1 Changes to squid-3.5.7 (01 Aug 2015):
3 - Bug 4293: wrong SNI sent to server after URL-rewrite
4 - Bug 4251: incorrect instance name for memory segments in /dev/shm
5 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
6 - Bug 3345: support %un (any available user name) format code for external ACLs.
7 - basic_smb_auth: Fix several old issues identified by Debian users
8 - Support ssl-bump splicing to origin cache_peer
9 - Fix SSL errors relayed using invalid certificates
10 - Fix crash in TcpAccepter with profiler enabled
11 - Fix some cases of ssl_crtd SSL certificate DB corruption
12 - Fix performance regression in SBuf::chop operations
13 - Improve handling of client connections on shutdown
14 - Handle exceptions during squid.conf parse
15 - Make pod2man an optional dependency
16 - ... and polishing for several cache.log notification messages
17 - ... and all fixes from squid 3.4.14
19 Changes to squid-3.5.6 (03 Jul 2015):
21 - Bug 4274: ssl_crtd.8 not being installed
22 - Bug 4193: memory leak on FTP listings
23 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
24 - Bug 3875: bad mimeLoadIconFile error handling
25 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
26 - Bug 3329: pinned server connection is not closed properly
27 - TLS: Disable client-initiated renegotiation
28 - ext_edirectory_userip_acl: fix uninitialized variable
29 - Support custom OIDs in *_cert ACLs
30 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers
31 - Use relative-URL in errorpage.css for SN.png
32 - Do not blindly forward cache peer CONNECT responses
33 - Fix assertion String.cc:221: "str"
34 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
35 - Translations: add Spanish US dialect alias
37 Changes to squid-3.5.5 (28 May 2015):
39 - Regression Bug 4132: short_icon_urls with global_internal_static on
40 - Bug 4238: assertion Read.cc:205: "params.data == data"
41 - Bug 4236: SSL negotiation error of 'success'
42 - Bug 3930: assertion 'connIsUsable(http->getConn())'
43 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
44 - Fix assertion errorpage.cc:600: "entry->isEmpty()"
45 - Fix comm_connect_addr on failures returns Comm:OK
46 - Fix missing external ACL helper notes
47 - Fix "Not enough space to hold server hello message" error message
48 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
49 - Prevent unused ssl_crtd helpers being run
50 - ... and some code cleanup and portability updates
51 - ... and several documentation updates
53 Changes to squid-3.5.4 (01 May 2015):
55 - Bug 4234: comm_connect_addr uses errno incorrectly
56 - Bug 4231: fd_open() not correctly handling UDS socket descriptions
57 - Bug 4226: digest_edirectory_auth: found but cannot be built
58 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
59 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
60 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump
61 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size
62 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
63 - Add server_name ACL matching server name(s) obtained from various sources
64 - Add Kerberos support for MAC OS X 10.x
65 - Support for resuming TLS sessions
66 - ... and some portability and compile fixes
67 - ... and several documentation updates
68 - ... and all fixes from squid 3.4.13
70 Changes to squid-3.5.3 (28 Mar 2015):
72 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
73 - Regression Bug 4206: Incorrect connection close on expect:100-continue
74 - Bug 4204: ./configure does not abort when required helpers cannot be built
75 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
76 - Bug 2907: high CPU usage on CONNECT when using delay pools
77 - basic_getpwnam_auth: fail authentication on crypt() failures
78 - basic_nis_auth: fail authentication on crypt() failures
79 - ext_kerberos_ldap_group_acl: Heimdal support improvements
80 - ext_wbinfo_group_acl: Perl 5.20 support
81 - ... and several compile issues
83 Changes to squid-3.5.2 (18 Feb 2015):
85 - Regression Bug 4176: Digest auth too many helper lookups
86 - Regression Bug 4180: not-fully-initialized data member in ACLUserData
87 - Bug 4172: Solaris broken krb5-config
88 - Bug 4073: Cygwin compile errors
89 - Bug 3919: remove several never-true / never-false comparisons
90 - HTTPS: Add missing root CAs when validating chains that passed internal checks
91 - Fix some cbdataFree related memory leaks
92 - Quieten CBDATA 'leak' messages
93 - Set SNI information in transparent bumping mode
94 - negotiate_kerberos_auth: fix krb5.conf backward compatibility
95 - Fix memory leaks in cachemgr.cgi URL parser
96 - Fix sslproxy_options in peek-and-splice mode
97 - ... and fix several portability and build issues
98 - ... and some documentation updates
99 - ... and all fixes from squid 3.4.11
101 Changes to squid-3.5.1 (13 Jan 2015):
103 - Fix handling of invalid SSL server certificates when splicing connections
104 - basic_smb_lm_auth: Simplified MSNT basic auth helper
105 - squidclient: Fix -A and -P options
106 - ... and several portability fixes
107 - ... and all fixes from squid 3.4.11
108 - ... and a lot of documentation updates
110 Changes to squid-3.5.0.4 (21 Dec 2014):
112 - Bug 3826: pt 2: Provide a systemd .service file for Squid
113 - Support http_access denials of SslBump "peeked" connections.
114 - Fix DONT_VERIFY_DOMAIN ssl flag
115 - Fix peek-and-splice mode: certificate validation for domain mismatched errors
116 - negotiate_kerberos_auth: MEMORY keytab and replay cache support
117 - ... and some documentation updates
118 - ... and a large amount of code polishing (non-logic changes)
120 Changes to squid-3.5.0.3 (09 Dec 2014):
122 - Bug 4146: workaround SSL Bump crash on Linux
123 - Bug 4135: Support \-escaped characters in regex patterns
124 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
125 - Fix delay_parameters parsing
126 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
127 - ... and all changes from squid 3.4.10
128 - ... and a lot of documentation updates
130 Changes to squid-3.5.0.2 (31 Oct 2014):
132 - Fix FTP socket opening during reconfigure
133 - ... and all changes from 3.4.9
134 - ... and some build errors in rarely used code
135 - ... and several documentation updates
137 Changes to squid-3.5.0.1 (17 Oct 2014):
139 - Port from 2.7: redirector and logging urlgroup feature
140 - Bug 4093: source-maintenance.sh bad perl -i option
141 - Bug 3608: per-service name for workers UDS sockets
142 - Bug 2554: 32-bit wrap in AUFS counters
143 - Bug 1961 pt1: URL handling redesign
144 - Bug 1202 pt1: documentation for refresh_pattern algorithms
145 - Update Squid boilerplate copyright/license
146 - Update the http(s)_port directives protocol= parameter
147 - Update forward_max_tries to permit 25 server paths
148 - Update Kerberos library detection and build options
149 - Support ACLs on ftp_epsv directive
150 - Support >32KB objects in cache_dir rock storage
151 - Support client connection annotation by helpers via clt_conn_tag=TAG
152 - Support native FTP Relay
153 - Support libgnugss Kerberos library
154 - Support libecap v1.0
155 - Support SSL Peek and Splice feature
156 - Support receiving PROXY protocol version 1 and 2
157 - Replace --enable-ssl build option with --with-openssl
158 - Enable -n service name command line option for all Squid builds
159 - Enable ICAP client by default
160 - Fix configuration file parsing bugs, related to quoted strings
161 - Fix Windows MinGW build errors
162 - Fix multiple TCP outgoing TOS/DiffServ bugs
163 - Fix Cygwin /etc/resolv.conf parsing
164 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
165 - Fix crash reading malformed config files
166 - Send selected SSL version and cipher to the certificate validation helper
167 - Validate server certificates without bumping
168 - Add zero-copy string buffer support
169 - Add automated squid.conf parser testing with squid -k parse
170 - Add adaptation_service ACL
171 - Add logformat code %tS to log transaction start time
172 - Add logformat code %>rd to log client URL domain name
173 - Add key_extras to proxy authentication
174 - Add url_rewrite_extras and store_id_extras directives
175 - Add send_hit and store_miss directives
176 - Add collapsed_forwarding directive
177 - Add sslproxy_cert_sign_hash directive
178 - Add SMP SSL session cache
179 - Add cache_peer standby connections
180 - Add helper ext_delayer_acl
181 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
182 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
183 - Remove COSS storage in favour of Rock storage
184 - Remove dnsserver and external DNS helper API in favour of mDNS
185 - Remove broken mallinfo() accounting and memory tracing
186 - Remove hierarchy_stoplist in favour of always_direct
187 - Deprecate tag ACL type in favour of note ACL type
188 - Deprecate urlgroup feature in favour of note ACL type
189 - HTTP/1.1: method names are case-sensitive
190 - HTTP/1.1: register new headers from RFC 723x
191 - squidclient: polish and update help display
192 - squidclient: support TLS with GnuTLS 3.1.5+
193 - squidclient: support verbosity levels
194 - squidclient: --ping mode module support
195 - url_fake_rewrite: support concurrency
196 - storeid_file_rewrite: support concurrency
197 - digest_file_auth: support concurrency
198 - digest_edirectory_auth: support concurrency
199 - digest_ldap_auth: support concurrency
200 - ... and many error page translation updates
201 - ... and much code cleanup and polishing
203 Changes to squid-3.4.14 (01 Aug 2015):
205 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
207 Changes to squid-3.4.13 (01 May 2015):
209 - Bug 4212: ssl_crtd crashes with corrupt database
210 - ... and some documentation updates
211 - ... and all fixes from squid 3.3.14
213 Changes to squid-3.4.12 (18 Feb 2015):
215 - Bug 4066: Digest auth nonce indefinite rollover
216 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations
217 - Fix several crashes when debugging enabled
218 - Fix silent SSL/TLS failure on split-stack operating systems
219 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
220 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
221 - Remove dst ACL dependency on HTTP request message existence
222 - Set cap_net_admin when Squid sets TOS/Diffserv packet values
223 - ... and some documentation updates
225 Changes to squid-3.4.11 (13 Jan 2015):
227 - Bug 4164: SEGFAULT when %W formating code used in errorpages
228 - Bug 4057: Avoid on-exit crashes when adaptation is enabled.
