marked as MISS when If-None-Match does not match
720 - Bug 4007: Hang on DNS query with dead-end CNAME
721 - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
722 - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
723 - Bug 3533: Cache still valid after HTTP/1.1 303 See Other
724 - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
725 - Bug 3290: authenticate_ttl not working for digest authentication
726 - Bug 2258: bypassing cache but not destroying cache entry
727 - HTTP/1.1: make Vary:* objects cacheable
728 - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
729 - Support IPv6 NAT with PF for NetBSD and FreeBSD
730 - TLS: Make key= before cert= an error instead of quietly hiding the issue
731 - ... and some debug updates
732 - ... and some build fixes
733 - ... and several documentation updates
735 Changes to squid-3.5.22 (09 Oct 2016):
737 - Bug 4594: build failure with clang 3.9
738 - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified
739 - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception
740 - Bug 4228: ./configure bug/typo in r14394
741 - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
742 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
743 - Fix logged request size (%http::>st) and other size-related %codes
744 - Fix some memory leaks from putenv()
745 - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown
746 - Fix segfault crash when debugging section 4 at level 9
747 - HTTP: MUST ignore a [revalidation] response with an older Date header
749 Changes to squid-3.5.21 (08 Sep 2016):
751 - Bug 4563: duplicate code in httpMakeVaryMark
752 - Bug 4542: authentication credentials IP TTL updated incorrectly
753 - Bug 4534: assertion failure in xcalloc when using many cache_dir
754 - Bug 4428: mal-formed Cache-Control:stale-if-error header
755 - Bug 3025: Proxy-Authenticate problem using ICAP server
756 - Fix segfault via Ftp::Client::readControlReply()
757 - Fix SSL-Bump failure results in SEGFAULT
758 - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
759 - HTTP/1.1: do not allow Proxy-Connection to override Connection header
760 - SSL: CN wildcard must only match a single domain component [fragment]
762 Changes to squid-3.5.20 (01 Jul 2016):
764 - Bug 4523: smblib compile fails on NetBSD
765 - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
766 - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL
767 - Fix icons loading speed
768 - Fix OpenSSL detection on FreeBSD
769 - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open'
770 - Fix SEGFAULT parsing malformed adaptation service configuration
771 - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic
772 - Do not override user defined -std option
773 - Do not allow low-level debugging to hide important/critical messages
774 - Do not make bogus recvmsg(2) calls when closing UDS sockets
775 - Support unified EUI format code in external_acl_type
777 Changes to squid-3.5.19 (09 May 2016):
779 - Regression Bug 4515: interception proxy hangs
781 Changes to squid-3.5.18 (06 May 2016):
783 - Bug 4510: stale comment about 32KB limit on shared memory cache entries
784 - Bug 4509: EUI compile error on NetBSD
785 - Bug 4501: HTTP/1.1: normalize Host header
786 - Bug 4498: URL-unescape the login-info after extraction from URI
787 - Bug 4455: SegFault from ESIInclude::Start
788 - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
789 - Fix TLS/SSL server handshake alert handling
791 Changes to squid-3.5.17 (20 Apr 2016):
793 - Regression Bug 4480: logformat [.width_max]
794 - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt
795 - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
796 - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception
797 - Bug 4483: ./configure garbles -Og option in CFLAGS
798 - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc
799 - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name).
800 - Bug 4465: Header forgery detection leads to crash
801 - Bug 2460 partial: workaround deferred reads on shutdown and restart
802 - cachemgr.cgi: use dynamic MemBuf for internal content generation
803 - ESI: Fix several element construction issues
804 - TLS: Fix Handshake Error: ccs received early
805 - TLS: Add chained and signing cert to peek-then-bumped connections
806 - Fix some startup/shutdown crashes
808 Changes to squid-3.5.16 (02 Apr 2016):
810 - Bug 4476: Removed duplicated #include lines
811 - Bug 4452: squid -z segfaults with ufs
812 - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion
813 - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error
814 - Bug 4409: compile error when two Heimdal libraries are installed
815 - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
816 - pinger: Fix buffer overflow in Icmp6::Recv
817 - pinger: Fix select(2) to actually use max_fd
818 - pinger: drop capabilities on Linux
819 - Fix memory leak of HttpRequest objects
820 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
821 - Fix assertion failed: Write.cc:41: "!ccb->active()"
822 - Fix crash on shutdown while cleaning up idle ICAP connections
823 - RFC 7725: Add registry entry for 451 status text
824 - ... and some build issues
826 Changes to squid-3.5.15 (23 Feb 2016):
828 - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
829 - Fix multiple assertion on String overflows
830 - Fix unit test errors on MacOS
831 - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
832 - Log noise reduction for eCAP
834 Changes to squid-3.5.14 (16 Feb 2016):
836 - Bug 4437: Fix Segfault on Certain SSL Handshake Errors
837 - Bug 4431: C code is not compiled with CFLAGS
838 - Bug 4418: FlexibleArray compile error with GCC 6
839 - Bug 4378: assertion failed: DestinationIp.cc:60:
840 'checklist->conn() && checklist->conn()->clientConnection != NULL'
841 - Fix invalid FTP connection handling on blocked content
842 - Fix handling of shared memory left over by Squid crashes or bugs
843 - Fix mgr:config report 'qos_flows mark' output
844 - Fix compile error in CPU affinity
845 - Fix %un logging external ACL username
846 - Avoid more certificate validation memory leaks
847 - ... and some documentation updates
849 Changes to squid-3.5.13 (06 Jan 2016):
851 - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
852 - Bug 4387: Kerberos build errors on Solaris
853 - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
854 - TLS: Complete certificate chains using external intermediate certificates
855 - Avoid memory leaks when an X.509 certificate validator is used with SslBump
856 - Fix connection retry and fallback after failed server TLS connections
857 - Fix GnuTLS detection via pkg-config
858 - Fix startup crash with a misconfigured (too-small) shared memory cache
859 - ... and some documentation updates
861 Changes to squid-3.5.12 (28 Nov 2015):
863 - Bug 4374: refresh_pattern config parser (%)
864 - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
865 - Bug 4228: links with krb5 libs despite --without options
866 - Fix SSL_get_certificate() problem detection
867 - Fix TLS handshake problem during Renegotiation
868 - Fix cache_peer forceddomain= in CONNECT
869 - Fix status code-based HTTP reason phrase for eCAP-generated messages
870 - Fix build errors in cpuafinity.cc
871 - ... and several documentation updates
873 Changes to squid-3.5.11 (01 Nov 2015):
875 - Bug 3574: crashes on reconfigure and startup
876 - Bug 4347: compile errors with LibreSSL 2.3
877 - Bug 4281: copy-paste typos in src/tools.cc
878 - Bug 4279: No response from proxy for FTP-download of non-existing file
879 - Bug 4188: Bumping intercepted SSL connections does not work on Solaris
880 - Fix incorrect authentication headers on cache digest requests
881 - Fix connection stats, including %<lp, missing for persistent connections
882 - Fix invalid memory access issues in SBuf
883 - Avoid errors when parsing manager ACL in old squid.conf
885 Changes to squid-3.5.10 (01 Oct 2015):
887 - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
888 - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
889 - Bug 4323: Netfilter broken cross-includes with Linux 4.2
890 - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
891 - Bug 4208: more than one port in wccp2_service_info line causes error
892 - Bug 4303: PeerConnector.cc:743 "!callback" assertion.
893 - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
894 - Relicense ntlm_fake_auth.pl to GPLv2+
895 - Relicense smb_lm auth helper to GPLv2+
896 - Relicense SSPI helper to GPLv2+
897 - ... and several minor performance optimizations
899 Changes to squid-3.5.9 (17 Sep 2015):
901 - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
902 - Bug 4309: incorrect extensions detection in SSL Hello messages
903 - Bug 4309: crash during Skype login
904 - Bug 4284: missing sanity checks for malloc
905 - Regression Fix: CONNECT request debugging 11,2 traces
906 - Regression Fix: Quieten UFS cache maintenance skipped warnings
907 - TLS: Support SNI on generated CONNECT after peek
908 - ... and some documentation updates
910 Changes to squid-3.5.8 (02 Sep 2015):
912 - Regression Bug 4306: build portability fix in Kerberos helpers
913 - Bug 4302: IPFilter v5 transparent interception
914 - Bug 4301: compile errors with IPFilter interception
915 - Bug 4285 partial: %us is not supported in access.log
916 - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
917 - Bug 4242: compile errors with eCAP using clang-3.6
918 - Bug 3696: crash when client delay pools are activated
919 - Bug 3553: cache_swap_high ignored and maxCapacity used instead
920 - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
921 - Fix ignore of impossible SSL bumping actions, as intended and documented
922 - Fix memory leak in Surrogate-Capability header detection
923 - Fix truncated body length when RESPMOD service aborts
924 - Reject non-chunked HTTP messages with conflicting Content-Length values
925 - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
926 - ... and several portability and compile fixes
927 - ... and several documentation updates
929 Changes to squid-3.5.7 (01 Aug 2015):
931 - Bug 4293: wrong SNI sent to server after URL-rewrite
932 - Bug 4251: incorrect instance name for memory segments in /dev/shm
933 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
934 - Bug 3345: support %un (any available user name) format code for external ACLs.
935 - basic_smb_auth: Fix several old issues identified by Debian users
936 - Support ssl-bump splicing to origin cache_peer
937 - Fix SSL errors relayed using invalid certificates
938 - Fix crash in TcpAccepter with profiler enabled
939 - Fix some cases of ssl_crtd SSL certificate DB corruption
940 - Fix performance regression in SBuf::chop operations
941 - Improve handling of client connections on shutdown
942 - Handle exceptions during squid.conf parse
943 - Make pod2man an optional dependency
944 - ... and polishing for several cache.log notification messages
945 - ... and all fixes from squid 3.4.14
947 Changes to squid-3.5.6 (03 Jul 2015):
949 - Bug 4274: ssl_crtd.8 not being installed
950 - Bug 4193: memory leak on FTP listings
951 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
952 - Bug 3875: bad mimeLoadIconFile error handling
953 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
954 - Bug 3329: pinned server connection is not closed properly
955 - TLS: Disable client-initiated renegotiation
956 - ext_edirectory_userip_acl: fix uninitialized variable
957 - Support custom OIDs in *_cert ACLs
958 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers
959 - Use relative-URL in errorpage.css for SN.png
960 - Do not blindly forward cache peer CONNECT responses
961 - Fix assertion String.cc:221: "str"
962 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
963 - Translations: add Spanish US dialect alias
965 Changes to squid-3.5.5 (28 May 2015):
967 - Regression Bug 4132: short_icon_urls with global_internal_static on
968 - Bug 4238: assertion Read.cc:205: "params.data == data"
969 - Bug 4236: SSL negotiation error of 'success'
970 - Bug 3930: assertion 'connIsUsable(http->getConn())'
971 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
972 - Fix assertion errorpage.cc:600: "entry->isEmpty()"
973 - Fix comm_connect_addr on failures returns Comm:OK
974 - Fix missing external ACL helper notes
975 - Fix "Not enough space to hold server hello message" error message
976 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
977 - Prevent unused ssl_crtd helpers being run
978 - ... and some code cleanup and portability updates
979 - ... and several documentation updates
981 Changes to squid-3.5.4 (01 May 2015):
983 - Bug 4234: comm_connect_addr uses errno incorrectly
984 - Bug 4231: fd_open() not correctly handling UDS socket descriptions
985 - Bug 4226: digest_edirectory_auth: found but cannot be built
986 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
987 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
988 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump
989 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size
990 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
991 - Add server_name ACL matching server name(s) obtained from various sources
992 - Add Kerberos support for MAC OS X 10.x
993 - Support for resuming TLS sessions
994 - ... and some portability and compile fixes
995 - ... and several documentation updates
996 - ... and all fixes from squid 3.4.13
998 Changes to squid-3.5.3 (28 Mar 2015):
1000 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
1001 - Regression Bug 4206: Incorrect connection close on expect:100-continue
1002 - Bug 4204: ./configure does not abort when required helpers cannot be built
1003 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
1004 - Bug 2907: high CPU usage on CONNECT when using delay pools
1005 - basic_getpwnam_auth: fail authentication on crypt() failures
1006 - basic_nis_auth: fail authentication on crypt() failures
1007 - ext_kerberos_ldap_group_acl: Heimdal support improvements
1008 - ext_wbinfo_group_acl: Perl 5.20 support
1009 - ... and several compile issues
1011 Changes to squid-3.5.2 (18 Feb 2015):
1013 - Regression Bug 4176: Digest auth too many helper lookups
1014 - Regression Bug 4180: not-fully-initialized data member in ACLUserData
1015 - Bug 4172: Solaris broken krb5-config
1016 - Bug 4073: Cygwin compile errors
1017 - Bug 3919: remove several never-true / never-false comparisons
1018 - HTTPS: Add missing root CAs when validating chains that passed internal checks
1019 - Fix some cbdataFree related memory leaks
1020 - Quieten CBDATA 'leak' messages
1021 - Set SNI information in transparent bumping mode
1022 - negotiate_kerberos_auth: fix krb5.conf backward compatibility
1023 - Fix memory leaks in cachemgr.cgi URL parser
1024 - Fix sslproxy_options in peek-and-splice mode
1025 - ... and fix several portability and build issues
1026 - ... and some documentation updates
1027 - ... and all fixes from squid 3.4.11
1029 Changes to squid-3.5.1 (13 Jan 2015):
1031 - Fix handling of invalid SSL server certificates when splicing connections
1032 - basic_smb_lm_auth: Simplified MSNT basic auth helper
1033 - squidclient: Fix -A and -P options
1034 - ... and several portability fixes
1035 - ... and all fixes from squid 3.4.11
1036 - ... and a lot of documentation updates
1038 Changes to squid-3.5.0.4 (21 Dec 2014):
1040 - Bug 3826: pt 2: Provide a systemd .service file for Squid
1041 - Support http_access denials of SslBump "peeked" connections.
1042 - Fix DONT_VERIFY_DOMAIN ssl flag
1043 - Fix peek-and-splice mode: certificate validation for domain mismatched errors
1044 - negotiate_kerberos_auth: MEMORY keytab and replay cache support
1045 - ... and some documentation updates
1046 - ... and a large amount of code polishing (non-logic changes)
1048 Changes to squid-3.5.0.3 (09 Dec 2014):
1050 - Bug 4146: workaround SSL Bump crash on Linux
1051 - Bug 4135: Support \-escaped characters in regex patterns
1052 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
1053 - Fix delay_parameters parsing
1054 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
1055 - ... and all changes from squid 3.4.10
1056 - ... and a lot of documentation updates
1058 Changes to squid-3.5.0.2 (31 Oct 2014):
1060 - Fix FTP socket opening during reconfigure
1061 - ... and all changes from 3.4.9
1062 - ... and some build errors in rarely used code
1063 - ... and several documentation updates
1065 Changes to squid-3.5.0.1 (17 Oct 2014):
1067 - Port from 2.7: redirector and logging urlgroup feature
1068 - Bug 4093: source-maintenance.sh bad perl -i option
1069 - Bug 3608: per-service name for workers UDS sockets
1070 - Bug 2554: 32-bit wrap in AUFS counters
1071 - Bug 1961 pt1: URL handling redesign
1072 - Bug 1202 pt1: documentation for refresh_pattern algorithms
1073 - Update Squid boilerplate copyright/license
1074 - Update the http(s)_port directives protocol= parameter
1075 - Update forward_max_tries to permit 25 server paths
1076 - Update Kerberos library detection and build options
1077 - Support ACLs on ftp_epsv directive
1078 - Support >32KB objects in cache_dir rock storage
1079 - Support client connection annotation by helpers via clt_conn_tag=TAG
1080 - Support native FTP Relay
1081 - Support libgnugss Kerberos library
1082 - Support libecap v1.0
1083 - Support SSL Peek and Splice feature
1084 - Support receiving PROXY protocol version 1 and 2
1085 - Replace --enable-ssl build option with --with-openssl
1086 - Enable -n service name command line option for all Squid builds
1087 - Enable ICAP client by default
1088 - Fix configuration file parsing bugs, related to quoted strings
1089 - Fix Windows MinGW build errors
1090 - Fix multiple TCP outgoing TOS/DiffServ bugs
1091 - Fix Cygwin /etc/resolv.conf parsing
1092 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
1093 - Fix crash reading malformed config files
1094 - Send selected SSL version and cipher to the certificate validation helper
1095 - Validate server certificates without bumping
1096 - Add zero-copy string buffer support
1097 - Add automated squid.conf parser testing with squid -k parse
1098 - Add adaptation_service ACL
1099 - Add logformat code %tS to log transaction start time
1100 - Add logformat code %>rd to log client URL domain name
1101 - Add key_extras to proxy authentication
1102 - Add url_rewrite_extras and store_id_extras directives
1103 - Add send_hit and store_miss directives
1104 - Add collapsed_forwarding directive
1105 - Add sslproxy_cert_sign_hash directive
1106 - Add SMP SSL session cache
1107 - Add cache_peer standby connections
1108 - Add helper ext_delayer_acl
1109 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
1110 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
1111 - Remove COSS storage in favour of Rock storage
1112 - Remove dnsserver and external DNS helper API in favour of mDNS
1113 - Remove broken mallinfo() accounting and memory tracing
1114 - Remove hierarchy_stoplist in favour of always_direct
1115 - Deprecate tag ACL type in favour of note ACL type
1116 - Deprecate urlgroup feature in favour of note ACL type
1117 - HTTP/1.1: method names are case-sensitive
1118 - HTTP/1.1: register new headers from RFC 723x
1119 - squidclient: polish and update help display
1120 - squidclient: support TLS with GnuTLS 3.1.5+
1121 - squidclient: support verbosity levels
1122 - squidclient: --ping mode module support
1123 - url_fake_rewrite: support concurrency
1124 - storeid_file_rewrite: support concurrency
1125 - digest_file_auth: support concurrency
1126 - digest_edirectory_auth: support concurrency
1127 - digest_ldap_auth: support concurrency
1128 - ... and many error page translation updates
1129 - ... and much code cleanup and polishing
1131 Changes to squid-3.4.14 (01 Aug 2015):
1133 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
1135 Changes to squid-3.4.13 (01 May 2015):
1137 - Bug 4212: ssl_crtd crashes with corrupt database
1138 - ... and some documentation updates
1139 - ... and all fixes from squid 3.3.14
1141 Changes to squid-3.4.12 (18 Feb 2015):
1143 - Bug 4066: Digest auth nonce indefinite rollover
1144 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations
1145 - Fix several crashes when debugging enabled
1146 - Fix silent SSL/TLS failure on split-stack operating systems
1147 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
1148 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
1149 - Remove dst ACL dependency on HTTP request message existence
1150 - Set cap_net_admin when Squid sets TOS/Diffserv packet values
1151 - ... and some documentation updates
1153 Changes to squid-3.4.11 (13 Jan 2015):
1155 - Bug 4164: SEGFAULT when %W formating code used in errorpages
1156 - Bug 4057: Avoid on-exit crashes when adaptation is enabled.
1157 - Bug 3760: squidclient ignores --disable-ipv6
1158 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
1159 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
1160 - cachemgr.cgi: memory leak in request parser
1161 - Deleting first fs left psstate->servers pointing to uninitialized memory
1162 - ... and some build issues
1164 Changes to squid-3.4.10 (09 Dec 2014):
1166 - Bug 4148: external_acl_type header format does not accept the new libformat syntax
1167 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
1168 - Bug 4033: Rebuild corrupted ssl_db/size file
1169 - Bug 3902: Docs: external_acl_type cache hash key
1170 - Fix segmentation fault in ACL urlpath_regex
1171 - Fix bootstrap.sh dependency on SPONSORS.list
1172 - Alternate-Protocol is a hop-by-hop header
1173 - HTTP/2: Support 421 (Misdirected Request) status code
1175 Changes to squid-3.4.9 (31 Oct 2014):
1177 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
1178 - Bug 4102: sslbump cert contains only a dot character in key usage extension
1179 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1180 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
1181 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment
1182 - Bug 3803: ident leaks memory on failure
1183 - kerberos_ldap_group/cert_tool: Remove ksh dependency
1184 - ... and some automated code style updates
1185 - ... and some documentation updates
1187 Changes to squid-3.4.8 (15 Sep 2014):
1189 - Fix off by one in SNMP subsystem
1190 - pinger: Fix various ICMP handling issues
1192 Changes to squid-3.4.7 (28 Aug 2014):
1194 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
1195 - Bug 4080: worker hangs when client identd is not responding
1196 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
1197 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1198 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
1199 - Enable compile-time override for MAXTCPLISTENPORTS
1200 - ntlm_sspi_auth: Fix various build errors
1201 - negotiate_wrapper: Fix build issues with non-portable vfork()
1202 - negotiate_sspi_auth: Portability fixes for MinGW
1203 - ext_lm_group_acl: Portability fixes for MinGW
1204 - ... and several minor memory leaks
1206 Changes to squid-3.4.6 (25 Jun 2014):
1208 - Regression: segmentation fault logging with %tg format specifier
1209 - Bug 4065: round-robin neighbor selection with unequal weights
1210 - Bug 4056: assertion MemPools[type] from netdbExchangeStart()
1211 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
1212 - Fix segmentation fault setting up server SSL connnection
1213 - Fix hanging Non-HTTPS connections on SSL-bump enabled port
1214 - Fix Cache Manager actions listed more than once
1215 - ... and many minor memory leaks
1216 - ... and several portability build issues
1217 - ... and some documentation updates
1219 Changes to squid-3.4.5 (02 May 2014):
1221 - Regression Bug 4051: inverted test on CONNECT payload existence
1222 - Regression Fix: order dependency between cache_dir and maximum_object_size
1223 - Fix logformat %note display
1224 - Resolve 'dying from an unhandled exception: c'
1226 Changes to squid-3.4.4.2 (23 Apr 2014):
1228 - version bump for packaging re-build with altered toolchain
1230 Changes to squid-3.4.4.1 (23 Apr 2014):
1232 - Regression Bug 4019: Cache digest exchange segmentation fault
1233 - Regression Bug 3982: EUI logging and helpers show blank MAC address
1234 - Bug 4047: Support Android builds
1235 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
1236 - Bug 4041: Missing files in compat/Makefile.am
1237 - Bug 4014: Build failure with --disable-optimizations --disable-auth
1238 - Bug 3986: (partial) assertion due to incorrect error page buffer size
1239 - Bug 3955: Solaris EUI-48 lookup leaks FDs
1240 - Bug 3371: CONNECT with data sent at once loses data
1241 - C++11: Upgrade auto-detection to use the formal -std=c++11
1242 - Crypto-NG: libnettle MD5 algorithm support
1243 - SSL-Bump: Fix Basic auth caching on bumped connections
1244 - Store-ID: Fix request URI when forwarding requests to peers
1245 - ... and fix several other build errors
1246 - ... and some documentation updates
1248 Changes to squid-3.4.4 (09 Mar 2014):
1250 - Bug 4029: intercepted HTTPS requests bypass caching checks
1251 - Bug 4001: remove use of strsep()
1252 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
1253 - Fix stalled concurrent rock store reads
1254 - Fix helper ID number assignment
1255 - Fix build failures from CMSG related definitions
1256 - Fix build failures from libcompat unsafe.h protections
1257 - Copyright: Relicense helpers by Treehouse Networks Ltd.
1258 - ... and all bug fixes from 3.3.12
1260 Changes to squid-3.4.3 (02 Feb 2014):
1262 - Bug 4008: HttpHeader warnOnError should be an int not a bool
1263 - Bug 4002: clang 3.4 unable to compile
1264 - Bug 3996: Malformed DNS reply leads to crash
1265 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2
1266 - Bug 3975: atomic detection cross-compilation failure
1267 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
1268 - Bug 3954: compile failure in CpuAffinity.cc
1269 - Bug 3927: tests/testRock fatal.cc required
1270 - Fix memory leak in peer Cache Digest exchange
1271 - Fix external_acl_type async loop failures
1272 - Fix destination IP address cycling
1273 - ... and a few polishing changes
1275 Changes to squid-3.4.2 (30 Dec 2013):
1277 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
1278 - Regression Fix: \-unescaping in quoted strings from helpers
1279 - Regression Fix: URL helper API bypassing on URL containing '=' character
1280 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
1281 - Bug 3806: Caching responses with Vary header
1282 - Bug 3498: FTP PUT assertion
1283 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
1284 - Enable concurrency by default for SSL certificate validator
1285 - ... and fix several build errors
1287 Changes to squid-3.4.1 (09 Dec 2013):
1289 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate
1290 - Bug 3589: intercepted and ICAP modified request using a cache_peer
1291 - ... and several portability fixes
1292 - ... and some documentation updates
1294 Changes to squid-3.4.0.3 (01 Dec 2013):
1296 - Bug 3941: Release notes error
1297 - Receive annotations from authentication and external ACL helpers
1298 - basic_nis_auth: Improved portability
1299 - ... and several documentation updates
1300 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
1302 Changes to squid-3.4.0.2 (03 Oct 2013):
1304 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1
1305 - Regression Fix: re-disable MinGW C++11 support
1306 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
1307 - Fix memory leak in refresh_pattern parsing
1308 - negotiate_kerberos_auth: upgrade to present group= keys
1309 - Handle NTLM helper returning OK without user= value
1310 - Add dns_multicast_local to control mDNS operation
1311 - Add --disable-arch-native build option
1312 - Display Build-Info in cache manager info report
1313 - ... and all changes from squid 3.3.9
1314 - ... and some code and debug output polishing
1316 Changes to squid-3.4.0.1 (29 Jul 2013):
1318 - Port from 2.7: StoreURL (renamed Store-ID) support
1319 - Bug 3795: fix several mistakes in the MIB file
1320 - Bug 3793: configure: improved helper detection
1321 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
1322 - Bug 3676: Support GCC 4.7 with -Wshadow option
1323 - Bug 3643: NTLM helpers stuck in reserved state by Safari
1324 - Bug 3389: Auto-reconnect for tcp access_log
1325 - Bug 2066: squid does not do chdir() after chroot()
1326 - Fix uninitialized fields in IcapLogEntry
1327 - Fix a number of minor issues detected by Coverity Scan
1328 - Fix some potential memory leaks detected by Coverity Scan
1329 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
1330 - Fix ACL matching algorithm to avoid repeating tests
1331 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
1332 - squidpurge: fix META TLV parsing issues
1333 - squid.conf: enforce all the directive and option names are lower-case
1334 - Support EUI on HTTPS and FTP data connections
1335 - Support OK/ERR/BH response codes from any helper
1336 - Support No-lookup flag (-n) on DNS ACLs
1337 - Support -march=native compiler optimization by default
1338 - Support forwarding intercepted but not bumped connections to cache_peers
1339 - Support IPv6 NAT interception on Linux and some BSD
1340 - Deprecate log_icap and log_access configuration directives
1341 - HTTP/1.1: improved method invalidation and cacheability detection
1342 - HTTP/1.1: support length configuration for pipeline_prefetch queue
1343 - Improved TPROXY support for OpenBSD and FreeBSD
1344 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
1345 - Add all-of and any-of ACL types for grouping sets of ACL tests
1346 - Add note directive for transaction annotations
1347 - Add %note log format for transaction annotation logging
1348 - Add note ACL type for matching annotated transactions with by annotation name or value
1349 - Add kv-pair support to URL-rewrite/redirector interface
1350 - Add SSL server certificate validator interface, helper and result cache
1351 - Add SSL server certificate fingerprint ACL type
1352 - Add spoof_client_ip access control
1353 - Add pt-bz (Belize Portuguese) dialect to translations
1354 - ... and many Windows portability changes (still incomplete)
1355 - ... and many documentation changes
1356 - ... and much code cleanup and polishing
1358 Changes to squid-3.3.14 (01 May 2015):
1360 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1361 - ... and some documentation updates
1362 - ... and all fixes from squid 3.2.14
1364 Changes to squid-3.3.13 (28 Aug 2014):
1366 - Fix segmentation fault setting up server SSL connnection
1367 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1369 Changes to squid-3.3.12 (09 Mar 2014):
1371 - Regression Bug 3769: client_netmask not evaluated since Comm redesign
1372 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections
1373 - Bug 3969: Fix credentials caching for Digest authentication
1374 - Bug 3806: Caching responses with Vary header
1375 - Fix umask default on crash report generated email
1376 - Fix pthread library detection on FreeBSD 10
1377 - Avoid assertions on Range requests that trigger Squid-generated errors.
1379 Changes to squid-3.3.11 (01 Dec 2013):
1381 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
1382 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
1383 - Bug 3970: max_filedescriptors disabled due to missing setrlimit
1384 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
1385 - Bug 3960: DEAD cache_peer are not revived
1386 - Bug 3956: xstrndup: tried to dup a NULL pointer
1387 - Bug 3906: Filedescriptor leaks in SNMP
1388 - Bug 3782: Digest authentication not obeying nonce_max_count
1389 - HTTP/1.1: Make header parser obey relaxed_header_parser
1390 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
1391 - SMP: Replace blocking sleep(3) and close UDS socket on failures
1392 - Windows: fix several compile errors
1394 Changes to squid-3.3.10 (03 Nov 2013):
1396 - Bug 3929: request_header_add not working for tunnel requests
1397 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
1398 - Bug 3918: Self Test Failures on Mac OS X 10.8
1399 - Bug 3887: tcp_outgoing_tos not working for IPv6
1400 - Bug 3836: Fix issues with automake 1.13+ and make check
1401 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
1402 - Fix pinning hierarchy log information
1403 - Fix close idle client connections associated with closed idle pinned connections.
1404 - Fix cbdata 'error: expression result unused' errors
1405 - Avoid "hot idle": A series of rapid select() calls with zero timeout.
1406 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off
1407 - ntlm_fake_auth: pass DOMAIN data to Squid in original case
1408 - kerberos_ldap_group: fix LDAP string duplication
1409 - Use IPv6 localhost nameserver on DNS configuration errors
1410 - Add cache_miss_revalidate
1411 - ... and several portability improvements
1413 Changes to squid-3.3.9 (11 Sep 2013):
1415 - Regression Bug 3077: off-by-one error in Digest header decoding
1416 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access
1417 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection
1418 - Bug 3863: myportname acl causes segmentation fault
1419 - Bug 3849: Duplicate certificate sent when using https_port
1420 - Bug 2287: Better fix for unsupported HTTP version handling
1421 - Bug 2112: Reload into If-None-Match
1422 - Fix several assert with side effects in ICAP/eCAP response handling
1423 - Fix myportname ACL on ICAP/eCAP transactions
1424 - Fix external ACL user:pass detail logging after adaptation
1425 - Fix SMP mgr:info report 'Largest file desc currently in use'
1426 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
1427 - Improved compatibility with gcc 4.8, clang and icc
1428 - Show number of available filedescriptors when reserved FD changes
1429 - Sync with newest OpenSSL error codes
1430 - Register Http2-Settings header
1431 - ... and many Windows portability fixes
1433 Changes to squid-3.3.8 (13 Jul 2013):
1435 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1436 - Improved handling of port values in Host: header validation
1438 Changes to squid-3.3.7 (11 Jul 2013):
1440 - Bug 3297: Fix openSSL related build failures
1441 - Fix build on FreeBSD 9.x platform with clang
1442 - Protect against buffer overrun in DNS query generation
1444 Changes to squid-3.3.6 (01 Jul 2013):
1446 - Bug 3854: pt1: compile errors on AIX
1447 - Bug 3802: Fix wrong check inside Format::Format::assemble
1448 - Bug 3762: remove bogus WARNING in cache.log
1449 - Bug 3717: assertion failed with dstdom_regex with IP based URL
1450 - Bug 1991: kqueue causes SSL to hang
1451 - Ask for SSL key password when started with -N but without sslpassword_program
1452 - Make sure %<tt includes all [failed] connection attempts
1453 - Support HTTP reply ACLs in icap_log and log_icap
1454 - Fix incorrect external_acl_type codes
1455 - Fix ICAP logging request headers and segmentation faults
1456 - ... and some documentation polish
1458 Changes to squid-3.3.5 (20 May 2013):
1460 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
1461 - Bug 3845: http_port tcpkeepalive= option fails parsing
1462 - Bug 3840: assertion failed 'sde' in UFS cache loading
1463 - Bug 3836: make check failures with automake-1.13
1464 - Bug 3827: Remove AccessLogEntry::cache.authuser
1465 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1466 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
1467 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
1468 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
1469 - Port from 2.6: external acl %ACL and %DATA tags
1470 - Update copyright on SN.png
1471 - ... and several minor memory leaks
1472 - ... and some documentation polish
1474 Changes to squid-3.3.4 (27 Apr 2013):
1476 - Bug 3831: basic_ncsa_auth Blowfish and SHA support
1477 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1478 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity
1479 - Bug 3781: Proxy Authentication not sent to cache_peer
1480 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
1481 - Bug 3720 pt2: Add missing include in /dev/poll I/O module
1482 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
1483 - Add support for TPROXY on BSD
1484 - Fix SSL Bump bypass for intercepted traffic
1485 - Fix memory leaks in ConnStateData pinning
1486 - Fix external_acl.cc "inBackground" assertion on queue overloads
1487 - CacheMgr: fix missing column separator in helper stats
1488 - OpenBSD: libpthreads requires OpenBSD 5.2 or later
1489 - ... and lots of documentation updates
1490 - ... and all changes from squid 3.2.10
1492 Changes to squid-3.3.3 (12 Mar 2013):
1494 - Bug 3720: Add missing include in /dev/poll I/O module (pt2)
1495 - ... and all changes from squid 3.2.9
1497 Changes to squid-3.3.2 (02 Mar 2013):
1499 - Bug 3781: Proxy Authentication not sent to cache_peer
1500 - Bug 3794: MacOS: workaround compiler errors
1501 - Bug 3720: Compile error in Solaris /OpenIndiana
1502 - ... and all changes from squid 3.2.8
1504 Changes to squid-3.3.1 (09 Feb 2013):
1506 - Bug 3726: build errors with --disable-ssl
1507 - Propigate pinned connection persistency and closures to the client.