229 - Bug 3760: squidclient ignores --disable-ipv6
230 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
231 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
232 - cachemgr.cgi: memory leak in request parser
233 - Deleting first fs left psstate->servers pointing to uninitialized memory
234 - ... and some build issues
236 Changes to squid-3.4.10 (09 Dec 2014):
238 - Bug 4148: external_acl_type header format does not accept the new libformat syntax
239 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
240 - Bug 4033: Rebuild corrupted ssl_db/size file
241 - Bug 3902: Docs: external_acl_type cache hash key
242 - Fix segmentation fault in ACL urlpath_regex
243 - Fix bootstrap.sh dependency on SPONSORS.list
244 - Alternate-Protocol is a hop-by-hop header
245 - HTTP/2: Support 421 (Misdirected Request) status code
247 Changes to squid-3.4.9 (31 Oct 2014):
249 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
250 - Bug 4102: sslbump cert contains only a dot character in key usage extension
251 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
252 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
253 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment
254 - Bug 3803: ident leaks memory on failure
255 - kerberos_ldap_group/cert_tool: Remove ksh dependency
256 - ... and some automated code style updates
257 - ... and some documentation updates
259 Changes to squid-3.4.8 (15 Sep 2014):
261 - Fix off by one in SNMP subsystem
262 - pinger: Fix various ICMP handling issues
264 Changes to squid-3.4.7 (28 Aug 2014):
266 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
267 - Bug 4080: worker hangs when client identd is not responding
268 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
269 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
270 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
271 - Enable compile-time override for MAXTCPLISTENPORTS
272 - ntlm_sspi_auth: Fix various build errors
273 - negotiate_wrapper: Fix build issues with non-portable vfork()
274 - negotiate_sspi_auth: Portability fixes for MinGW
275 - ext_lm_group_acl: Portability fixes for MinGW
276 - ... and several minor memory leaks
278 Changes to squid-3.4.6 (25 Jun 2014):
280 - Regression: segmentation fault logging with %tg format specifier
281 - Bug 4065: round-robin neighbor selection with unequal weights
282 - Bug 4056: assertion MemPools[type] from netdbExchangeStart()
283 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
284 - Fix segmentation fault setting up server SSL connnection
285 - Fix hanging Non-HTTPS connections on SSL-bump enabled port
286 - Fix Cache Manager actions listed more than once
287 - ... and many minor memory leaks
288 - ... and several portability build issues
289 - ... and some documentation updates
291 Changes to squid-3.4.5 (02 May 2014):
293 - Regression Bug 4051: inverted test on CONNECT payload existence
294 - Regression Fix: order dependency between cache_dir and maximum_object_size
295 - Fix logformat %note display
296 - Resolve 'dying from an unhandled exception: c'
298 Changes to squid-3.4.4.2 (23 Apr 2014):
300 - version bump for packaging re-build with altered toolchain
302 Changes to squid-3.4.4.1 (23 Apr 2014):
304 - Regression Bug 4019: Cache digest exchange segmentation fault
305 - Regression Bug 3982: EUI logging and helpers show blank MAC address
306 - Bug 4047: Support Android builds
307 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
308 - Bug 4041: Missing files in compat/Makefile.am
309 - Bug 4014: Build failure with --disable-optimizations --disable-auth
310 - Bug 3986: (partial) assertion due to incorrect error page buffer size
311 - Bug 3955: Solaris EUI-48 lookup leaks FDs
312 - Bug 3371: CONNECT with data sent at once loses data
313 - C++11: Upgrade auto-detection to use the formal -std=c++11
314 - Crypto-NG: libnettle MD5 algorithm support
315 - SSL-Bump: Fix Basic auth caching on bumped connections
316 - Store-ID: Fix request URI when forwarding requests to peers
317 - ... and fix several other build errors
318 - ... and some documentation updates
320 Changes to squid-3.4.4 (09 Mar 2014):
322 - Bug 4029: intercepted HTTPS requests bypass caching checks
323 - Bug 4001: remove use of strsep()
324 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
325 - Fix stalled concurrent rock store reads
326 - Fix helper ID number assignment
327 - Fix build failures from CMSG related definitions
328 - Fix build failures from libcompat unsafe.h protections
329 - Copyright: Relicense helpers by Treehouse Networks Ltd.
330 - ... and all bug fixes from 3.3.12
332 Changes to squid-3.4.3 (02 Feb 2014):
334 - Bug 4008: HttpHeader warnOnError should be an int not a bool
335 - Bug 4002: clang 3.4 unable to compile
336 - Bug 3996: Malformed DNS reply leads to crash
337 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2
338 - Bug 3975: atomic detection cross-compilation failure
339 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
340 - Bug 3954: compile failure in CpuAffinity.cc
341 - Bug 3927: tests/testRock fatal.cc required
342 - Fix memory leak in peer Cache Digest exchange
343 - Fix external_acl_type async loop failures
344 - Fix destination IP address cycling
345 - ... and a few polishing changes
347 Changes to squid-3.4.2 (30 Dec 2013):
349 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
350 - Regression Fix: \-unescaping in quoted strings from helpers
351 - Regression Fix: URL helper API bypassing on URL containing '=' character
352 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
353 - Bug 3806: Caching responses with Vary header
354 - Bug 3498: FTP PUT assertion
355 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
356 - Enable concurrency by default for SSL certificate validator
357 - ... and fix several build errors
359 Changes to squid-3.4.1 (09 Dec 2013):
361 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate
362 - Bug 3589: intercepted and ICAP modified request using a cache_peer
363 - ... and several portability fixes
364 - ... and some documentation updates
366 Changes to squid-3.4.0.3 (01 Dec 2013):
368 - Bug 3941: Release notes error
369 - Receive annotations from authentication and external ACL helpers
370 - basic_nis_auth: Improved portability
371 - ... and several documentation updates
372 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
374 Changes to squid-3.4.0.2 (03 Oct 2013):
376 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1
377 - Regression Fix: re-disable MinGW C++11 support
378 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
379 - Fix memory leak in refresh_pattern parsing
380 - negotiate_kerberos_auth: upgrade to present group= keys
381 - Handle NTLM helper returning OK without user= value
382 - Add dns_multicast_local to control mDNS operation
383 - Add --disable-arch-native build option
384 - Display Build-Info in cache manager info report
385 - ... and all changes from squid 3.3.9
386 - ... and some code and debug output polishing
388 Changes to squid-3.4.0.1 (29 Jul 2013):
390 - Port from 2.7: StoreURL (renamed Store-ID) support
391 - Bug 3795: fix several mistakes in the MIB file
392 - Bug 3793: configure: improved helper detection
393 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
394 - Bug 3676: Support GCC 4.7 with -Wshadow option
395 - Bug 3643: NTLM helpers stuck in reserved state by Safari
396 - Bug 3389: Auto-reconnect for tcp access_log
397 - Bug 2066: squid does not do chdir() after chroot()
398 - Fix uninitialized fields in IcapLogEntry
399 - Fix a number of minor issues detected by Coverity Scan
400 - Fix some potential memory leaks detected by Coverity Scan
401 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
402 - Fix ACL matching algorithm to avoid repeating tests
403 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
404 - squidpurge: fix META TLV parsing issues
405 - squid.conf: enforce all the directive and option names are lower-case
406 - Support EUI on HTTPS and FTP data connections
407 - Support OK/ERR/BH response codes from any helper
408 - Support No-lookup flag (-n) on DNS ACLs
409 - Support -march=native compiler optimization by default
410 - Support forwarding intercepted but not bumped connections to cache_peers
411 - Support IPv6 NAT interception on Linux and some BSD
412 - Deprecate log_icap and log_access configuration directives
413 - HTTP/1.1: improved method invalidation and cacheability detection
414 - HTTP/1.1: support length configuration for pipeline_prefetch queue
415 - Improved TPROXY support for OpenBSD and FreeBSD
416 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
417 - Add all-of and any-of ACL types for grouping sets of ACL tests
418 - Add note directive for transaction annotations
419 - Add %note log format for transaction annotation logging
420 - Add note ACL type for matching annotated transactions with by annotation name or value
421 - Add kv-pair support to URL-rewrite/redirector interface
422 - Add SSL server certificate validator interface, helper and result cache
423 - Add SSL server certificate fingerprint ACL type
424 - Add spoof_client_ip access control
425 - Add pt-bz (Belize Portuguese) dialect to translations
426 - ... and many Windows portability changes (still incomplete)
427 - ... and many documentation changes
428 - ... and much code cleanup and polishing
430 Changes to squid-3.3.14 (01 May 2015):
432 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
433 - ... and some documentation updates
434 - ... and all fixes from squid 3.2.14
436 Changes to squid-3.3.13 (28 Aug 2014):
438 - Fix segmentation fault setting up server SSL connnection
439 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
441 Changes to squid-3.3.12 (09 Mar 2014):
443 - Regression Bug 3769: client_netmask not evaluated since Comm redesign
444 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections
445 - Bug 3969: Fix credentials caching for Digest authentication
446 - Bug 3806: Caching responses with Vary header
447 - Fix umask default on crash report generated email
448 - Fix pthread library detection on FreeBSD 10
449 - Avoid assertions on Range requests that trigger Squid-generated errors.
451 Changes to squid-3.3.11 (01 Dec 2013):
453 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
454 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
455 - Bug 3970: max_filedescriptors disabled due to missing setrlimit
456 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
457 - Bug 3960: DEAD cache_peer are not revived
458 - Bug 3956: xstrndup: tried to dup a NULL pointer
459 - Bug 3906: Filedescriptor leaks in SNMP
460 - Bug 3782: Digest authentication not obeying nonce_max_count
461 - HTTP/1.1: Make header parser obey relaxed_header_parser
462 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
463 - SMP: Replace blocking sleep(3) and close UDS socket on failures
464 - Windows: fix several compile errors
466 Changes to squid-3.3.10 (03 Nov 2013):
468 - Bug 3929: request_header_add not working for tunnel requests
469 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
470 - Bug 3918: Self Test Failures on Mac OS X 10.8
471 - Bug 3887: tcp_outgoing_tos not working for IPv6
472 - Bug 3836: Fix issues with automake 1.13+ and make check
473 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
474 - Fix pinning hierarchy log information
475 - Fix close idle client connections associated with closed idle pinned connections.
476 - Fix cbdata 'error: expression result unused' errors
477 - Avoid "hot idle": A series of rapid select() calls with zero timeout.