1508 - Mimic SSL certificate Key Usage and Basic Constraints
1509 - Fix segmentation fault on missing squid.conf values
1510 - ext_sql_session_acl: Fix hex decoding on UID
1511 - ... and some code polish
1512 - ... and a lot of documentation polish
1513 - ... and all changes from squid 3.2.7
1515 Changes to squid-3.3.0.3 (09 Jan 2013):
1517 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1518 - Bug 3728: Improve debug for cache_dir
1519 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1520 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
1521 - kqueue: update status from experimental to fully available net I/O method
1522 - ... and many memory leaks and potential bugs detected by Coverity Scan
1524 Changes to squid-3.3.0.2 (03 Dec 2012):
1526 - Support matching empty header field values using req_header and rep_header
1527 - ... and some minor code polish and input vaidations
1528 - ... and all changes from squid 3.2.4
1530 Changes to squid-3.3.0.1 (21 Oct 2012):
1532 - Bug 3610: Add peername_regex ACL
1533 - Bug 3239: rename myip/myport as localip/localport
1534 - Bug 3130: helpers are crashing too rapidly
1535 - Add log_db_daemon SQL Database Logging Daemon
1536 - Add ext_time_quota_acl helper managing sessions by bandwidth usage
1537 - Add request_header_add option
1538 - Support C++11 features where possible
1539 - Support bump-ssl-server-first
1540 - Support mimic SSL server certificates
1541 - Remove --enable-ntlm-fail-open
1542 - Fix TLS/SSL Options does not apply to the dynamically generated certificates
1543 - Fix SslBump stuck after error
1544 - Polish: display ACL enumeration text in debugs
1545 - ... and many portability fixes for MacOS X, Windows and others
1546 - ... and many compile error fixes
1547 - ... and a very large amount of code polish for faster compilation
1549 Changes to squid-3.2.14 (01 May 2015):
1551 - Fix 'access_log none' to prevent following logs being used
1552 - Fix X509 server certificate domain matching
1553 - ... some documentation updates
1555 Changes to squid-3.2.13 (13 Jul 2013):
1557 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1558 - Improved handling of port values in Host: header validation
1560 Changes to squid-3.2.12 (11 Jul 2013):
1562 - Protect against buffer overrun in DNS query generation
1563 - Avoid !closing assertions when helpers call comm_read during reconfigure.
1564 - Fix several minor memory leaks during reconfigure
1565 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
1567 Changes to squid-3.2.11 (30 Apr 2013):
1569 - Regression Bug 3839: build error: src/tools.h: No such file or directory
1570 - Update copyright on SN.png
1572 Changes to squid-3.2.10 (27 Apr 2013):
1574 - Bug 3833: squidclient: Option '-k' is not present in man(1) page
1575 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
1576 - Bug 3822: Locate LDAP and SASL headers for BSD support
1577 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
1578 - Bug 3774: 'squid -k reconfigure' drops rock cache
1579 - Bug 3565: Resuming postponed accept kills Squid
1580 - HTTP/1.1: partial support for no-cache and private controls with parameters
1581 - ssl_crtd: fix helpers dying during startup on ARM
1582 - GNU Hurd: define MAP_NORESERVE as no-op when missing
1583 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
1585 Changes to squid-3.2.9 (12 Mar 2013):
1587 - Regression fix: Accept-Language header parse
1588 - Bug 3673: Silence 'Failed to select source' messages
1589 - Fix authentication headers sent on peer digest requests
1590 - Fix build error on Solaris, OpenIndiana, Omnios
1592 Changes to squid-3.2.8 (02 Mar 2013):
1594 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
1595 - Bug 3763: diskd Error: no filename in shm buffer
1596 - Bug 3752: objects that cannot be cached in memory are not cached on disk
1597 - Bug 3753: Removes the domain from the cache_peer server pconn key
1598 - Bug 3749: IDENT lookup using wrong ports to identify the user
1599 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
1600 - Bug 3686: cache_dir max-size default fails
1601 - Bug 3515: crash in FtpStateData::ftpTimeout
1602 - Bug 3329: Quieten orphan Comm::Connection messages
1603 - Make squid -z for cache_dir rock preserve the rock DB
1604 - Fixed several server connect problems
1605 - ... and some build issues on Solaris, OpenIndiana, MacOS X
1606 - ... and some documentation and debugs polishing
1608 Changes to squid-3.2.7 (01 Feb 2013):
1610 - Bug 3736: Floating point exception due to divide by zero
1611 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
1612 - Bug 3732: Fix ConnOpener IPv6 awareness
1613 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1614 - Bug 3728: Improve debug for cache_dir
1615 - Bug 3687: unhandled exception: c when using interception and peers
1616 - Bug 3678: external acl grace period causes acl lookup failures
1617 - Bug 3567: Memory leak handling malformed requests
1618 - Bug 3111: Mid-term fix for the forward.cc "err" assertion
1619 - Support OpenSSL NO_Compression optio
1620 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
1621 - Fix "address.GetPort() != 0" assertion for helpers
1622 - ... and several minor memory leaks
1623 - ... and some cache.log message polishing
1625 Changes to squid-3.2.6 (09 Jan 2013):
1627 - Regression Bug 3731: TOS setsockopt() requires int value
1628 - Regression Bug 3712: Rotating logs overwrites the previous log
1629 - Bug 3727: LLVM compile errors in kerberos_ldap_group
1630 - Bug 3650: Negotiate auth missing challenge token
1631 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1633 Changes to squid-3.2.5 (10 Dec 2012):
1635 - Bug 3698: Add missing include of errno.h
1637 Changes to squid-3.2.4 (03 Dec 2012):
1639 - Ported: urllogin ACL from squid 2.7
1640 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
1641 - Bug 3677: Port un-pinning logic changes from squid 3.3
1642 - Bug 3405: ssl_crtd crashes failing to remove certificate
1643 - ... and major bugs fixed in squid 3.1.22
1644 - Fix accept_filter on Linux
1645 - Remove 'Bungled' warning on missing component directives
1646 - ... and many buffer and memory leak issues in the bundled helpers
1647 - ... and a small amount of code polishing
1649 Changes to squid-3.2.3 (21 Oct 2012):
1651 - Regression: SMP crashes on startup with workers > 1
1652 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
1653 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
1654 - HTTP/1.1: honour Cache-Control before Pragma:no-cache
1655 - HTTP/1.1: Cache-Control compliance upgrade
1656 - Remove obsoleted refresh_pattern ignore-no-cache option
1657 - Fix IPv6 enabled squidclient
1658 - ... and several compile fixes
1660 Changes to squid-3.2.2 (06 Oct 2012):
1662 - Regression: Make login=PASS send no credentials when none available
1663 - Regression: Handle dstdomain duplicates and overlapping names better
1664 - Bug 3661: Segmentation fault when using more than 1 worker
1665 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
1666 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
1667 - Bug 3648: polish String class files
1668 - Bug 3647: parsing hier_code acl fails
1669 - Bug 3626: forwarding loops on intercepted traffic
1670 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
1671 - Bug 3609: several RADIUS helper improvements
1672 - Bug 3605: memory leak in Negotiate authentication
1673 - Fix small memory leak in src ACL parse
1674 - Fix maximum_single_addr_tries upgrade
1675 - Fix chunked encoding on responses carrying a Content-Range header.
1676 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
1677 - ... and several compile errors
1679 Changes to squid-3.2.1 (15 Aug 2012):
1681 - Bug 3605: memory leak in peer selection
1682 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
1683 - ... and some documentation updates
1685 Changes to squid-3.2.0.19 (02 Aug 2012):
1687 - Regression Bug 3580: IDENT request makes squid crash
1688 - Regression Bug 3577: File Descriptors not properly closed
1689 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
1690 - Regression Fix: Restore memory caching ability
1691 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
1692 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
1693 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
1694 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
1695 - Support custom headers in [request|reply]_header_* manglers
1696 - ... and much code polishing
1698 Changes to squid-3.2.0.18 (29 Jun 2012):
1700 - Bug 3576: ICY streams being Transfer-Encoding:chunked
1701 - Bug 3537: statistics histogram leaks memory
1702 - Bug 3526: digest authentication crash
1703 - Bug 3484: Docs: sslproxy_cert_error example flawed
1704 - Bug 3462: Delay Pools and ICAP
1705 - Bug 3405: ssl_crtd crashes failing to remove certificate
1706 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
1707 - Bug 3258: Requests hang when Host forgery verify fails
1708 - Bug 3186: Digest auth caches failed state without revalidating
1709 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
1710 - Bug 2885: AIX: check and set required compiler flags
1711 - Fix ssl_crtd compile issues with libsslutil
1712 - Fix build with GCC 4.7 (and probably other C++11 compilers).
1713 - Fix double-escape of %R on deny_info redirect responses
1714 - Support status 308 Permanent Redirect
1715 - Support for TLSv1.1 and TLSv1.2 options and methods
1716 - Support passing external_acl_type credentials on ICAP
1717 - Language Updates: fr, hy, pt_BR
1718 - ... and many compile issues on Windows
1719 - ... and some minor code polish
1721 Changes to squid-3.2.0.17 (12 Apr 2012):
1723 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
1724 - Bug 3509: kQueue compile error
1725 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
1726 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
1727 - Bug 3397: do not mark connection as opened until after SYN-ACK
1728 - Bug 3193: NTLM decoder truncating strings
1729 - Windows FD handling polish and some fixes
1730 - Solaris 9/10 various build fixes
1731 - ... and some more code polish
1733 Changes to squid-3.2.0.16 (07 Mar 2012):
1735 - Bug 3508: Correct DNS timeout handling.
1736 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
1737 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
1738 - Bug 3490: part 1: SegFault opening FTP active data connections
1739 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
1740 - Bug 3458: Icon Serving (squid-internal-static) Broken
1741 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
1742 - Bug 3381: 32-bit overflow assertion in StatHist
1743 - Bug 3324: loadFromFile: parse error while reading template file
1744 - Support sslpassword_program for ssl-bump HTTP ports
1745 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
1746 - Retry requests that failed due to a persistent connection race
1747 - Log '-' on requests with no Referer or User-Agent headers
1748 - ... and several fixes related to in-transit object performance
1749 - ... and some structural design changes for portability
1751 Changes to squid-3.2.0.15 (06 Feb 2012):
1753 - Bug 3472: segfault with the message 'urlParse: URL too large'
1754 - Bug 3471: segfault when %la formating code used
1755 - Bug 3449: part 3: shm_open can fail with a mangled path
1756 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
1757 - Bug 3448: 204 response problem in adaptation chains
1758 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
1759 - Bug 3461: build regression in IPFilter NAT
1760 - Bug 3413: raise cbdata lock limits
1761 - Bug 3391: forwarded_for log functionality broken
1762 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
1763 - Bug 3268: remove wrong 'Ready to serve requests.' message
1764 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
1765 - Disable OpenSSL SSL/TLS bug workarounds by default
1766 - Send DNS A and AAAA queries in parallel
1767 - Cache Manager migration support
1768 - Allow service of internal requests over reverse-proxy ports
1769 - Fix trimMemory for unswappable objects
1770 - ... and several build and polish fixes
1772 Changes to squid-3.2.0.14 (12 Dec 2011):
1774 - Bug 3433: Segfault closing SNMP
1775 - Bug 3420: Request body consumption races and !theConsumer exception.
1776 - Bug 3406: SSL Log Error in debug
1777 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
1778 - Bug 3383: unhandled exception: theGroupBSize > 0
1779 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
1780 - Bug 3367: fix inverted check on host_strict_verify
1781 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
1782 - Bug 3364: SNMP Orphans
1783 - Bug 3301: ERR_DNS_FAIL never shown
1784 - Bug 3150: do not start useless unlinkd
1785 - ext_session_acl: version 1.2
1786 - Add adaptation_meta option
1787 - Add a mask on the qos_flows miss configuration value
1788 - Support intermediate CA in ssl-bump traffic certificates
1789 - Support SSL certificate failure details on error page
1790 - Fix flags for NAT intercept and TPROXY not set correctly
1791 - Fix fastCheck() default result on multi-line actions
1792 - Fix missing SMP shared memory statistics
1793 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
1794 - ... and several other TCP and SMP support behaviour fixes
1795 - ... and many code polishing cleanups and fixed build errors
1796 - ... and several documentation polishings
1798 Changes to squid-3.2.0.13 (14 Oct 2011):
1800 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
1801 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
1802 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
1803 - Regression fix: always_direct/never_direct failures
1804 - Regression fix: stop an SSL header file being included after --disable-ssl
1805 - Regression fix: parse HTTP list headers with embedded 8-bit characters
1806 - Bug 3355: configure setting --with-swapdir ignored
1807 - Bug 3325: option to selectively enable strict host verify checks
1808 - Bug 3337: HTTP status 200 is not accepted for deny_info
1809 - Bug 3077: '\' in url query strings cause Digest authentication to fail
1810 - Support SMP worker shared memory cache
1811 - Support SMP worker shared disk cache (rock)
1812 - ext_session_acl: version 1.1
1813 - Fix Host verify: do not pinn destination IP if URL re-write has been done
1814 - Fix IPF interception
1815 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
1816 - Fix ssl_crtd CertificateDB locking scheme
1817 - ... and all changes from 3.1.16
1818 - ... and many compile and polishing fixes
1820 Changes to squid-3.2.0.12 (17 Sep 2011):
1822 - Regression Bug 3335: ICAP service is down
1823 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
1824 - Regression Bug 3303: Support for non-English usernames in log files
1825 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
1826 - Regression: %I shows hostname on SSL error page
1827 - Regression: FTP outgoing port always 'in use' on PASV connections
1828 - Bug 3337: (partial) status 200 is not accepted for deny_info
1829 - Bug 3319: Inconsistencies in error messages
1830 - Bug 3281: pconn in-use while closing assertion
1831 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
1832 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
1833 - Adjust format code %la for intercepted connections
1834 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
1835 - Send RST packet when closing an ICAP connection after a transaction error
1836 - Support maximum field width for string access.log fields
1838 Changes to squid-3.2.0.11 (28 Aug 2011):
1840 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
1841 - Host: authority validation of intercepted destination IP
1842 - Host: authority validation of request URL
1843 - Host: authority validation of CONNECT tunnel destination
1844 - Preserve client destination IP in intercepted communication
1845 - Regression Bug 3316: Failed to connect to nameserver using TCP
1846 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
1847 - Regression Bug 3310: %<pt translates as %<p
1848 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
1849 - Regression Bug 3288: %<la and %<lp not displaying
1850 - Bug 3289: cache manager parameters not parsed without password
1851 - Bug 2279: Log Format options to log server source IP and port
1852 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
1853 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
1854 - Bug 3118: ecap_enable on forces icap_enable on
1855 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
1856 - Default to vhost for accelerator mode (reverse proxy)
1857 - Display HTTP protocol syntax at section 11 level 2
1858 - Support for using custom keys in CARP parents
1859 - Optimize regular expression ACLs
1860 - ... and a lot of code portability fixes
1861 - ... and all bugs and polish changes from 3.1.15
1863 Changes to squid-3.2.0.10 (24 Jul 2011):
1865 - Port from 2.7: act-as-origin for reverse proxy ports
1866 - Regression fix: broken --disable-ipv6
1867 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
1868 - Regression fix: vhost and defaultsite causing vport to be ignored
1869 - Regression fix: several errors in persistent connection handling
1870 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
1871 - Regression Bug 3245: reconfigure assertion in MemPools[type]
1872 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
1873 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
1874 - Regression Bug 3269: cache.log applyQueryParams messages
1875 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
1876 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
1877 - Bug 3267: workers IPC mount points disobey --localstatedir
1878 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
1879 - Bug 3247: Domain from URL Stripped when going through peers
1880 - Bug 3244: wrong port for peer relayed requests
1881 - Bug 3195: kerberos_ldap_group will not build without kerberos
1882 - Bug 2862: add http(s):// support to cache manager
1883 - kerberos_ldap_group: several fixes to -S option
1884 - ssl_crtd: Add man(8) file
1885 - ... and several pieces of code cleanup and polishing.
1886 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
1888 Changes to squid-3.2.0.9 (18 Jun 2011):
1890 - Bug 3159: delay pools --disable-auth compile problems
1891 - HTTP/1.1: Support multiline quoted-string header fields
1892 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
1893 - Support configurable and translated SSL error details messages
1894 - Add log format codes for split client/server views of HTTP request line
1895 - Major upgrade of TCP connection handling
1896 - Support split-stack IPv6 to servers
1897 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
1898 - Optimized persistent connection handling
1899 - Optimized FTP data connection handling
1900 - Optimized TCP failure recovery
1901 - ... and all bug fixes and updates from 3.1.12.3
1902 - ... and many code polish, documentation and translation cleanups
1904 Changes to squid-3.2.0.8 (30 May 2011):
1906 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
1907 - Bug 3043: Properly detect Iphlpapi.h on windows
1908 - Bug 2055: Honor ICAP Max-Connections
1909 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
1910 - Support SSL SNI to origin servers
1911 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
1912 - Add %b tag for proxy listening port display in error pages
1913 - Optimize base64 encoding/decoding
1914 - Require libcap before enabling netfilter MARK support
1915 - Require libtool 2.2
1916 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
1917 - ... and all bug fixes and updates from 3.1.12.2
1918 - ... and some documentation and code polishing
1920 Changes to squid-3.2.0.7 (19 Apr 2011):
1922 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
1923 - Regression fix: icons/ FHS compliance
1924 - Regression fix: Startup aborts with URL error when --disable-htcp
1925 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
1926 - Add negotiate_wrapper_auth version 1.0.1
1927 - Fixed %dt logging in the presence of REQMOD
1928 - Fixed chunked request forwarding in ICAP REQMOD presence
1929 - ... all bug fixes and updates from 3.1.12.1
1930 - ... many code polishings and display cleanups
1932 Changes to squid-3.2.0.6 (04 Apr 2011):
1934 - Regression fix: upgrade existing icons
1935 - Regression fix: do not crash when accessing an SSL certificate with errors
1936 - Regression fix: prevent stdio log module segfaults on rotate
1937 - Regression fix: shutdown properly even if a worker process crashes on exit
1938 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
1939 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
1940 - Bug 3105: malformed Proxy-Authorization leaks memory
1941 - Bug 3007: CONNECT to cache_peer returns 000 status code
1942 - Bug 2885: Compile errors on AIX
1943 - Support parameterized Cache Manager queries
1944 - Support libecap v0.2.0; fixed eCAP body handling and logging
1945 - Support dynamic adaptation plans that cover multiple vectoring points
1946 - Support %D details for documented OpenSSL errors
1947 - Support logging of all transactions including those with uncertain status or no sent response
1948 - Updrate negotiate_kerberos_auth to version 3.0.4sq
1949 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
1950 - Update ext_edirectory_userip_acl to version 2.1
1951 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
1952 - Change the default dns_timeout value from 2 minutes to 30 seconds
1953 - Fix TCP log stream flushing on every line
1954 - ... all bug fixes and updates from 3.1.12
1955 - ... a great many compiler portability fixes
1956 - ... many code polishings and display cleanups
1958 Changes to squid-3.2.0.5 (12 Feb 2011):
1960 - Regression Fix: profiler should not be built by default
1961 - Regression Bug 3081: assertion failed: AsyncCallQueue
1962 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
1963 - Bug 3089: FTP command output overrides directory listing
1964 - Bug 2870: --disable-auth does not work
1965 - Bug 2586: multiple memory leaks during reconfigure
1966 - Bug 2581: FTP directory listing sometimes fails
1967 - Port from 2.7: maximum staleness limits
1968 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
1969 - HTTP/1.1: Support configurable status codes for deny_info
1970 - Support upcoming "fresh message creation" eCAP API
1971 - Aggregate SNMP responses when using SMP with multiple workers
1972 - Several more Solaris, Windows and ICC support fixes
1973 - ... all bug fixes and updates from 3.1.11
1974 - ... and more code cleanup shufflings
1975 - ... and several documentation updates
1977 Changes to squid-3.2.0.4 (22 Dec 2010):
1979 - Port 2.x: cache_dir min-size setting
1980 - Bug 3059: Crash on digest auth headers with unknown nonce
1981 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
1982 - Fix cachemgr mem-pools reporting
1983 - Add Dynamic SSL certificate generation
1984 - Add useragent, referer, combined built-in log formats
1985 - Obsolete log_fqdn directive
1986 - Obsolete useragent/referer/forward_log directives
1987 - HTTP/1.1: Send 1.1 on CONNECT responses
1988 - Updated Kerberos support for newer GSSAPI releases
1989 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
1990 - Improve handling of early eCAP transaction failures
1991 - Various ext_edirectory_acl fixes
1992 - ... all bug and feature fixes included in 3.1.10 release
1993 - ... and a lot of code and documentation polishing
1995 Changes to squid-3.2.0.3 (07 Nov 2010):
1997 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
1998 - Regression fix: ESI processing of Surrogate filter
1999 - Bug 3091: bypassed ICAP errors are not counted as service failures
2000 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
2001 - Bug 3038: Detatch libmisc from libcompat
2002 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2003 - Bug 3002: store initialization (-z) does not work with SMP configs
2004 - Bug 2999: v2.0 of ext_edirectory_userip_acl
2005 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
2006 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
2007 - HTTP/1.1: support If-Match and If-None-Match requests
2008 - HTTP/1.1: forward 1xx control messages to clients that support them
2009 - HTTP/1.1: send Age:0 header even if it may break IE5
2010 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
2011 - HTTP/1.1: entry is stale if request has max-age=0
2012 - HTTP/1.1: harden quoted-string parser
2013 - Add --enable-build-info for extra "squid -v" display
2014 - Add --with-swapdir=PATH to override default /var/cache/squid
2015 - Add cpu_affinity_map directive to bind workers to CPU cores
2016 - Add Netfilter MARK support for QoS
2017 - Add upgrade process for obsolete options
2018 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
2019 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
2020 - Fixes Eui48 support on OpenBSD
2021 - Fixes cache manager support with SMP configs
2022 - ... several documentation updates
2023 - ... all bug and feature fixes included in 3.1.9 release.
2024 - ... many more code polishes and leak removals
2026 Changes to squid-3.2.0.2 (04 Sep 2010):
2028 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
2029 - Support rotating logs from cachemgr and squidclient
2030 - Support Kerberos authentication in squidclient
2031 - Add manual page for negotiate_kerberos_auth
2032 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
2033 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
2034 - Added log options %http::<bs and %icap::<bs
2035 - Collapse HTCP cache_peer options into one setting
2036 - Improved request smuggling attack detection. Tolerating valid benign HTTP
2037 - ... and several HTTP/1.1 compliance improvements
2038 - ... and all improvements in 3.1.7 and 3.1.8
2040 Changes to squid-3.2.0.1 (03 Aug 2010):
2042 - Port from 2.7: Logging infrastructure updates
2043 - Port from 2.7: Unique sequence number per log line
2044 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
2045 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
2046 - Bug 2631: refresh_pattern store-stale option
2047 - Bug 2305: Multiple leaks and assertion crashes in authentication
2048 - Bug 1239: Much needed ACL type random
2049 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
2050 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
2051 - Support SMP for essential non-caching functionality
2052 - Support logging over TCP
2053 - Support Solaris 10 pthreads (experimental)
2054 - Support Kerberos login to peers
2055 - Support EUI / MAC in more environments
2056 - Support format tags in deny_info URLs
2057 - Support running helpers on-demand instead of all at startup
2058 - Support fully transparent login=PASSTHRU of authentication headers to peers
2059 - Support multi-lingual localised FTP directory listings
2060 - Support TPROXYv4 spoofing of X-Forwarded-For client address
2061 - Support ICAP 206 Partial Content extension
2062 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
2063 - Add ACL support to range_offset_limit
2064 - Add helpers for url_rewrite
2065 - Add helper multiplexer for concurrency emulation with legacy helpers
2066 - Add Perl library which facilitates parsing access logfile entries.
2067 - Add a simple script to summarise traffic use per user
2068 - Add templates for captive portal proxy configuration instructions
2069 - Add logging of the local TCP port used by transactions with HTTP servers
2070 - Update mswin_check_ad_group to version 2.0
2071 - Update squid_kerb_auth helper to version 3.0.2
2072 - Remove double-language error page hack (replaced by locale auto-negotiation)
2073 - Remove TPROXYv2 support (replaced by TPROXYv4)
2074 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
2075 - Re-work ./configure script for smarter auto-detect and early error checks
2076 - Auto-enable all features by default
2077 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
2078 - Helpers naming scheme
2079 - Add support for write timeouts
2080 - Modify icap_service_failure_limit option to forget old ICAP errors
2081 - Updated man(8) manuals including several additions and translations
2082 - ... and a great many code cleanups
2083 - ... and a great many testing improvements
2084 - ... and many documentation updates
2086 Changes to squid-3.1.23 (09 Jan 2013):
2088 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
2090 Changes to squid-3.1.22 (03 Dec 2012):
2092 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
2093 - Bug 3659: read_timeout problem with HTTPS
2094 - Bug 3654: Fix IPv6 enabled squidclient
2095 - Bug 3189: AIO thread race on pipe() initialization
2096 - cachemgr.cgi: Memory Leaks and DoS Vulnerability
2098 Changes to squid-3.1.21 (23 Sep 2012):
2100 - Bug 3622: peerClearRRStart scheduling multiple events
2101 - Bug 3615: configure check for default max number of FDs is broken
2102 - Bug 3607: --enable-auth documented default action incorrect
2103 - Bug 3593: socket failure: Address family not supported by protocol
2104 - Bug 3584: Detection of setresuid() is broken
2105 - Bug 3568: Consolidate external_acl_type config dumping and add missing %%
2106 - Bug 3564: eCAP not supporting CoAP URI schemes
2107 - Bug 3484: Docs: sslproxy_cert_error example flawed
2108 - Bug 3462: Delay Pools and ICAP
2109 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist
2110 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
2111 - Silence IOS 15.1 unknown capabilities messages.
2112 - Account for Store disk client quota when bandwidth-limiting the server.
2113 - ... and several documentation fixes
2114 - ... and several compile fixes
2116 Changes to squid-3.1.20 (08 Jun 2012):
2118 - Regression Bug 3545: FreeBSD dnsserver segfaults
2119 - Regression Bug 3504: clientside_tos fails to mark traffic
2120 - Bug 3539: CONNECT server connection not closed correctly on errors
2121 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
2122 - Bug 3466: Adaptation stuck on last single-byte body piece
2123 - Bug 3463: dnsserver fails to compile
2124 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
2125 - Bug 3390: Proxy auth data visible to scripts
2126 - Bug 3263: ssl_crtd: undefined references to squid_curtime
2127 - Bug 3233: Invalid URL accepted with url host is white spaces
2128 - Bug 3133: Memory leak handling requests for sites that don't exist
2129 - Bug 3074: Improper URL handling with empty path (RFC 3986)
2130 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
2131 - Regression: snmp/udp address directives not resolving hostname
2132 - Better helper-to-Squid buffer size management.
2133 - Support CoAP over HTTP (coap:// and coaps:// URLs)
2134 - Support for 3.2 error template codes
2136 Changes to squid-3.1.19 (06 Feb 2012):
2138 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
2139 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
2141 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
2142 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
2143 - Bug 3440: compile error in Adaptation
2144 - Bug 3420: Request body consumption races and !theConsumer exception
2145 - Bug 3370: external ACL sometimes skipping
2146 - Bug 3085: Crash when parsing esi:include
2147 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
2148 - Fix SSL library dependency fixes
2150 Changes to squid-3.1.18 (03 Dec 2011):
2152 - Regression: compile error in FTP
2154 Changes to squid-3.1.17 (03 Dec 2011):
2156 - Bug 3432: Crash logging FTP errors
2157 - Bug 3428: Active FTP data channel accepted twice
2158 - Bug 3423: access violation in URL parser
2159 - Bug 3422: Buffer overflow in recv-announce
2160 - Bug 3412: External ACL Uses Invalid Cache Entry
2161 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
2162 - Bug 3398: persistent server connection closed after PUT/DELETE
2163 - Bug 3299: dnsserver: various undefined references
2164 - Bug 3077: '\' in url query strings cause Digest authentication to fail
2165 - Bug 2910: MemBuf may grow beyond max_capacity
2166 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
2167 - Bug 1243: Build overrides configured AR setting
2168 - Avoid crashes when processing bad X509 common names (CN).