478 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off
479 - ntlm_fake_auth: pass DOMAIN data to Squid in original case
480 - kerberos_ldap_group: fix LDAP string duplication
481 - Use IPv6 localhost nameserver on DNS configuration errors
482 - Add cache_miss_revalidate
483 - ... and several portability improvements
485 Changes to squid-3.3.9 (11 Sep 2013):
487 - Regression Bug 3077: off-by-one error in Digest header decoding
488 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access
489 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection
490 - Bug 3863: myportname acl causes segmentation fault
491 - Bug 3849: Duplicate certificate sent when using https_port
492 - Bug 2287: Better fix for unsupported HTTP version handling
493 - Bug 2112: Reload into If-None-Match
494 - Fix several assert with side effects in ICAP/eCAP response handling
495 - Fix myportname ACL on ICAP/eCAP transactions
496 - Fix external ACL user:pass detail logging after adaptation
497 - Fix SMP mgr:info report 'Largest file desc currently in use'
498 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
499 - Improved compatibility with gcc 4.8, clang and icc
500 - Show number of available filedescriptors when reserved FD changes
501 - Sync with newest OpenSSL error codes
502 - Register Http2-Settings header
503 - ... and many Windows portability fixes
505 Changes to squid-3.3.8 (13 Jul 2013):
507 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
508 - Improved handling of port values in Host: header validation
510 Changes to squid-3.3.7 (11 Jul 2013):
512 - Bug 3297: Fix openSSL related build failures
513 - Fix build on FreeBSD 9.x platform with clang
514 - Protect against buffer overrun in DNS query generation
516 Changes to squid-3.3.6 (01 Jul 2013):
518 - Bug 3854: pt1: compile errors on AIX
519 - Bug 3802: Fix wrong check inside Format::Format::assemble
520 - Bug 3762: remove bogus WARNING in cache.log
521 - Bug 3717: assertion failed with dstdom_regex with IP based URL
522 - Bug 1991: kqueue causes SSL to hang
523 - Ask for SSL key password when started with -N but without sslpassword_program
524 - Make sure %<tt includes all [failed] connection attempts
525 - Support HTTP reply ACLs in icap_log and log_icap
526 - Fix incorrect external_acl_type codes
527 - Fix ICAP logging request headers and segmentation faults
528 - ... and some documentation polish
530 Changes to squid-3.3.5 (20 May 2013):
532 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
533 - Bug 3845: http_port tcpkeepalive= option fails parsing
534 - Bug 3840: assertion failed 'sde' in UFS cache loading
535 - Bug 3836: make check failures with automake-1.13
536 - Bug 3827: Remove AccessLogEntry::cache.authuser
537 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
538 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
539 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
540 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
541 - Port from 2.6: external acl %ACL and %DATA tags
542 - Update copyright on SN.png
543 - ... and several minor memory leaks
544 - ... and some documentation polish
546 Changes to squid-3.3.4 (27 Apr 2013):
548 - Bug 3831: basic_ncsa_auth Blowfish and SHA support
549 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
550 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity
551 - Bug 3781: Proxy Authentication not sent to cache_peer
552 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
553 - Bug 3720 pt2: Add missing include in /dev/poll I/O module
554 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
555 - Add support for TPROXY on BSD
556 - Fix SSL Bump bypass for intercepted traffic
557 - Fix memory leaks in ConnStateData pinning
558 - Fix external_acl.cc "inBackground" assertion on queue overloads
559 - CacheMgr: fix missing column separator in helper stats
560 - OpenBSD: libpthreads requires OpenBSD 5.2 or later
561 - ... and lots of documentation updates
562 - ... and all changes from squid 3.2.10
564 Changes to squid-3.3.3 (12 Mar 2013):
566 - Bug 3720: Add missing include in /dev/poll I/O module (pt2)
567 - ... and all changes from squid 3.2.9
569 Changes to squid-3.3.2 (02 Mar 2013):
571 - Bug 3781: Proxy Authentication not sent to cache_peer
572 - Bug 3794: MacOS: workaround compiler errors
573 - Bug 3720: Compile error in Solaris /OpenIndiana
574 - ... and all changes from squid 3.2.8
576 Changes to squid-3.3.1 (09 Feb 2013):
578 - Bug 3726: build errors with --disable-ssl
579 - Propigate pinned connection persistency and closures to the client.
580 - Mimic SSL certificate Key Usage and Basic Constraints
581 - Fix segmentation fault on missing squid.conf values
582 - ext_sql_session_acl: Fix hex decoding on UID
583 - ... and some code polish
584 - ... and a lot of documentation polish
585 - ... and all changes from squid 3.2.7
587 Changes to squid-3.3.0.3 (09 Jan 2013):
589 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
590 - Bug 3728: Improve debug for cache_dir
591 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
592 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
593 - kqueue: update status from experimental to fully available net I/O method
594 - ... and many memory leaks and potential bugs detected by Coverity Scan
596 Changes to squid-3.3.0.2 (03 Dec 2012):
598 - Support matching empty header field values using req_header and rep_header
599 - ... and some minor code polish and input vaidations
600 - ... and all changes from squid 3.2.4
602 Changes to squid-3.3.0.1 (21 Oct 2012):
604 - Bug 3610: Add peername_regex ACL
605 - Bug 3239: rename myip/myport as localip/localport
606 - Bug 3130: helpers are crashing too rapidly
607 - Add log_db_daemon SQL Database Logging Daemon
608 - Add ext_time_quota_acl helper managing sessions by bandwidth usage
609 - Add request_header_add option
610 - Support C++11 features where possible
611 - Support bump-ssl-server-first
612 - Support mimic SSL server certificates
613 - Remove --enable-ntlm-fail-open
614 - Fix TLS/SSL Options does not apply to the dynamically generated certificates
615 - Fix SslBump stuck after error
616 - Polish: display ACL enumeration text in debugs
617 - ... and many portability fixes for MacOS X, Windows and others
618 - ... and many compile error fixes
619 - ... and a very large amount of code polish for faster compilation
621 Changes to squid-3.2.14 (01 May 2015):
623 - Fix 'access_log none' to prevent following logs being used
624 - Fix X509 server certificate domain matching
625 - ... some documentation updates
627 Changes to squid-3.2.13 (13 Jul 2013):
629 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
630 - Improved handling of port values in Host: header validation
632 Changes to squid-3.2.12 (11 Jul 2013):
634 - Protect against buffer overrun in DNS query generation
635 - Avoid !closing assertions when helpers call comm_read during reconfigure.
636 - Fix several minor memory leaks during reconfigure
637 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
639 Changes to squid-3.2.11 (30 Apr 2013):
641 - Regression Bug 3839: build error: src/tools.h: No such file or directory
642 - Update copyright on SN.png
644 Changes to squid-3.2.10 (27 Apr 2013):
646 - Bug 3833: squidclient: Option '-k' is not present in man(1) page
647 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
648 - Bug 3822: Locate LDAP and SASL headers for BSD support
649 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
650 - Bug 3774: 'squid -k reconfigure' drops rock cache
651 - Bug 3565: Resuming postponed accept kills Squid
652 - HTTP/1.1: partial support for no-cache and private controls with parameters
653 - ssl_crtd: fix helpers dying during startup on ARM
654 - GNU Hurd: define MAP_NORESERVE as no-op when missing
655 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
657 Changes to squid-3.2.9 (12 Mar 2013):
659 - Regression fix: Accept-Language header parse
660 - Bug 3673: Silence 'Failed to select source' messages
661 - Fix authentication headers sent on peer digest requests
662 - Fix build error on Solaris, OpenIndiana, Omnios
664 Changes to squid-3.2.8 (02 Mar 2013):
666 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
667 - Bug 3763: diskd Error: no filename in shm buffer
668 - Bug 3752: objects that cannot be cached in memory are not cached on disk
669 - Bug 3753: Removes the domain from the cache_peer server pconn key
670 - Bug 3749: IDENT lookup using wrong ports to identify the user
671 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
672 - Bug 3686: cache_dir max-size default fails
673 - Bug 3515: crash in FtpStateData::ftpTimeout
674 - Bug 3329: Quieten orphan Comm::Connection messages
675 - Make squid -z for cache_dir rock preserve the rock DB
676 - Fixed several server connect problems
677 - ... and some build issues on Solaris, OpenIndiana, MacOS X
678 - ... and some documentation and debugs polishing
680 Changes to squid-3.2.7 (01 Feb 2013):
682 - Bug 3736: Floating point exception due to divide by zero
683 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
684 - Bug 3732: Fix ConnOpener IPv6 awareness
685 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
686 - Bug 3728: Improve debug for cache_dir
687 - Bug 3687: unhandled exception: c when using interception and peers
688 - Bug 3678: external acl grace period causes acl lookup failures
689 - Bug 3567: Memory leak handling malformed requests
690 - Bug 3111: Mid-term fix for the forward.cc "err" assertion
691 - Support OpenSSL NO_Compression optio
692 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
693 - Fix "address.GetPort() != 0" assertion for helpers
694 - ... and several minor memory leaks
695 - ... and some cache.log message polishing
697 Changes to squid-3.2.6 (09 Jan 2013):
699 - Regression Bug 3731: TOS setsockopt() requires int value
700 - Regression Bug 3712: Rotating logs overwrites the previous log
701 - Bug 3727: LLVM compile errors in kerberos_ldap_group
702 - Bug 3650: Negotiate auth missing challenge token
703 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
705 Changes to squid-3.2.5 (10 Dec 2012):
707 - Bug 3698: Add missing include of errno.h
709 Changes to squid-3.2.4 (03 Dec 2012):
711 - Ported: urllogin ACL from squid 2.7
712 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
713 - Bug 3677: Port un-pinning logic changes from squid 3.3
714 - Bug 3405: ssl_crtd crashes failing to remove certificate
715 - ... and major bugs fixed in squid 3.1.22
716 - Fix accept_filter on Linux
717 - Remove 'Bungled' warning on missing component directives
718 - ... and many buffer and memory leak issues in the bundled helpers
719 - ... and a small amount of code polishing
721 Changes to squid-3.2.3 (21 Oct 2012):
723 - Regression: SMP crashes on startup with workers > 1
724 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
725 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
726 - HTTP/1.1: honour Cache-Control before Pragma:no-cache
727 - HTTP/1.1: Cache-Control compliance upgrade
728 - Remove obsoleted refresh_pattern ignore-no-cache option
729 - Fix IPv6 enabled squidclient
730 - ... and several compile fixes
732 Changes to squid-3.2.2 (06 Oct 2012):
734 - Regression: Make login=PASS send no credentials when none available
735 - Regression: Handle dstdomain duplicates and overlapping names better
736 - Bug 3661: Segmentation fault when using more than 1 worker
737 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
738 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
739 - Bug 3648: polish String class files
740 - Bug 3647: parsing hier_code acl fails
741 - Bug 3626: forwarding loops on intercepted traffic
742 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
743 - Bug 3609: several RADIUS helper improvements
744 - Bug 3605: memory leak in Negotiate authentication
745 - Fix small memory leak in src ACL parse
746 - Fix maximum_single_addr_tries upgrade
747 - Fix chunked encoding on responses carrying a Content-Range header.
748 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
749 - ... and several compile errors
751 Changes to squid-3.2.1 (15 Aug 2012):
753 - Bug 3605: memory leak in peer selection
754 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
755 - ... and some documentation updates
757 Changes to squid-3.2.0.19 (02 Aug 2012):
759 - Regression Bug 3580: IDENT request makes squid crash
760 - Regression Bug 3577: File Descriptors not properly closed
761 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
762 - Regression Fix: Restore memory caching ability
763 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
764 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
765 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
766 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
767 - Support custom headers in [request|reply]_header_* manglers
768 - ... and much code polishing
770 Changes to squid-3.2.0.18 (29 Jun 2012):
772 - Bug 3576: ICY streams being Transfer-Encoding:chunked
773 - Bug 3537: statistics histogram leaks memory
774 - Bug 3526: digest authentication crash
775 - Bug 3484: Docs: sslproxy_cert_error example flawed
776 - Bug 3462: Delay Pools and ICAP
777 - Bug 3405: ssl_crtd crashes failing to remove certificate
778 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
779 - Bug 3258: Requests hang when Host forgery verify fails
780 - Bug 3186: Digest auth caches failed state without revalidating
781 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
782 - Bug 2885: AIX: check and set required compiler flags
783 - Fix ssl_crtd compile issues with libsslutil
784 - Fix build with GCC 4.7 (and probably other C++11 compilers).