2169 - Support %% in external ACL format
2170 - ... and several other compile error fixes
2171 - ... and several documentation fixes
2173 Changes to squid-3.1.16 (14 Oct 2011):
2175 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
2176 - Bug 3368: Unhandled exceptions are not logged (workaround)
2177 - Bug 3326: miss_access incorrect default
2178 - Bug 3320: miss_access description confusing
2179 - Bug 3241: squid_kerb_auth cross compilation fix
2180 - Bug 3237: seq fault in free() from rfc1035RRDestroy
2181 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
2182 - db_auth: display available DSN drivers on connect error
2183 - Updated OpenSSL 1.0.0 version checks
2184 - ... and several documentation fixes
2186 Changes to squid-3.1.15 (28 Aug 2011):
2188 - Regression fix: vhost and defaultsite causing vport to be ignored
2189 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2190 - Bug #3232: fails to compile with OpenSSL v1.0.0
2191 - Bug #3222: cache_peer name is not logging on CONNECT
2192 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
2193 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
2194 - Bug #3213: https sites (CONNECT) not open when using NTLM
2195 - Bug #3114: Memory leak in SSL certificate verify code
2196 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
2197 - Bug #2662: cf_gen failure when cross compiling
2198 - Bug #2655: passing wrong the username to the url_rewrite_program
2199 - Bug #2495: ignore whitespace prefix on config lines
2200 - Bug #2051: 'default' cache_peer option does not match documentation
2201 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
2202 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
2203 - Correct parsing of large Gopher indexes
2204 - Enable negative cacheing on unknown or -1 expiry timestamp
2205 - Remove hierarchy_stoplist default value
2206 - Migrate cf_gen tool from C-style to C++
2207 - ... and several documentation and compiler warning fixes
2209 Changes to squid-3.1.14 (04 Jul 2011):
2211 - Regression Bug 3261: Could not create a DNS socket and exit
2213 Changes to squid-3.1.13 (01 Jul 2011):
2215 - Regression Bug 3239: problems with myip/myport upgrade
2216 - Bug 3153: hung ICAP RESPMOD transactions
2217 - Update ssl_crtd to use 'OK' status inline with other helpers
2219 Changes to squid-3.1.12.3 (18 Jun 2011):
2221 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
2222 - Bug 3214: unexpected read from ssl_crtd
2223 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
2224 - Fix RADIUS helper resource leak
2225 - Fix segfault parsing digest auth realm
2226 - Fix segfault in parse_eol()
2227 - Fixed bypass of SSL certificate validation errors
2228 - Warn about myip/myport problems on interception proxies
2229 - Polish: display easily grepped config lines on -k parse
2230 - Fix squidclient -V option and allow non-HTTP protocols to be tested
2232 Changes to squid-3.1.12.2 (30 May 2011):
2234 - Bug 3226: Tags from external ACLs do not correctly expire
2235 - Bug 3215: Malformed IPv6 DNS reverse lookup
2236 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
2237 - Bug 3205: SSL-bump starts then hangs
2238 - Bug 3178: gcc-4.6 complains unused variables
2239 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
2240 - Bug 2965 (partial): Compile errors on MinGW
2241 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
2242 - Fix cache manager display of -i/+i in regex ACL config display
2243 - Fix cache manager display of cache_peer options userhash and sourcehash
2244 - Fix URL re-writer loosing many transaction details
2245 - Fix always-true comparison in ICAP for some 32-bit platforms
2246 - Support for 'slow' group ACLs in ssl_bump access control
2247 - Support OpenSSL 1.0.0 built without SSLv2
2248 - Support GCC 4.6 and binutils-gold
2249 - Add CSS id attribute to BODY tag of generated error pages.
2250 - Display WARNING and ERROR when max_filedescriptors has failed
2252 Changes to squid-3.1.12.1 (19 Apr 2011):
2254 - Port from 3.2: Dynamic SSL Certificate generation
2255 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
2256 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
2257 - Bug 3183: Invalid URL accepted with url host part of only '@'
2258 - Display ERROR in cache.log for invalid configured paths
2259 - Cache Manager: send User-Agent header from cachemgr.cgi
2260 - ... and many portability compile fixes for non-GCC systems.
2262 Changes to squid-3.1.12 (04 Apr 2011):
2264 - Regression fix: Use bigger buffer for server reads.
2265 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
2266 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
2267 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
2268 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
2269 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
2270 - Bug 3164: Total memory info display 32-bit overflows
2271 - Bug 3155: Werror is hard-coded in libTrie build
2272 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
2273 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
2274 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
2275 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
2276 - Bug 2330: AuthUser objects are never unlocked
2277 - Prevent CONNECT request relaying to origin servers
2278 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
2279 - squidclient: send Cache Manager password using -w
2280 - eCAP: give full Request-URI to adapters
2281 - ... and several debug and error display cleanups
2283 Changes to squid-3.1.11 (08 Feb 2011):
2285 - Bug 3149: not caching eCAP adapted body
2286 - Bug 3144: redirector program blocks while reading STDIN
2287 - Bug 3140: memory leak in error page generation
2288 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
2289 - Bug 3115: logging segfaults if access_log is set to a directory
2290 - Bug 2968: Show the Vary: headers information in cachemgr objects report
2291 - Bug 2959: remove SAMBAPREFIX dependency
2292 - Bug 2868: icc doesn't like string literal in assert checks
2293 - HTTP/1.1: Send 307 status on deny_info redirection
2294 - HTTP/1.1: Support POST/PUT with no body
2295 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
2296 - Support RFC 5861 Cache-Control: stale-if-error option
2297 - Add ftp_eprt directive to disable EPRT extensions in FTP
2298 - Fix external_acl_type grace=0 to obey TTL
2299 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
2300 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
2301 - ... and some documentation updates and corrections
2302 - ... and some portability and stability fixes
2304 Changes to squid-3.1.10 (22 Dec 2010):
2306 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
2307 - Bug 3113: Consuming too much memory when uploading files
2308 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
2309 - Bug 3096: Consuming too much memory when delaying traffic
2310 - Bug 3091: Bypassed ICAP errors are not counted as service failures
2311 - Bug 3090: Polish FTP login error handing
2312 - Bug 3068: cache_dir capacity and usage overflows
2313 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2314 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
2315 - Fix memory leak in adaptation_access
2316 - Fix /dev/poll and poll() selection priority
2317 - Fix PREFIX/var/run creation during install
2318 - Fix cachemgr http_port config report display
2319 - Add upgrade help process for obsolete options
2320 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
2321 - HTTP/1.1: entry is stale if request has max-age=0
2322 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
2323 - Toolchain update to support newer auto-tools
2324 - ... and updated error page translations
2325 - ... and updated documentation
2326 - ... and some code optimization/simplification polish
2328 Changes to squid-3.1.9 (25 Oct 2010):
2330 - Bug 3088: dnsserver is segfaulting
2331 - Bug 3084: IPv6 without Host: header in request causes connection to hang
2332 - Bug 3082: Typo in error message
2333 - Bug 3073: tunnelStateFree memory leak of host member
2334 - Bug 3058: errorSend and ICY leak MemBuf object
2335 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
2336 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
2337 - Bug 3053: cache version 1 LFS support detection broken
2338 - Bug 3051: integer display overflow
2339 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
2340 - Bug 3036: adaptation_access acls cannot see myportname
2341 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
2342 - Bug 2964: Prevent memory leaks when ICAP transactions fail
2343 - Bug 2808: getRoundRobinParent not handling weights correctly
2344 - Bug 2793: memory statistics sometimes display wrong
2345 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
2346 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
2347 - Ensure /var/cache or jail equivalent exists on install
2348 - HTTP/1.1: delete Warnings that have warning-date different from Date
2349 - HTTP/1.1: do not remove ETag header from partial responses
2350 - HTTP/1.1: make date parser stricter to better handle malformed Expires
2351 - HTTP/1.1: improve age calculation
2352 - HTTP/1.1: reply with a 504 error if required validation fails
2353 - HTTP/1.1: add appropriate Warnings if serving a stale hit
2354 - HTTP/1.1: support requests with Cache-Control: min-fresh
2355 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
2356 - squidclient: Display IP(s) connected to in verbose (-v) display
2357 - Fixes several issues with ICAP persistent connections
2358 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
2359 - ... and some cosmetic polishing
2361 Changes to squid-3.1.8 (04 Sep 2010):
2363 - Bug 3033: incorrect information regarding TOS
2364 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
2365 - Bug 3005,2972: Locate LTDL headers correctly (again)
2366 - Bug 2872: leaking file descriptors
2367 - Bug 2583: pure virtual method called
2368 - Hardened DNS client against packet queue attacks
2369 - Hardened HTTP request-line parser
2370 - Several HTTP/1.1 support improvements
2371 - Improved cross-compile support
2372 - .. and several internal pointer safety fixes
2374 Changes to squid-3.1.7 (23 Aug 2010):
2376 - Regression Bug 3021: Large DNS reply causes crash
2377 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
2378 - Regression Bug 2997: visible_hostname directive no longer matches docs
2379 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
2380 - Bug 3006: handle IPV6_V6ONLY definition missing
2381 - Bug 3004: Solaris 9 SunStudio 12 build failure
2382 - Bug 3003: inconsistent concepts in documentation of cache_dir
2383 - Bug 3001: dnsserver link issues
2384 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
2385 - HTTP/1.1: Improved Range header field validation
2386 - HTTP/1.1: Forward multiple unknown Cache-Control directives
2387 - HTTP/1.1: Stop sending Proxy-Connection header
2388 - Fix 32-bit wrap in refresh_pattern min/max values
2389 - ... and several documentation corrections.
2391 Changes to squid-3.1.6 (02 Aug 2010):
2393 - Bug 2994, 2995: IPv4-only regressions
2394 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2395 - Bug 2975: chunked requests not supported after regular ones
2396 - Fix: 32-bit overflow in reported bytes received from next hop
2397 - Fix Libtool build regressions
2398 - Limited split-stack IPv6 support.
2399 - squid_db_auth support MD5 encrypted passwords
2401 Changes to squid-3.1.5.1 (28 Jul 2010):
2403 - Update Libtool to 2.2.
2404 - Bug 2985: search scope for digest_ldap_auth didn't work
2405 - Bug 2972: LTDL 2.2.6b compile errors
2406 - Bug 2963: Stop ignoring --with-valgrind-debug failures
2407 - Bug 2885: AIX support: several fixes
2408 - Bug 2651: crash handling NULL write callback
2409 - Fixed several memory leaks related to Range requests
2410 - Fixed Joomla DB auth handling
2411 - Fixed SASL helper build checks
2412 - Fixed several IPv6 portability problems
2413 - Updated error page translations
2415 Changes to squid-3.1.5 (02 Jul 2010):
2417 - Bug 2967: raw-IPv6 address URL with append_domain broken
2418 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
2419 - Bug 2943: ICAP tokens not logged when using multiple access
2420 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
2421 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
2422 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
2423 - Port from 2.7: max_filedescriptor config option
2424 - Fix persistent_connection_after_error is meant to be on by default
2425 - ... and several build errors.
2427 Changes to squid-3.1.4 (30 May 2010):
2429 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2430 - Bug 2924: RADIUS helper compile issues
2431 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2432 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
2433 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
2434 - Bug 2879: pt2: 3.0 regression in headers end finding
2435 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
2436 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2437 - Bug 2810: common log format generates 2 lines of syslog
2438 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
2439 - Bug 2753: Fall back on IPv4 if IPv6 is not present
2440 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
2441 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
2442 - Change LDAP helpers to default to LDAP version 3 if available
2443 - Add Joomla and Salted Hash support to squid_db_auth helper
2444 - Fixed IpAddress port printing for ports higher than 9999
2445 - Disable chunked memory pooling by default.
2446 - ... and several build errors.
2448 Changes to squid-3.1.3 (02 May 2010):
2450 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
2451 - Fix tag ACL type not working
2453 Changes to squid-3.1.2 (01 May 2010):
2455 - Bug 2913: Fix DB auth warning in new perl version
2456 - Bug 2904: Prevent automake creating incomplete files
2457 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
2458 - Bug 2895: Regression: TPROXY2 compile errors
2459 - Bug 2879: Regression: headers end-finding
2460 - Bug 2874: Accept literal IPv6 address in icap_service URL
2461 - Bug 2860: Regression: WCCPv1 handshake
2462 - Bug 2848: Pass TCP_RST to client on early disconnect
2463 - Debian Bug 578047: Correct behaviour of --enable-ipv6
2464 - HTTP/1.1: Advertise 1.1 on requests to servers
2465 - HTTP/1.1: Advertise 1.1 on replies to clients
2466 - AIX / UNIX build fixes
2467 - Cygwin build fixes
2468 - squidclient: -k option to test connection keep-alive or close
2469 - Improved helper build for wider compatibility
2470 - Ensure the PID file directory exists on install
2472 Changes to squid-3.1.1 (29 Mar 2010):
2474 - Bug 2873: undefined symbol
2475 - Bug 2827: assertion in authentication
2476 - Remove ufsdump binary from default builds
2477 - Remove pinger from default startups
2478 - ... and several documentation updates.
2480 Changes to squid-3.1.0.18 (14 Mar 2010):
2482 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
2483 - Bug 2869: Remove unused external reference
2484 - Bug 2866: Support OpenSSL 1.0
2485 - Bug 2813: Random unix_group crash at startup
2486 - Send HTTP1.1 compliant 417 responses
2487 - Associate external acl message with the request
2488 - Various Digest parser fixes
2489 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
2491 Changes to squid-3.1.0.17 (24 Feb 2010):
2493 - Regression Fix: Non-English error page UTF encoding
2494 - Bug 2616: reduce IdleConnList::removeFD messages
2495 - Bug 1843: multicast-siblings cache_peer option
2496 - Port from 2.7: X509 certificate alias-domain handling
2497 - Add adapted_http_access option
2498 - NTLMv2 support for fake NTLM helper
2500 Changes to squid-3.1.0.16 (01 Feb 2010):
2502 - Regression Fix: Make Squid abort on all config parse failures.
2503 - Regression Bug 2811: SNMP client/peer table OID numbering
2504 - Bug 2851: Connection pinning fails when using a peer
2505 - Bug 2850: Mismatch in hier_code enum / hier_strings array
2506 - Bug 2731: Add follow_x_forwarded_for support to ICAP
2507 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
2508 - Bug 2706: Set timestamps during ICAP request satisfaction.
2509 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
2510 - Fix: WCCPv1 not connecting to router correctly
2511 - Remove obsolete RunCache/RunAccel scripts.
2512 - Add client_ip_max_connections
2513 - Add the http::>ha format code and make http::>h log original request headers
2514 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
2515 - ... and many more minor build and display annoyances.
2517 Changes to squid-3.1.0.15 (23 Nov 2009):
2519 - Regression Fix: myip ACL not accepted in config
2520 - Bug 2795: acl arp lookups including port
2521 - Bug 2794: ESI parsing fails on FreeBSD
2522 - Bug 2778: fix linking issues using SunCC
2523 - Bug 2724: eCAP build failure unless ICAP enabled
2524 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
2525 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
2526 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
2527 - Fix: 64-bit filesize issue in squidclient POST of large files
2528 - Fix: send correct Connection: header on intercepted replies
2529 - Support libtool 2.x
2530 - ESI libraries libexpat and libxml2 now optional
2531 - ESI support default enabled
2532 - Bump libcap minimum requirement to libcap 2.09+
2533 - ARP / MAC support fixes for IPv6-mode
2534 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
2535 - ... and many additions to the background testing structure
2536 - ... and very many minor build and code cleanups for non-GCC compilers.
2538 Changes to squid-3.1.0.14 (27 Sep 2009):
2540 - Bug 2777: Various build issues on OpenSolaris
2541 - Bug 2773: Segfault in RFC2069 Digest authentication
2542 - Bug 2747: Compile errors on Solaris 10
2543 - Bug 2735: Incomplete -fhuge-objects detection
2544 - Bug 2722: Fix http_port accel combined with CONNECT
2545 - Bug 2718: FTP sends EPSV2 on IPv4 connection
2546 - Bug 2648: stateful helpers stuck in reserved
2547 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
2548 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
2549 - Bug 2483: bind() called before connect()
2550 - Bug 2215: config file line length limit (extended to 2 KB)
2551 - Support Accept-Language: * wildcard
2552 - Support autoconf 2.64
2553 - Support TPROXY for IPv6 traffic (requires kernel support)
2554 - Support TPROXY cache cluster behind WCCPv2
2555 - Correct ESI support to work in multi-mode Squid
2556 - Add 0.0.0.0 as an to_localhost address
2557 - DiskIO detection fixes and use optimal IO in default build.
2558 - Correct peer connect-fail-limit default of 10
2559 - Prevent squidclient sending two Accept: headers
2560 - ... all bug fixes from 3.0.STABLE19
2561 - ... and many more documentation fixes
2563 Changes to squid-3.1.0.13 (04 Aug 2009):
2565 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
2566 - Fix one more internal profiler error
2567 - Language Updates: Italian, Russian
2568 - Language Updates: Add many more aliases
2569 - Add Copyright document for errors/ content
2570 - ... all bug fixes from 3.0.STABLE18
2571 - ... and several code polishing cleanups
2573 Changes to squid-3.1.0.12 (27 Jul 2009):
2575 - Bug 2716: Chunked request Signed/Unsigned build error
2576 - Bug 2674: Remove limit on HTTP headers read.
2577 - Bug 2620: Invalid HTTP response codes causes segfault
2578 - Fix FTP EPSV negotiation parser.
2579 - Fix Via string when leak checking is enabled (valgrind etc)
2580 - ... and several documentation and testing additions
2582 Changes to squid-3.1.0.11 (19 Jul 2009):
2584 - Bug 2087: Support adaptation sets and chains
2585 - Bug 2459: dns error message broken when error handling delayed
2586 - Support ICAP Retry
2587 - Support ICAP retries based on the ICAP responses status code
2588 - Support logging ICAP
2589 - Support logging total DNS wait time
2590 - Support logging response times of adaptation transactions
2591 - General logging enhancements
2592 - Dynamically form chains based on ICAP X-Next-Services header
2593 - Support cross-transactional ICAP header exchange
2594 - ... and much adaptation polish and improvements
2596 Changes to squid-3.1.0.10 (18 Jul 2009):
2598 - Bug 2680: Regression Crash after rotate with no helpers running
2599 - Bug 2695: Regression in WCCPv2 L2 mask assignment
2600 - Bug 2707: Regression in FTP anonymous auth
2601 - Bug 422, 2706: RFC 2616 Date header requirements
2602 - Bug 1087: ESI processor not quoting attributes correctly.
2603 - Bug 1338: File prefetches aborted despite range_offset
2604 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
2605 - Bug 2092: select loop 32-bit call counter overflows
2606 - Bug 2127: delay pools class 4 crashes with ntlm auth
2607 - Bug 2611: document fast/slow acl types
2608 - Bug 2614: Potential loss of adapted body data from eCAP adapters
2609 - Bug 2658: Missing TextException copy constructor
2610 - Bug 2659: String length overflows on append, leading to segfaults
2611 - Bug 2699: Build failure NTLM smb_lm helper
2612 - Bug 2709: TRANSLATIONS not installed
2613 - Bug 2710: squid_kerb_auth non-terminated string
2614 - Delay pools 64-bit buckets and IPv6-polish
2615 - Break forwarding loops for "transparent" or "intercept" http_ports.
2616 - Add --disable-translation option to detatch .po from error negotiation
2617 - Add squidclient man(1) page
2618 - Add localhost to default permitted networks
2619 - http_port allow-direct option to allow direct forwarding in accelerator mode
2620 - ... and many testing infrastructure updates
2622 Changes to squid-3.1.0.9 (26 Jun 2009):
2624 - Bug 2682: Add ftp_epsv control to disable EPSV support.
2625 - Bug 2665: Detach automake system from using -I.
2626 - Bug 2395: FTP auth errors not displayed
2627 - ... also several changes and bugs closed in 3.0.STABLE16
2628 - Port from 2.7: Show local address on listening sockets
2629 - Add "tag" type acl matching tags set by external acl helpers.
2630 - Adds Language alias linker/installer/upgrade scripts
2631 - Support for GCC 4.4
2632 - Fix false NAT lookup errors on Linux
2633 - Fix many Windows port issues
2634 - Fix squid_kerb_auth helepr install location
2635 - Better detection of IPv6 stack types
2636 - Updates Licensing information for Squid 3.1
2637 - ... and many packaging portability build and install issues
2639 Changes to squid-3.1.0.8 (24 May 2009):
2641 - Bug 2656: Pinger dies with general protection fault
2642 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
2643 - Bug 2648: Authentificator processes deferring and don't shutdown.
2644 - Bug 2645: allow squid to ignore must-revalidate
2645 - Bug 2644: auth scheme initialization is broken
2646 - Bug 2632: Make number of reforwarding tries configurable
2647 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
2648 - Bug 2627: HTCP Logging
2649 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
2650 - Bug 2589: SNMP returning no data - wrong oid decoded
2651 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
2652 - Bug 2559: Problem parsing /0 and /0.0.0.0
2653 - Bug 2404: WCCP in mask mode is broken
2654 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
2655 - Complete Interception multiple NAT support
2656 - Add Content-Disposition to the known headers list.
2657 - Make PEER_TCP_MAGIC_COUNT configurable
2658 - Fix pinger install location
2659 - Enable TPROXY v4 spoofing of CONNECT requests
2660 - ... and much documentation and code polishing
2662 Changes to squid-3.1.0.7 (08 Apr 2009):
2664 - Fix: several issues with ident
2665 - Add several language translations
2666 - Upgrade code testing infrastructure
2667 - Migrate much code to build as internal libraries
2669 - Support doxygen 1.5.8
2670 - ... and much code polish to make things read easier
2672 Changes to squid-3.1.0.6 (01 Mar 2009):
2674 - Regression Fix: Support HTTP/0.9 in accelerator mode
2675 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
2676 - Bug 2593: Compile errors on Solaris 10
2677 - Bug 2591: adaptation_access does not work
2678 - Bug 2588: coredump in rDNS lookup
2679 - Bug 2526: default ALLOW when no list specified.
2680 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
2681 - Bug 419: Hop by Hop headers MUST NOT be forwarded
2682 - Fix external_acl_type handling of SSL certificate details
2683 - Obsolete: dependency on nss_common.h and nss.h
2685 - ... and various documentation and code polish
2687 Changes to squid-3.1.0.5 (03 Feb 2009):
2689 - Bug 2583: Fixed issue in content adaptation
2690 - Bug 2576: Make translate target obey --disable-auto-locale
2691 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
2692 - Bug 2563: 99+% CPU Usage on FTP URL
2693 - Bug 2505, 2524, 2558: fixed several issues on connection handling
2694 - Fix several issues in request parsing
2695 - Fix memory leak from logformat parsing
2696 - Fix various ESI build errors
2697 - Make configure tests use C++ instead of C
2698 - Drop special localhost conversion RFC violation.
2699 - Add Language: Arabic
2700 - ... and various documentation and code polish
2702 Changes to squid-3.1.0.4 (23 Jan 2009):
2704 - Regression Fix: Bug 2558: rollback bug 2395 fix.
2705 - Bug 2555: Fixes to SNMP-MIB
2706 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
2707 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
2708 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
2709 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
2710 - Polish ZPH configuration interface
2711 - Several Language Conversions to new auto-negotiate
2712 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
2713 - Fix: Pconn not being used when they should.
2714 - Fix: Fix pinger immediate shutdowns
2715 - Fix: Untangle CacheManager reports from log_fqdn
2716 - ... and all bugs fixed for 3.0.STABLE12
2717 - ... and many code polish and optimization fixes.
2719 Changes to squid-3.1.0.3 (5 Dec 2008):
2721 - Regression Fix: StoreIOBuffer patch removed.
2722 - Regression Fix: build issues with 3.1.0.2 bundle
2723 - Security Bug 2526: default ALLOW when no list specified
2724 - Bug 2525: encoding error on error pages
2725 - Bug 2424: slow file descriptor leak
2726 - Bug 2527: ICAP compile error on g++ 4.3.2
2727 - Bug 2523: bad assertion left in from debug
2728 - Bug 2395: FTP Auth errors and others not displayed
2729 - Update squid_kerb_auth to 1.0.5
2730 with better Squid integration.
2731 - Fix cache_peer forcedomainname= option
2732 - ... and many other minor fixes
2734 Changes to squid-3.1.0.2 (9 Nov 2008):
2736 - Bug 2516: error page templates not properly installed
2737 - Bug 2500: Solaris build issues
2738 - Fixes FreeBSD build issues
2739 - Release Notes completed
2740 - Languages: new Russian, Japanese, Chinese, and general updates
2741 - ... and other minor fixes
2743 Changes to squid-3.1.0.1 (27 Oct 2008):
2745 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
2746 - peername ACL added for matching against a named peer destination
2747 - configure option --with-logdir= added to select log files location
2748 - squid_kerb_auth helper updated to 1.0.3 release
2749 - Bug #740: allow external acl's to use reply headers in format
2750 - Bug #2379: obsolete dns_testnames option
2751 - Code test infrastructure expanded to configuration testing
2752 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
2753 to bring their defaults up to RFC 2616 requirements.
2754 - Large increase in RFC 2616 standard compliance (ongoing)
2755 - squid.conf cleanups for minimal config
2756 - Connection Pinning ported from 2.6 for NTLM passthru authentication
2757 - eCAP internal adaptation module support
2758 - Localization and CSS display control of error pages
2759 - Added semi-automatic documentation of source code
2760 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
2761 - HTCP improvements ported from 2.7 adding HTCP CLR requests
2762 - IPv6 (Internet Protocol version 6) support
2763 - ICMPv6 (Internet Control Message Protocol version 6) support
2764 - FTP agent now supports EPSV/EPRT commands
2765 - DNS internal resolver now supports AAAA and CNAME records
2766 - SNMP peer and client tables now support IPv6
2767 - SNMP peer table supports named peers with multiple entries per IP
2768 - SslBump: Squid-in-the-middle decryption and encryption of straight
2769 CONNECT and transparently redirected SSL traffic, using configurable
2770 client- and server-side certificates. While decrypted, the traffic
2771 can be inspected using ICAP.
2772 - TPROXY version 4.1 support
2773 - IPFW and Netfilter interception methods may now both be built in one binary.
2774 - ZPH Quality of Service patch now integrated
2775 - Null store now fully obsoleted and removed
2776 - Unknown request methods all supported
2777 - Follow_x_forwarder_for ported from 2.6
2778 - Bug #2223: Follow XFF extensions added
2779 - ... and many code and documentation cleanups
2781 Changes to squid-3.0.STABLE26 (28 Aug 2011):
2783 - Regression: header_replace for reply headers
2784 - Bug 3183: Invalid URL accepted with url host part of only '@'.
2785 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
2786 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
2787 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2788 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2789 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2790 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
2791 - Regression Bug 2879: headers end finding
2792 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2793 - Check for NULL and empty strings before calling str*cmp().
2794 - Correct parsing of large Gopher indexes
2796 Changes to squid-3.0.STABLE25 (14 Mar 2010):
2798 - Bug 2845: Rework the http digest auth parser
2799 - Bug 2787: unknown/unexpected status code messages
2800 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
2801 - Bug 2367: stale=true on digest requests with unknown nonce
2802 - ... and several other minor corrections
2804 Changes to squid-3.0.STABLE24 (13 Feb 2010):
2806 - Bug 2858: Segment violation in HTCP
2807 - Updated refresh pattern for dynamic pages
2809 Changes to squid-3.0.STABLE23 (02 Feb 2010):
2811 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
2812 - Regression Fix: Build error in Kerberos helper after library removal.
2814 Changes to squid-3.0.STABLE22 (01 Feb 2010):
2816 - Regression Fix: Make Squid abort on all config parse failures.
2817 - Bug 2787: Reduce unexpected http status to non-critical warnings.
2818 - Bug 2496: Downloading some variants in full before relaying
2819 - Bug 2452: Add upper limit to external_acl_type entries.
2820 - Removed optional kerberos/spnegohelp/ library due to licensing issues
2821 - Add client_ip_max_connections
2822 - Handle DNS header-only packets as invalid.
2824 Changes to squid-3.0.STABLE21 (22 Dec 2009):
2826 - Bug 2830: Clarify where NULL byte is in headers.
2827 - Bug 2778: Linking issues using SunCC
2828 - Bug 2395: FTP errors not displayed
2829 - Bug 2155: Assertion failures on malformed Content-Range response headers
2830 - Fix parsing and a few bugs in ACL time type
2831 - Fix RFC keep-alive compliance on intercepted replies
2832 - Improved security hardening on %nn parser
2833 - Replace several GCC-specific code snippets.
2835 Changes to squid-3.0.STABLE20 (29 Oct 2009):
2837 - Bug 2794: ESI parsing on FreeBSD
2838 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
2839 - Bug 2779: Support GNU/kFreeBSD
2840 - Bug 2773: Segfault in RFC2069 Digest authantication
2841 - Bug 2768: squid_ldap_group argument parsing error
2842 - Bug 2761: Gopher and double HTTP response header
2843 - Bug 2735: Incomplete -fhuge-objects detection
2844 - Bug 2722: prevent CONNECT via http_port with accel
2845 - Bug 2624: Invalid response for IMS request
2846 - Bug 2510: digest_ldap_auth TLS support
2847 - Correct LINUX_CAPABILITY actions on non-Linux
2849 Changes to squid-3.0.STABLE19 (06 Sep 2009):
2851 - Bug 2745: Invalid Response error on small reads
2852 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
2853 - Bug 2734: some compile errors on Solaris
2854 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
2855 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
2856 - Bug 2362: Remove support for deferred state in stateful helpers
2857 - Add 0.0.0.0 as a to_localhost address
2858 - Docs: Improve chroot directive documentation slightly
2859 - Fixup libxml2 include magics, was failing when a configure cache was used
2860 - ... and some minor testing improvements.
2862 Changes to squid-3.0.STABLE18 (04 Aug 2009):
2864 - Bug 2728: regression: assertion failed: !eof
2865 - Bug 2732: reply_body_max_size smaller than error page loops
2866 infinitely until out of memory
2867 - Bug 2725: pconn failure if domain or client_address are unset
2868 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
2869 - Bug 2462: make check should tell when cppunit is missing
2870 - Remove excess messages about headers < minimum size
2871 - Support Libtool 2.2.6
2873 Changes to squid-3.0.STABLE17 (27 Jul 2009):
2875 - Bug 2680 regression: Crash after rotate with no helpers running
2876 - Bug 2710: squid_kerb_auth non-terminated string
2877 - Bug 2679: strsep and strtoll detection failure
2878 - Bug 2674: Remove limit on HTTP headers read.
2879 - Bug 2659: String length overflows on append, leading to segfaults
2880 - Bug 2620: Invalid HTTP response codes causes segfault
2881 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
2882 - Bug 1087: ESI processor not quoting attributes correctly.
2883 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
2884 - Several small build issues with previous release.
2886 Changes to squid-3.0.STABLE16 (15 Jun 2009):
2888 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
2889 - Bug 2481: Don't set expires: now in generated error responses
2890 - Bug 2387: The calculation of the number of hash buckets correctly
2891 - Fix infinite loop in MSNT auth helper
2892 - Fix FD_SETSIZE on FreeBSD
2893 - Fix stripping NT domain in squid_ldap_group
2894 - Fix RADIUS auth helper build
2895 - Add Translate: and Unless-Modified-Since: headers to known list
2896 - Make fakeauth handle NTLMv2 better
2897 - Better Kerberos support detection
2898 - Several Widows port fixes
2900 Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
2902 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
2903 - Bug 2648: NTLM helpers not shutting down when deferred
2905 Changes to squid-3.0.STABLE15 (06 May 2009):
2907 - Regression Bug 2635: Incorrect Max-Forwards header type
2908 - Bug 2652: 'Success' error on CONNECT requests
2909 - Bug 2625: IDENT receiving errors
2910 - Bug 2610: ipfilter support detection
2911 - Bug 2578: FTP download resume failure
2912 - Bug 2536: %H on HTTPS error pages
2913 - Bug 2491: assertion "age >= 0"
2914 - Bug 2276: too many NTLM helpers running
2915 - Endian system and compiler fixes provided by the NetBSD project
2916 - documentation fixes provided by the Debian project
2918 Changes to squid-3.0.STABLE14 (11 Apr 2009):
2920 - Regression Fix: HTTP/0.9 in accelerator mode
2921 - Bug 1232: cache_dir parameter limited to only 63 entries
2922 - Bug 1868: support HTTP 207 status
2923 - Bug 2518: assertion failure on restart/reconfigure
2924 - Bug 2588: coredump in rDNS lookup
2925 - Bug 2595: Out of bounds memory write in squid_kerb_auth
2926 - Bug 2599: Idempotent start
2927 - Bug 2605: Prevent setsid() on helpers in daemon mode
2928 - Fix external_acl_type option parsing
2929 - Fix delay pools counters on FTP
2930 - Fix several issues with ident (some remain)
2931 - Fix performance issues with persistent connections
2932 - Fix performance issues with delay pools
2933 - Fix forwarding of OPTIONS requests
2934 - Add support for HTTP 1.1 Content-Disposition header
2935 - Add support for Windows 7, Windows Server 2008 R2 and later
2936 - ... and many small documentation updates
2938 Changes to squid-3.0.STABLE13 (03 Feb 2009):
2940 - Fix several issues in request parsing
2941 - Fix memory leak from logformat parsing
2942 - Fix various ESI build errors
2943 - ... and some documentation updates
2945 Changes to squid-3.0.STABLE12 (21 Jan 2009):
2947 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
2948 - Bug 2542: ICAP filters break download resume
2949 - Bug 2556: HTCP fails without icp_port
2950 - Bug 2564: logformat '%tl' field not working as advertised
2951 - Port from 3.1: TestBed basic build consistency checks
2952 - Policy: Change half_closed_clients default to off
2953 - Policy: Removed -V command line option, deprecated by 2.6
2954 - ... and several other minor code cleanups
2956 Changes to squid-3.0.STABLE11 (24 Dec 2008):
2958 - Bug 2424: filedescriptors being left unnecessary opened
2959 - Bug 2545: fault passing ICAP filtered traffic to peers
2960 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
2961 - ... and some minor admin and debug cleanups.