785 - Fix double-escape of %R on deny_info redirect responses
786 - Support status 308 Permanent Redirect
787 - Support for TLSv1.1 and TLSv1.2 options and methods
788 - Support passing external_acl_type credentials on ICAP
789 - Language Updates: fr, hy, pt_BR
790 - ... and many compile issues on Windows
791 - ... and some minor code polish
793 Changes to squid-3.2.0.17 (12 Apr 2012):
795 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
796 - Bug 3509: kQueue compile error
797 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
798 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
799 - Bug 3397: do not mark connection as opened until after SYN-ACK
800 - Bug 3193: NTLM decoder truncating strings
801 - Windows FD handling polish and some fixes
802 - Solaris 9/10 various build fixes
803 - ... and some more code polish
805 Changes to squid-3.2.0.16 (07 Mar 2012):
807 - Bug 3508: Correct DNS timeout handling.
808 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
809 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
810 - Bug 3490: part 1: SegFault opening FTP active data connections
811 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
812 - Bug 3458: Icon Serving (squid-internal-static) Broken
813 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
814 - Bug 3381: 32-bit overflow assertion in StatHist
815 - Bug 3324: loadFromFile: parse error while reading template file
816 - Support sslpassword_program for ssl-bump HTTP ports
817 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
818 - Retry requests that failed due to a persistent connection race
819 - Log '-' on requests with no Referer or User-Agent headers
820 - ... and several fixes related to in-transit object performance
821 - ... and some structural design changes for portability
823 Changes to squid-3.2.0.15 (06 Feb 2012):
825 - Bug 3472: segfault with the message 'urlParse: URL too large'
826 - Bug 3471: segfault when %la formating code used
827 - Bug 3449: part 3: shm_open can fail with a mangled path
828 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
829 - Bug 3448: 204 response problem in adaptation chains
830 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
831 - Bug 3461: build regression in IPFilter NAT
832 - Bug 3413: raise cbdata lock limits
833 - Bug 3391: forwarded_for log functionality broken
834 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
835 - Bug 3268: remove wrong 'Ready to serve requests.' message
836 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
837 - Disable OpenSSL SSL/TLS bug workarounds by default
838 - Send DNS A and AAAA queries in parallel
839 - Cache Manager migration support
840 - Allow service of internal requests over reverse-proxy ports
841 - Fix trimMemory for unswappable objects
842 - ... and several build and polish fixes
844 Changes to squid-3.2.0.14 (12 Dec 2011):
846 - Bug 3433: Segfault closing SNMP
847 - Bug 3420: Request body consumption races and !theConsumer exception.
848 - Bug 3406: SSL Log Error in debug
849 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
850 - Bug 3383: unhandled exception: theGroupBSize > 0
851 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
852 - Bug 3367: fix inverted check on host_strict_verify
853 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
854 - Bug 3364: SNMP Orphans
855 - Bug 3301: ERR_DNS_FAIL never shown
856 - Bug 3150: do not start useless unlinkd
857 - ext_session_acl: version 1.2
858 - Add adaptation_meta option
859 - Add a mask on the qos_flows miss configuration value
860 - Support intermediate CA in ssl-bump traffic certificates
861 - Support SSL certificate failure details on error page
862 - Fix flags for NAT intercept and TPROXY not set correctly
863 - Fix fastCheck() default result on multi-line actions
864 - Fix missing SMP shared memory statistics
865 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
866 - ... and several other TCP and SMP support behaviour fixes
867 - ... and many code polishing cleanups and fixed build errors
868 - ... and several documentation polishings
870 Changes to squid-3.2.0.13 (14 Oct 2011):
872 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
873 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
874 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
875 - Regression fix: always_direct/never_direct failures
876 - Regression fix: stop an SSL header file being included after --disable-ssl
877 - Regression fix: parse HTTP list headers with embedded 8-bit characters
878 - Bug 3355: configure setting --with-swapdir ignored
879 - Bug 3325: option to selectively enable strict host verify checks
880 - Bug 3337: HTTP status 200 is not accepted for deny_info
881 - Bug 3077: '\' in url query strings cause Digest authentication to fail
882 - Support SMP worker shared memory cache
883 - Support SMP worker shared disk cache (rock)
884 - ext_session_acl: version 1.1
885 - Fix Host verify: do not pinn destination IP if URL re-write has been done
886 - Fix IPF interception
887 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
888 - Fix ssl_crtd CertificateDB locking scheme
889 - ... and all changes from 3.1.16
890 - ... and many compile and polishing fixes
892 Changes to squid-3.2.0.12 (17 Sep 2011):
894 - Regression Bug 3335: ICAP service is down
895 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
896 - Regression Bug 3303: Support for non-English usernames in log files
897 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
898 - Regression: %I shows hostname on SSL error page
899 - Regression: FTP outgoing port always 'in use' on PASV connections
900 - Bug 3337: (partial) status 200 is not accepted for deny_info
901 - Bug 3319: Inconsistencies in error messages
902 - Bug 3281: pconn in-use while closing assertion
903 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
904 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
905 - Adjust format code %la for intercepted connections
906 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
907 - Send RST packet when closing an ICAP connection after a transaction error
908 - Support maximum field width for string access.log fields
910 Changes to squid-3.2.0.11 (28 Aug 2011):
912 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
913 - Host: authority validation of intercepted destination IP
914 - Host: authority validation of request URL
915 - Host: authority validation of CONNECT tunnel destination
916 - Preserve client destination IP in intercepted communication
917 - Regression Bug 3316: Failed to connect to nameserver using TCP
918 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
919 - Regression Bug 3310: %<pt translates as %<p
920 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
921 - Regression Bug 3288: %<la and %<lp not displaying
922 - Bug 3289: cache manager parameters not parsed without password
923 - Bug 2279: Log Format options to log server source IP and port
924 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
925 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
926 - Bug 3118: ecap_enable on forces icap_enable on
927 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
928 - Default to vhost for accelerator mode (reverse proxy)
929 - Display HTTP protocol syntax at section 11 level 2
930 - Support for using custom keys in CARP parents
931 - Optimize regular expression ACLs
932 - ... and a lot of code portability fixes
933 - ... and all bugs and polish changes from 3.1.15
935 Changes to squid-3.2.0.10 (24 Jul 2011):
937 - Port from 2.7: act-as-origin for reverse proxy ports
938 - Regression fix: broken --disable-ipv6
939 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
940 - Regression fix: vhost and defaultsite causing vport to be ignored
941 - Regression fix: several errors in persistent connection handling
942 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
943 - Regression Bug 3245: reconfigure assertion in MemPools[type]
944 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
945 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
946 - Regression Bug 3269: cache.log applyQueryParams messages
947 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
948 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
949 - Bug 3267: workers IPC mount points disobey --localstatedir
950 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
951 - Bug 3247: Domain from URL Stripped when going through peers
952 - Bug 3244: wrong port for peer relayed requests
953 - Bug 3195: kerberos_ldap_group will not build without kerberos
954 - Bug 2862: add http(s):// support to cache manager
955 - kerberos_ldap_group: several fixes to -S option
956 - ssl_crtd: Add man(8) file
957 - ... and several pieces of code cleanup and polishing.
958 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
960 Changes to squid-3.2.0.9 (18 Jun 2011):
962 - Bug 3159: delay pools --disable-auth compile problems
963 - HTTP/1.1: Support multiline quoted-string header fields
964 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
965 - Support configurable and translated SSL error details messages
966 - Add log format codes for split client/server views of HTTP request line
967 - Major upgrade of TCP connection handling
968 - Support split-stack IPv6 to servers
969 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
970 - Optimized persistent connection handling
971 - Optimized FTP data connection handling
972 - Optimized TCP failure recovery
973 - ... and all bug fixes and updates from 3.1.12.3
974 - ... and many code polish, documentation and translation cleanups
976 Changes to squid-3.2.0.8 (30 May 2011):
978 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
979 - Bug 3043: Properly detect Iphlpapi.h on windows
980 - Bug 2055: Honor ICAP Max-Connections
981 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
982 - Support SSL SNI to origin servers
983 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
984 - Add %b tag for proxy listening port display in error pages
985 - Optimize base64 encoding/decoding
986 - Require libcap before enabling netfilter MARK support
987 - Require libtool 2.2
988 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
989 - ... and all bug fixes and updates from 3.1.12.2
990 - ... and some documentation and code polishing
992 Changes to squid-3.2.0.7 (19 Apr 2011):
994 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
995 - Regression fix: icons/ FHS compliance
996 - Regression fix: Startup aborts with URL error when --disable-htcp
997 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
998 - Add negotiate_wrapper_auth version 1.0.1
999 - Fixed %dt logging in the presence of REQMOD
1000 - Fixed chunked request forwarding in ICAP REQMOD presence
1001 - ... all bug fixes and updates from 3.1.12.1
1002 - ... many code polishings and display cleanups
1004 Changes to squid-3.2.0.6 (04 Apr 2011):
1006 - Regression fix: upgrade existing icons
1007 - Regression fix: dont crash when accessing an SSL certificate with errors
1008 - Regression fix: prevent stdio log module segfaults on rotate
1009 - Regression fix: shutdown properly even if a worker process crashes on exit
1010 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
1011 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
1012 - Bug 3105: malformed Proxy-Authorization leaks memory
1013 - Bug 3007: CONNECT to cache_peer returns 000 status code
1014 - Bug 2885: Compile errors on AIX
1015 - Support parameterized Cache Manager queries
1016 - Support libecap v0.2.0; fixed eCAP body handling and logging
1017 - Support dynamic adaptation plans that cover multiple vectoring points
1018 - Support %D details for documented OpenSSL errors
1019 - Support logging of all transactions including those with uncertain status or no sent response
1020 - Updrate negotiate_kerberos_auth to version 3.0.4sq
1021 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
1022 - Update ext_edirectory_userip_acl to version 2.1
1023 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
1024 - Change the default dns_timeout value from 2 minutes to 30 seconds
1025 - Fix TCP log stream flushing on every line
1026 - ... all bug fixes and updates from 3.1.12
1027 - ... a great many compiler portability fixes
1028 - ... many code polishings and display cleanups
1030 Changes to squid-3.2.0.5 (12 Feb 2011):
1032 - Regression Fix: profiler should not be built by default
1033 - Regression Bug 3081: assertion failed: AsyncCallQueue
1034 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
1035 - Bug 3089: FTP command output overrides directory listing
1036 - Bug 2870: --disable-auth does not work
1037 - Bug 2586: multiple memory leaks during reconfigure
1038 - Bug 2581: FTP directory listing sometimes fails
1039 - Port from 2.7: maximum staleness limits
1040 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
1041 - HTTP/1.1: Support configurable status codes for deny_info
1042 - Support upcoming "fresh message creation" eCAP API
1043 - Aggregate SNMP responses when using SMP with multiple workers
1044 - Several more Solaris, Windows and ICC support fixes
1045 - ... all bug fixes and updates from 3.1.11
1046 - ... and more code cleanup shufflings
1047 - ... and several documentation updates
1049 Changes to squid-3.2.0.4 (22 Dec 2010):
1051 - Port 2.x: cache_dir min-size setting
1052 - Bug 3059: Crash on digest auth headers with unknown nonce
1053 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
1054 - Fix cachemgr mem-pools reporting
1055 - Add Dynamic SSL certificate generation
1056 - Add useragent, referer, combined built-in log formats
1057 - Obsolete log_fqdn directive
1058 - Obsolete useragent/referer/forward_log directives
1059 - HTTP/1.1: Send 1.1 on CONNECT responses
1060 - Updated Kerberos support for newer GSSAPI releases
1061 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
1062 - Improve handling of early eCAP transaction failures
1063 - Various ext_edirectory_acl fixes
1064 - ... all bug and feature fixes included in 3.1.10 release
1065 - ... and a lot of code and documentation polishing
1067 Changes to squid-3.2.0.3 (07 Nov 2010):
1069 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
1070 - Regression fix: ESI processing of Surrogate filter
1071 - Bug 3091: bypassed ICAP errors are not counted as service failures
1072 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1073 - Bug 3038: Detatch libmisc from libcompat
1074 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
1075 - Bug 3002: store initialization (-z) does not work with SMP configs
1076 - Bug 2999: v2.0 of ext_edirectory_userip_acl
1077 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
1078 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
1079 - HTTP/1.1: support If-Match and If-None-Match requests
1080 - HTTP/1.1: forward 1xx control messages to clients that support them
1081 - HTTP/1.1: send Age:0 header even if it may break IE5
1082 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
1083 - HTTP/1.1: entry is stale if request has max-age=0
1084 - HTTP/1.1: harden quoted-string parser
1085 - Add --enable-build-info for extra "squid -v" display
1086 - Add --with-swapdir=PATH to override default /var/cache/squid
1087 - Add cpu_affinity_map directive to bind workers to CPU cores
1088 - Add Netfilter MARK support for QoS
1089 - Add upgrade process for obsolete options
1090 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
1091 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
1092 - Fixes Eui48 support on OpenBSD
1093 - Fixes cache manager support with SMP configs
1094 - ... several documentation updates
1095 - ... all bug and feature fixes included in 3.1.9 release.