2963 Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
2965 - Removes patch causing cache of bad objects
2966 - Bug 2526: bad security default in ACLChecklist
2967 - Fixes regression: access.log request size tag
2968 - Fixes cache_peer forceddomainname=X option
2969 - ... and many minor documentation cleanups
2971 Changes to squid-3.0.STABLE10 (14 Oct 2008):
2973 - Bug 2391: Regression: bad assert in forwarding
2974 - Bug 2447: Segfault on failed TCP DNS query
2975 - Bug 2393: DNS requests getting stuck in idns queue
2976 - Bug 2433: FTP PUT gives bad gateway
2977 - Bug 2465: Limited DragonflyBSD support
2978 - ... and other minor bugs and documentation
2980 Changes to squid-3.0.STABLE9 (9 Sep 2008):
2982 - Policy Enforcement: COSS is unusable in 3.0
2983 - Port from 3.1: Language Pack compatibility
2984 - Port from 2.6: Windows Support Notes
2985 - Fix several minor regressions:
2986 HTCP stats reporting
2987 cachemgr delay pool config
2989 - Bug 2340: uudecode dependency for icons removed
2990 - Bug 2352: no_check.pl ntlm challenge fix
2991 - Bug 2426: buffer increase for kerberos auth fields
2992 - Bug 2427: squid_ldap_group codes fix
2993 - Bug 2437: peer name now shown in access.log
2994 - Add sane display of unsupported method errors
2995 - ... and various other code cleanups
2997 Changes to squid-3.0.STABLE8 (18 Jul 2008):
2999 - Port from 2.6: Support for cachemgr sub-actions
3000 - Port from 2.6: userhash peer selection method
3001 - Port from 2.6: sourcehash peer selection method
3002 - Bug 2376: round-robin balancing fixes
3003 - Bug 2388: acl documentation cleanup
3004 - Bug 2365: cachemgr.cgi HTML output encoding
3005 - Bug 2301: Regression: Log format size options
3006 - Bug 2396: Correct the opening of PF device file.
3007 - Bug 2400: ICAP accept mechanism
3008 - Bug 2411: Regression: fakeauth_auth crashes
3009 - Many fixes to the Windows support (not complete yet).
3010 - Boost error pages HTML standards.
3011 - Fixes several issues on 64-bit systems
3012 - Fixes several issues on older or stricter compilers
3013 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
3014 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
3016 Changes to squid-3.0.STABLE7 (22 Jun 2008):
3018 - Fix several ASN issues
3019 - Fix SNMP reporting of counters
3020 - Fix round-robin algorithms
3022 - Netfilter v1.4.0 bug workaround
3023 - Bugs 2350 and 2323: memory issues
3024 - Bugs 2384, 951, 1566: ESI assertions
3025 - Various minor debug and documentation cleanups
3027 Changes to squid-3.0.STABLE6 (20 May 2008):
3029 - Bug 2254: umask Feature from 2.6 added
3030 - cachemgr.cgi default config file added
3031 - Several authentication bug fixes
3032 - Improved Windows Support
3033 - better DNS lookup methods for unqualified hostames
3034 - better support for 64-bit environments
3035 - Bug 2332: Crash when tunnelling
3036 - Removed the advertisement clause from BSD licenses
3037 according to the GPLv2+ changes in BSD
3038 - ... and other bugs and minor cleanups
3040 Changes to squid-3.0.STABLE5 (28 Apr 2008):
3042 - Support for resolv.conf 'domain' option
3043 - Improved URI support, including
3044 longer URI up to 8192 bytes accepted
3045 better handling of intercepted URI
3046 better port for non-FQDN URI lookups
3047 - Improved logging, including
3048 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
3049 Fixed 'log_ip_on_direct' option behaviour
3050 - Support for profiling on x86 64-bit systems
3051 - .. and other bugs and minor code cleanups.
3053 Changes to squid-3.0.STABLE4 (2 Apr 2008):
3055 - Bug 2288: compile error slipped into STABLE3.
3057 Changes to squid-3.0.STABLE3 (31 Mar 2008):
3059 - Improved HTTP 1.1 support.
3060 - Improved MacOSX (Leopard) support
3061 - Bug 2206: Proxy-Authentication regression in STABLE2.
3062 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
3063 - ... and other bugs and minor code cleanup
3065 Changes to squid-3.0.STABLE2 (1 Mar 2008):
3067 - Add myportname ACL for matching the accepting port name (see release notes)
3068 - Add include directive for squid.conf (see release notes)
3069 - Add ability to strip kerberos realm from usernames during Auth
3070 - License cleanup to comply with GPLv2 or later
3071 - Updated Error Pages and Translations
3072 - Updated configuration examples
3073 - Updated valgrind support for valgrind-3.3.0
3074 - Improved support for Windows and MacOS X Leopard
3075 - Improved support for files larger than 2GB
3076 - Improved support for CARP arrays and WCCPv2
3077 - Improved cachmgr, SNMP, and log reporting
3078 - ... and as usual Many bug fixes since STABLE 1
3080 Changes to squid-3.0.STABLE1 (13 Dec 2007):
3082 - Major rewrite translating the code to C++, originally based on
3084 - Internal client streams concept for content adaptation
3085 - ICAP (Internet Content Adaptation Protocol) client support
3086 - ESI (Edge Side Includes) support added
3087 - Improved support for files larger than 2GB.
3088 - And a lot more. Most features from Squid-2.6 is supported, but not
3089 all. See the release notes for details.
3092 Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
3094 Changes to squid-2.6.STABLE22 (19 October 2008)
3096 - Bug #2396: Correct the opening of the PF device file.
3097 - Make --with-large-files and --with-build-envirnment=default play
3099 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
3101 - Make dns_nameserver work when using --disable-internal-dns on glibc
3103 - Bug #2426: Increase negotiate auth token buffer size
3104 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
3105 - Bug #2477: swap.state permission issues if crashing during "squid -k
3107 - Windows port: Fix build error using latest MinGW runtime.
3111 Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
3112 authorative for this release and mirrored here for reference only.
3114 - CARP now plays well with the other peering algorithms,
3115 and support for CARP peerings is compiled by default. Can be
3116 disabled by --disable-carp
3117 - Configuration file can be read from an external program
3118 or preprocessor. See squid.8 man page.
3119 - http_port is now optional, allowing for SSL only operation
3120 - Satellite and other high latency peering relations enhancements
3122 - Nuked num32 types, and made type detection more robust by the
3123 use of typedefs rather than #defines.
3124 - the mailto links on Squid's ERR pages now contain data about the
3125 occurred error by default, so that the email will contain this data in
3126 its body. This feature can be disabled via the email_err_data directive.
3128 - COSS now uses a file called stripe and the path in squid.conf is the
3129 directory this is placed in. Additionally squid -z will create the
3131 - WCCPv2 support, including mask assignment support
3132 - HTCP support for access control and the CRL operation for
3133 purgeing of cache content
3134 - ICAP related fixes
3135 - Windows-related fixes, including Vista and Longhorn identification
3136 - Client-side parsing and some string use optimisations
3137 - Lots of off-by-one and memory leaks in corner cases have been fixed
3139 - Improved high-resolution profiling
3140 - Windows overlapped-IO and thread support added to the Async IO disk code
3141 - Improvements for handling large DNS replies
3143 Changes to squid-2.6.STABLE15 (31 Aug 2007)
3145 - The select() I/O loop got broken by the /dev/poll addition
3147 - Bug #2017: Fails to work around broken servers sending just the HTTP
3149 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
3151 - squid.conf.default updated and reorganised in more sensible groups
3152 - correct and document the syslog access_log format
3153 - Armenian error pages translation
3154 - digest_ldap_helper usage help updated
3155 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
3156 - Improve delay pools in low traffic environment by checking timeouts
3157 at a steady 1 second interval even when there is not much activity
3158 - Don't request authentication on transparently intercepted
3160 - Cleanup linux capabilities for tproxy
3161 - Bug #2003: 'via' config directive doesn't affect response headers
3162 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
3163 - Add missing $|=1 to squid_db_auth
3164 - Bug #2050: Persistent connection dropped if cache has no
3166 - Verify the URL on memory cache hits
3167 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
3168 - Bug #1972: Squid sets peers to down state when they are in fact
3170 - potential segmentation fault in storeLocateVary()
3171 - Bug #2066: chdir after chroot
3172 - Windows port: Fix compiler warnings when building Squid as
3173 application (not Windows service mode)
3174 - Spelling correction of received
3176 Changes to squid-2.6.STABLE14 (15 Jul 2007)
3178 - squid.conf.default cleanup to have options in their proper sections.
3179 - documentation correction in the refresh_pattern ignore-auth option
3180 - URI-escaping not uses the recommended upper-case hex codes
3181 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
3182 - Always use xisxxxx() Squid defined macros instead of ctype
3184 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
3185 - Database basic auth helper using Perl DBI to connect to most SQL DBs
3186 - Solaris /dev/poll network I/O support
3187 - configure fixes to make cross compilation somewhat easier
3188 - Removed incorrect -a reference from http_port documentation
3189 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
3190 - Bug #1968: Squid hangs occasionally when using DNS search paths
3191 - Novell eDirectory digest auth helper (digest_edir_auth)
3192 - Bug #1130: min-size option for cache_dir
3193 - POP3 basic auth helper querying a POP3 server
3194 - Cosmetic squid_ldap_auth fixes from Squid-3
3195 - Bug #1085: Add no-wrap to cache manager HTML tables
3196 - Automatically restart if number of available filedescriptors becomes
3197 alarmingly low, preventing a situation where Squid would otherwise
3198 permanently stop processing requests.
3199 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
3201 - Deal better with forwarding loops
3203 Changes to squid-2.6.STABLE13 (11 May 2007)
3205 - Make sure reply headers gets sent even if there is no body available
3206 yet, fixing RealMedia streaming over HTTP issues.
3207 - Undo an accidental name change of storeUnregisterAbort.
3208 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
3209 - Bug #1814: SSL memory leak on persistent SSL connections
3210 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
3211 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
3212 - Ukrainan error messages
3213 - Convert various error pages from DOS to UNIX text format
3214 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
3215 - Clarify the max-conn=n cache_peer option syntax slightly
3216 - Bug #1892: COSS segfault on shutdown
3217 - Windows port: fix undefined ECONNABORTED
3218 - Make refreshIsCachable handle ETag as a cache validator, not
3220 - in_port_t is not portable, use unsigned short instead
3221 - Fix fs / auth / snmp dependencies
3222 - Portability: statfs() may reqire #include <sys/statfs.h>
3224 Changes to squid-2.6.STABLE12 (20 Mar 2007)
3226 - Assertion error on TRACE
3228 Changes to squid-2.6.STABLE11 (17 Mar 2007)
3230 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
3231 !conn->body.request"
3232 - Handle garbage helper responses better in concurrent protocol format
3233 - Fix kqueue when overflowing the changes queue
3234 - Make sure the child worker process commits suicide if it could
3236 - Don't log short responses at debug level 1
3237 - Fix bswap16 & bwsap32 error on NetBSD
3238 - Fix collapsed_forwarding for non-GET requests
3240 Changes to squid-2.6.STABLE10 (4 Mar 2007)
3242 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
3243 - various diskd bugfixes
3244 - In the access.log hierarchy field log the unique peer name
3245 instead of the host name
3246 - unlinkdClose() should be called after (not before) storeDirSync()
3247 - CLEAN_BUF_SZ was defined, but never used anywhere
3248 - logging HTTP-request size
3249 - Fix icmp pinger communication on FreeBSD and other not supporing
3250 large dgram AF_UNIX sockets
3251 - Release objects on swapin failure
3252 - Bug #1787: Objects stuck in cache if origin server clock in future
3253 - Bug #1420: 302 responses with an Expires header is always cached
3254 - Primitive support for HTTP/1.1 chunked encoding, working around
3256 - Clean up relations between TCP probing and DNS checks of peers with
3258 - Fix a minor HTML coding error in ftp directory listings with // in
3260 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
3261 non-refreshable content
3262 - Gopher cleanups and bugfixes
3263 - Negotiate authentication fixed again. Broken since STABLE7 by the
3264 patch for Bug #1792.
3265 - Bug #1892: COSS tries to shut down the same directory twice on exit
3266 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
3268 - Added support for Subversion HTTP request methods MKACTIVITY,
3271 Changes to squid-2.6.STABLE9 (24 Jan 2007)
3273 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
3274 - Bug #1877 diskd bug in storeDiskdIOCallback()
3276 Changes to squid-2.6.STABLE8 (21 Jan 2007)
3278 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
3279 - Document the https_port vhost option, useful in combination with
3280 a wildcard certificate
3281 - Document the existence of connection pinning / forwarding of NTLM
3282 auth and a few other features overlooked in the release notes.
3283 - Spelling correction of the ssl cache_peer option
3284 - Add back the optional "accel" http_port option. Makes accelerator
3285 mode configurations easier to read.
3286 - Bug #1872: Date parsing error causing objects to get unexpectedly
3288 - Cleanup to have the access.log tags autogenerated from enums.h
3289 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
3291 - Don't update object timestamps on a failed revalidation.
3292 - Fix how ftp://user@host URLs is rendered when Squid is built with
3293 leak checking enabled
3295 Changes to squid-2.6.STABLE7 (13 Jan 2007)
3297 - Windows port: Fix intermittent build error using Visual Studio
3298 - Add missing tproxy info from the dump of http port configuration
3299 - Bug #1853: Support for ARP ACL on NetBSD
3300 - clientNatLookup(): fix wrong function name in debug messages
3301 - Convert ncsa_auth man page from DOS to Unix text format.
3302 - Bug #1858: digest_ldap_auth had some remains of old hash format
3303 - Correct the select_loops counter when using select(). Was counted twice
3304 - Clarify the http_port vhost option a bit
3305 - Fix cache-control: max-stale without value or bad value
3306 - Bug #1857: Segmentation fault on certain types of ftp:// requests
3307 - Bug #1848: external_acl crashes with an infinite loop under high load
3308 - Bug #1792: max_user_ip not working with NTLM authentication
3309 - Bug #1865: deny_info redirection with authentication related acls
3310 - Small example on how to use the squid_session helper
3311 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
3312 - Clarify the transparent http_port option a bit more
3313 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
3314 - Bug #1867: squid.pid isn't removed on shutdown
3316 Changes to squid-2.6.STABLE6 (12 Dec 2006)
3318 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
3319 - Add client source port logformat tag >p
3320 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
3321 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
3322 - automake no longer recommends mkinstalldirs. Removed.
3323 - Only use crypt() if it's available, allowing ncsa_auth to be built
3324 on platofms without crypt() support.
3325 - Windows port documentation updates
3326 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
3327 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
3328 - Remove extra newline in redirect message sent by deny_info http://... aclname
3329 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
3330 - Clarify the external_acl_type helper format specification and some defaults
3331 - Add support for the weight= parameter to round-robin peers
3332 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
3333 - Convert snmpDebugOid to use a temporary String object instead of strcat
3334 - Document that proxy_auth also accepts -i for case-insensitive operation
3335 - Remove malloc/free of temporary buffer in time parsing routines.
3336 - Reduce memory allocator pressure by not continually allocating client-side read buffers
3337 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
3338 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
3339 - Bug #1584: Unable to register with multiple WCCP2 routers
3340 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
3341 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
3342 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
3343 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
3344 - Bug #1840: Disable digest and netdb queries to multicast peers
3345 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
3346 - Fix build errors when using latest MinGW Windows environment
3348 Changes to squid-2.6.STABLE5 (3 Now 2006)
3350 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
3351 - COSS improvements and cleanups
3352 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
3353 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
3354 - Bug #1719: Incorrect error message on invalid cache_peer specifications
3355 - Bug #1785: Memory leak in handling of negatively cached objects
3356 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
3357 - Bug #1782: Memory leak in ncsa_auth on password changes
3358 - Suppress some annoying coss startup messages raising the debug level to 2.
3359 - Clarify the external_acl_helper concurrency= change.
3360 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
3361 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
3362 - Bug #1795: Theoretical memory leak in storeSetPublicKey
3363 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
3364 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
3365 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
3366 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
3367 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
3368 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
3369 - Bug #1796: Assertion error HttpHeader.c:914: "str"
3370 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
3371 - Silence harmless gcc compile warning.
3372 - Clean up poll memory on shutdown
3373 - Ported select, poll and win32 to new comm event framework
3374 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
3375 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
3376 - Safeguard from kb_t counter overflows on 32-bit platforms
3378 Changes to squid-2.6.STABLE4 (23 Sep 2006)
3380 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
3381 - Windows port enhancement: added native exception handler with signal emulation
3382 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
3383 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
3384 - Bug #212: variable %i always 0.0.0.0 in many error pages
3385 - Bug #1708: Ports in ACL accepts characters and out of range
3386 - Bug #1706: Squid time acl accepts invalid time range.
3387 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
3388 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
3389 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
3390 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
3391 - Bug #1598: start_announce cannot be disabled
3392 - Periodically flush cache.log to disk when "buffered_logs on" is set
3393 - Numerous COSS improvements and fixes
3394 - Windows port: merge of MinGW support
3395 - Windows port: Merged Windows threads support into aufs
3396 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
3397 - Numerous portability fixes
3398 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
3399 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
3400 - Bug #1760: FTP related memory leak
3401 - Bug #1770: WCCP2 weighted assignment
3402 - Bug #1768: Redundant DNS PTR lookups
3403 - Bug #1696: Add support for wccpv2 mask assignment
3404 - Bug #1774: ncsa_auth support for cramfs timestamps
3405 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
3406 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
3407 - Bug #1590: Silence those ETag loop warnings
3408 - Bug #1740: Squid crashes on certain malformed HTTP responses
3409 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
3410 - Improve error reporting on unexpected CONNECT requests in accelerator mode
3411 - Cosmetic change to increase cache.log detail level on invalid requests
3412 - Bug #1229: http_port and other directives accept invalid ports
3413 - Reject http_port specifications using both transparent and accelerator options
3414 - Cosmetic cleanup to not dump stacktraces on configuration errors
3417 Changes to squid-2.6.STABLE3 (18 Aug 2006)
3419 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
3420 very large cache_dir. Limit number of objects stored to slightly
3422 - Bug #1705: Correct error message on invalid time weekday specification
3423 - Don't attempt to guess netmask in src/dst acl specifications
3424 if none was provided. Assume it's an IP even if it ends in 0
3425 - Bug #1665: log_format %ue, %us tags for external or ssl user id
3426 - Bug #1707: delay pools often ignored the set limit
3427 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
3428 (0.9.8 always worked)
3429 - COSS fixes and performance improvements
3430 - Memory leak when reading configuration files with overlapping
3431 ACL data where squid -k parse complains.
3432 - Memory leak related to pinned connections
3433 - Show include acls unexpanded in cachemgr configuration dumps
3434 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
3435 - Bug #1304: Downloads may hang when using the cache_dir max-size option
3436 - Optimization of network I/O
3437 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
3438 - Fixed a memory leak on certain invalid requests
3439 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
3440 - Bug #582: ntlm fake_auth not handles non-ascii login names
3441 - New startup message indicating the type of event loop used
3442 - Bug #1602: TCP fallback on truncated DNS responses
3443 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
3444 - Bug #1723: cachemgr now works in accelerator mode
3446 Changes to squid-2.6.STABLE2 (31 Jul 2006)
3448 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
3449 - Releasenotes Table of contents should use relative links without
3451 - Reject HTTP/0.9 formatted CONNECT requests.
3452 - Cosmetic cleanup to use safe_free instead of xfree + manual
3454 - Bug #1650: transparent interception "Unable to forward this
3455 request at this time"
3456 - Bug #1658: Memory corruption when using client-side SSL certificates
3457 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
3458 deleting the underlying object.
3459 - Many COSS fixes and new coss data dumper utility for diagnostics
3460 - Bug #1669: SEGV in storeAddVaryReadOld
3461 - Many fixes in debug sections and spelling of debug messages
3462 - Don't keep client connection persistent if there was a mismatch in
3464 - Move eventCleanup debug messages to debug level 2 (was 0)
3465 - Add the missing concurrency parameters to basic and digest auth
3467 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
3468 - Log SSL user id in the custom log User name format (%un)
3469 - Bug #1653: Username info not logged into Cachemgr active_requests
3471 - Added to the redirectors interface the support for SSL client
3473 - squid.conf.default cleanup to remove references to old options
3474 - Fix many filedescriptors in combination with TPROXY
3475 - Fix connection pinning in transparently intercepted connections
3476 - Bug #1679: LDFLAGS not honored in some programs.
3477 - Minor cleanup of port numbers in transparent interception or
3479 - Bug #1671: transparent interception fails with FreeBSD ipfw or
3481 - Bug #1660: Accept-Encoding related memory corruption
3482 - Bug #1651: Odd results if url_rewriter defined multiple times
3483 - Bug #1655: Squid does not produce coredumps under linux when
3485 - Bug #1673: cache digests not served to other caches
3486 - Cleanup of Linux capability code used by tproxy
3487 - Bug #1684: xstrdup: tried to dup a NULL pointer!
3488 - Bug #1668: unchecked vsnprintf() return code could lead to log
3490 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
3492 - Cygwin support fir --disable-internal-dns
3493 - Silence those annoying sslReadServer: Connection reset by peer
3495 - Bug #1693: persistent connections broken in transparent
3497 - Bug #1691: multicast peering issues
3498 - Bug #1696: Correct WCCP2 processing of router capability info
3500 - Bug #1694: Assertion failure in mgr:config if using
3501 access_log_format %<h
3502 - Bug #1677: Duplicate etags in the If-None-Match header
3503 - Bug #1665: access_log_format codes for login names from external
3505 - Bug #1681: All ntlmauthenticator processes are busy
3506 - Added ARP acl support for OpenBSD and ARP fixes for Windows
3507 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
3509 - WCCP2 correct dampening of assign buckets when there it lots of
3511 - minimum_expiry_time to tune the magic 60 seconds limit of what
3512 is considered cachable when the object doesn't have any cache
3514 - Bug #1703: wrong path to diskd helper corrected, and config
3515 parser extended to trap incorrect paths early
3516 - Bug #1703: COSS failed to initialize async-io threads
3517 - Bug #1703: should abort if diskd helper exits unexpectedly
3518 - Bug #1702: Warn if acl name is too long
3519 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
3520 - wccp2_rebuild_wait directive to delay registering with WCCP until the
3521 - Bug #1662: Infinite loop in external acl with grace period if the
3522 same http_access line had multiple external acls
3524 Changes to squid-2.6.STABLE1 (1 Jul 2006)
3526 - New --enable-default-hostsfile configure option
3527 - Added username info to active_requests cachemgr stats
3528 - Modified squid MIB to incorporate squid.conf visible_hostname
3529 - Added multi-line capability in squid.conf
3530 - Added new httpd_suppress_version_string configuration directive
3532 - Negotiate authentication scheme support
3533 - NTLM authentication scheme rewritten
3534 - Customizable access log formats
3535 - Selective access logging
3536 - Access logging via syslog
3537 - Reverse proxy enhancements, with new cache_peer based forwarding
3539 - LDAP based Digest helper (Note: not true LDAP integration, just using
3540 LDAP for storage of the Digest hashes)
3541 - Improved helper communication protocol
3542 - External ACL improvements. %PATH, log=, grace=, and more..
3543 - Improved SSL support with hardware offload, client certificate
3544 support (primitive), chained certificates and numerous bug fixes
3545 - DNS lookups now use the search path from /etc/resolv.conf or
3546 the Windows registry
3547 - Linux epoll support
3548 - collapsed forwarding to optimize reverse proxies or other
3549 setups having very many clients going to the same URL
3550 - New improved COSS implementation
3551 - Optional support for blank passwords
3552 - The old and obsolete Samba-2.2.X winbind helpers have been removed
3553 - external acls now uses the simplified URL-escaped protol "3.0" by
3555 - Linux TPROXY support
3556 - Support for proxying of Microsoft Integrated Login by adding
3557 support for the deviations from the HTTP protocol required
3558 to support these authentication mechanisms
3559 - Added the capability to run as a Windows service under Cygwin
3560 - CARP now plays well with the other peering algorithms
3561 - read_ahead_gap option to read ahead more than 16KB of the reply
3562 - check_hostnames and allow_underscore squid.conf options
3563 - http_port is now optional, allowing for SSL only operation
3564 - Full ETag/Vary support, caching responses which varies with
3565 request details (browser, language etc).
3566 - umask now defaults to 027 to protect the content of cache and
3567 log files from local users
3568 - HTCP support for access control and the CRL operation for
3569 purgeing of cache content
3570 - Optionally follow X-Forwarded-For headers to determine the original
3571 client IP behind sedond level proxies
3572 - FreeBSD kqueue support
3574 Changes to squid-2.5.STABLE14 (20 May 2006)
3575 - [Minor] icons not displayed when visible_hostname is a
3576 short hostname (without domain). (Bug #1532)
3577 - [Medium] Memleak in HTCP client code (default disabled)
3579 - [Major] memory leak in ident processing (Bug #1557)
3580 - [Medium] Memory leak in header processing related to external_acl
3581 header detail format tag (Bug #1564)
3583 Changes to squid-2.5.STABLE13 (12 Mar 2006)
3584 - [Minor] Fails to compile on Solaris and some other platforms
3585 with undefined reference to setenv (Bug #1435)
3586 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
3587 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
3588 odd results if --enable-ntlm-fail-open is used (Bug #1022)
3589 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
3591 - [Minor] Squid crash when asyncio function counters url accessed
3592 from Cachemgr CGI (Bug #1464)
3593 - [Cosmetic] Linux compile warning about prctl called with too few
3594 arguments (Bug #1483)
3595 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
3596 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
3597 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
3598 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
3599 - [Minor] Ident access lists don't work in delay_access statements
3601 - [Minor] Some clients support NTLM even if not initially negotiating
3602 persistent connections (Bug #1447)
3603 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
3604 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
3606 - [Cosmetic] New persistent_connection_after_error configuration
3607 directive (Bug #1482)
3608 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
3610 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
3611 - [Cosmetic] Typo in ftp.c (Bug #1507)
3612 - [Cosmetic] Error in FTP listings of files with -> in their name
3614 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
3615 in cache.log (Bug #779)
3616 - [Minor] Fails to process long host names (Bug #1434)
3617 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
3618 - [Cosmetic] misleading error message message for bad/unresolveable
3619 cache_peer name (Bug #1504)
3620 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
3622 - [Major] connstate memory leak (Bug #1522)
3624 Changes to squid-2.5.STABLE12 (22 Oct 2005)
3626 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
3627 when using delay pools (Bug #1405)
3628 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
3629 with server_persistent_connections (Bug #454)
3630 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
3631 diagnostics easier on squid_ldap_auth configuration errors
3633 - [Minor] $HOME not set when started as root (Bug #1401)
3634 - [Minor] httpd_accel_single_host breaks in combination with
3635 server_persistent_connections (Bug #1402)
3636 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
3637 implemented, effectively ignored. (Bug #1403)
3638 - [Minor] CNAME based DNS addresses could get cached for longer
3639 than intended (Bug #1404)
3640 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
3641 in transparently intercepting proxies (Bug #1410).
3642 - [Minor] Cache revalidations on HEAD requests causing poor cache
3643 hit ratio (Bug #1411).
3644 - [Minor] Not possible to send 302 redirects via a redirector in
3645 response to CONNECT requests (bug #1412)
3646 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
3648 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
3649 - [Minor] Delay pools class 3 fails on clients in network 255
3652 Changes to squid-2.5.STABLE11 (22 Sep 2005)
3654 - [Minor] Workaround for servers sending double content-length headers
3656 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
3657 - [Cosmetic] Date header corrected on internal objects (icons etc)
3659 - [Minor] squid -k fails in combination with chroot after patch for
3660 bug 1157 (Bug #1307)
3661 - [Cosmetic] Segmentation fault if compiled with
3662 --enable-ipf-transparent but denied access to the NAT device.
3664 - [Minor] httpd_accel_signle_host incompatible with redireection
3666 - [Minor] squid -k reconfigure internal corruption if the type of
3667 a cache_dir is changed (Bug #1308)
3668 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
3670 - [Minor] Title in FTP listings somewhat messed up after previous
3671 patch for bug 1220 (Bug #1220)
3672 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
3673 confusing authentication. (Bug #1204)
3674 - [Minor] winfo_group.pl only looked for the first group if multiple
3675 groups were defined in the same acl. (Bug #1333)
3676 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
3677 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
3678 - [Cosmetic] The new --with-build-environment=... option doesn't work
3679 - [Cosmetic] New 'mail_program' configuration option in squid.conf
3680 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
3682 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
3683 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
3684 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
3685 - [Cosmetic] Invalid URLs in error messages when failing to connect
3686 to peer, and a few other inconsistent error messages (Bug #1342)
3687 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
3689 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
3691 - [Cosmetic] Greek translation of error messages (Bug #1351)
3692 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
3693 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
3694 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
3696 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
3697 - [Minor] E-mail sent when cache dies is blocked from many antispam
3699 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
3700 - [Cosmetic] Incorrect store dir selection debug message on objects
3701 larger than 2Gigabyte (Bug #1343)
3702 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
3703 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
3704 - [Medium] Clients could bypass delay_pool settings by faking a cache
3705 hit request (Bug #500)
3706 - [Minor] IP-Filter 4.X support (Bug #1378)
3707 - [Medium] Odd results on pipelined CONNECT requests
3708 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
3709 when using NTLM authentication.
3710 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
3711 authentication (bug #1396)
3712 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
3714 - [Cosmetic] New --with-maxfd=N configure option to override build
3715 time filedescriptor limit test
3716 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
3718 Changes to squid-2.5.STABLE10 (17 May 2005)
3720 - [Minor Security] Fix race condition in relation to old Netscape
3721 Set-Cookie specifications
3722 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
3723 format and PASV resposes (Bug #1252)
3724 - [Medium] BASE HREF missing on ftp directory URLs without /
3726 - [Minor security] confusing http_access results on configuration
3728 - [Cosmetic] More robust Date parser (Bug #321)
3729 - [Minor] reload_with_ims fails to refresh negatively cached objects
3731 - [Cosmetic] delay_access description clarification (Bug #1245)
3732 - [Cosmetic] Check for integer overflow in size specifications in
3733 squid.conf (Bug #1247)
3734 - [Cosmetic] bzero is a non-standard function not available on all
3735 platforms (Bug #1256)
3736 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
3737 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
3738 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
3740 - [Minor] Duplicate content-length headers logged incorrectly or
3741 not cleaned up properly (Bug #1262)
3742 - [Cosmetic] Extend relaxed_header_parser to work around "excess
3743 data from" errors from many major web servers. (Bug #1265)
3744 - [Minor] Add HTTP headers to a netdb error messages
3745 - [Minor] Multiple minor aufs issues (Bug #671)
3746 - [Minor] Basic authentication fails with very long logins or
3747 password (Bug #1171)
3748 - [Minor] CONNECT requests truncated if client side disconnects first
3750 - [Minor] --disable-hostname-checks configure option did not work
3751 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
3752 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
3753 - [Medium] Failed to process requests for files larger than 2GB in size
3754 - [Cosmetic] rename() related cleanup
3755 - [Cosmetic] New cachemgr pending_objects and client_objects actions
3756 - [Cosmetic] external acls requiring authentication did not request
3757 new credentials on access denials like proxy_auth does.
3758 - [Cosmetic] Syslog facility now configurable via command line options.
3759 - [Cosmetic] New %a error page template code expanding into the
3760 authenticated user name. (Bug #798)
3761 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
3762 - [Minor] Support interception of multiple ports
3763 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
3764 can not be determined (Bug #1196)
3765 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
3766 configuration files with CRLF lineendings proper.
3767 - [Minor] Unrecognized Cache-Control directives now forwarded properly
3769 - [Minor] Authentication helpers now returns useable information
3770 in the %m error page macro on failed authentication (Bug #1223)
3771 - [Minor] pid file management corrected in chroot use (Bug #1157)
3772 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
3773 cachemgr.cgi now reads a config file telling which proxy servers
3775 - [Minor] aufs statistics improvements
3776 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
3777 - [Minor] ARP acl documentation and cachemgr config dump corrections
3778 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
3779 hostnames in addition to the reverse lookup of the domain name.
3780 - [Security] Internal DNS client hardened against spoofing
3782 Changes to squid-2.5.STABLE9 (24 Feb 2005)
3784 - [Medium] Don't retry requests on 403 errors (Bug #1210)
3785 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
3786 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
3787 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
3788 - [Minor] relaxed_header_parser extended to work around even more
3789 broken web servers (Bug #1242)
3790 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
3791 better with Mozilla but also to improve security slightly on
3793 - [Minor] High characters allowed un-encoded in FTP and Gopher
3794 listings to allow the user-agent to display data in non-iso8859-1
3795 charsets. (Bug #1220)
3796 - [Cosmetic] format fixes to silence compiler warnings on many
3798 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
3800 Changes to squid-2.5.STABLE8 (11 Feb 2005)
3802 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
3804 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
3805 - [Minor] The new req_header and resp_header acls segfaults
3806 immediately on parse of squid.conf (Bug #961)
3807 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
3809 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
3810 - [Minor] Squid fails to close TCP connection after blank HTTP
3811 response (Bug #1116)
3812 - [Minor security] Random error messages in response to malformed
3813 host name (Bug #1143)
3814 - [Minor] PURGE should not be able to delete internal objects
3816 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
3818 - [Minor] cachemgr vm_objects segfault (Bug #1149)
3819 - [Minor security] Confusing results on empty acl declarations (Bug
3821 - [Minor] Don't close all "other" filedescriptors on startup (Bug
3823 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
3825 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
3826 - [Medium security] Denial of service with forged WCCP messages
3828 - [Minor] DNS related memory leak on certain malformed DNS responses
3830 - [Minor] Internal DNS sometimes truncates host names in reverse
3831 (PTR) lookups (Bug #1136)
3832 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
3833 - [Security] Harden Squid against HTTP request smuggling attacks
3834 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
3835 short_icon_urls is on (Bug #1203)
3836 - [Security] Harden Squid against HTTP response splitting attacks
3838 - [Medium security] Buffer overflow in WCCP recvfrom() call
3840 - [Security] Properly handle oversized reply headers (Bug #1216)
3841 - [Minor] LDAP helpers search fixed to properly ask for no attributes
3842 - [Minor] A sporadic segmentation fault when using ntlm authentication
3844 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
3845 - [Medium] Persistent connection mismatch on failed PUT/POST request
3847 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
3848 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
3849 - [Major] HTTP reply data corruption in certain situations involving
3850 reply headers split over multiple packets (Bug #1233)
3852 Changes to squid-2.5.STABLE7 (11 Oct 2004)
3854 - [Medium] No objects cached in ufs cache_dir type in some
3855 configurations. Issue introduced in 2.5.STABLE6 by the patch for
3856 Bug #676. (Bug #1011)
3857 - [Minor] LDAP helpers update to correct LDAP connection management
3858 and add support for literal password compare instead of binding
3859 - [Minor] A large number of queued DNS lookups for the same domain
3861 - [Cosmetic] request_header_max_size configuration partly ignored
3863 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
3864 - [Cosmetic] HEAD requests may return stale information
3866 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
3867 - [Minor] case insensitive authentication (Bug #431)
3868 - [Cosmetic] Add delay pools information to active_requests. (Bug
3870 - [Minor] Apparent memory leak in client_db (Bug #833)
3871 - [Minor] NTLM authentication truncated causing failures. (Bug
3873 - [Cosmetic] Grammatical corrections in squid.conf.default
3874 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
3876 - [Medium] Segfaults and other strange crashes when using heap
3877 policies. (Bug #1009)
3878 - [Minor] Supplementary group memberships not set (Bug #1021)
3879 - [Cosmetic] ERR_TOO_BIG Portuguese translation
3880 - [Minor] external_acl does not handle newlines (Bug #1038)
3881 - [Major] NTLM authentication denial of service when using msnt_auth
3882 or fake_auth (Bug #1045)
3883 - [Medium] Memory leaks when using NTLM authentication without
3884 challenge reuse. (Bug #994)
3885 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
3887 - [Minor] assertion failed: "n_ufs_dirs <=
3888 Config.cacheSwap.n_configured". (Bug #1053)
3889 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
3890 - [Minor] acl time fails to parse multiple time specifications
3892 - [Minor] cachemgr config dumps mixed up Range and Request-Range
3893 headers in http_header_access & replace directives. (Bug #1056)
3894 - [Minor] Content-Disposition added as a well known header (Bug #961)
3895 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
3897 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
3898 - [Medium] New acl types to match arbitrary HTTP headers. In addition
3899 the http_header_access & replace directives now support arbitrary
3900 headers and not only the well known ones. (Bug #961)
3901 - [Cosmetic] ncsa_auth now accepts Window formatted password files
3903 - [Cosmetic] Support the --program-prefix/suffix options or other
3904 configure program name transforms (Bug #1019)
3905 - [Minor] Fix race condition in CONNECT and also handle aborts of
3906 CONNECT requests in a more graceful manner. (Bug #859)
3907 - [Minor] New balance_on_multiple_ip directive to work around certain
3908 broken load balancers and optimized ipcache on reload requests
3910 - [Medium] New reply_header_max_size directive
3912 - [Minor] Suspected instability on aborted PUT/POST requests
3914 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
3916 Changes to squid-2.5.STABLE6 (9 Jul 2004)
3918 - Bug #937: NTLM assertion error "srv->flags.reserved"
3919 - Bug #935: squid_ldap_auth can be confused by the use of reserved
3921 - Helper queue warnings imprecise on the number of helpers required
3922 - squid_ldap_auth TLS mode works correctly again
3923 - Bug #940, #305: pkg-config support for finding correct OpenSSL
3925 - Bug #426: "Vary: *" is ignored
3926 - 100% CPU usage on Linux-2.2
3927 - Version number should not include -CVS if autoconf is run
3928 - Bug #947: deny_info redirection with requested URL escaped wrongly
3929 - Bug #495: CONNECT timeout should produce a 504 or 503
3930 - Bug #956: cache_swap_log documentation referred to swap.state by
3931 it's old swap.log name
3932 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
3934 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
3935 - Bug #954: Segment violation when using a blank user name in digest
3937 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
3938 - Spelling corrections in configure and squid.conf.default
3939 - The meaning of ERR in digest helper protocol clarified in the
3940 squid.conf documentation
3941 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
3942 - Bug #616: Negative cached 404 replies with VARY header never matched
3943 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
3944 due to a shortcoming in the fix to bug #817
3945 - Bug #570: Very large cache_mem values reported wrongly in cache.log
3946 - Bug #676: store_dir_select_algorithm least-load doesn't work for
3948 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
3949 - Bug #948: Show client ip in cache.log debug output
3950 - Bug #960: compilation issue on OpenBSD/m88k
3951 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
3952 - Bug #991: dns_servers should default to localhost if no resolv.conf
3953 - Bug #717: msnt_auth documentation update
3954 - Bug #753: Segfault in memBufVPrintf on certain architectures
3956 - Bug #941: Negative size in access.log on long running CONNECT
3958 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
3959 - Bug #981: sasl_auth updated to work with SALS2
3960 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
3961 authentication to a NT domain without using Samba.
3963 Changes to squid-2.5.STABLE5 (1 Mar 2004):
3965 - cache.log message on "squid -k reconfigure" was slightly confusing,
3966 claiming Squid restarted when it just reread the configuration.
3967 - Bug #787: digest auth never detects password changes
3968 - Bug #789: login with space confuses redirector helpers
3969 - Bug #791: FQDNcache discards negative responses when using
3971 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
3972 PAM connections are unsafe and now disabled by default.
3973 - auth_param documentation clarifications and added default realm
3974 values making only the helper program a required attribute
3975 - Bug #795: German ERR_DNS_FAIL correction
3976 - Bug #803: Lithuanian error messages update
3977 - Bug #806: Segfault if failing to load error page
3978 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
3979 - Bug #817: maximum_object_size too large causes squid not to cache
3980 - Bug #824: 100% CPU loop if external_acl combined with separate
3981 authentication acl in the same http_access line
3982 - squid_ldap_group updated to version 2.12 with support for ldaps://
3983 (LDAPv2 over SSL) and a numer of other improvements.
3984 - Bug #799: positive_dns_ttl ignored when using internal DNS.
3985 - Bug #690: Incorrect html on empty Gopher responses
3986 - Bug #729: --enable-arp-acl may give warning about net/route.h
3987 - Bug #14: attempts to establish connection may look like syn flood
3988 attack if the contacted server is refusing connections
3989 - errorpage README files included in the distribution again showing
3990 who contributed which translation
3991 - Bug #848: connect_timeout connect_timeout ends up twice the length.
3992 forward_timeout option added to address this.
3993 - Bug #849: DNS log error messages should report the failed query
3994 - Bug #851: DNS retransmits too often
3995 - Bug #862: Very frequently repeated POST requests may cause a
3996 filedescriptor shortage due to persitent connections building up
3997 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
3998 - Bug #571: Need to limit use of persistent connections when
3999 filedescriptor usage is high
4000 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
4001 does not work properly
4002 - Bug #860: redirector_access does not handle "slow" acls such as
4003 "dst" or "external" requiring a external lookup.
4004 - Bug #865: Persistent connection usage too high after sudden burst
4006 - Bug #867: cache_peer max-conn=.. option does not work
4007 - Bug #868: refuses to start if pid_filename none is specified
4008 - Bug #887: LDAP helper -Z (TLS) option does not work
4009 - Bug #877: Squid doesn't follow telnet protocol on FTP control
4011 - Bug #908: Random auth popups and account lockouts when using ntlm
4012 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
4013 - Bug #585: cache_peer_access fails with NTLM authentication
4014 - Bug #592: always/never_direct fails with NTLM authentication
4015 - wbinfo_group update for Samba-3
4016 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
4017 - Bug #924: miss_access restricts internal and cachemgr requests
4018 even if these are local
4019 - Bug #925: auth headers send by squidclient are mildly malformed
4020 - Bug #922: miss_access and delay_access and several other
4021 authentication related bug fixes.
4022 - Bug #909: Added ARP acl support for FreeBSD
4023 - Bug #926: deny_info with http_reply_access or miss_access
4024 - Bug #872: reply_body_max_size problems when using NTLM auth
4025 - Bug #825: random segmentation faults when using digest auth
4026 - Bug #910: Partial fix for temporary memory leaks when using NTLM
4027 auth. There is still problems if challenge reuse is enabled.
4028 - ftp://anonymous@host/ now accepted without requiring a password
4029 - Bug #594: several mime type updates (ftp:// related)
4030 - url_regex enhanced to allow matching of %00
4032 Changes to squid-2.5.STABLE4 (15 Sep 2003):
4034 - Lithuanian error messages added to the distribution
4035 - Bug #660: segfauld if more than one custom deny_info line
4036 - cache_dir disd documentation cleanup
4037 - check open of /dev/null to avoid 100% CPU loop in badly
4038 configured chroot environments
4039 - documentation update on uri_whitespace to refer to the correct RFC
4040 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
4041 - Bug #683: external_acl does not wait for ident lookups to complete
4042 - aufs: Fix a minor use-after-free problem which could cause the
4043 count of opening filedescriptors to grow larger than it should
4044 - Syntax changes to make GCC-3.3 accept Squid without complaints
4045 - Warning if CARP server defined in incorrect load factor order
4046 - neighbor_type_domain documentation update
4047 - http_header_access now works when using cache peers
4048 - high_memory_warning now uses sbrk as fallback mechanism on
4049 platforms where neither mallinfo or mstats are available.
4050 - hosts_file now handles comments at the end of lines correcly
4051 - storeCheckCachable() Stats corrected for release_request and
4052 wrong_content_length.
4053 - cachePeerPingsSent MIB type corrected
4054 - unused minimum_retry_timeout directive removed
4055 - Bug #702: ERR_TO_BIG spanish translation
4056 - Bug #705: Memory leak on deny_info TCP_RESET
4057 - Code cleanup to fix compile error in httpHeaderDelById
4058 - Bug #699: Host header now forwarded exactly where it was in the
4059 original request to work around certain broken firewalls or
4060 load balancers which fail if this header is too far into the
4062 - Bug #704: Memory leak on reply_body_max_size
4063 - Bug #686: requests denied due to http_reply_access are now
4064 logged with TCP_DENIED (instead of TCP_MISS, etc).
4065 - Bug #708: ie_refresh now sends no-cache to have the reload
4066 request propagate properly in cache meshes
4067 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
4068 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
4070 - Bug #710: round-robin cache_dir selection incorrectly
4072 - Statistics corrections in HTTP header statitics
4073 - QUICKSTART cleanups
4074 - Bug #715: statCounter.syscalls.disk counters treated
4075 inconsistently. Now increment the counters in AUFS
4076 functions and for unlinkd.
4077 - Improvements to the (experimental) COSS storage scheme.
4078 - Bug #721: User name field in access.log sometimes blank
4079 - Bug #94: assertion failed: http.c: "-1 == cfd ||
4080 FD_SOCKET == fd_table[cfd].type"
4081 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
4082 - Bug #732: aufs calculates number of threads and limits wrongly
4083 - Bug #663: Username not logged into access.log in case of /407
4084 - Bug #267: Form POSTing troubles with NTLM authentication
4085 and occationally in differen other error conditions.
4086 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
4087 - Bug #733: No explicit error message when ncsa_auth can't access
4089 - Bug #267, #757: POST with NTLM stops after persistent connection
4091 - Bug #742: Wrong status code on access denials if delay_access
4092 is used. Most notably 407 instead of 403 could be returned.
4093 - Bug #763: segfault if using ntlm in http_reply_access
4094 - Bug #638: assertion error if using proxy_auth in delay_access
4095 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
4096 - The issue of reply_body_max_size limiting the size of error
4097 messages no longer applies.
4098 - external_acl_type concurrency= option renamed to children= to
4099 prepare for Squid-3 upgrades. Old syntax still accepted for the
4100 duration of the Squid-2.5 release.
4101 - number of filedescriptors rounded down to an even multiple of 64
4102 to work around issues in certain libc implementations.
4103 - winbind helpers less noisy in cache.log on restarts/shutdown.
4104 - Squid now automatically restarts helpers if too many of them
4107 Changes to squid-2.5.STABLE3 (25 May 2003):
4109 - Bug #573: Occational false negatives in external acl lookups
4110 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
4111 external_acl helpers crashes
4112 - Bug #590: Squid may hang or behave oddly on shutdown while
4113 requests is being processed.
4114 - Bug #590: external acl lookups does not deal well with queue
4116 - cache_effective_user documentation update
4117 - cache_peer documentation update for htcp and carp
4118 - Bug #600: The example header_access paranoid setting is
4119 missing WWW-Authenticate
4120 - Bug #605: Segmentation fault in idnsGrokReply() on certain
4122 - Fixes to build properly on AIX 5
4123 - Bug #574: wb_group updated to version 1.1 to make group names
4124 case insensitive and correct a segfault issue in the helper
4125 - SNMP mib updates to make cacheNumObjCount,
4126 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
4127 correctly report as gauges (was reporting as counters).
4128 - Woraround for --enable-ssl Kerberos issue on RedHat 9
4129 - Bug #579: Close and repopen log files on "squid -k reconfigure"
4130 - Bug #598: squid_ldap_auth could segfault if LDAP server is
4132 - Bug #609,#612: msntauth helper fixes in dealing with large
4133 or non-existing allow/deny user files.
4134 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
4135 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
4136 and also fails to block large objects where the content-length
4138 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
4139 multiple proxy_auth ACLs combined in one line and login fails.
4140 - squid_ldap_auth updated with support for TLS and SSL
4141 - Bug #623: segfault if using negated external acls in certain
4142 configurations involving other acls later on the same http_access
4144 - Bug #622: wb_group helper update to version 1.2 to ass support for
4145 Domain-Qualified groups refering to groups in a specific domain
4146 - Bug #596: logic error in poll() error management
4147 - Bug #597: logic errors in error management
4148 - Bug #591: segmentation fault in authentication on "squid -k debug"
4149 - Bug #587: smb_auth fails on complex logins involving domain names
4150 or other odd characters
4151 - Bug #558, #587: smb_auth.pl fails on complex logins involving
4152 domain names or other odd characters
4153 - Bug #643: external_acl fails with ttl=0 due to a change introduced
4154 by the patch for Bug #553 in 2.5.STABLE2.
4155 - Bug #630: minor issues in digest authantication causing random
4156 authentication failures and incompability with many mainstream
4157 browser digest implementations due to browser qop bugs. To deal
4158 with those broken browser nonce_stricness now defaults to off,
4159 and two new digest options have been added (check_nonce_count
4160 and post_workaround) to allow workarounds to other quite bad
4161 browser bugs if needed.
4162 - Bug #644: digest authentication fails on requests with one
4163 or more comma in the requested URL
4164 - Bug #648: deny_info TCP_RESET not working. The fix for this also
4165 adds the ability to send redirects.
4167 Changes to squid-2.5.STABLE2 (Mars 17, 2003):
4169 - Contrib files added back to the distribution
4170 - Several compiler warnings fixed when using --disable-ident or
4171 --disable-http-violations
4172 - authentication can now be used in most access controls, but
4173 must in most cases first be enforced in http_access to force
4174 the user to authenticate.
4175 - cleanups in the developer bootstrap.sh process when preparing
4177 - several squid.conf.default documentation updated to correctly
4178 refer to the current names when refering to other directives
4179 - authenticate_ip_ttl documentation updates
4180 - several assertion faults and segmentation violations corrected
4181 - the RunCache/RunAccel and squid.rc scripts updated to refer to
4182 the squid binary in sbin rather than the old bin location.
4183 - squid_ldap_auth command line processing fixes when specifying
4184 the LDAP server last on the line instead of -h option
4185 - aufs data corruption bugfix
4186 - aufs performance improvement for low traffic systems
4187 - aufs stability improvements
4188 - external_acl corrected to properly deal with quoted strings
4189 - WCCPv1 bugfix to make sure the router accepts the hash assignments
4190 - "Total accounted memory" now correctly reported in cachemgr
4191 - several small memory leaks (mostly reconfigure related)
4192 - new squid.conf option to allow GET/HEAD requests with a request
4194 - "make uninstall" no longer removes squid.conf
4195 - cachemgr.cgi now uses POST to avoid having the cachemgr password
4196 logged in the web server logs
4197 - authentication schemes which are known to not be proxyable are now
4198 filtered out from forwarded server replies to avoid that the clients
4199 tries to use such schemes when we know for a fact it won't work
4200 - spelling corrections in various error messages
4201 - now possible to define acl values with spaces in them
4202 by using the "include file" feature
4203 - squid_ldap_group updated to 2.10 to fix compilation issues with
4204 recent (and older) OpenLDAP libraries and to make the helper deal
4205 correctly with true LDAP groups by first looking up the user DN.
4206 - Some internal code cleanups
4207 - now verifies that programs etc exists iside the chroot directory
4208 when using chroot_dir. No longer neccesary to set up a split view
4209 environment where the same paths works both inside the chroot and
4210 outside just to convince Squid that the files is actually there..
4211 - improved memory usage reporting
4212 - --disable-hostname-checks configure option
4213 - no longer ignores double dots in host names. Any hostname with
4214 double dots is now rejected as invalid.
4215 - log_mime_hdrs no longer logs garbage if very long headers
4217 - 'select_fds_hist' object added to cachemgr 'histogram' output
4218 - pid file now unlinked when squid has really shut down, not
4219 immediately when the shutdown request is received. This allows
4220 the pid file to be monitored to determine when Squid has shut down
4222 - correct authentication scheme setups on some platforms or compilers
4223 - several squid.conf.default documentation updates to remove references
4224 to renamed or replaced directives by changing them to their current
4226 - the SSL reverse proxy support updated to allow building with
4227 OpenSSL 0.9.7 and and later.
4228 - Corrected a minor performance problem while processing HEAD replies
4229 from various broken web servers not sending a correct HTTP reply
4230 - time acls can now specify multiple times in the same acl name, like
4231 most other acl types.
4232 - winbind helpers updated to match Samba-2.2.7a and should
4233 work with Samba-2.2.6 or later (required). For compability with
4234 older Samba versions A new configure option --with-samba-sources=...
4235 has been added to allow you to specify which Samba version the
4236 helpers should be built for if different than the above versions.
4237 - Squid MIB definition syntax correction to work better with newer
4238 (and older) SNMP tools.
4239 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
4240 requests where parsing the HTTP identifier (HTTP/1.0) failed.
4241 - "make distclean" no longer removes the icons, this avoids the
4242 dependency on "uudecode" to rebuild Squid after "make distclean"
4243 - User name returned by external acl lookups (external_acl_type)
4244 is now available as "ident" in later acl checks in addition to
4245 the logging in access.log.
4246 - Incorrect behaviour of Digest authentication partly corrected - it
4247 will not handle sessions, but will always enforce password
4248 correctness.. (patch submitted by Sean Burford).
4249 - Issue with persistent connections and PUT/POST request corrected
4251 Changes to squid-2.5.STABLE1 (September 25, 2002):
4253 - Major rewrite of proxy authentication to support other schemes
4254 than basic. First in the line is NTLM support but others can
4255 easily be added (minimal digest is present). See Programmers Guide.
4256 (Robert Collins & Francesco Chemolli)
4257 - Reworked how request bodies are passed down to the protocols.
4258 Now all client side processing is inside client_side.c, and
4259 the pass and pump modules is no longer used.
4261 - Optimized searching in proxy_auth and ident ACL types. Squid should
4262 now handle large access lists a lot more efficiently.
4263 (Francesco Chemolli)
4264 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
4265 now a peer is ignored if it turns out to be us, rather than
4267 - Changed the internal URL code to obey appendDomain for internal
4268 objects if it needs appending. This fixes weirdnesses where
4269 a machine can think it is "foo.bar.com", and "foo" is requested.
4271 - Added the use of Automake to create the Makefile.in's in the squid
4272 source tree. This will allow libtool in the future, and immediately
4273 allows better dependency tracking - with or without gcc - as well
4274 as the dist-all and distcheck targets for developers which respectively
4275 build a tar.gz and a tar.bz2 distribution, and check that what will be
4277 - Added TOS and source address selection based on ACLs,
4278 written by Roger Venning. This allows administrators to set
4279 the TOS precedence bits and/or the source IP from a set of
4280 available IPs based upon some ACLs, generally to map different
4281 users to different outgoing links and traffic profiles.
4282 - Added 'max-conn' option to 'cache_peer'
4283 - Added SSL gatewaying support, allowing Squid to act as a SSL server
4284 in accelerator setups.
4285 - SASL authentication helper by Ian Castle
4286 - msntauth updated to v2.0.3
4287 - no_cache now applies to cache hits as well as cache misses
4288 - the Gopher client in Squid has been significantly improved
4289 - Squid now sanity checks FTP data connections to ensure the
4290 connection is from the requested server. Can be disabled if
4291 needed by turning off the ftp_sanitycheck option.
4292 - external acl support. A mechanism where flexible ACL checks
4293 can be driven by external helpers. See the external_acl_type
4294 and acl external directives.
4295 - Countless other small things and fixes
4296 - HTML pages generated by Squid or CacheMgr as well as the
4297 ERR documents now contain a doctype declaration so that
4298 browsers know which HTML specification the document uses.
4299 In addition to that they have a new look (background-color, font)
4300 and are valid according to the HTML standards at www.w3.org.
4302 - Login and password send to Basic auth helpers is now URL escaped
4303 to allow for spaces and other "odd" characters in logins and
4305 - Proxy Authentication is no longer blindly forwarded to peer
4306 caches if not used locally. If forwarding of proxy authentication
4307 is desired then it must now be configured with the login=PASS
4309 - Responses with Vary: in the header are now cached by squid.
4311 - Removed unused 'siteselect_timeout' directive.
4313 Changes to Squid-2.4.STABLE7 (July 2, 2002):
4315 - Squid now drops any requests using transfer-encoding.
4316 Squid is a HTTP/1.0 proxy and as such do not support
4317 the use of transfer-encoding.
4318 - The MSNT auth helper has been updated to v2.0.3+fixes for
4319 buffer overflow security issues found in this helper.
4320 - A security issue in how Squid forwards proxy authentication
4321 credentials has been fixed
4322 - Minor changes to support Apple MAC OS X and some other platforms
4324 - The client -T option has been implemented
4325 - HTCP related bugfixes in "squid -k reconfigure"
4326 - Several bugfixes and cleanup of the Gopher client, both
4327 to correct some security issues and to make Squid properly
4328 render certain Gopher menus.
4329 - FTP data channels are now sanity checked to match the address of
4330 the requested FTP server. This to prevent theft or injection of
4331 data. See the new ftp_sanitycheck directive if this is not desired.
4332 - Security fixes in how Squid parses FTP directory listings into HTML
4334 Changes to Squid-2.4.STABLE6 (March 19, 2002):
4336 - The patch for 2.4.STABLE5 was insufficiently tested and
4337 introduced a bug that causes frequent assertions when
4338 handling DNS PTR answers.
4340 Changes to Squid-2.4.STABLE5 (March 15, 2002):
4342 - Fixed an array bounds bug in lib/rfc1035.c. This bug
4343 could allow a malicious DNS server to send bogus replies
4344 and corrupt the heap memory.
4346 Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
4348 - htcp_port 0 now properly disables htcp
4349 - Fixed problem with certain non-anonymous ftp:// style URL's
4350 - SNMP bugfixes including several memory leaks
4352 Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
4354 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
4356 - Fixed bug #246: corrupt on-disk meta information preventing
4357 rebuilds of lost swap.state files
4358 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
4359 - Fixed a coredump when creating FTP directories
4360 - Fixed a compile time problem with statHistDump prototype mistmatch,
4361 reported by some compilers
4362 - Fixed a potential coredump situation on snmpwalk in certain
4364 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
4365 store implementation
4366 - Serbian error message translations
4368 Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
4370 - Expanded configure's GCC optimization disabling check to
4372 - avoid negative served_date in storeTimestampsSet().
4373 - Made 'diskd' pathnames more configurable
4374 - Make sure squid parent dies if child is killed with
4376 - Changed diskd offset args to off_t instead of int
4377 - Fixed bugs #102, #101, #205: various problems with useragent
4379 - Fixed bug #116: Large Age: values still cause problems
4380 - Fixed bug #119: Floating point exception in
4381 storeDirUpdateSwapSize()
4382 - Fixed bug #114: usernames not logged with
4383 authenticate_ip_ttl_is_strict
4384 - Fixed bug #115: squid eating up resources (eventAdd args)
4385 - Fixed bug #125: garbage HTCP requests cause assertion
4386 - Fixed bug #134: 'virtual port' support ignores
4387 httpd_accel_port, causes a loop in httpd_accel mode
4388 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
4390 - Fixed bug #137: Ranges on misses are over-done
4391 - Fixed bug #160: referer_log doesn't seem to work
4392 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
4393 comm_dns_incoming histogram)
4394 - Fixed bug #165: "Store Mem Buffer" leaks badly
4395 - Fixed bug #172: Ident Based ACLs fail when applied to
4397 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
4398 - Fixed bug #182: 'config' cachemgr option dumps core with
4400 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
4401 of args in debug/printf
4402 - Fixed bug #187: bugs in lib/base64.c
4403 - Fixed bug #184: storeDiskdShmGet() assertion; changed
4404 diskd to use bitmap instead of linked list
4405 - Fixed bug #194: Compilation fails on index() on some
4407 - Fixed bug #197: refreshIsCachable() incorrectly checks
4408 entry->mem_obj->reply
4409 - Fixed bug #215: NULL pointer access for proxy requests
4412 Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
4414 - Fixed a bug in and cleaned up class 2/3 delay pools
4416 - Fixed a coredump bug when using external dnsservers that
4418 - Fixed some NULL pointer bugs for NULL storage system
4420 - Fixed a bug with useragent logging that caused Squid to
4421 think the logfile never got opened.
4422 - Fixed a compiling bug with --disable-unlinkd.
4423 - Changed src/squid.h to always use O_NONBLOCK on Solaris
4425 - Fixed a bug with signed/unsigned bitfield flag variables
4426 that caused problems on Solaris.
4427 - Fixed a bug in clientBuildReplyHeader() that could add
4428 an Age: header with a negative value, causing an assertion
4430 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
4431 was returning the number of FDs in use, rather than
4432 the number of reserved FDs.
4433 - Added the 'pipeline_prefetch' configuration option.
4434 - cache_dir syntax changed to use options instead of many
4435 arguments. This means that the max_objsize argument now
4436 is an optional option, and that the syntax for how to
4437 specify the diskd magics is slightly different.
4438 - Various fixes for CYGWIN
4439 - Upgraded MSNT auth module to version 2.0.
4440 - Fixed potential problems with HTML by making sure all
4441 HTML output is properly encoded.
4442 - Fixed a memory initialization problem with resource records in
4444 - Rewrote date parsing in lib/rfc1123.c and made it a little
4446 - Added Cache-control: max-stale support.
4447 - Fixed 'range_offset_limit' again. The problem this time
4448 is that client_side.c wouldn't set the we_dont_do_ranges
4449 flag for normal cache misses. It was only being set for
4450 requests that might have been hits, but we decided to
4452 - Added the Authenticate-Info and Proxy-Authenticate-Info
4453 headers from RFC 2617.
4454 - HTTP header lines longer than 64K could cause an assertion.
4455 Now they get ignored.
4456 - Fixed an IP address scanning bug that caused "123.foo.com"
4457 to be interpreted as an IP address.
4458 - Converted many structure allocations to use mem pools.
4459 - Changed proxy authentication to strip leading whitespace
4460 from usernames after decoding.
4461 - Prevented NULL pointer access in aclMatchAcl(). Some
4462 ACL types require checklist->request_t, but it won't be
4463 available in some cases (like snmp_access). Warn the
4464 admin that the ACL can't be checked and that we're denying
4466 - Allow zero-size disk caches.
4467 - The actual filesystem blocksize is now used to account
4468 for space overheads when calculating on-disk cache size.
4469 - Made the maximum memory cache object size configurable.
4470 - Added 'minimum_direct_rtt' configuration option.
4471 - Added 'ie_refresh' configuration option, which is a hack
4472 to turn IMS requests into no-cache requests.
4473 - Added support for netfilter in linux-2.4. This allows transparent
4474 proxy connections to function correctly in the absence of a Host:
4475 header. This requires --enable-linux-netfilter to be passed through
4476 to configure. (Evan Jones)
4477 - Fixed a bug with clientAccessCheck() that allowed proxy
4478 requests in accel mode.
4479 - Fixed a bug with 301/302 replies from redirectors. Now
4480 we force them to be cache misses.
4481 - Accommodated changes to the IP-Filter ioctl() interface
4482 for intercepted connections.
4483 - Fixed handling of client lifetime timeouts.