1096 - ... many more code polishes and leak removals
1098 Changes to squid-3.2.0.2 (04 Sep 2010):
1100 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
1101 - Support rotating logs from cachemgr and squidclient
1102 - Support Kerberos authentication in squidclient
1103 - Add manual page for negotiate_kerberos_auth
1104 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
1105 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
1106 - Added log options %http::<bs and %icap::<bs
1107 - Collapse HTCP cache_peer options into one setting
1108 - Improved request smuggling attack detection. Tolerating valid benign HTTP
1109 - ... and several HTTP/1.1 compliance improvements
1110 - ... and all improvements in 3.1.7 and 3.1.8
1112 Changes to squid-3.2.0.1 (03 Aug 2010):
1114 - Port from 2.7: Logging infrastructure updates
1115 - Port from 2.7: Unique sequence number per log line
1116 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
1117 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
1118 - Bug 2631: refresh_pattern store-stale option
1119 - Bug 2305: Multiple leaks and assertion crashes in authentication
1120 - Bug 1239: Much needed ACL type random
1121 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
1122 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
1123 - Support SMP for essential non-caching functionality
1124 - Support logging over TCP
1125 - Support Solaris 10 pthreads (experimental)
1126 - Support Kerberos login to peers
1127 - Support EUI / MAC in more environments
1128 - Support format tags in deny_info URLs
1129 - Support running helpers on-demand instead of all at startup
1130 - Support fully transparent login=PASSTHRU of authentication headers to peers
1131 - Support multi-lingual localised FTP directory listings
1132 - Support TPROXYv4 spoofing of X-Forwarded-For client address
1133 - Support ICAP 206 Partial Content extension
1134 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
1135 - Add ACL support to range_offset_limit
1136 - Add helpers for url_rewrite
1137 - Add helper multiplexer for concurrency emulation with legacy helpers
1138 - Add Perl library which facilitates parsing access logfile entries.
1139 - Add a simple script to summarise traffic use per user
1140 - Add templates for captive portal proxy configuration instructions
1141 - Add logging of the local TCP port used by transactions with HTTP servers
1142 - Update mswin_check_ad_group to version 2.0
1143 - Update squid_kerb_auth helper to version 3.0.2
1144 - Remove double-language error page hack (replaced by locale auto-negotiation)
1145 - Remove TPROXYv2 support (replaced by TPROXYv4)
1146 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
1147 - Re-work ./configure script for smarter auto-detect and early error checks
1148 - Auto-enable all features by default
1149 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
1150 - Helpers naming scheme
1151 - Add support for write timeouts
1152 - Modify icap_service_failure_limit option to forget old ICAP errors
1153 - Updated man(8) manuals including several additions and translations
1154 - ... and a great many code cleanups
1155 - ... and a great many testing improvements
1156 - ... and many documentation updates
1158 Changes to squid-3.1.23 (09 Jan 2013):
1160 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1162 Changes to squid-3.1.22 (03 Dec 2012):
1164 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
1165 - Bug 3659: read_timeout problem with HTTPS
1166 - Bug 3654: Fix IPv6 enabled squidclient
1167 - Bug 3189: AIO thread race on pipe() initialization
1168 - cachemgr.cgi: Memory Leaks and DoS Vulnerability
1170 Changes to squid-3.1.21 (23 Sep 2012):
1172 - Bug 3622: peerClearRRStart scheduling multiple events
1173 - Bug 3615: configure check for default max number of FDs is broken
1174 - Bug 3607: --enable-auth documented default action incorrect
1175 - Bug 3593: socket failure: Address family not supported by protocol
1176 - Bug 3584: Detection of setresuid() is broken
1177 - Bug 3568: Consolidate external_acl_type config dumping and add missing %%
1178 - Bug 3564: eCAP not supporting CoAP URI schemes
1179 - Bug 3484: Docs: sslproxy_cert_error example flawed
1180 - Bug 3462: Delay Pools and ICAP
1181 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist
1182 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
1183 - Silence IOS 15.1 unknown capabilities messages.
1184 - Account for Store disk client quota when bandwidth-limiting the server.
1185 - ... and several documentation fixes
1186 - ... and several compile fixes
1188 Changes to squid-3.1.20 (08 Jun 2012):
1190 - Regression Bug 3545: FreeBSD dnsserver segfaults
1191 - Regression Bug 3504: clientside_tos fails to mark traffic
1192 - Bug 3539: CONNECT server connection not closed correctly on errors
1193 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
1194 - Bug 3466: Adaptation stuck on last single-byte body piece
1195 - Bug 3463: dnsserver fails to compile
1196 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
1197 - Bug 3390: Proxy auth data visible to scripts
1198 - Bug 3263: ssl_crtd: undefined references to squid_curtime
1199 - Bug 3233: Invalid URL accepted with url host is white spaces
1200 - Bug 3133: Memory leak handling requests for sites that don't exist
1201 - Bug 3074: Improper URL handling with empty path (RFC 3986)
1202 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
1203 - Regression: snmp/udp address directives not resolving hostname
1204 - Better helper-to-Squid buffer size management.
1205 - Support CoAP over HTTP (coap:// and coaps:// URLs)
1206 - Support for 3.2 error template codes
1208 Changes to squid-3.1.19 (06 Feb 2012):
1210 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
1211 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
1213 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
1214 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
1215 - Bug 3440: compile error in Adaptation
1216 - Bug 3420: Request body consumption races and !theConsumer exception
1217 - Bug 3370: external ACL sometimes skipping
1218 - Bug 3085: Crash when parsing esi:include
1219 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
1220 - Fix SSL library dependency fixes
1222 Changes to squid-3.1.18 (03 Dec 2011):
1224 - Regression: compile error in FTP
1226 Changes to squid-3.1.17 (03 Dec 2011):
1228 - Bug 3432: Crash logging FTP errors
1229 - Bug 3428: Active FTP data channel accepted twice
1230 - Bug 3423: access violation in URL parser
1231 - Bug 3422: Buffer overflow in recv-announce
1232 - Bug 3412: External ACL Uses Invalid Cache Entry
1233 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
1234 - Bug 3398: persistent server connection closed after PUT/DELETE
1235 - Bug 3299: dnsserver: various undefined references
1236 - Bug 3077: '\' in url query strings cause Digest authentication to fail
1237 - Bug 2910: MemBuf may grow beyond max_capacity
1238 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
1239 - Bug 1243: Build overrides configured AR setting
1240 - Avoid crashes when processing bad X509 common names (CN).