4484 - Fixed a buffer overflow bug with internal DNS replies
4485 by truncating received packets to 512 bytes, as per
4487 - Added "forward.log" support, but its work in progress.
4488 - Rewrote much of the IP and FQDN cache implementation.
4489 This change gets rid of pending hits.
4490 - Changed peerWouldBePinged() to return false if our
4491 ICP/HTCP port is zero (i.e. disabled).
4492 - Changed src/net_db.c to use src/logfile.c routines,
4493 rather than stdio, because of solaris stdio filedescriptor
4495 - Made netdbReloadState() more robust in case of corrupted
4497 - Rewrote some freshness/staleness functions in src/refresh.c,
4498 partially inspired to support cache-control max-stale.
4499 - Fixed status code logging for SSL/CONNECT requests.
4500 - Added a hack to subtract cache digest network traffic
4501 from statistics so that byte hit ratio stays positive
4502 and more closely reflects what people expect it to be.
4503 - Fixed a bug with storeCheckTooSmall() that caused
4504 internal icons and cache digests to always be released.
4505 - Added statfs(2) support for displaying actual filesystem
4506 usage in the cache manager 'storedir' output.
4507 - Changed status reporting for storage rebuilding. Now it
4508 prints percentage complete instead of number of entries
4510 - Use mkstemp() rather than problem-prone tempnam().
4511 - Changed urlParse() to condense multiple dots in hostnames.
4512 - Major rewrite of async-io (src/fs/aufs) to make it behave
4513 a bit more sane with substantially less overhead. Some
4514 tuning work still remains to make it perform optimal.
4515 See the start of store_asyncufs.h for all the knobs.
4516 - Fixed storage FS modules to use individual swap space
4517 high/low values rather than the global ones.
4518 - Fixed storage FS bugs with calling file_map_bit_reset()
4519 before checking the bit value. Calling with an invalid
4520 value caused memory corruption in random places.
4521 - Prevent NULL pointer access in store_repl_lru.c for
4522 entries that exist in the hash but not the LRU list.
4524 Changes to Squid-2.4.DEVEL4 ():
4526 - Added --enable-auth-modules=... configure option
4527 - Improved ICP dead peer detection to also work when the workload
4529 - Improved TCP dead peer detection and recovery
4530 - Squid is now a bit more persistent in trying to find a alive
4531 parent when never_direct is used.
4532 - nonhierarchical_direct squid.conf directive to make non-ICP
4533 peer selection behave a bit more like ICP selection with respect
4535 - Bugfix where netdb selection could override never_direct
4536 - ICP timeout selection now prefers to use parents only when
4537 calculating the dynamic timeout to compensate for common RTT
4538 differences between parents and siblings.
4539 - No longer starts to swap out objects which are known to be above
4540 the maximum allowed size.
4541 - allow-miss cache_peer option disabling the use of "only-if-cached".
4542 Meant to be used in conjunction with icp_hit_stale.
4543 - Delay pools tuned to allow large initial pool values
4544 - cachemgr filesystem space information changed to show useable space
4545 rather than raw space, and platform support somewhat extended.
4546 - Logs destination IP in the hierarchy log tag when going direct.
4547 (can be disabled by turning log_ip_on_direct off)
4548 - Async-IO on linux now makes proper use of mutexes. This fixes some
4549 odd pthread segfaults on SMP Linux machines, at a slight performance
4551 - %s can now be used in cache_swap_log and will be substituted with
4552 the last path component of cache_dir.
4553 - no_cache is now a full ACL check without, allowing most ACL types
4555 - The CONNECT method now obeys miss_access requirements
4556 - proxy_auth_regex and ident_regex ACL types
4557 - Fixed a StoreEntry memory leak during "dirty" rebuild
4558 - Helper processes no longer hold unrelated filedescriptors open
4559 - Helpers are now restarted when the logs are rotated
4560 - Negatively cached DNS entries are now purged on "reload".
4561 - PURGE now also purges the DNS cache
4562 - HEAD on FTP objects no longer retrieves the whole object
4563 - More cleanups of the dstdomain ACL type
4564 - Squid no longer tries to do Range internally if it is not supported
4565 by the origin server. Doing so could cause bandwidth spikes and/or
4567 - httpd_accel_single_host squid.conf directive
4568 - "round-robin" cache_peer counters are reset every 5 minutes to
4569 compensate previously dead peers
4570 - DNS retransmit parameters
4571 - Show all FTP server messages
4572 - squid.conf.default now indicates if a directive isn't enabled in
4573 the installed binary, and what configure option to use for enabling it
4574 - Fixed a temporary memory leak on persistent POSTs
4575 - Fixed a temporary memory leak when the server response headers
4576 includes NULL characters
4577 - authenticate_ip_ttl_is_strict squid.conf option
4578 - req_mime_type ACL type
4579 - A reworked storage system that supports storage directories in
4580 a more modular fashion. The object replacement and IO is now
4581 responsibility of the storage directory, and not of the storage
4583 - Fixed a bogus MD5 mismatch warning sometimes seen when using
4584 aufs or diskd stores
4585 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
4586 and extended support for this to Linux/GNU libc.
4587 - Disabled the "request timeout" error message sent if the user agent
4588 did not provide a request in a timely manner after opening the
4589 connection. Now the connection is silently closed. The error message
4590 was confusing user agents utilizing persistent connections.
4591 - Fixed configure --enable descriptions to match the arg names.
4592 - Eliminated compile warnings from auth_modules/MSNT code.
4593 - Require first character of hostnames to be alphanumeric.
4594 - Made ARP ACL work for Solaris.
4595 - Removed storeClientListSearch().
4596 - Added counters to track diskd operation success and
4598 - Fixed range_offset_limit.
4599 - Added code to retry ServFail replies for internal DNS
4601 - Added referer header logging (Jens-S. Voeckler).
4602 - Added "multi-domain-NTLM" authentication module, a Perl
4603 script from Thomas Jarosch.
4604 - Added configurable warning messages for high memory usage,
4605 high response time, and high page faults.
4606 - Made store dir selection algorithm configurable.
4607 - Added support for admin-definable extension methods,
4609 - Added 'maximum_object_size_in_memory' as a configuration option -
4610 this defines the watermark where objects transit from being true
4611 hot objects to being in-transit objects in memory. It currently
4613 - Change to the fqdn code which changes how pending DNS requests
4614 are treated as private and only become public once they are
4615 completed. This can add extra load on DNS servers but prevents
4616 all the pending clients blocking if one of the queries got
4617 stuck. (Duane Wessels)
4618 - Converted more code to use MemPools, from Andres Kroonmaa.
4619 - Added more CYGWIN patches from Robert Collins.
4621 Changes to Squid-2.4.DEVEL3 ():
4623 - Added Logfile module.
4624 - Added DISKD stats via cachemgr.
4625 - Added squid.conf options for DISKD magic constants.
4627 Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
4629 Changes to Squid-2.4.DEVEL1 ():
4631 Changes to Squid-2.3.STABLE4 (July 18, 2000):
4633 - Fixed --localstatedir configure option (IKEDA Shigeru).
4634 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
4636 - Added pthread_sigmask() check to configure (Daniel
4638 - Added CYGWIN patches from Robert Collins.
4639 - Changed internal DNS lookups to retry queries that are
4640 returned with RCODE 2 (ServFail).
4641 - Added 'virtual port' support (Gregg Kellogg). If
4642 'httpd_accel_uses_host_header' is enabled, then we use
4643 the port number from the Host header. Otherwise, when
4644 'httpd_accel_port' is set to "0" we use the port number
4645 of the local end of the client socket.
4646 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
4647 - Made Squid accept GET requests that have a "content-length:
4649 - Added a sanity check on the NHttpSockets[] array index
4651 - Added a friendlier message when Squid can't find any DNS
4652 nameserver addresses to use (Daniel Kiracofe).
4653 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
4655 - Added missing '%c' token replacement in error page
4657 - Fixed a bug with 'minimum_object_size' that prevented
4658 internal icons from being loaded.
4659 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
4660 that could prevent any objects from being replaced.
4661 - Make sure that storeDirDiskFull() doesn't actually
4662 *increase* the cache size.
4663 - Changed a storeSwapMetaUnpack() assertion to a recoverable
4665 - Removed "wccpHereIam" event check that could cause Squid
4666 to stop sending HERE_I_AM messages.
4668 Changes to Squid-2.3.STABLE3 (May 15, 2000):
4670 - Fixed malloc linking problems on Solaris. The configure
4671 script incorrectly set options for dlmalloc.
4672 - Added a configure check to remove compiler optimization
4674 - Updated MSNT authenticator module.
4675 - Updated Estonian error pages.
4676 - Updated Japanese error pages.
4677 - Fixed expires bug in httpReplyHdrCacheInit. It was
4678 incorrectly setting expires based on max-age. It was using
4679 the current time as a basis, instead of the response date.
4680 - Fixed "USE_DNSSERVER" typos.
4681 - Added a workaround for getpwnam() problems on Solaris.
4682 getpwnam() could fail if there are fewer than 256 FDs
4683 available. This causes root to own some disk files.
4684 - Added an 'offline_toggle' option via the cache manager.
4685 - Added a 'minimum_object_size' option. Files smaller than
4686 this size are not stored.
4687 - Added 'passive_ftp' option to disable passive FTP transfers.
4688 - Added 'wccp_version' option because some Cisco IOS versions
4689 require WCCP version 3.
4690 - The 'client' program in ping mode (-g) now prints transfer
4692 - Fixed logging of proxy auth username for redirected
4694 - Fixed bogus Age values for IMS requests.
4695 - Fixed persistent connection timeout for client-side
4696 connections. It was hard-coded to 15 seconds, now uses
4697 the 'pconn_timeout' value.
4698 - Fixed up httpAcceptDefer. It wasn't being used properly
4699 and caused high CPU usage when Squid gets close to the FD
4701 - Numerous delay_pools fixes and checks.
4702 - Fixed SNMP coredumps from running snmpwalk.
4703 - Added a check for errno == EPIPE in icmp.c when pinger uses
4704 a Unix socket instead of a UDP socket.
4705 - Fixed ACL checklist memory initialization bugs.
4706 - Cleaned up the MIB file. Replaced contact information and
4707 checked description fields.
4708 - Removed LRU reference_age hard-coded upper limit.
4709 - Fixed async I/O FD leak.
4710 - Made getMyHostname() more robust.
4711 - Fixed domain list matching bug. "x-foo.com" wasn't properly
4712 compared to ".foo.com" and confused splay tree ordering.
4713 - Added a check for whitespace in hostnames and optionally
4714 strip whitespace if 'uri_whitespace' setting allows.
4715 - Added status code and checking to ASN/whois queries.
4717 Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
4719 - Changed Copyright text.
4720 - Changed configure so that some IRIX-6.4 hacks apply to
4721 all IRIX-6.* versions.
4722 - Cleaned up HTML bugs in error pages.
4723 - Told configure to check for netinet/if_ether.h, which
4724 is used in ARP ACL code, but might not be required.
4725 - Added "Cookie" to known HTTP headers so it can be
4726 used in anonymizer configuration.
4727 - Added optional TCP_REDIRECT log code for logging
4728 of 301/302 responses returned by Squid.
4729 - Added a check for a currently running Squid process.
4730 If the pid file exists, and the pid is running,
4731 Squid complains and refuses to start another instance.
4732 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
4734 - Fixed a bug with the PURGE method. The purge enable
4735 flag was not getting cleared during reconfigure.
4736 Also required PURGE method to be used in http_access
4737 list before enabling.
4738 - Fixed async I/O assertions for file open errors.
4739 - Fixed internal DNS assertion when unpacking truncated
4741 - Fixed anonymize_headers bug that caused all headers
4742 to be allowed after a reconfigure.
4743 - Fixed an access denied bug for accelerator-only installations.
4744 - Fixed internal DNS initialization so that it uses
4745 'dns_nameservers' settings in squid.conf if set.
4746 - Fixed 'maxconn' ACL bug that caused it to work backwards
4748 - Fixed syslog bug for daemon mode on Linux.
4749 - Fixed 'http_port' parsing bugs.
4750 - Fixed internal DNS byte ordering bugs for PTR queries.
4751 - Fixed internal DNS queue getting stuck during periods
4752 of low activity (Henrik).
4753 - Fixed byte ordering bugs for parsing EPLF FTP listings
4755 - Fixed 'request_body_max_size' bug that caused all
4756 POST, PUT requests to be denied if max size is set
4758 - Fixed 'redirector_access' bug when using 'myport' ACLs.
4759 - Fixed CARP neighbor selection bugs for down peers.
4760 - Added 'client_persistent_connections' and
4761 'server_persistent_connections' flags to disable persistent
4762 connections for clients and servers.
4763 - Fixed access logging bug that caused many requests to be
4765 - Added some bounds checking to delay pools code.
4767 Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
4769 - Updated PAM authentication module from Henrik Nordstrom.
4770 - Updated Bulgarian error messages from Svetlin Simeonov.
4771 - Changed ACL routines so that User-Agent (browser) string
4772 is always taken from compiled HTTP request headers
4773 instead of passed as an argument to aclCreateChecklist.
4774 - Added a 'strip' option to the 'uri_whitesace' configuration
4775 directive and made it the default behavior. Whitespace
4776 found in URI's is now stripped out by default.
4777 - Added chroot feature. The 'chroot_dir' config option enables
4778 it and specifies the directory.
4779 - Changed clientBuildReplyHeader so that the Age header is
4780 added only for cache hits, and only when we can calculate
4781 a valid, positive age value.
4782 - Changed clientWriteComplete and clientGotNotEnough so
4783 that they keep persistent connections open for more types
4784 of replies that don't have bodies.
4785 - Changed filemap.c routines to dynamically grow filemap
4787 - Added a hack to ftp.c to deal with ftp.netscape.com, which
4788 sometimes doesn't acknowledge PASV commands.
4789 - Fixed FTP bug with ftpScheduleReadControlReply; there
4790 was not always a timeout handler on the control socket
4791 after the transfer completed.
4792 - Fixed FTP filedescriptor leak from invalid PASV replies.
4793 - Changed httpBuildRequestHeader so that it doesn't
4794 copy the Host header from the client request. Instead
4795 we should generate our own Host header which is known
4797 - Changed storeTimestampsSet to adjust entry->timestamp
4798 if the response includes an Age header.
4799 - Removed size limit from storeKeyHashBuckets.
4800 - Changed fwdConnectStart from a "heavy" to a "light" event.
4801 - Fixed an 'anonymize_headers' bug that affects unknown
4802 HTTP headers. With the bug, if you list a header that
4803 Squid doesn't know about (such as "Charset"), it would
4804 add HDR_OTHER to the allow/deny mask. This caused all
4805 unknown headers to be allowed or denied (depending on
4806 the scheme you use). Now, with the bug fixed, an unknown
4807 header in the 'anonymize_headers' list is simply ignored.
4809 Changes to Squid-2.3.DEVEL3 ():
4811 - Added MSNT auth module from Antonino Iannella.
4812 - Added --enable-underscores configure option. This allows
4813 Squid to accept hostnames with underscores in them. Your
4814 DNS resolver may still complain about them, however.
4815 - Added --heap-replacement configure option. This enables
4816 the alternative cache replacement policies, such as
4818 - WCCP establishes and registers with the router faster.
4819 - Added 'maxconn' acl type to limit the number of established
4820 connections from a single client IP address. Submitted
4822 - Close FTP data socket as soon as transfer completes
4823 (Alexander V. Lukyanov).
4824 - Fixed ftpReadPass() to not clobber ctrl.message when
4825 the PASS command fails.
4826 - Added a redirect.c patch so squidGuard is able to do
4827 per-user access control (Antony T Curtis).
4828 - discard the pumpMethod() function, and instead use the
4829 fact that the request has a request entity (content-length
4831 - Reload the MIME icons at reconfigure time (Radu Greab).
4832 - Updated Richard Huveneers' SMB authentication module to
4833 his version 0.05 package.
4834 - Fixed lib/heap.c::heap_delete() bug when deleting the
4836 - Fixed an integer conversion bug in
4837 lib/rfc1035.c::rfc1035AnswersUnpack().
4838 - Fixed lib/rfc1738 routines to encode reserved characters,
4839 in addition to encoding the unsafe characters (Henrik).
4840 - Changed the interface for splay compare and "walk"
4841 functions to take a void pointer, instead of a splayNode
4843 - Changed numerous HTTP parsing routines to use ssize_t
4844 instead of size_t. This was done because size_t may be
4845 signed or unsigned. When it is unsigned, gcc emits
4846 numerous "comparison is always true" warnings. At least
4847 we know ssize_t is always signed.
4848 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
4849 friends so that it properly handles multi-value lists.
4850 - Added an "end" (ssize_t) parameter to
4851 src/HttpReply::httpReplyParse() so that we know exactly
4852 where to terminate the header buffer.
4853 - Changed src/access_log.c::log_quote() so that it only
4854 encodes whitespace characters, and not all URL-special
4855 characters (Henrik).
4856 - Added local port ACL type ("myport") (Henrik).
4857 - Added maximum number of connections per client ("maxconn")
4859 - Fixed proxy authentication username/password parsing to
4860 be more robust (Henrik).
4861 - Fixed ACL domain/host and domain/domain comparison
4862 functions yet again. Eliminated duplicate code so that
4863 only src/url.c::matchDomainName() contains this mysterious
4865 - Changed the 'http_port' option to accept an IP address
4866 or hostname as well (Henrik).
4867 - Removed 'tcp_incoming_addr' option.
4868 - Added an access control list for the redirector
4869 ('redirector_access'). Requests which match are sent to
4870 the redirector. All requests. are redirected by default.
4871 - Added the 'authenticate_ip_ttl' option. It specifies
4872 how long a valid proxy authentication credential is
4873 bound to a specific address.
4874 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
4875 - Removed the unused and highly questionable 'forward_snmpd_port'
4877 - Added an option to accept DNS messages from unknown nameservers.
4878 This may be necessary if replies come from a different address
4879 than queries are sent to.
4880 - Added #includes for IP Filter files in netinet directory.
4881 - Fixed a bug with retrying forwarded IMS requests (Henrik).
4882 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
4883 where we were checking a cache-control bit before getting the
4884 mask from the HTTP headers (pallo@initio.no).
4885 - Fixed a bug with "no_cache" access list. If not defined,
4886 everything was uncachable by default.
4887 - Fixed a bug with timed-out client-side HTTP connections.
4888 We didn't cancel the read handler, which could lead to
4889 "rwstate != NULL" warnings.
4890 - Changed comm_open() to only call fdAdjustReserved() for
4891 specific errors (ENFILE, EMFILE);
4892 - Fixed NULL pointer bug in idnsParseResolvConf().
4893 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
4894 - Added DELETE request method.
4895 - Added RFC 2518 HTTP status codes.
4896 - Fixed handling of URL passwords when we need to rewrite a
4897 BASE HREF URL (Henrik).
4898 - Fixed a bug with FTP requests where a request gets aborted,
4899 but we try to complete it anyway. It would result in a
4900 "store_status != STORE_PENDING" assertion. The solution
4901 is to check for ENTRY_ABORTED before reading from
4902 the control channel too.
4903 - Changed FTP to retry a request if Squid fails to establish
4904 a PASV data connection (Henrik).
4905 - Fixed numerous HTCP memory leaks and an uninitialized memory
4907 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
4909 - Minor fixes for Rhapsody systems.
4910 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
4911 don't include varargs.h.
4912 - Changed src/store_client.c::storeClientType() so that
4913 an entry can have more than one STORE_MEM_CLIENT.
4914 - Changed src/store_client.c::storeClientReadHeader()
4915 to check swapfile metadata (Henrik).
4916 - Changed src/url.c::urlCheckRequest() to return FALSE for
4917 any "https://" URL. These should always be CONNECT
4918 instead. If Squid gets an "https://" URL, it is a browser
4920 - Added numerous squid.conf options for controlling cache
4921 digests. Previously these were hard-coded in
4922 src/store_digest.c. (Martin Hamilton)
4923 - Added 'cache_peer' option called 'digest-url' that
4924 lets you specify the URL for a peer's digest.
4926 - Added DELAY_POOLS hacks to scan "slow" connections in
4927 a random order (David Luyer).
4928 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
4929 per-interface arp/neighbour cache, whereas 2.0.x uses a
4930 unified cache. Under 2.2.x you are required to specify
4931 a interface name when looking up ARP table entries with
4933 - If the process umask is not set (i.e. 0), then Squid
4936 Changes to Squid-2.3.DEVEL2 ():
4938 - Added --enable-truncate configure option.
4939 - Updated Czech error messages ()
4940 - Updated French error messages ()
4941 - Updated Spanish error messages ()
4942 - Added xrename() function for better debugging.
4943 - Disallow empty ("") password in aclDecodeProxyAuth()
4945 - Fixed ACL SPLAY subdomain detection (again).
4946 - Increased default 'request_body_max_size' from 100KB
4947 to 1MB in cf.data.pre.
4948 - Added 'content_length' member to request_t structure
4949 so we don't have to use httpHdrGetInt() so often.
4950 - Fixed repeatedly calling memDataInit() for every reconfigure.
4951 - Cleaned up the case when fwdDispatch() cannot forward a
4952 request. Error messages used to report "[no URL]".
4953 - Added a check to return specific error messages for a
4954 "store_digest" request when the digest entry doesn't exist
4955 and we reach internalStart().
4956 - Changed the interface of storeSwapInStart() to avoid a bug
4957 where we closed "sc->swapin_sio" but couldn't set the
4959 - Changed storeDirClean() so that the rate it gets called
4960 depends on the number of objects deleted.
4962 - Added 'hostname_aliases' option to detect internal requests
4963 (cache digests) when a cache has more than one hostname
4965 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
4967 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
4968 - Added OPTIONS request method.
4970 Changes to Squid-2.3.DEVEL1 ():
4972 - Added WCCP support. This adds the 'wccp_router' squid.conf
4974 - Added internal DNS queries; Most installations can run
4975 without the external dnsserver processes.
4976 - Rewrote much of the code that stores cache objects on
4977 disk. Developed a programming interface that should
4978 allow new storage systems to be added easily. This still
4979 is pretty ugly and needs a lot of work, however.
4980 - Replaced async_io.c "tags" with callback data locks.
4981 This probably breaks async IO in a bad way.
4982 - Tried to write an Async IO disk storage module.
4983 - Added code to replace the StoreEntry linked list with a
4984 heap structure. This allows for different replacement
4985 algorithms, instead of being stuck with LRU. This adds
4986 the 'replacement_policy' squid.conf option. (John Dilley
4988 - Fixed HTCP queries by actually checking for freshness
4989 based on the HTCP header fields.
4990 - Fixed passing of redirector command line arguments.
4991 - Added 'request_header_max_size' squid.conf option.
4992 - Added 'request_body_max_size' squid.conf option.
4993 - Added 'reply_body_max_size' squid.conf option.
4994 - Added 'peer_connect_timeout' squid.conf option.
4995 - Added 'redirector_bypass' squid.conf option.
4996 - Added RFC 2518 (WEBDAV) request methods.
4998 Changes to Squid-2.2 (April 19, 1999):
5000 - Removed all SNMP specific ACL code
5001 SNMP now uses generic squid ACL's
5002 - Removed view-based access crontrol
5003 - Cleaned up and simplified SNMP section of squid.conf
5004 - Changed the SNMP code to use a tree stucture.
5005 - Added objects to MIB:
5009 - Changed SNMP Agent to return object instances correctly.
5010 - Added our own assert() macro so we can use debug() instead of
5012 - Added eventFreeMemory().
5013 - Fixed ipcCreate() bug when debug_log has FD <= 2.
5014 - Changed watchChild() and related code in main.c so that
5015 Squid can behave more like a proper daemon process.
5016 - Added 'prefer_direct' option (enabled by default) so that
5017 people can give parents higher preference than direct.
5018 - Fixed ipc.c close() bug for async IO. On FreeBSD,
5019 comm_close() doesn't work for child processes when async IO is
5021 - Fixed setting the public key for large ``icons'' (Henrik
5023 - Rewrote peer digest module to fix memory leaks on reconfigure
5024 and clean the code. Increased "current" digest version to 5
5025 ("required" version is still 3). Revised "Peer Select" cache
5027 - Added "-k parse" command line option: parses the config file
5028 but does not send a signal unlike other -k options.
5029 - Revamped storeAbort() calling. Only store_client.c has all
5030 the right information to determine if the request should
5031 be aborted. Now client and server modules just storeUnregister
5032 without ever needing to call storeAbort.
5033 - Small change of Squid output for FTP (Andrew Filonov,
5035 - clientGetsOldEntry() sends old entry if new request status
5036 is in the 500-range (Henrik Nordstrom).
5037 - Changed configure so it works with IRIX6.4 C compiler (broken?)
5038 option -OPT:fast_io=ON.
5039 - Fixed comm_connect_addr() non-blocking connections for
5040 SONY NEWSOS (Makoto MATSUSHITA).
5041 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
5042 by autoconf documentation.
5043 - Fixed client-side cache-control max-age (Henrik Nordstrom).
5044 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
5045 this error if it is called while squid is in the process of
5047 - Added support for linuxthreads package under FreeBSD (Tony Finch).
5048 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
5049 functions non-static (Michael Pelletier).
5050 - Fixed logging of authenticated usernames even if the
5051 authorization is not cached (Dancer).
5052 - Fixed pconnPush() bug that prevented holding on to
5053 persistent connections (Manfred Bathelt).
5054 - Pid file now rewritten on SIGHUP.
5055 - Numerous Ident changes:
5056 - Ident lookups will now be done on demand if you use the
5058 - The 'ident_lookup on|off' option has been replaced with
5059 an access list, so you can do lookups only for some
5061 - Added an 'ident_timeout' option to specifiy the amount
5062 of time to wait for an ident lookup.
5063 - Added a (local) hit rate to mempool metering.
5064 - FTP Restarts (REST command) is now supported.
5065 - Check for libintl.a on SCO3.2.
5066 - Disable poll() on SCO3.2.
5067 - Numerous Async IO enhancements from Henrik.
5068 - Removed cache_mem_low and cache_mem_high options (Henrik
5070 - Replaced 'persistent_client_posts' with 'broken_posts' access
5072 - Rewrote the anonymizer.
5073 - Removed the http_anonymizer option.
5074 - Added the anonymize_headers option to allow individual
5075 referencing of headers for addition or removal. See
5076 'anonymize_headers' in squid.conf for additional
5078 - Fixed config file parser's handing of optional directives.
5079 Some people might get new warnings about unknown config
5081 - Added 'myip' ACL type. This is the local IP address for
5082 connected sockets (Luyer).
5083 - Fixed parsing of FTP DOS directory listings with spaces
5085 - Numerous DELAY_POOL changes/fixes from David Luyer:
5086 - Makes no-delay neighbors for DELAY_POOLS work by
5087 using a fd_set with the connections to no-delay
5089 - Makes IP addresses ending in 0 and 255, and
5090 network number 255, work with individual and
5091 network delay pools (they were previously not
5092 permitted, and documented as such).
5093 - Massive overhaul of delay pools code - dynamically
5094 allocated delay pools, as many as required.
5095 - delayPoolsUpdate stops running if DELAY_POOLS is
5096 configured but no delay pools are configured.
5097 - Initial delay pool levels are now configurable
5098 as a percentage of the maximum for the pool in
5099 question (used to be all set to 1 second worth
5100 of traffic). Pools are restored to this level
5102 - Changed storeClientCopy to give a swap-in failure if
5103 the number of open disk FD's is above the 'max_open_disk_fds'
5104 limit. Otherwise, a very loaded cache will end up with
5105 all disk files open for reading, and none for writing.
5106 - Added lib/inet_ntoa.c from BSD Unix for systems that have
5107 broken inet_ntoa(). (Erik Hofman).
5108 - Added more specific FTP error messages for "permission
5109 denied, "file not found," and "service unavailable."
5111 - Added xisspace(), xisdigit(), etc, macros to cast function
5112 args and eliminate compiler warnings.
5113 - Fixed case-sensitive comparisons of domain names (Henrik
5115 - Added proxy-authentication to cachemgr.cgi's requests
5117 - Changed Squid to *truncate* rather than *unlink* purged
5118 swap files. Can be reversed by undefining
5119 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
5120 - Changed internal icon headers to use Cache-control
5121 Max-age instead of Expires.
5122 - Changed storeMaintainSwapSpace behavior to be adjusted
5123 smoothly, instead of discretely, between store_swap_low
5124 and store_swap_high. This includes the number of
5125 objects to scan, number to remove, and time until the
5126 next storeMaintainSwapSpace event.
5127 - Fixed a quick_abort bug that incorrectly calculated
5129 - Added getpwnam() auth module from Erik Hofman.
5130 - Added 'coredump_dir' option.
5131 - Fixed a peerDestroy() assertion that required peer->digest
5132 to be NULL at the end of peerDestroy().
5133 - configure script now automatically enables dlmalloc for
5135 - configure enables poll() on linux 2.2 and later (Henrik).
5136 - Icon files are now distributed in binary format, install
5137 will not need to run 'sh' and 'uudecode'.
5138 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
5139 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
5140 fwdCheckDeferRead() will NOT defer reading if the
5141 ENTRY_FWD_HDR_WAIT bit is set.
5142 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
5143 - Fixed a (double) cast problem that caused statAvgTick()
5144 events to be added as fast as possible.
5145 - Changed httpPacked304Reply() to not include the Content-Length
5146 header for 304 replies that Squid generates. We used to
5147 include the length of the cached object, and this broke
5148 persistent connections.
5152 - Fixed configure bug for statvfs() checks. Configure reports
5153 "test: =: unary operator expected" or similar because an
5154 unquoted variable is not defined.
5155 - Fixed aclDestroyAcls() assertion because some ACL types
5156 are not listed in the switch statement. Occurs for
5157 srcdom_regex and dstdom_regex ACL types during reconfigure.
5158 - Typo "applicatoin" in src/mime.conf
5159 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
5160 #define because it didn't include squid.h.
5161 - Fixed commRetryFD() when bind() fails. commRetryFD was
5162 closing the filedescriptor, but it is the upper layer's
5164 - Changed configure's "maximum number of filedescriptors"
5165 detection to only use getrlimit() for Linux. On AIX,
5166 getrlimit returns RLIM_INFINITY.
5167 - Fixed snmpInit() nesting bug.
5168 - Fixed a bug with peerGetSomeParent(). It was adding
5169 a parent to the FwdServers list, regardless of the
5170 ps->direct value. This could cause every request to
5171 go to a parent even when always_direct is used.
5172 - Changed fwdServerClosed() to rotate the "forward servers"
5173 list when a connection establishment fails. Otherwise
5174 it always kept trying to connect to the first server
5179 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
5180 - Avoid coredump in aclMatchAcl() if someone tries to use
5181 proxy authentication with a non-HTTP request (e.g. icp_access).
5182 - Moved 'ident_lookup_access' in squid.conf so it appears
5183 after the ACL section.
5184 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
5185 - Fixed a case in clientCacheHit() where we thought it
5186 was a hit, but the reply status was not 200, so we
5187 had to perform a cache miss. We forgot to change the
5188 log_type and these were being recorded as TCP_HIT's.
5189 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
5190 - Fixed delay_pools coredump and memory leak bugs from
5191 NULL delay_id values.
5192 - Fixed a SEGV bug with delay_pools when requesting
5193 'objects' or 'vm_objects' from the cachemgr.
5194 - Added a workaround for buggy FTP servers that return
5195 a size of zero for non-zero-sized objects.
5196 - Removed umask(0) call from main().
5197 - Fixed a peer selection bug that caused us to never select
5198 a neighbor based on ICP replies if the ICP timeout occurs.
5199 In conjunction with this, removed the PING_TIMEOUT state.
5200 - Fixed a store_rebuild bug that caused us to get stuck trying
5201 if a cache_dir subdirectory didn't exist.
5202 - Fixed a buffer overrun bug in gb_to_str().
5206 - Fixed a dread_ctrl leak caused in store_client.c
5207 - Fixed a memory leak in eventRun().
5208 - Fixed a memory leak of ErrorState structures due to
5210 - Fixed detection of subdomain collisions for SPLAY trees.
5211 - Fixed logging of hierarchy codes for SSL requests (Henrik
5213 - Added some descriptions to mib.txt.
5214 - Fixed a bug with non-hierarchical requests (e.g. POST)
5215 and cache digests. We used to look up non-hierarchical
5216 requests in peer digests. A false hit may cause Squid
5217 to forward a request to a sibling. In combination with
5218 'Cache-control: only-if-cached, this generates 504 Gateway
5219 Timeout responses and the request may not be re-forwardable.
5220 - Fixed a filedescriptor leak for some aborted requests.
5223 Changes to Squid-2.1 (November 16, 1998):
5225 - Changed delayPoolsUpdate() to be called as an event.
5226 - Replaced comm_select FD scanning loops with global fd_set
5227 structures. Inspired by Jeff Mogul's patch for squid 1.1.
5228 - Moved functions common to dns.c, redirect.c, authenticate.c,
5229 ipcache.c, and fqdncache.c into helper.c.
5230 - Changed storeClientCopy2() so that it keeps sending the remainder
5231 of a STORE_ABORTED request, instead of cutting off the client as
5232 soon as the object becomes aborted.
5233 - Fixed combined ipf-transparent proxy and a local http-accelerator
5234 operation (Quinton Dolan).
5235 - Rewrote base64_decode.c because of potential buffer overrun
5237 - Configurable handling of whitespace in request URI's.
5238 See 'uri_whitespace' in squid.conf.
5239 - Added ability to generate HTTP redirect messages from
5240 the redirector output by prepending "301:" or "302:" to the
5241 new url. See FAQ 4.16 for more details.
5242 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
5243 potentially causing under-utilized cache digests
5244 - Maintain refreshCheck statistics on per-protocol basis so we
5245 can tell why ICP or Digests return too many misses, etc.
5246 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
5247 - Changed squid.conf's default access controls to deny all
5248 HTTP requests. Admins must write ACL rules to specifically
5249 allow their local clients.
5250 - Patched French error messages (Mathias HERBERTS).
5251 - NextStep porting fixes by Mike Laster:
5252 - use xstrdup() in cf_gen.c
5253 - check for putenv() in configure
5254 - #define S_ISDIR macro
5255 - Added --disable-poll configure option (Henrik Nordstrom).
5256 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
5257 - Patched ftp.c so we never cache autenticated FTP requests
5259 - Fixed FTP authentication. We tried to unescape authentication
5260 given by basic authentication which is not URL escaped
5262 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
5263 - Added 'redirect_rewrites_host_header' option to disable rewriting
5264 of Host header for redirector responses (Henrik Nordstrom).
5265 - Allow semi-customized error message signatures (Henrik Nordstrom).
5266 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
5267 - Fixed handling of blank lines in ACL input files (Henrik
5269 - Changed proxy_auth ACL type to consist of a list of valid
5270 users. REQUIRED == any (same as ident ACL). ACL type user
5271 changed to ident since this is what it really is.
5273 - Fixed long URL bugs; make sure 'log_uri' never exceeds
5275 - Allow comments in external ACL files (Gerhard Wiesinger).
5276 - Added 'range_offset_limit' configuration option. Requests
5277 with ranges that start after this value will be passed
5278 on unmodified, and Squid will not cache the response
5280 - Added Client HTTP Hit byte counters to 'counters' output
5282 - Got Squid to compile with --enable-async-io on FreeBSD.
5283 - Fixed infinite loop bug for cachemgr 'config' option.
5284 - Fixed cachability bugs for replies with Pragma: no-cache.
5285 - Made content-type multipart/x-mixed-replace uncachable.
5286 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
5287 format (Richard Kettlewell).
5288 - Fixed passing -s option to dnsserver processes (Alvaro Jose
5290 - Changed proxy_auth to work on internal objects and when in
5291 accelerator mode. (Henrik Nordstrom)
5292 - Added login=user:password option to cache_peer directive to
5293 be used from a dial-up cache where the parent requires proxy
5294 authentication. (Henrik Nordstrom)
5295 - If you want to "auto-login", then use a URL on the form
5296 http://username:password@server/.... Squid now picks this up
5297 when going direct, and turns it into basic WWW
5298 authentication. It is also possible to do automatic login to
5299 certain servers by using a redirector to add the needed
5300 authentication information. (Henrik Nordstrom)
5301 - Changed refreshCheck() so that objects with negative age
5303 - Fixed "plain" FTP listings (Henrik Nordstrom).
5304 - Fixed showing banner/logon message for top-level FTP
5305 directories (Henrik Nordstrom).
5306 * Changes below have been made to SQUID_2_1_PATCH1
5307 - Fixed pinger packet size assertion.
5308 - Fixed WAIS forwarding.
5309 - Fixed dnsserver coredump bug caused by using both -D and
5311 * Changes below have been made to SQUID_2_1_PATCH2
5312 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
5313 - Fixed proxy auth NULL password bug.
5314 - Fixed queueing of multiple peerRefreshDNS events.
5315 - Added a stack of StoreEntry objects to be released after
5316 store rebuild completes.
5317 - Fixed NULL pointer bugs with too-large requests (found by
5319 - Fixed reading replies from buggy ident servers. Replies
5320 might not have terminating CR or LF (Henrik Nordstrom).
5321 - Changed internal StoreEntry key so that the request method
5322 is encoded as a single octet. Encoding an enumerated type
5323 has size and byte-order incompatibilities, especially for
5325 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
5326 are not always locked. This fixes having multiple
5327 store_digest's stuck in memory.
5328 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
5329 unregisters from "cache hit" entries.
5330 * Changes below have been made to SQUID_2_1_PATCH3
5331 - Fixed memory leak in clientHandleIMSReply for
5332 storeClientCopy failures.
5334 Changes to Squid-2.0 (October 2, 1998):
5336 - Added NAT/Transparent hijacking code from Quinton Dolan.
5337 - Added actual filesystem usage to cachemgr 'storedir' page.
5338 Only works for operating systems which support statvfs().
5339 - Fixed HTCP compile-time bugs.
5340 - Fixed quick_abort bugs. Configured values are stored as
5342 - Removed fwdAbortFetch(). It breaks quick_abort and seems
5344 - Changed storeDirSelectSwapDir() to skip swap directories
5345 when their utilization is over the high water mark ratio.
5346 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
5347 - fixed bugs in Content-Range header generation
5348 - changed the way Range requests are handled:
5349 - do not "advertise" our ability to process ranges at
5351 - on hits, handle simple ranges and forward complex
5353 - on misses, fetch the whole document for simple ranges
5354 and forward range request for complex ranges
5355 The change is supposed to decrease the number of cases when
5356 clients such as Adobe acrobat reader get confused when we
5357 send a "200" response instead of "206" (because we cannot
5358 handle complex ranges, even for hits) Note: Support for
5359 complex ranges requires storage of partial objects.
5360 - Removed SNMP mib-2.system group from squid.
5361 - Removed SNMP ability to iterate through ipcache and friends.
5362 - Added SNMP ipcache/fqdncache basic statistics.
5363 - Converted SQUID-MIB to SMIv2 (RFC 1902).
5364 - Moved SQUID-MIB to enterprises section of the tree in preparation
5365 of the split into PROXY-MIB & SQUID-MIB.
5366 - Corrected minor errors in SQUID-MIB.
5367 - Moved uptime into cacheSystem from cacheConfig.
5368 - Corrected a number of get-next-request bugs, snmpwalk should now
5369 return all objects and not skip some.
5370 - Fixed netdbClosestParent() so it won't return sibling
5372 - Fixed a bug with secondary clients on entries with
5373 ENTRY_BAD_LENGTH set. We should release the
5374 bad entry to prevent secondary clients jumping on.
5375 - Changed MIB to prevent parse warnings at startup.
5376 * Changes below have been made to SQUID_2_0_PATCH1
5377 - Fixed a forwarding loop bug. Even though we were detecting
5378 a loop, it was not being broken.
5379 - Try to prevent sibling forwarding loops by NOT forwarding a
5380 request to a sibling if we have a stale copy of the object.
5381 Validation requests should only be sent to parents (or
5383 - Fixed ncsa_auth hash bugs when re-reading password file.
5384 - Changed clientHierarchical() so that by default SSL/CONNECT
5385 requests do NOT go to neighbor caches.
5386 - Changed clientHandleIMSReply() to not call storeAbort()
5387 because there can be more than one client hanging on the
5388 StoreEntry. This hopefully fixes "store_status !=
5389 STORE_ABORTED" assertions.
5390 - Added temporary fix to httpMakePublic() to prevent assertions
5391 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
5392 * Changes below have been made to SQUID_2_0_PATCH2
5393 - PATCH1 introduced a seriously stupid bug which prevented ICP
5394 queries for all requests. Fixed by checking
5395 request->hierarchical in peerSelectFoo().
5397 Changes to squid-1.2.beta25 (September 21, 1998):
5399 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
5400 callbacks (Henrik Nordstrom).
5401 - Fixed store_swapout.c assertion. We were freeing object data
5402 past the swapout_done offset. This probably happens (only?)
5403 when an object changes from cachable to uncachable while
5404 it is being swapped out.
5405 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
5406 of the buffers used for writing data to the client sockets.
5407 - Added configure check for libbind.a. If found, it will be
5408 used instead of libresolv.a.
5409 - Changed fwdStart() to always allow internally generated
5410 requests, such as for peer digests. These requests are
5411 known to fwdStart() because the address arg is set to
5413 - Completed initial HTCP implementation. It works, but is not
5415 - Added counters for I/O syscalls.
5416 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
5417 (netapp) Squid doesn't use private keys. This caused us
5418 to remove almost every object from the cache.
5419 - Added 'asndb' cachemgr stats to show AS Number tree.
5420 - Fixed AS Number byte-order bug for netmasks.
5421 - Fixed comm_incoming calling rate for high loads (Stewart
5423 - Give always_direct higher precedence than never_direct
5425 - Changed PORT ACL type to accept ranges. Now you can easily
5426 deny, for example, all priveleged ports except 80, 70, 21,
5428 - ARP ACL fixes for Linux (David Luyer).
5429 - Replaced various "EBIT" flags bitfileds with structures of
5431 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
5432 efficient by removing snprintf(). This causes an
5433 incompatibility with old cache keys, however. To transition,
5434 we will look up both the new and old style keys for about the
5435 next 30 days. After that, if you haven't run this (or a
5436 future) version, your cache contents will be lost.
5437 - Made the client-side write buffer size configurable with
5438 a #define in defines.h. By default it is still 4096 bytes.
5439 - Removed redirectUnregister(). It should be unnecessary
5440 because of cbdata locks.
5441 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
5442 - Changed non-blocking connect(2) code to call getsockopt()
5443 instead of connect() again. This is the approach recommended
5444 by Stevens, and fixes bugs on BSD-ish systems when subsequent
5445 connect() calls loop with EAGAIN status.
5446 - Added MD5 cache keys to memory pool accounting.
5447 - Added code to track number of open DISK descriptors and stop
5448 swapping out objects if the number of disk descriptors becomes
5449 too large. For now the limit must be manually configured with
5450 the 'max_open_disk_fds'. By default, there is no limit.
5451 - Stopped encoding a request method in the high byte of the ICP
5452 reqnum field. Instead queried cache keys are copied to a
5453 static array, indexed by the reqnum, modulo the array size.
5454 Now we just use the request number to lookup a cache key,
5455 instead of rebuilding it from the ICP reply URL and method,
5456 unless we have netapp neighbors--they don't do reqnum
5458 - Fixed reconfigure memory access bugs in redirect.c.
5459 - Ignore unreasonably large ICP RTT values which cause overflow
5460 bugs in calculating the average RTT (thanks Niall!)
5462 Changes to squid-1.2.beta24 (August 21, 1998):
5464 - Added Bulgarian error pages by Evgeny Gechev.
5465 - Changed StoreEntry->lock_count to a u_short.
5466 - Replaced urlcmp with strcmp
5467 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
5469 - Eliminated unneeded BASE HREF on "root" directories (Henrik
5471 - Fixed peerDigestFetchFinish() assertion caused by forwarding
5472 failures (e.g. miss_access rules).
5473 - Changed signal handlers with ASYNC_IO and Linux so that
5474 -k command line options work (Miquel van Smoorenburg).
5475 - Rewrote shutdown code to use events instead of setting
5477 - Fixed cachemgr 'objects' (statObjects()) by adding a check
5478 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
5479 storeBufferFlush(). Otherwise, the read-past pages would
5481 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
5482 were being closed by the dnsServerShutdown event.
5483 - Modified storeHashInsert() to insert PRIVATE objects at
5484 the tail of the LRU list, and PUBLIC objects at the head.
5485 Thus, PRIVATE objects get kicked out quicker.
5486 - Added David Luyer's DELAY_POOLS code.
5487 - Fixed a bug due to HEAD replies which lack the end-of-headers
5489 - Made proxy-auth realm string configurable (Bob Franklin)
5490 - Changed default mime time to a viewable one (Henrik Nordstrom).
5491 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
5492 - Fixed 'you are running out of filedescriptors' bug which
5493 could cause the HTTP incoming connection handler to not
5495 - Changed syslog logging. Now squid debug levels 0 and 1 go
5496 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
5497 (this needs more work!)
5498 - Fixed memory access errors in statAvgTick().
5499 - Fixed duplicate requestUnlink() bug in forward.c
5500 - Fixed possible memory access bugs from not setting e->mem_obj
5501 = NULL in destroy_MemObject().
5502 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
5503 - Modified headersEnd and httpMsgIsolateHeaders to account
5504 for funky line terminations such as CRCRNL.
5505 (``but Netscape and IE _tolerate_ this'')
5506 - Fixed carp functions (Eric Stern).
5507 - Replaced internal proxy_auth code with extern authentication
5508 module (Arjan de Vet).
5509 - moved hash.c to libmiscutil.a.
5510 - Fixed handling of ICP queries with whitespace in URLs.
5511 Now we return ICP error and escape the URL before logging.
5512 - Added configure check for socklen_t (David Luyer).
5513 - Removed USE_SPLAY #defines; it is now standard.
5514 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
5515 temporary disk_ctrl_t structures.
5516 - Changed ENOSPC disk write errors to reduce specific cache_dir
5517 sizes, and not just the size of the cache as a whole.
5518 - Added httpMaybeRemovePublic() to purge public objects for
5519 certain responses even though they are uncachable. This is
5520 needed, for example, when an initially cachable object
5521 later becomes uncachable.
5522 - Added refresh_pattern options to ignore client reloads
5524 - Relocated disk.c code which combines blocks for writing
5527 Changes to squid-1.2.beta23 (June 22, 1998):
5529 - Added Turkish error pages by Tural KAPTAN.
5530 - Added basic support for Range requests. For most cachable
5531 requests, Squid replies with an "Accept-Ranges" header. Upon
5532 receiving a potentially cachable Range request for a not
5533 cached object, Squid requests the whole object from origin
5534 server and then replies with specified range(s) to the
5535 client. Multi-range requests are supported. Adjacent
5536 overlapping ranges are merged. If-Range requests are
5537 supported. Limitations: Multi-range requests with out of
5538 order ranges are not supported.
5539 - Made md5.c use standard memcpy and memset if they are
5541 - Memory pools will now shrink if Squid is run-time
5542 reconfigured with smaller value of memory_pools_limit tag.
5543 - Added counter for number of clients (Tomi Hakala).
5544 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
5545 connections for UP->DOWN transition.
5546 - Added 'unique_hostname' configuration option when its
5547 necessary to have multiple machines with the same visible
5549 - Fixed pumpReadFromClient() to not read too many bytes on
5550 persistent connections.
5551 - We can now cache HTTP replies with Set-Cookie. These evil
5552 headers are now filtered out for cache hits on the client
5554 - Fixed SNMP bugs caused by using snmpwalk.
5555 - Fixed snmp system Group; all objects are now returned.
5556 - Fixed snmp system Group sysDescr and sysContact.
5557 - Fixed snmp system Group sysObjectID it now returns a OBJECT
5559 - Allocate FwdState from mem pools.
5560 - Minor HTCP progress.
5561 - Moved 'miss_access' ACL check from client_side.c to forward.c
5562 - Fixed logging of usernames for requests which require
5563 proxy-authentication.
5564 - Fixed HTTP request parser to accept lowercase HTTP identifier
5566 - Fixed FTP listings to always include links to the parent
5567 directory (Henrik Nordstrom).
5568 - Fixed FTP to show an "empty" listing instead of showing
5569 a "document contains no data" error (Henrik Nordstrom).
5570 - Fixed refreshCheck() bug. Often it was checking the
5571 refresh patterns against the string "[null_mem_obj]"
5572 because we moved URLs to MemObject.
5573 - Added CARP support by Eric Stern.
5574 - Fixed select-spin bug when an ICP reply actually gets queued
5575 and we failed to execute the write callback.
5576 - Fixed a storeCheckSwapOut bug. We were freeing up to
5577 the queued offset instead of the done offset. This
5578 resulted in a small chunk of object data not being in
5579 memory and not yet written to disk. A client could
5580 recieve a partial object because file_read() unexpectedly
5582 - Fixed proxy-authentication hangs (Henrik Nordstrom).
5583 - Fixed request_t->flags bug causing authenticated, proxied
5584 responses to be cached (Arjan de Vet).
5585 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
5586 - Added view and download options to FTP listings (Henrik
5588 - Modified configure to allow using pre-installed libdlmalloc.a
5590 - Fixed cachemgr 'objects' implementation.
5591 - Changed refreshCheck() algorithm. For cached objects, we
5592 now check, in the following order:
5594 * response Expires (if present)
5595 * refresh_pattern max-age
5596 * response Last-Modified compared to refresh_pattern
5597 LM-factor (only if Last-Modified is present)
5598 * refresh_pattern min-age
5599 - Changed Copyrights.
5601 Changes to squid-1.2.beta22 (June 1, 1998):
5603 - do not cut off "; parameter" from "digitized" Content-Type
5605 - Added X-Request-URI for persistent connection debugging
5607 - Added Polish error pages from Maciej Kozinski.
5608 - Fixed hash_first/hash_next bugs with **Current pointer.
5609 Replaced with *next pointer.
5610 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
5611 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
5612 - Fixed eventRun "spin" bug when event delta time == 0.
5613 - Fixed setting Last Modified time on cached entries when
5614 receiving a 304 reply.
5615 - Added while loop in httpAccept().
5616 - Added while loop in icpHandleUdp().
5617 - Fixed some small memory leaks.
5618 - Fixed single-bit-int flag checks (Henrik Nordstrom).
5619 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
5620 - Do not send only-if-cached cc directive with requests
5622 - Added "automatic tuning" for incoming request rate, i.e.
5623 how often to check HTTP and ICP sockets. See comm.c
5624 comments for details.
5626 Changes to squid-1.2.beta21 (May 22, 1998):
5628 - Added Italian error pages by Alessio Bragadini.
5629 - Added Estonian error pages by Toomas Soome.
5630 - Added Russian (koi-r) error pages by Andrew L. Davydov.
5631 - Added Czech error pages by Jakub Nantl.
5632 - Fixed asnAclInitialize calling to prevent coredump.
5633 - Fixed FTP directory parsing again.
5634 - Made FTP directory listing "Generated" tagline like
5635 the one for error pages.
5636 - Fixed an assertion coredump in statHistCopy from
5637 reconfiguring with different #peers in squid.conf
5638 - Ignore leading whitespace on requests (and replies). RFC
5639 2068 section 4.1, robustness (Henrik Nordstrom)
5640 - Fixed keep_alive bug. We did not always honour reply
5641 headers, but rather assumed connections could be persistent.
5642 - Fixed reading whois output for AS numbers, especially when
5643 they are longer than 4 KB.
5644 - Removed 'cache_stoplist_pattern' configuration option. This
5645 feature is now handled by 'no_cache'.
5646 - If a URN resolves to only one URL, just return it immediately
5647 instead of giving the user a "choice" (Andy Powell).
5648 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
5649 - Changed squid-internal object names.
5650 - Added netdb exchange protocol.
5651 - Fixed wordlistDestroy() uninitialized pointer bug in
5652 ftpParseControlReply.
5653 - Fixed redirector subprocess to show real program name.
5654 - Changed URN menu output to be sorted.
5655 - Added fast select(2) timeouts when using ASYNC_IO.
5656 - Added ARP ACL support for Linux (David Luyer).
5657 - Added binary http headers to requests
5658 - request_t objects are now created and destroyed in a consistent way
5659 - Fixed cache control printf bug
5660 - Added a lot of new http header ids
5661 - Improved Connection: header handling; now both Connection and
5662 Proxy-Connection headers are checked for connection directives
5663 - Connection request header is now handled correctly regardless
5664 of its position and the number of entries
5665 - Only replies with valid Content-Length can be sent with keep-alive
5666 connection directive (Henrik Nordstrom)
5667 - Better handling of persistent connection "clues" in HTTP headers;
5668 the decision now depends on HTTP version (and User-Agent exceptions)
5669 - Removed handling of "length=" directive in IMS headers;
5670 the directive is not in the HTTP/1.1 standard;
5671 standing by for objections
5672 - allowed/denied headers are now checked using bit masks instead of
5674 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
5675 - removed processing of Request-Range header (not in specs?)
5676 - Fixed byte-order bugs in cacheDigestHashKey.
5677 - Changed hash_remove_link() to return void.
5678 - Changed ipcache_gethostbyname() to return NULL if
5679 i->addrs.count == 0.
5680 - Added millisecond-timing to select/poll loops and event
5682 - Changed 'peerPingTimeout' value to be twice the average
5683 of all the peer ICP RTT's.
5684 - Added 'half_closed_clients' option to force closing of
5685 client connections which might only be half-closed.
5686 - Fixed matchDomainName coredump bug.
5687 - Don't cache HTTP replies with Vary: headers until we
5688 get content negotiation working.
5689 - Fixed SSL proxying to forward full HTTP request headers.
5690 - Changed storeGetMemSpace(). Only purge down to the HIGH
5691 water mark; move locked entries to the head of the inmem
5693 - Changed clientReadRequest() to locally handle any
5694 "squid-internal-static" URL for any host.
5695 - Disable persistent connections for client connections
5696 from broken Netscape User-Agent, version 3.* (Stewart Forster)
5698 Changes to squid-1.2.beta20 (April 24, 1998):
5700 - Improved support for only-if-cached cache control directive.
5701 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
5702 - Fixed 'quick_abort' percent calculation bug.
5703 - Fixed quick_abort FPE bug.
5704 - Changed more errno-checking functions to use ignoreErrno().
5705 - Added ERESTART to ignoreErrno() because of report from
5707 - Fixed '#elsif' typo.
5708 - Fixed MemPool assertion by moving memInit() to before
5709 configuration parsing functions.
5710 - Fixed default 'announce_period' value (was 1 day, should
5712 - Added configure warning for low filedescriptors and pointer
5714 - Fixed httpBodySet() bug causing URN related coredumps.
5715 - Changed ipcacheCycleAddr() to always cycle through all all
5716 available addresses, and not just advance when one of
5718 - Fixed squid-internal bug for mixed-case hostnames (Henrik
5720 - Fixed ICP counting probelm. icpUdpSend() arg should be
5721 LOG_ICP_QUERY instead of LOG_TAG_NONE.
5722 - Added some additional fault toleranse on FTP data channels
5724 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
5725 - Added lock/unlock for StoreEntry during storeAbort().
5726 - Added filemap bit usage stats to cachemgr 'storedir' and
5728 - Replaced 'cache_stoplist' with 'no_cache' Access list.
5729 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
5730 - Fixed default hierarchy_stoplist to be ``default if none.''
5731 - Fixed 'fake a recent reply' hack for detecting DEAD
5732 and ALIVE neighbors (Joe Ramey).
5733 - Fixed FTP directory parsing bugs (Joe Ramey).
5734 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
5736 - Fixed daylight savings time bug (again).
5737 - A lot of Cache Digests additions, fixes, and tuning.
5738 Cache Digests are still "very experimental".
5739 - Fixed snprintf() bug. When len == 1, snprintf() would treat
5740 the buffer as unknown size, emulating sprintf() behaviour.
5741 - Made Error page language configurable with configure script
5743 - Fixed squid-internal URLs when http_port == 80.
5744 - Remember the client address on redirected requests (Henrik
5746 - Don't rebuild the request if the redirector returned the same
5747 URL (Henrik Nordstrom).
5748 - Rewrite Host: header on redirected requests (Henrik
5750 - Include port (if non-standard) in generated Host: headers
5752 - Fixed rfc1123 timezone hacks for Windows NT
5754 - Added Russian Error pages by Ilia Zadorozhko.
5755 - Added totals for ICP and HTTP hits to cachemgr client_list
5757 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
5758 because any string with an '@' must be an email address.
5759 - Fixed POST for content-length == 0.
5760 - Fixed "huge 304 reply" loop bug.
5761 - Fixed --enable-splaytree compile bugs.
5762 - Removed ASN lookup code in peer_select.c.
5763 - Added warnings if ACL code detects subdomains in SPLAY
5765 - Rewrote some bits of httpRequestFree() to eliminate
5766 possible bugs that could cause an "e->lock_count" asseertion.
5767 - Added value/bounds checking to _db_init() when setting
5768 the debugLevels[] array.
5770 Changes to squid-1.2.beta19 (Apr 8, 1998):
5772 - Squid-1.2.beta19 compiles and runs on Windows/NT with
5773 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
5774 - Added French Error pages by Frank DENIS.
5775 - Added Dutch Error pages by Mark Visser
5776 - Added German Error pages by Bernd P. Ziller, Jens Frank,
5778 - Added support for only-if-cached cache-control directive.
5779 - Added RELAXED_HTTP_PARSER #define to allow requests which are
5780 missing the HTTP identifier on the request line (e.g. buggy
5781 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
5782 - Fixed disk.c FD leak for delayed closes in
5783 diskHandleWriteComplete().
5784 - Fixed cache announcement feature.
5785 - Fixed httpReadReply() to retry failed HTTP requests on
5786 persistent connections when read() returns -1, not only
5788 - Fixed cbdata memory counting leak. cbdataUnlock() always
5789 called free(), never memFree().
5790 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
5791 - Fixed `++loopdetect < 10' assertion due to
5792 clientHandleIMSReply bug for invalid/partial HTTP
5794 - Added preliminary code for HTCP.
5795 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
5796 - Added "snmp_community" as an ACL type.
5797 - Cleaned up proxy-auth acl implementation and removed
5799 - Added generic 'hashFreeItems()' function for efficiently
5800 freeing hash table pointers.
5801 - Added whoisTimeout() for ASN code.
5802 - Removed BINARY TREE code.
5803 - Fixed forgetting to reset Config.Swap.maxSize in
5805 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
5806 bug which caused not modified replies to not get updated.
5807 - Fixed client_side.c bugs which could cause data to be written
5808 to the client in the wrong order for persistent connections.
5809 clientPurgeRequest() and clientHandleIMSComplete() must not
5810 call comm_write(). Instead they must create and write to
5812 - Fixed ICP query service time counting bug(s).
5813 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
5814 to fix buffer overruns. This also requires adding 'buf_sz'
5815 args to some functions like clientBuildReplyHeader().
5816 But we can eliminate the need to NULL-terminate the
5818 - Changed commConnectCallback() to reset the FD timeout to
5819 zero before notifying about the connection. This requires
5820 commSetTimeout() calls in numerous places to reinstall
5822 - Changed comm_poll_incoming() to be called less frequently
5823 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
5824 - Removed HAVE_SYSLOG case for debug() macro. Almost all
5825 systems do have syslog(), but more importatnly the
5826 _db_level value is needed for debugging to stderr.
5827 - Rewrote squid/dnsserver interface to use smaller, single-line
5829 - Rewrote 'dns' cachemgr output to use a table format.
5830 - Rewrote a lot of dnsserver.c.
5831 - Added eventAddIsh() for semi-random event scheduling.
5832 - Fixed an ftpTimeout bug for sessions which use PORT
5834 - Fixed ftp.c to recognized invalid PASV replies (e.g.
5836 - Removed hash_insert(). All hasing uses hash_join() now.
5837 - Renamed hash_unlink() to hash_remove_link().
5838 - Added hashPrime() to find closes prime hash table size
5840 - Fixed Keep-Alive ratio counting bug which prevented
5841 persistent connections from being used between cache
5843 - Changed icmp.c to NOT queue messages sent from squid to
5845 - Changed icp_v2.c to NOT queue ICP messages by default.
5846 But they will be queued and resent once if the first
5847 send fails. Counters.icp.queued_replies counts the
5848 number of messaages queued.
5849 - Cleaned up ICP logging.
5850 - Added identTimeout().
5851 - Fixed ipcache reply counting bug. Overcounted dnsserver
5852 replies for partial replies.
5853 - Added urlInternal() for building internal Squid URLs.
5854 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
5855 AND 'cache_peer_acl' configurations. This should be changed
5856 in the fugure to use ONLY cache_peer_acl.
5857 - Changed DEAD/REVIVED neighbor detection to avoid reporting
5858 so many false deaths. (Joe Ramey).
5859 - Added some preliminary code to support "cache digests."
5860 - Fixed pumpClose() coredumps (?).
5861 - Updated cachemgr 'info' output to show median service
5862 times for various categories.
5863 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
5864 != sizeof(int) for Alphas.
5865 - Fixed potential alignment problem in storeDirWriteCleanLogs().
5866 - Fixed store_rebuild.c to NOT replace current, but
5867 not-swapped-out StoreEntry's with on-disk entries.
5868 - Changed storeCleanup() to call storeRelease on invalid
5869 entries which don't have a swapfile (i.e. no unlink()
5871 - Fixed storeSwapInStart() to fail for unvalidated
5874 . renovated mib and added descriptions and comments
5875 . added hit and byte counters to client_db , for
5877 . cacheClientTable, netdbTable, cachePeerTable,
5878 cacheConnTable now indexed by ip address. hash_lookup was
5879 enhanced to allow for subsequent hash_next's similar to
5880 hash_first, to speed up getnext's in tables which refer to
5881 hash-table structures.
5882 . added generic (well, sorf of) table indexing functionality
5883 . added makefile dependencies for snmplib and cache_snmp.h
5884 . WaisHost, WaisPort, Timeouts removed
5885 . FdTable split into FdTable and ConnTable. FdTable simplified
5886 . PeerTable and PeerStat merged and put into new cacheMesh
5888 . cacheClientTable added for client statistics and accounting
5890 . cacheSec and cacheAccounting groups removed
5891 . fixed acl bug when communities not defined
5892 . snmp_acl now survives bad configuration
5894 Changes to squid-1.2.beta18 (Mar 23, 1998):
5896 - Added v1.1 'test_reachability' option.
5897 - Fixed hash4() len == 0 bug.
5898 - Fixed Config.Swap.maxSize reconfigure bug.
5899 - Fixed ICP query bug determining request method.
5900 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
5901 so that we know neighbors are alive even when they send
5902 us replies for unknown entries.
5903 - Changed configure script to add '-std1' for Digital Unix cc.
5904 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
5906 - Added support for 'Cache-Control: Only-If-Cached' request header.
5907 - Fixed CheckQuickAbort() bugs for multiple clients on one
5908 StoreEntry. Also changed storePendingNClients() to return
5909 mem->nclients instead of counting the number of store_client
5910 entries with pending callback functions.
5912 Changes to squid-1.2.beta17 (Mar 17, 1998):
5914 - SNMP MIB version check changed to non-rcs.
5915 - Added memory pools for variable size objects (strings).
5916 There are three pools; for small, medium, and large objects.
5917 - Extended String object to use memory pools. Most fixed size char
5918 array fields will be replaced using string pools. Same for most
5919 malloc()-ed buffers.