1241 - Support %% in external ACL format
1242 - ... and several other compile error fixes
1243 - ... and several documentation fixes
1245 Changes to squid-3.1.16 (14 Oct 2011):
1247 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
1248 - Bug 3368: Unhandled exceptions are not logged (workaround)
1249 - Bug 3326: miss_access incorrect default
1250 - Bug 3320: miss_access description confusing
1251 - Bug 3241: squid_kerb_auth cross compilation fix
1252 - Bug 3237: seq fault in free() from rfc1035RRDestroy
1253 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
1254 - db_auth: display available DSN drivers on connect error
1255 - Updated OpenSSL 1.0.0 version checks
1256 - ... and several documentation fixes
1258 Changes to squid-3.1.15 (28 Aug 2011):
1260 - Regression fix: vhost and defaultsite causing vport to be ignored
1261 - Regression Bug 3295: broken escaping in rfc1738_do_escape
1262 - Bug #3232: fails to compile with OpenSSL v1.0.0
1263 - Bug #3222: cache_peer name is not logging on CONNECT
1264 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
1265 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
1266 - Bug #3213: https sites (CONNECT) not open when using NTLM
1267 - Bug #3114: Memory leak in SSL certificate verify code
1268 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
1269 - Bug #2662: cf_gen failure when cross compiling
1270 - Bug #2655: passing wrong the username to the url_rewrite_program
1271 - Bug #2495: ignore whitespace prefix on config lines
1272 - Bug #2051: 'default' cache_peer option does not match documentation
1273 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
1274 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
1275 - Correct parsing of large Gopher indexes
1276 - Enable negative cacheing on unknown or -1 expiry timestamp
1277 - Remove hierarchy_stoplist default value
1278 - Migrate cf_gen tool from C-style to C++
1279 - ... and several documentation and compiler warning fixes
1281 Changes to squid-3.1.14 (04 Jul 2011):
1283 - Regression Bug 3261: Could not create a DNS socket and exit
1285 Changes to squid-3.1.13 (01 Jul 2011):
1287 - Regression Bug 3239: problems with myip/myport upgrade
1288 - Bug 3153: hung ICAP RESPMOD transactions
1289 - Update ssl_crtd to use 'OK' status inline with other helpers
1291 Changes to squid-3.1.12.3 (18 Jun 2011):
1293 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
1294 - Bug 3214: unexpected read from ssl_crtd
1295 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
1296 - Fix RADIUS helper resource leak
1297 - Fix segfault parsing digest auth realm
1298 - Fix segfault in parse_eol()
1299 - Fixed bypass of SSL certificate validation errors
1300 - Warn about myip/myport problems on interception proxies
1301 - Polish: display easily grepped config lines on -k parse
1302 - Fix squidclient -V option and allow non-HTTP protocols to be tested
1304 Changes to squid-3.1.12.2 (30 May 2011):
1306 - Bug 3226: Tags from external ACLs do not correctly expire
1307 - Bug 3215: Malformed IPv6 DNS reverse lookup
1308 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
1309 - Bug 3205: SSL-bump starts then hangs
1310 - Bug 3178: gcc-4.6 complains unused variables
1311 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
1312 - Bug 2965 (partial): Compile errors on MinGW
1313 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
1314 - Fix cache manager display of -i/+i in regex ACL config display
1315 - Fix cache manager display of cache_peer options userhash and sourcehash
1316 - Fix URL re-writer loosing many transaction details
1317 - Fix always-true comparison in ICAP for some 32-bit platforms
1318 - Support for 'slow' group ACLs in ssl_bump access control
1319 - Support OpenSSL 1.0.0 built without SSLv2
1320 - Support GCC 4.6 and binutils-gold
1321 - Add CSS id attribute to BODY tag of generated error pages.
1322 - Display WARNING and ERROR when max_filedescriptors has failed
1324 Changes to squid-3.1.12.1 (19 Apr 2011):
1326 - Port from 3.2: Dynamic SSL Certificate generation
1327 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
1328 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
1329 - Bug 3183: Invalid URL accepted with url host part of only '@'
1330 - Display ERROR in cache.log for invalid configured paths
1331 - Cache Manager: send User-Agent header from cachemgr.cgi
1332 - ... and many portability compile fixes for non-GCC systems.
1334 Changes to squid-3.1.12 (04 Apr 2011):
1336 - Regression fix: Use bigger buffer for server reads.
1337 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
1338 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
1339 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
1340 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
1341 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
1342 - Bug 3164: Total memory info display 32-bit overflows
1343 - Bug 3155: Werror is hard-coded in libTrie build
1344 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
1345 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
1346 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
1347 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
1348 - Bug 2330: AuthUser objects are never unlocked
1349 - Prevent CONNECT request relaying to origin servers
1350 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
1351 - squidclient: send Cache Manager password using -w
1352 - eCAP: give full Request-URI to adapters
1353 - ... and several debug and error display cleanups
1355 Changes to squid-3.1.11 (08 Feb 2011):
1357 - Bug 3149: not caching eCAP adapted body
1358 - Bug 3144: redirector program blocks while reading STDIN
1359 - Bug 3140: memory leak in error page generation
1360 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
1361 - Bug 3115: logging segfaults if access_log is set to a directory
1362 - Bug 2968: Show the Vary: headers information in cachemgr objects report
1363 - Bug 2959: remove SAMBAPREFIX dependency
1364 - Bug 2868: icc doesn't like string literal in assert checks
1365 - HTTP/1.1: Send 307 status on deny_info redirection
1366 - HTTP/1.1: Support POST/PUT with no body
1367 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
1368 - Support RFC 5861 Cache-Control: stale-if-error option
1369 - Add ftp_eprt directive to disable EPRT extensions in FTP
1370 - Fix external_acl_type grace=0 to obey TTL
1371 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
1372 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
1373 - ... and some documentation updates and corrections
1374 - ... and some portability and stability fixes
1376 Changes to squid-3.1.10 (22 Dec 2010):
1378 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
1379 - Bug 3113: Consuming too much memory when uploading files
1380 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
1381 - Bug 3096: Consuming too much memory when delaying traffic
1382 - Bug 3091: Bypassed ICAP errors are not counted as service failures
1383 - Bug 3090: Polish FTP login error handing
1384 - Bug 3068: cache_dir capacity and usage overflows
1385 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
1386 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
1387 - Fix memory leak in adaptation_access
1388 - Fix /dev/poll and poll() selection priority
1389 - Fix PREFIX/var/run creation during install
1390 - Fix cachemgr http_port config report display
1391 - Add upgrade help process for obsolete options
1392 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
1393 - HTTP/1.1: entry is stale if request has max-age=0
1394 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
1395 - Toolchain update to support newer auto-tools
1396 - ... and updated error page translations
1397 - ... and updated documentation
1398 - ... and some code optimization/simplification polish
1400 Changes to squid-3.1.9 (25 Oct 2010):
1402 - Bug 3088: dnsserver is segfaulting
1403 - Bug 3084: IPv6 without Host: header in request causes connection to hang
1404 - Bug 3082: Typo in error message
1405 - Bug 3073: tunnelStateFree memory leak of host member
1406 - Bug 3058: errorSend and ICY leak MemBuf object
1407 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
1408 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
1409 - Bug 3053: cache version 1 LFS support detection broken
1410 - Bug 3051: integer display overflow
1411 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
1412 - Bug 3036: adaptation_access acls cannot see myportname
1413 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
1414 - Bug 2964: Prevent memory leaks when ICAP transactions fail
1415 - Bug 2808: getRoundRobinParent not handling weights correctly
1416 - Bug 2793: memory statistics sometimes display wrong
1417 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
1418 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
1419 - Ensure /var/cache or jail equivalent exists on install
1420 - HTTP/1.1: delete Warnings that have warning-date different from Date
1421 - HTTP/1.1: do not remove ETag header from partial responses
1422 - HTTP/1.1: make date parser stricter to better handle malformed Expires
1423 - HTTP/1.1: improve age calculation
1424 - HTTP/1.1: reply with a 504 error if required validation fails
1425 - HTTP/1.1: add appropriate Warnings if serving a stale hit
1426 - HTTP/1.1: support requests with Cache-Control: min-fresh
1427 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
1428 - squidclient: Display IP(s) connected to in verbose (-v) display
1429 - Fixes several issues with ICAP persistent connections
1430 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
1431 - ... and some cosmetic polishing
1433 Changes to squid-3.1.8 (04 Sep 2010):
1435 - Bug 3033: incorrect information regarding TOS
1436 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
1437 - Bug 3005,2972: Locate LTDL headers correctly (again)
1438 - Bug 2872: leaking file descriptors
1439 - Bug 2583: pure virtual method called
1440 - Hardened DNS client against packet queue attacks
1441 - Hardened HTTP request-line parser
1442 - Several HTTP/1.1 support improvements
1443 - Improved cross-compile support
1444 - .. and several internal pointer safety fixes
1446 Changes to squid-3.1.7 (23 Aug 2010):
1448 - Regression Bug 3021: Large DNS reply causes crash
1449 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
1450 - Regression Bug 2997: visible_hostname directive no longer matches docs
1451 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
1452 - Bug 3006: handle IPV6_V6ONLY definition missing
1453 - Bug 3004: Solaris 9 SunStudio 12 build failure
1454 - Bug 3003: inconsistent concepts in documentation of cache_dir
1455 - Bug 3001: dnsserver link issues
1456 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
1457 - HTTP/1.1: Improved Range header field validation
1458 - HTTP/1.1: Forward multiple unknown Cache-Control directives
1459 - HTTP/1.1: Stop sending Proxy-Connection header
1460 - Fix 32-bit wrap in refresh_pattern min/max values
1461 - ... and several documentation corrections.
1463 Changes to squid-3.1.6 (02 Aug 2010):
1465 - Bug 2994, 2995: IPv4-only regressions
1466 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
1467 - Bug 2975: chunked requests not supported after regular ones
1468 - Fix: 32-bit overflow in reported bytes received from next hop
1469 - Fix Libtool build regressions
1470 - Limited split-stack IPv6 support.
1471 - squid_db_auth support MD5 encrypted passwords
1473 Changes to squid-3.1.5.1 (28 Jul 2010):
1475 - Update Libtool to 2.2.
1476 - Bug 2985: search scope for digest_ldap_auth didn't work
1477 - Bug 2972: LTDL 2.2.6b compile errors
1478 - Bug 2963: Stop ignoring --with-valgrind-debug failures
1479 - Bug 2885: AIX support: several fixes
1480 - Bug 2651: crash handling NULL write callback
1481 - Fixed several memory leaks related to Range requests
1482 - Fixed Joomla DB auth handling
1483 - Fixed SASL helper build checks
1484 - Fixed several IPv6 portability problems
1485 - Updated error page translations
1487 Changes to squid-3.1.5 (02 Jul 2010):
1489 - Bug 2967: raw-IPv6 address URL with append_domain broken
1490 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
1491 - Bug 2943: ICAP tokens not logged when using multiple access
1492 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
1493 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
1494 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
1495 - Port from 2.7: max_filedescriptor config option
1496 - Fix persistent_connection_after_error is meant to be on by default
1497 - ... and several build errors.
1499 Changes to squid-3.1.4 (30 May 2010):
1501 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
1502 - Bug 2924: RADIUS helper compile issues
1503 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
1504 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
1505 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
1506 - Bug 2879: pt2: 3.0 regression in headers end finding
1507 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
1508 - Bug 2876: FD_SETSIZE override not working on all linux distributions
1509 - Bug 2810: common log format generates 2 lines of syslog
1510 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
1511 - Bug 2753: Fall back on IPv4 if IPv6 is not present
1512 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
1513 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
1514 - Change LDAP helpers to default to LDAP version 3 if available
1515 - Add Joomla and Salted Hash support to squid_db_auth helper
1516 - Fixed IpAddress port printing for ports higher than 9999
1517 - Disable chunked memory pooling by default.
1518 - ... and several build errors.
1520 Changes to squid-3.1.3 (02 May 2010):
1522 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
1523 - Fix tag ACL type not working
1525 Changes to squid-3.1.2 (01 May 2010):
1527 - Bug 2913: Fix DB auth warning in new perl version
1528 - Bug 2904: Prevent automake creating incomplete files
1529 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
1530 - Bug 2895: Regression: TPROXY2 compile errors
1531 - Bug 2879: Regression: headers end-finding
1532 - Bug 2874: Accept literal IPv6 address in icap_service URL
1533 - Bug 2860: Regression: WCCPv1 handshake
1534 - Bug 2848: Pass TCP_RST to client on early disconnect
1535 - Debian Bug 578047: Correct behaviour of --enable-ipv6
1536 - HTTP/1.1: Advertise 1.1 on requests to servers
1537 - HTTP/1.1: Advertise 1.1 on replies to clients
1538 - AIX / UNIX build fixes
1539 - Cygwin build fixes
1540 - squidclient: -k option to test connection keep-alive or close
1541 - Improved helper build for wider compatibility
1542 - Ensure the PID file directory exists on install
1544 Changes to squid-3.1.1 (29 Mar 2010):
1546 - Bug 2873: undefined symbol
1547 - Bug 2827: assertion in authentication
1548 - Remove ufsdump binary from default builds
1549 - Remove pinger from default startups
1550 - ... and several documentation updates.