5920 - Changed icon handling to use the hostname and port of the squid
5921 server, instead of the special hostname "internal.squid"
5923 - All icons are now configured in mime.conf. No hardcoded icons,
5924 including gohper icons (Henrik Nordstrom).
5925 - Fixed ICP bug when we send queries, but expect zero
5927 - Fixed alignment/casting bugs for ICP messages.
5928 - A generic client-to-server "pump" was added to handle HTTP
5929 PUT as well as POST methods on the client-cache side. Based on
5930 "pump" PUT requests can be made to either HTTP or FTP url's.
5931 Code is still beta and interoperability with browsers etc has
5933 - Put #ifdefs around 'source_ping' code.
5934 - Added missing typedef for _arp_ip_data (Wesha).
5935 - Added regular-expression-based ACLs for client and server
5936 domain names (Henrik Nordstrom).
5937 - Fixed ident-related coredumps from incorrect callback data.
5938 - Fixed parse_rfc1123() "space" bug.
5939 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
5940 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
5941 - Fixed some peer->options flag-setting bugs.
5942 - Fixed single-parent feature to work again
5943 - Removed 'single_parent_bypass' configuration option; instead
5944 just use 'no-query'.
5945 - Surrounded 'source_ping' code with #ifdefs.
5946 - Changed 'deny_info URL' to use a custom Error page.
5947 - Modified src/client.c for testing POST requests.
5948 - Fixed hash4() for SCO (Vlado Potisk).
5950 Changes to squid-1.2.beta16 (Mar 4, 1998):
5952 - Added Spanish error messages from Javier Puche.
5953 - Added Portuguese error messages from Pedro Lineu Orso
5954 - Added a simple but very effective hack to cachemgr.cgi that tries to
5955 interpret lines with '\t' as table records and formats them
5956 accordingly. With a few exceptions (see source code), first line
5957 becomes a table heading ("<th>" html tag) and the rest is formated
5959 - Added "mem_pools_limit" configuration option. Semantics of
5960 "mem_pools" option has also changed a bit to reflect new memory
5962 - Reorganized memory pools. Squid now supports a global pool
5963 limit instead of individual pool limits. Per-pool limits can be
5964 implemented on top of the current scheme if needed, but it is
5965 probably hard to guess their values. Squid distributes pool
5966 memory among "frequently allocated" objects. There is a
5967 configurable limit on the total amount of "idle" memory to be
5968 kept in reserve. All requests that exceed that amount are
5969 satisfied using malloc library. Support for variable size
5970 objects (mostly strings) will be enabled soon.
5971 - memAllocate() has now only one parameter. Objects are always
5972 reset with 0s. (We actually never used that parameter before;
5973 it was always set to "clear").
5974 - Added Squid "signature" to all ERR_ pages. The signature is
5975 hardcoded and is added on-the-fly. The signature may use
5976 %-escapes. Added interface to add more hard-coded responses if
5977 needed (see errorpage.c::error_hard_text).
5978 - Both default and configured directories are searched for ERR_
5979 pages now. Configured directory is, of course, searched first.
5980 This allows you to customize a subset of ERR_ pages (in a
5981 separate directory) without danger of getting other copies out
5983 - Security controls for the SNMP agent added. Besides
5984 communities (like password) and views (part of tree
5985 accessible), the snmp_acl config option can be used to do acl
5986 based access checks per community.
5987 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
5988 can now walk through the whole mib tree. Several new variables
5989 added under cacheProtoAggregateStats
5990 - Added rudimental statistics for HTTP headers.
5991 - Adjusted StatLogHist to a more generic/flexible StatHist.
5992 Moved StatHist implementation into a separate file.
5993 - Added FTP support for PORT if PASV fails, also try the
5994 default FTP data port (Henrik Nordstrom).
5995 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
5996 request is cancelled for fails on the client side.
5997 - Filled in some squid.conf comments (never_direct,
5999 - Added RES_DNSRCH to dnsserver's _res.options when the
6000 -D command line option is given.
6001 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
6002 peer->tcp_up == 0 (Michael O'Reilly).
6003 - Fixed storeGetNextFile's incorrect "directory does not exist"
6004 errors (Michael O'Reilly).
6005 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
6007 - Added 'dns_nameservers' config option to specify non-default
6008 DNS nameserver addresses (Maxim Krasnyansky).
6009 - Added lib/util.c code to show memory map as a tree
6011 - Added HTTP and ICP median service times to Counters and
6012 cachemgr average stats.
6013 - Changed "-d" command line option to take debugging level
6014 as argument. Debugging equal-to or less-than the argument
6015 will be written to stderr.
6016 - Removed unused urlClean() function from url.c.
6017 - Fixed a bug that allowed '?' parts of urls to be recorded in
6018 store.log. Logged urls are now "clean".
6019 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
6020 script forwards basic authentication from browser to squid.
6021 Authentication info is encoded within all dynamically generated
6022 pages so you do not have to type your password often.
6023 Authentication records expire after 3 hours (default) since
6024 last use. Cachemgr.cgi now recognizes "action protection" types
6026 - Added better recognition of available protection for actions
6027 in Cache Manager. Actions are classified as "public" (no
6028 password needed), "protected" (must specify a valid password),
6029 "disabled" (those with a "disable" password in squid.conf), and
6030 "hidden" (actions that require a password, but do not have
6031 corresponding cachemgr_passwd entry). If you manage to request
6032 a hidden, disabled, or unknown action, squid replies with
6033 "Invalid URL" message. If a password is needed, and you failed
6034 to provide one, squid replies with "Access Denied" message and
6035 asks you to authenticate yourself.
6036 - Added "basic" authentication scheme for the Cache Manager.
6037 When a password protected function is accessed, Squid sends an
6038 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
6039 by specifying "name" and "password" for the specified action.
6040 The user name is currently used for logging purposes only. The
6041 password must be an appropriate "cachemgr_passwd" entry from
6042 squid.conf. The old interface (appending @password to the url)
6043 is still supported but discouraged. Note: it is not possible
6044 to pass authentication information between squid and browser
6045 *via a web server*. The server will strip all authentication
6046 headers coming from the browser. A similar problem exists for
6047 Proxy-Authentication scheme.
6048 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
6049 authentication failures when accessing Cache Manager.
6050 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
6051 - Added simple context-based debugging to debug.c. Currently,
6052 the context is defined as a constant string. Context reporting
6053 is triggered by debug() calls. Context debugging routines
6054 print minimal amount of information sufficient to describe
6055 current context. The interface will be enhanced in the future.
6056 - Replaced _http_reply with HttpReply. HttpReply is a
6057 stand-alone object that is responsible for parsing, swapping,
6058 and comm_writing of HTTP replies. Moved these functions from
6059 various modules into HttpReply module.
6060 - Added HttpStatusLine, HttpHeader, HttpBody.
6061 - All HTTP headers are now parsed and stored in a "compiled"
6062 form in the HttpHeader object. This allows for a great
6063 flexibility in header processing and builds basis for support
6064 of yet unsupported HTTP headers.
6065 - Added Packer, a memory/store redirector with a printf
6066 interface. Packer allows to comm_write() or swap() an object
6067 using a single routine.
6068 - Added MemBuf, a auto-growing memory buffer with printf
6069 capabilities. MemBuf replaces most of old local buffers for
6070 compiling text messages.
6071 - Added MemPool that maintains a pre-allocated pool of opaque
6072 objects. Used to eliminate memory thrashing when allocating
6073 small objects (e.g. field-names and field-value in http
6076 Changes to squid-1.2.beta15 (Feb 13, 1998):
6078 NOTE: This version has changes which may cause all or part
6079 of your cache to be lost. However, you can problably
6080 save most of it by doing a slow restart. Specifically:
6082 1. Kill the running squid-1.2.beta14 process; wait for it to
6084 2. Remove all 'swap.state*' files, either in each cache_dir, or
6085 as defined in your squid.conf
6086 3. Start squid-1.2.beta15. The store will be rebuilt from the
6087 existing swap files, reading the directories and opening
6090 - Fixed some problems related to disk (and pipe) write error
6091 handling. file_close() doesn't always close the file
6092 immediately; i.e. when there are pending buffers to write.
6093 StoreEntry->lock_count could become zero while a write is
6094 pending, then bad things happen during the callback.
6095 - The file_write() callback data must now be in the callback
6096 database (cbdata). We now use the swapout_ctrl_t structure
6097 for the callback data; it stays around for as long as we are
6099 - Changed the way write errors are handled by diskHandleWrite.
6100 If there is no callback function, now we exit with a fatal
6101 message under the assumption that the file in question is a
6102 log file or IPC pipe. Otherwise, we flush all the pending
6103 write buffers (so we don't see multiple repeated write errors
6104 from the same descriptor) and let the upper layer decide how
6105 to handle the failure.
6106 - Fixed storeDirWriteCleanLogs. A write failure was leaving
6107 some empty swap.state files, even though it tells us that its
6108 "not replacing the file." Don't flush/rename logs which we
6109 have prematurely closed due to write failures, indiciated by
6110 fd[dirn] == -1. Close these files LAST, not before
6112 - Fixed storeDirClean to clean directories in a more sensible
6113 order, instead of the new "MONOTONIC" order for swap files.
6114 - Merged fdstat.c functions into fd.c.
6115 - Cleaned up some debugging sections. Some unrelated source
6116 files were using the same section.
6117 - Removed curly brackets from all cachemgr output.
6118 - Removed unused filemap->last_file_number_allocated member.
6119 - Removed unused fde->lifetime_data member.
6120 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
6121 - Call setsid() before exec() in ipc.c so that child processes
6122 don't receive SIGINT (etc) when running squid on a tty.
6123 - Changed StoreEntry->object_len to ->swap_file_sz so we
6124 can verify the disk file size at restart. Moved object_len
6125 to MemObject->object_sz. Note object_sz is initialized
6126 to -1. If object_sz < 0, then we need to open the swap
6127 file and read the swap metadata.
6128 - Changed store_client->mem to ->entry because we need
6129 e->swap_file_sz to set mem->object_sz at swapin.
6130 - Renamed storeSwapData structure to storeSwapLogData.
6131 - Fixed storeGetNextFile to not increment d->dirn. Added
6132 check for opendir() failure.
6133 - Fixed storeRebuildStart to properly link the directory
6134 list for storeRebuildfromDirectory mode.
6135 - Added -S command line option to double-check store
6136 consistency with disk files in storeCleanup().
6137 - Fixed a problem with transactional logging. In many
6138 cases we were adding the public cache key and then
6139 logging a delete for the private key. This is worthless
6140 because during rebuild we could not locate the previous
6141 public-keyed entry. Now we assert that only public-keyed
6142 entries can be logged to swap.state. storeSetPublicKey()
6143 and storeSetPrivateKey() have been modified to log an
6144 ADD or DEL when the key changes.
6145 - Fixed storeDirClean bug. Needed to call
6146 storeDirProperFileno() so the "dirn bits" get set.
6147 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
6148 fullfilename[] were static to that function and did
6149 not change when the "rebuild_dir" arg did. Moved these
6150 buffers to the rebuild_dir structure.
6151 - In storeRebuildFromSwapLog, we were calling storeRelease()
6152 for cache key collisions. This only set the RELEASE_REQUEST
6153 bit and did not clear the swap_file_number in the filemap or
6154 in the StoreEntry, so the swap file could get unlinked later
6155 when it was really released.
6156 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
6157 content-type and content-encoding (Henrik Nordstrom).
6158 - Removed 'icon_content_type' configuration option. Content
6159 types now taken from mime.conf (Henrik Nordstrom).
6160 - Added additional memory malloc tracing and memory leak
6161 detection. Use --enable-xmalloc-debug-trace configure
6162 option and -m command line option (Henrik Nordstrom).
6164 Changes to squid-1.2.beta14 (Feb 6, 1998):
6166 - Replaced snmplib free() calls with xfree().
6167 - Changed the 'net_db_name' hash table structure to
6168 make it easier to move names from one network to another
6169 (copied from 1.1 code).
6170 - Filled in some of the config dump routines (dump_acl,
6172 - Full memory debugging option (--enable-xmalloc-debug-trace)
6174 - Filled-in and clarified many squid.conf comments (Oskar
6176 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
6178 Changes to squid-1.2.beta13 (Feb 4, 1998):
6180 - NOTE: With this version the "swap.state" file format has
6181 changed. Running this version for the first time will
6182 cause your current cache contents to be lost!
6183 - NOTE: this version still has the bug where we don't rewind
6184 a swapout file and rewrite the swap meta data. Objects
6185 larger than 8KB will be lost when rebuilding from the swap
6187 - Combined various interprocess communication setup functions
6189 - Removed some leftover ICP_HIT_OBJ things.
6190 - Removed cacheinfo and proto_count() and friends; these are to
6191 be replaced in functionality by StatCounters and 5/60 minute
6192 average views via cachemgr.
6193 - Fixed --enable-acltree configure message (Masashi Fujita).
6194 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
6196 - Fixed building outside of source tree (Masashi Fujita).
6197 - FTP: Format NLST listings, and inform the user that the NLST
6198 (plain) format is available when we find a LIST listing that we
6199 don't understand (Henrik Nordstrom)
6200 - FTP: Use SIZE on Binary transfers, and not ASCII. The
6201 condition was inversed, making squid use SIZE on ASCII
6202 transfers (Henrik Nordstrom).
6203 - Enable virtual and Host: based acceleration in order to be
6204 able to use Squid as a transparent proxy without breaking
6205 either virtual servers or clients not sending Host: header
6206 the order of the virtual and Host: based acceleration needs
6207 to be swapped, giving Host: a higher precendence than virtual
6208 host (Henrik Nordstrom).
6209 - Use memmove/bcopy as detected by configure Some systems does
6210 not have memmove, but have the older bcopy implementation
6212 - Completely rewritten aiops.c that creates and manages a pool
6213 of threads so thread creation overhead is eliminated (SLF).
6214 - Lots of mods to store.c to detect and cancel outstanding
6215 ASYNC ops. Code is not proven exhaustive and there are
6216 definately still cases to be found where outstanding disk ops
6217 aren't cancelled properly (SLF).
6218 - Changes to call interface to a few routines to support disk
6219 op `tagging', so operations can be cleanly cancelled on
6220 store_abort()s (SLF).
6221 - Implementation of swap.state files as transaction logs.
6222 Removed objects are now noted with a negative object size.
6223 This allows reliatively clean rebuilds from non-clean
6225 - Now that the swap.state files are transaction logs, there's
6226 now no need to validate by stat()ing. All the validation
6227 procedure does is now just set the valid bit AFTER all the
6228 swap.state files have been read, because by that time, only
6229 valid objects can be left. Object still need to be marked
6230 invalid when reading the swap.state file because there's no
6231 guarantee the file has been retaken or deleted (SLF).
6232 - An fstat() call is now added after every
6233 storeSwapInFileOpened() so object sizes can be checked. Added
6234 code to storeRelease() the object if the sizes don't match (SLF).
6235 - #defining USE_ASYNC_IO now uses the async unlink() rather than
6237 - #defining MONOTONIC_STORE will support the creation of disk
6238 objects clustered into directories. This GREATLY improves disk
6239 performance (factor of 3) over old `write-over-old-object'
6240 method. If using the MONOTONIC_STORE, the
6241 {get/put}_unusedFileno stack stuff is disabled. This is
6242 actually a good thing and greatly reduces the risk of serving
6243 up bad objects (SLF).
6244 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
6245 rather than ASYNC/unlinkd unlinks. swap.state.new files were
6246 being removed just after they were created due to delayed
6248 - Disabled various assertions and made these into debug warning
6249 messages to make the code more stable until the bugs can be
6251 - Added most of Michael O'Reilly's patches which included many
6252 bug fixes. Ask him for full details (SLF).
6253 - Moved aio_check_callbacks in comm_{poll|select}(). It was
6254 called after the fdset had been built which was wrong because
6255 the callbacks were changing the state of the read/write
6256 handlers prior to the poll/select() calls (SLF).
6257 - Fixed ARP ACL memory leaks (Dale).
6258 - Eliminated URL and SHA cache keys. Cache keys will always
6260 - Fixed up store swap meta data.
6261 - Changed swap.state logs to a binary format.
6262 - The swap.state logs are written transaction-style.
6264 Changes to squid-1.2.beta12 (Jan 30, 1998):
6266 - Added metadata headers to cache swap files. This is an
6267 incompatible change with previous versions. Running this
6268 version for the first time will cause your current cache
6269 contents to be lost.
6270 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
6271 - Show symlink destinations as a hyperlink in FTP listings
6273 - Fixed not allocating enough space for rewriting URLs with
6274 the Host: header (Eric Stern).
6275 - Year-2000 fixes (Arjan de Vet).
6276 - Fixed looping for cache hits on HEAD requests.
6277 - Fixed parseHttpRequest() coredump for
6278 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
6280 Changes to squid-1.2.beta11 (Jan 6, 1998):
6282 - Fixed fake 'struct rusage' definition which prevented compling
6284 - Fixed copy-by-ref bug for request->headers in
6285 clientRedirectDone() (Michael O'Reilly).
6286 - Workaround for Solaris pthreads closing FD 0 upon fork()
6288 - Fixed shutdown bug with outgoing UDP sockets; we need to
6289 disable their read handlers.
6290 - For comm_poll(), use the fast 50 msec timeout only when
6291 USE_ASYNC_IO is defined.
6292 - Fixed pointer bug when freeing AS# ACL entries.
6293 - Fixed forgetting to reset Config.npeers to zero in free_peer().
6294 - Fixed ICP bug causing excessive TIMEOUTs with sibling
6295 neighbors. We must call the ICP reply callback even for
6297 - Fixed some dnsserver-related reconfigure bugs. Need to
6298 use cbdataLock, etc in fqdncache.c. Also don't want to
6299 use ipcacheQueueDrain() and fqdncacheQueueDrain().
6300 - Fixed persistent connection bug. We were incorrectly
6301 deciding that non-200 replies without content-length
6302 would not have a reply body.
6303 - Fixed intAverage() precedence bug.
6304 - Fixed memmove() 'len' arg bug.
6305 - Changed algorithm for determining alive/dead state of peers.
6306 Instead of using a fixed number of unacknowledged ICP
6307 replies, it is now based on timeouts. If there are no ICP
6308 replies received from a peer within 'dead_peer_timeout'
6309 seconds, then we call it dead.
6310 - Added calls to getCurrentTime() in
6311 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
6313 - Fixed shutdown bug when the incoming and outgoing ICP socket
6314 is the same file descriptor.
6315 - Added buffered writes for storeWriteCleanLogs() (Stewart
6317 - Patches for Qnx4 (Jean-Claude MICHOT).
6318 - Fixed returning void functions which seems to be a GCC-ism.
6319 - New configure script options (Henrik Nordstrom):
6320 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
6324 --enable-useragent-log
6325 --enable-kill-parent (this should be named -hack)
6328 --enable-cachemgr-hostname[=hostname] (new)
6329 --enable-arp-acl (new)
6330 - Added Doug Lea malloc-2.6.4 to the distribution, so that
6331 people easily can try a decent malloc package if they syspect
6332 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
6333 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
6334 function (Henrik Nordstrom).
6335 - Removed top-level Makefile. People must now run 'configure'
6337 - Fixed checkFailureRatio() implementation.
6338 - Made 'squid -z' behave like the 1.1 version.
6341 Changes to squid-1.2.beta10 (Jan 1, 1998):
6343 - Fixed content-length bugs for 204 replies, 304 replies,
6344 and HEAD requests (Henrik Nordstrom).
6345 - Fixed errorAppendEntry() bug in gopherReadReply().
6346 - Basic support for FTP URL typecodes (;type=X).
6347 - Support for access controls based on ethernet MAC addresses
6349 - Initial URN support; see
6350 http://squid.nlanr.net/Squid/urn-support.html
6351 - Fixed client-side persistent connections for objects with
6352 bad content lengths (Henrik Nordstrom).
6353 - Fixed bad call to storeDirUpdateSwapSize() for objects which
6354 never reach SWAPOUT_DONE state.
6355 - Fixed up poll() #defines in squid.h (Stewart Forster).
6356 - Changed poll() timeout from 1000 msec to 50 msec for
6357 better performance under low load (Stewart Forster).
6358 - Changed storeWriteCleanLogs() to write objects in the LRU
6359 list order instead of the random hash table order.
6360 - Fixed FTP bug when data socket connections fail or timeout.
6361 - Reuse FTP data connection when possible (Henrik Nordstrom).
6362 - Added configure options (Henrik Nordstrom)
6363 --enable-store-key=sha|md5
6364 --enable-xmalloc-statistics
6365 --enable-xmalloc-debug
6366 --enable-xmalloc-debug-count
6368 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
6369 by creating ERR_FORWARDING_DENIED and changing the
6370 content of the ERR_CANNOT_FORWARD text.
6371 - Fixed pipeline request bug from using strdup() (Henrik
6373 - Call clientReadRequest() directly instead of commSetSelect()
6374 for pipelined requests (Henrik Nordstrom).
6375 - Fixed 4k page leak in icpHandleIMSReply();
6376 - Renamed 'icp*' functions to 'client*' names in client_side.c.
6378 Changes to squid-1.2.beta8 (Dec 2, 1997):
6380 - Fixed accessLogLog() to log ident from Proxy-Authorization
6381 request header (BoB Miorelli).
6382 - Fixed #includes, prototypes, etc. in SNMP source files.
6383 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
6384 include/config.h.in to src/squid.h
6385 - Moved 'num32' typedefs from src/typedefs.h to
6386 include/config.h.in.
6387 - Moved snmplib/md5.c to lib/md5.c.
6388 - Added MD5 cache key support.
6389 - Removed xmalloc() return check in uudeocde.c
6390 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
6391 - Changed 'client' program to provide easier cache manager access,
6392 e.g.: 'client mgr:info'
6393 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
6394 for simulated keep-alive requests.
6395 - Removed 'fd' arg from clientProcess* functions.
6396 - Fixed bugs from using errorSend() on persistent/pipelined
6397 client connections. A latter request should not be allowed to
6398 write to the client fd until the current request completes.
6399 Now use errorAppendEntry() for such situations.
6400 - Fixed content-length bugs. We were using content-length == 0
6401 to also indicate a lack of content-length reply header. But
6402 'content-length: 0' might appear in a reply, so now use -1 to
6403 indicate that no content length given.
6404 - Split up clientProcessRequest() into smaller chunks so it
6405 might be easier to follow.
6406 - renamed various client_side.c functions to start with 'client'
6408 - Fixed a 'cbdata leak' from the comm.c close handlers.
6409 - Fixed a 'cbdata leak' from the comm.c connect routines.
6410 - Fixed comm_select() and comm_poll() to stop looping on the
6411 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
6412 ready for I/O, the incoming sockets might not get service, so
6413 comm_select() would be called for up to 7 times until the
6414 'incoming_counter' was incremented enough to trigger a call
6415 to comm_select_incoming(). Now we make sure
6416 comm_select_incoming() gets called if select returns less
6418 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
6419 inserted at the start of the url-path. calls ftpUrlWith2f().
6421 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
6422 for replacement and cachemgr output.
6423 - Changed ipcache.c to use LRU double-linked list instead of qsort()
6424 - Changed hash_insert() and hash_join() to return void.
6425 for replacement and cachemgr output.
6426 - Moved StoreEntry->method member to MemObject->method.
6427 - Made StoreEntry->flags 16 bits.
6428 - Made StoreEntry->refcount 16 bits.
6429 - Changed URL-based public cache key to always include the request
6432 Changes to squid-1.2.beta7 (Nov 24, 1997):
6434 - Fixed poll() for Linux (David Luyer).
6435 - SHA optimizations (David Luyer).
6436 - Fixed errno clashes with macro on Linux (David Luyer).
6437 - Fixed storeDirCloseSwapLogs(); logs might not be open.
6438 - Fixed storeClientCopy2() bug. Detect when there is
6439 no more data to send for objects in STORE_OK state.
6440 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
6441 especially directory listings.
6442 - Mega FTP fix from Henrik Nordstrom. A better job of
6443 implementing the '%2f' hack.
6444 - Fixed some pipelined request bugs. storeClientCopy() was
6445 being given the wrong StoreEntry, and we had a race condition
6446 which is now handled by storeClientCopyPending().
6447 - Added initial SNMP support.
6449 Changes to squid-1.2.beta6 (Nov 13, 1997):
6451 - Fixed Authorized responses getting swapped out when they
6452 don't have Proxy-Revalidate reply header.
6453 - Fixed Proxy Authentication support. We never sent back
6454 a 407 reply, and were incorrectly incrementing the passwd
6455 before comparing it.
6456 - Fixed stat()ing pathnames for default values before parsing
6457 config file (Ron Gomes).
6458 - Fixed logging request and response headers on separate lines
6460 - Fixed FTP Authentication message (Henrik Nordstrom).
6461 - Changed Proxy Authentication to trigger a reread of the passwd
6462 file if a password check fails (Henrik Nordstrom).
6463 - Changed FTP to retry the first CWD with a leading slash if it
6466 Changes to squid-1.2.beta5 (Nov 6, 1997):
6468 - Track the 'keep-alive ratio' for a peer as the ratio of
6469 the number of replies including 'Proxy-Connection: Keep-Alive'
6470 compared to the number of requests sent. If the peer does
6471 not support Persistent connections then this ratio will tend
6472 toward zero. If the ratio is less than 50% after 10 requests
6473 then we'll stop sending Keep-Alive.
6474 - Proper support for %nn escapes in FTP, and numerous
6475 other fixes (Henrik Nordstrom).
6476 - Support for Secure Hash Algorithm and framework for other
6477 hash functions as cache keys.
6478 - Fixed SSL snprintf() bug which broke SSL proxying.
6479 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
6480 - Fixed LRU Reference Age bug. The arg to pow() must be
6481 minutes, not seconds.
6483 Changes to squid-1.2.beta4 (Oct 30, 1997):
6485 - Fixed DST bug in rfc1123.c
6486 - Changed default http_accel_port to 80.
6487 - added errorCon() as a ErrorState constructor function
6489 - Added ERR_FTP_FAILURE message for ftpFail().
6490 - For FTP, the timeout callback must be moved to the 'data'
6491 descriptor when data transfer begins. Otherwise we are
6492 likely to get a timeout on the control descriptor.
6493 - Fixed double-free bug in httpRequestFree().
6494 - Fixed store_swap_size counting bug in storeSwapOutHandle().
6496 Changes to squid-1.2.beta3 (Oct 29, 1997):
6498 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
6499 - Fix assertions which assumed 4-byte pointers.
6500 - Fix missing % in fqdncache.c snprintf().
6502 Changes to squid-1.2.beta2 (Oct 28, 1997):
6504 - Fixed aiops.c and async_io.c so that they actually compile
6505 with USE_ASYNC_IO (Arjan de Vet).
6506 - Fixed errState->errno causing problems with some macros
6508 - Fixed memory leaks in pconn.c (Max Okumoto).
6509 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
6510 - Fixed InvokeHandlers() from calling memCopy() for ALL
6511 store_client's with callbacks. A store_client might be reading
6513 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
6514 bucket at a time. Instead we'll maintain a single LRU
6515 list. When an object is 'touched' we move it to the
6516 top of this list. When we need disk space, we delete
6518 - Removed storeGetSwapSpace().
6520 Changes to squid-1.2.beta1 ():
6522 - Reworked storage manager to not keep objects in memory during
6523 transit. In other words, no separate NOVM distribution.
6524 - Lots of cleanup and debugging for beta release.
6525 - Use snprintf() everywhere instead of sprintf().
6526 - The 'in_memory' hash table has been replaced with a
6527 doubly-linked list. New objects are added to the head of
6528 the list. When memory space is needed, old objects are
6529 purged from the tail of the list.
6531 Changes to squid-1.2.alpha7 ():
6533 - fixes fixes fixes.
6534 - Made Arjan's PROXY_AUTH ACL patch standard.
6536 Changes to squid-1.2.alpha6 ():
6538 - Simpler cacheobj implementation.
6539 - persistent connection histogram
6540 - SERVER-SIDE PERSISTENT CONNECTIONS:
6542 - Addec Cofig.Timeout.pconn; default 120 seconds
6543 - Added httpState->flags
6544 - Added flags arg to httpBuildRequestHeader()
6545 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
6546 - Added 'Connection' to allowed HTTP headers (http-anon.c)
6547 - Added 'Proxy-Connection' to allowed HTTP headers
6549 - Merged proxyhttpStart() with httpStart() and created
6550 new httpBuildState().
6551 - New httpPconnTransferDone() detects end-of-data on
6552 persistent connections.
6554 Changes to squid-1.2.alpha5 ():
6556 - New configuration system. Everything is generated from
6557 'cf.data.pre', including the main parser, setting defaults,
6558 outputting current values, and freeing memory.
6559 This also involved moving some of the local data structures
6560 (e.g. struct _acl *AclList in acl.c) to the Config
6561 structure. (Max Okumoto)
6562 - No more '/i' for regular expressions. Now insert a '-i'
6563 to switch to case-insensitive. Use '+i' for case-sensitive.
6564 - When you have a variable named the same as its type, sizeof()
6565 gets the wrong one (fde).
6566 - Need to flush unbuffered logs before fork().
6567 - Added two fields swap log: refcount and e->flag.
6568 - Removed all the .h files for each .c file. Now #include stuff
6569 is in either: defines.h, enums.h, typedefs.h, structs.h,
6570 or protos.h, globals.h. This greatly reduces dependencies
6571 between the various source files.
6572 - globals.c is generated from globals.h by a Perl script.
6573 - Started customizable error texts.
6575 Changes to squid-1.2.alpha4 ():
6577 - New MIME configuration, regular expression based
6578 - Added request_timeout config option
6579 - Multiple HTTP sockets (Lincoln Dale).
6580 - Moved 'fds_are_n_free' check to httpAccept().
6581 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
6582 - Changed storeRegister to use offsets and make immediate
6583 callbacks if appropriate.
6584 - Removed icpDetectClientClose(). Some of that functionality
6585 goes into clientReadRequest() and the rest into
6587 - Moved IP lookups to commConnect stuff.
6588 - Added support for retrying connect().
6589 - New inline debug() macro (David Luyer).
6590 - Replace frequent gettimeofday() calls with alarm(3) based
6591 clock. Need to add more gettimeofday() calls to get back
6592 high-resolution timestamp logging (Andres Kroonmaa).
6593 - Added support for Cache-control: proxy-revalidate;
6594 based on squid-1.1 patch from Mike Mitchell.
6596 Changes to squid-1.2.alpha3 ():
6598 - Implemented persistent connections between clients and squid.
6599 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
6601 - Removed use of FD as an identifier in certain callback
6602 operations (ipcache, fqdncache).
6603 - General code cleanup.
6604 - Fixed typedefs for callback functions.
6605 - Removed FD lifetime/timeout dichotomy. Now we only have
6606 timeouts, however the lifetime concept/keyword may still
6607 linger in certain places.
6608 - Change Makefile 'realclean' target to 'distclean'
6609 - Changed config file parsing of time specifications to use
6611 - Removed storetoString.c
6613 Changes to squid-1.2.alpha2 ():
6615 - Merged squid-1.1.9, squid-1.1.10 changes
6617 Changes to squid-1.2.alpha1 ():
6619 - Unified peer selection algorithm.
6620 - aiops.c and aiops.h are a threaded implementation of
6621 asynchronous file operations (Stewart Forster).
6622 - async_io.c and async_io.h are complete rewrites of the old
6623 versions (Stewart Forster).
6624 - Rewrote all disk file operations of squid to support
6625 the idea of callbacks except where not required (Stewart
6627 - Background validation of 'tainted' swap log entries (Stewart
6629 - Modified storeWriteCleanLog to create the log file using the
6630 open/write rather than fopen/printf (Stewart Forster).
6631 - Added the EINTR error response to handle badly interrupted
6632 system calls (Stewart Forster).
6633 - UDP_HIT_OBJ not supported, removed.
6634 - Different sized 'cache_dirs' supported.
6636 ==============================================================================
projects / thirdparty / squid.git / blob