1552 Changes to squid-3.1.0.18 (14 Mar 2010):
1554 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
1555 - Bug 2869: Remove unused external reference
1556 - Bug 2866: Support OpenSSL 1.0
1557 - Bug 2813: Random unix_group crash at startup
1558 - Send HTTP1.1 compliant 417 responses
1559 - Associate external acl message with the request
1560 - Various Digest parser fixes
1561 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
1563 Changes to squid-3.1.0.17 (24 Feb 2010):
1565 - Regression Fix: Non-English error page UTF encoding
1566 - Bug 2616: reduce IdleConnList::removeFD messages
1567 - Bug 1843: multicast-siblings cache_peer option
1568 - Port from 2.7: X509 certificate alias-domain handling
1569 - Add adapted_http_access option
1570 - NTLMv2 support for fake NTLM helper
1572 Changes to squid-3.1.0.16 (01 Feb 2010):
1574 - Regression Fix: Make Squid abort on all config parse failures.
1575 - Regression Bug 2811: SNMP client/peer table OID numbering
1576 - Bug 2851: Connection pinning fails when using a peer
1577 - Bug 2850: Mismatch in hier_code enum / hier_strings array
1578 - Bug 2731: Add follow_x_forwarded_for support to ICAP
1579 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
1580 - Bug 2706: Set timestamps during ICAP request satisfaction.
1581 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
1582 - Fix: WCCPv1 not connecting to router correctly
1583 - Remove obsolete RunCache/RunAccel scripts.
1584 - Add client_ip_max_connections
1585 - Add the http::>ha format code and make http::>h log original request headers
1586 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
1587 - ... and many more minor build and display annoyances.
1589 Changes to squid-3.1.0.15 (23 Nov 2009):
1591 - Regression Fix: myip ACL not accepted in config
1592 - Bug 2795: acl arp lookups including port
1593 - Bug 2794: ESI parsing fails on FreeBSD
1594 - Bug 2778: fix linking issues using SunCC
1595 - Bug 2724: eCAP build failure unless ICAP enabled
1596 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
1597 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
1598 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
1599 - Fix: 64-bit filesize issue in squidclient POST of large files
1600 - Fix: send correct Connection: header on intercepted replies
1601 - Support libtool 2.x
1602 - ESI libraries libexpat and libxml2 now optional
1603 - ESI support default enabled
1604 - Bump libcap minimum requirement to libcap 2.09+
1605 - ARP / MAC support fixes for IPv6-mode
1606 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
1607 - ... and many additions to the background testing structure
1608 - ... and very many minor build and code cleanups for non-GCC compilers.
1610 Changes to squid-3.1.0.14 (27 Sep 2009):
1612 - Bug 2777: Various build issues on OpenSolaris
1613 - Bug 2773: Segfault in RFC2069 Digest authentication
1614 - Bug 2747: Compile errors on Solaris 10
1615 - Bug 2735: Incomplete -fhuge-objects detection
1616 - Bug 2722: Fix http_port accel combined with CONNECT
1617 - Bug 2718: FTP sends EPSV2 on IPv4 connection
1618 - Bug 2648: stateful helpers stuck in reserved
1619 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
1620 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
1621 - Bug 2483: bind() called before connect()
1622 - Bug 2215: config file line length limit (extended to 2 KB)
1623 - Support Accept-Language: * wildcard
1624 - Support autoconf 2.64
1625 - Support TPROXY for IPv6 traffic (requires kernel support)
1626 - Support TPROXY cache cluster behind WCCPv2
1627 - Correct ESI support to work in multi-mode Squid
1628 - Add 0.0.0.0 as an to_localhost address
1629 - DiskIO detection fixes and use optimal IO in default build.
1630 - Correct peer connect-fail-limit default of 10
1631 - Prevent squidclient sending two Accept: headers
1632 - ... all bug fixes from 3.0.STABLE19
1633 - ... and many more documentation fixes
1635 Changes to squid-3.1.0.13 (04 Aug 2009):
1637 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
1638 - Fix one more internal profiler error
1639 - Language Updates: Italian, Russian
1640 - Language Updates: Add many more aliases
1641 - Add Copyright document for errors/ content
1642 - ... all bug fixes from 3.0.STABLE18
1643 - ... and several code polishing cleanups
1645 Changes to squid-3.1.0.12 (27 Jul 2009):
1647 - Bug 2716: Chunked request Signed/Unsigned build error
1648 - Bug 2674: Remove limit on HTTP headers read.
1649 - Bug 2620: Invalid HTTP response codes causes segfault
1650 - Fix FTP EPSV negotiation parser.
1651 - Fix Via string when leak checking is enabled (valgrind etc)
1652 - ... and several documentation and testing additions
1654 Changes to squid-3.1.0.11 (19 Jul 2009):
1656 - Bug 2087: Support adaptation sets and chains
1657 - Bug 2459: dns error message broken when error handling delayed
1658 - Support ICAP Retry
1659 - Support ICAP retries based on the ICAP responses status code
1660 - Support logging ICAP
1661 - Support logging total DNS wait time
1662 - Support logging response times of adaptation transactions
1663 - General logging enhancements
1664 - Dynamically form chains based on ICAP X-Next-Services header
1665 - Support cross-transactional ICAP header exchange
1666 - ... and much adaptation polish and improvements
1668 Changes to squid-3.1.0.10 (18 Jul 2009):
1670 - Bug 2680: Regression Crash after rotate with no helpers running
1671 - Bug 2695: Regression in WCCPv2 L2 mask assignment
1672 - Bug 2707: Regression in FTP anonymous auth
1673 - Bug 422, 2706: RFC 2616 Date header requirements
1674 - Bug 1087: ESI processor not quoting attributes correctly.
1675 - Bug 1338: File prefetches aborted despite range_offset
1676 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
1677 - Bug 2092: select loop 32-bit call counter overflows
1678 - Bug 2127: delay pools class 4 crashes with ntlm auth
1679 - Bug 2611: document fast/slow acl types
1680 - Bug 2614: Potential loss of adapted body data from eCAP adapters
1681 - Bug 2658: Missing TextException copy constructor
1682 - Bug 2659: String length overflows on append, leading to segfaults
1683 - Bug 2699: Build failure NTLM smb_lm helper
1684 - Bug 2709: TRANSLATIONS not installed
1685 - Bug 2710: squid_kerb_auth non-terminated string
1686 - Delay pools 64-bit buckets and IPv6-polish
1687 - Break forwarding loops for "transparent" or "intercept" http_ports.
1688 - Add --disable-translation option to detatch .po from error negotiation
1689 - Add squidclient man(1) page
1690 - Add localhost to default permitted networks
1691 - http_port allow-direct option to allow direct forwarding in accelerator mode
1692 - ... and many testing infrastructure updates
1694 Changes to squid-3.1.0.9 (26 Jun 2009):
1696 - Bug 2682: Add ftp_epsv control to disable EPSV support.
1697 - Bug 2665: Detach automake system from using -I.
1698 - Bug 2395: FTP auth errors not displayed
1699 - ... also several changes and bugs closed in 3.0.STABLE16
1700 - Port from 2.7: Show local address on listening sockets
1701 - Add "tag" type acl matching tags set by external acl helpers.
1702 - Adds Language alias linker/installer/upgrade scripts
1703 - Support for GCC 4.4
1704 - Fix false NAT lookup errors on Linux
1705 - Fix many Windows port issues
1706 - Fix squid_kerb_auth helepr install location
1707 - Better detection of IPv6 stack types
1708 - Updates Licensing information for Squid 3.1
1709 - ... and many packaging portability build and install issues
1711 Changes to squid-3.1.0.8 (24 May 2009):
1713 - Bug 2656: Pinger dies with general protection fault
1714 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
1715 - Bug 2648: Authentificator processes deferring and don't shutdown.
1716 - Bug 2645: allow squid to ignore must-revalidate
1717 - Bug 2644: auth scheme initialization is broken
1718 - Bug 2632: Make number of reforwarding tries configurable
1719 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
1720 - Bug 2627: HTCP Logging
1721 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
1722 - Bug 2589: SNMP returning no data - wrong oid decoded
1723 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
1724 - Bug 2559: Problem parsing /0 and /0.0.0.0
1725 - Bug 2404: WCCP in mask mode is broken
1726 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
1727 - Complete Interception multiple NAT support
1728 - Add Content-Disposition to the known headers list.
1729 - Make PEER_TCP_MAGIC_COUNT configurable
1730 - Fix pinger install location
1731 - Enable TPROXY v4 spoofing of CONNECT requests
1732 - ... and much documentation and code polishing
1734 Changes to squid-3.1.0.7 (08 Apr 2009):
1736 - Fix: several issues with ident
1737 - Add several language translations
1738 - Upgrade code testing infrastructure
1739 - Migrate much code to build as internal libraries
1741 - Support doxygen 1.5.8
1742 - ... and much code polish to make things read easier
1744 Changes to squid-3.1.0.6 (01 Mar 2009):
1746 - Regression Fix: Support HTTP/0.9 in accelerator mode
1747 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
1748 - Bug 2593: Compile errors on Solaris 10
1749 - Bug 2591: adaptation_access does not work
1750 - Bug 2588: coredump in rDNS lookup
1751 - Bug 2526: default ALLOW when no list specified.
1752 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
1753 - Bug 419: Hop by Hop headers MUST NOT be forwarded
1754 - Fix external_acl_type handling of SSL certificate details
1755 - Obsolete: dependency on nss_common.h and nss.h
1757 - ... and various documentation and code polish
1759 Changes to squid-3.1.0.5 (03 Feb 2009):
1761 - Bug 2583: Fixed issue in content adaptation
1762 - Bug 2576: Make translate target obey --disable-auto-locale
1763 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
1764 - Bug 2563: 99+% CPU Usage on FTP URL
1765 - Bug 2505, 2524, 2558: fixed several issues on connection handling
1766 - Fix several issues in request parsing
1767 - Fix memory leak from logformat parsing
1768 - Fix various ESI build errors
1769 - Make configure tests use C++ instead of C
1770 - Drop special localhost conversion RFC violation.
1771 - Add Language: Arabic
1772 - ... and various documentation and code polish
1774 Changes to squid-3.1.0.4 (23 Jan 2009):
1776 - Regression Fix: Bug 2558: rollback bug 2395 fix.
1777 - Bug 2555: Fixes to SNMP-MIB
1778 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
1779 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
1780 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
1781 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
1782 - Polish ZPH configuration interface
1783 - Several Language Conversions to new auto-negotiate
1784 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
1785 - Fix: Pconn not being used when they should.
1786 - Fix: Fix pinger immediate shutdowns
1787 - Fix: Untangle CacheManager reports from log_fqdn
1788 - ... and all bugs fixed for 3.0.STABLE12
1789 - ... and many code polish and optimization fixes.
1791 Changes to squid-3.1.0.3 (5 Dec 2008):
1793 - Regression Fix: StoreIOBuffer patch removed.
1794 - Regression Fix: build issues with 3.1.0.2 bundle
1795 - Security Bug 2526: default ALLOW when no list specified
1796 - Bug 2525: encoding error on error pages
1797 - Bug 2424: slow file descriptor leak
1798 - Bug 2527: ICAP compile error on g++ 4.3.2
1799 - Bug 2523: bad assertion left in from debug
1800 - Bug 2395: FTP Auth errors and others not displayed
1801 - Update squid_kerb_auth to 1.0.5
1802 with better Squid integration.
1803 - Fix cache_peer forcedomainname= option
1804 - ... and many other minor fixes
1806 Changes to squid-3.1.0.2 (9 Nov 2008):
1808 - Bug 2516: error page templates not properly installed
1809 - Bug 2500: Solaris build issues
1810 - Fixes FreeBSD build issues
1811 - Release Notes completed
1812 - Languages: new Russian, Japanese, Chinese, and general updates
1813 - ... and other minor fixes
1815 Changes to squid-3.1.0.1 (27 Oct 2008):
1817 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
1818 - peername ACL added for matching against a named peer destination
1819 - configure option --with-logdir= added to select log files location
1820 - squid_kerb_auth helper updated to 1.0.3 release
1821 - Bug #740: allow external acl's to use reply headers in format
1822 - Bug #2379: obsolete dns_testnames option
1823 - Code test infrastructure expanded to configuration testing
1824 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
1825 to bring their defaults up to RFC 2616 requirements.
1826 - Large increase in RFC 2616 standard compliance (ongoing)
1827 - squid.conf cleanups for minimal config
1828 - Connection Pinning ported from 2.6 for NTLM passthru authentication
1829 - eCAP internal adaptation module support
1830 - Localization and CSS display control of error pages
1831 - Added semi-automatic documentation of source code
1832 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
1833 - HTCP improvements ported from 2.7 adding HTCP CLR requests
1834 - IPv6 (Internet Protocol version 6) support
1835 - ICMPv6 (Internet Control Message Protocol version 6) support
1836 - FTP agent now supports EPSV/EPRT commands
1837 - DNS internal resolver now supports AAAA and CNAME records
1838 - SNMP peer and client tables now support IPv6
1839 - SNMP peer table supports named peers with multiple entries per IP
1840 - SslBump: Squid-in-the-middle decryption and encryption of straight
1841 CONNECT and transparently redirected SSL traffic, using configurable
1842 client- and server-side certificates. While decrypted, the traffic
1843 can be inspected using ICAP.
1844 - TPROXY version 4.1 support
1845 - IPFW and Netfilter interception methods may now both be built in one binary.
1846 - ZPH Quality of Service patch now integrated
1847 - Null store now fully obsoleted and removed
1848 - Unknown request methods all supported
1849 - Follow_x_forwarder_for ported from 2.6
1850 - Bug #2223: Follow XFF extensions added
1851 - ... and many code and documentation cleanups
1853 Changes to squid-3.0.STABLE26 (28 Aug 2011):
1855 - Regression: header_replace for reply headers
1856 - Bug 3183: Invalid URL accepted with url host part of only '@'.
1857 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
1858 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
1859 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
1860 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
1861 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
1862 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
1863 - Regression Bug 2879: headers end finding
1864 - Bug 2876: FD_SETSIZE override not working on all linux distributions
1865 - Check for NULL and empty strings before calling str*cmp().
1866 - Correct parsing of large Gopher indexes
1868 Changes to squid-3.0.STABLE25 (14 Mar 2010):
1870 - Bug 2845: Rework the http digest auth parser
1871 - Bug 2787: unknown/unexpected status code messages
1872 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
1873 - Bug 2367: stale=true on digest requests with unknown nonce
1874 - ... and several other minor corrections
1876 Changes to squid-3.0.STABLE24 (13 Feb 2010):
1878 - Bug 2858: Segment violation in HTCP
1879 - Updated refresh pattern for dynamic pages
1881 Changes to squid-3.0.STABLE23 (02 Feb 2010):
1883 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
1884 - Regression Fix: Build error in Kerberos helper after library removal.
1886 Changes to squid-3.0.STABLE22 (01 Feb 2010):
1888 - Regression Fix: Make Squid abort on all config parse failures.
1889 - Bug 2787: Reduce unexpected http status to non-critical warnings.
1890 - Bug 2496: Downloading some variants in full before relaying
1891 - Bug 2452: Add upper limit to external_acl_type entries.
1892 - Removed optional kerberos/spnegohelp/ library due to licensing issues
1893 - Add client_ip_max_connections
1894 - Handle DNS header-only packets as invalid.
1896 Changes to squid-3.0.STABLE21 (22 Dec 2009):
1898 - Bug 2830: Clarify where NULL byte is in headers.
1899 - Bug 2778: Linking issues using SunCC
1900 - Bug 2395: FTP errors not displayed
1901 - Bug 2155: Assertion failures on malformed Content-Range response headers
1902 - Fix parsing and a few bugs in ACL time type
1903 - Fix RFC keep-alive compliance on intercepted replies
1904 - Improved security hardening on %nn parser
1905 - Replace several GCC-specific code snippets.
1907 Changes to squid-3.0.STABLE20 (29 Oct 2009):
1909 - Bug 2794: ESI parsing on FreeBSD
1910 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
1911 - Bug 2779: Support GNU/kFreeBSD
1912 - Bug 2773: Segfault in RFC2069 Digest authantication
1913 - Bug 2768: squid_ldap_group argument parsing error
1914 - Bug 2761: Gopher and double HTTP response header
1915 - Bug 2735: Incomplete -fhuge-objects detection
1916 - Bug 2722: prevent CONNECT via http_port with accel
1917 - Bug 2624: Invalid response for IMS request
1918 - Bug 2510: digest_ldap_auth TLS support
1919 - Correct LINUX_CAPABILITY actions on non-Linux
1921 Changes to squid-3.0.STABLE19 (06 Sep 2009):
1923 - Bug 2745: Invalid Response error on small reads
1924 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
1925 - Bug 2734: some compile errors on Solaris
1926 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
1927 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
1928 - Bug 2362: Remove support for deferred state in stateful helpers
1929 - Add 0.0.0.0 as a to_localhost address
1930 - Docs: Improve chroot directive documentation slightly
1931 - Fixup libxml2 include magics, was failing when a configure cache was used
1932 - ... and some minor testing improvements.
1934 Changes to squid-3.0.STABLE18 (04 Aug 2009):
1936 - Bug 2728: regression: assertion failed: !eof
1937 - Bug 2732: reply_body_max_size smaller than error page loops
1938 infinitely until out of memory
1939 - Bug 2725: pconn failure if domain or client_address are unset
1940 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
1941 - Bug 2462: make check should tell when cppunit is missing
1942 - Remove excess messages about headers < minimum size
1943 - Support Libtool 2.2.6
1945 Changes to squid-3.0.STABLE17 (27 Jul 2009):
1947 - Bug 2680 regression: Crash after rotate with no helpers running
1948 - Bug 2710: squid_kerb_auth non-terminated string
1949 - Bug 2679: strsep and strtoll detection failure
1950 - Bug 2674: Remove limit on HTTP headers read.
1951 - Bug 2659: String length overflows on append, leading to segfaults
1952 - Bug 2620: Invalid HTTP response codes causes segfault
1953 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
1954 - Bug 1087: ESI processor not quoting attributes correctly.
1955 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
1956 - Several small build issues with previous release.
1958 Changes to squid-3.0.STABLE16 (15 Jun 2009):
1960 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
1961 - Bug 2481: Don't set expires: now in generated error responses
1962 - Bug 2387: The calculation of the number of hash buckets correctly
1963 - Fix infinite loop in MSNT auth helper
1964 - Fix FD_SETSIZE on FreeBSD
1965 - Fix stripping NT domain in squid_ldap_group
1966 - Fix RADIUS auth helper build
1967 - Add Translate: and Unless-Modified-Since: headers to known list
1968 - Make fakeauth handle NTLMv2 better
1969 - Better Kerberos support detection
1970 - Several Widows port fixes
1972 Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
1974 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
1975 - Bug 2648: NTLM helpers not shutting down when deferred
1977 Changes to squid-3.0.STABLE15 (06 May 2009):
1979 - Regression Bug 2635: Incorrect Max-Forwards header type
1980 - Bug 2652: 'Success' error on CONNECT requests
1981 - Bug 2625: IDENT receiving errors
1982 - Bug 2610: ipfilter support detection
1983 - Bug 2578: FTP download resume failure
1984 - Bug 2536: %H on HTTPS error pages
1985 - Bug 2491: assertion "age >= 0"
1986 - Bug 2276: too many NTLM helpers running
1987 - Endian system and compiler fixes provided by the NetBSD project
1988 - documentation fixes provided by the Debian project
1990 Changes to squid-3.0.STABLE14 (11 Apr 2009):
1992 - Regression Fix: HTTP/0.9 in accelerator mode
1993 - Bug 1232: cache_dir parameter limited to only 63 entries
1994 - Bug 1868: support HTTP 207 status
1995 - Bug 2518: assertion failure on restart/reconfigure
1996 - Bug 2588: coredump in rDNS lookup
1997 - Bug 2595: Out of bounds memory write in squid_kerb_auth
1998 - Bug 2599: Idempotent start
1999 - Bug 2605: Prevent setsid() on helpers in daemon mode
2000 - Fix external_acl_type option parsing
2001 - Fix delay pools counters on FTP
2002 - Fix several issues with ident (some remain)
2003 - Fix performance issues with persistent connections
2004 - Fix performance issues with delay pools
2005 - Fix forwarding of OPTIONS requests
2006 - Add support for HTTP 1.1 Content-Disposition header
2007 - Add support for Windows 7, Windows Server 2008 R2 and later
2008 - ... and many small documentation updates
2010 Changes to squid-3.0.STABLE13 (03 Feb 2009):
2012 - Fix several issues in request parsing
2013 - Fix memory leak from logformat parsing
2014 - Fix various ESI build errors
2015 - ... and some documentation updates
2017 Changes to squid-3.0.STABLE12 (21 Jan 2009):
2019 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
2020 - Bug 2542: ICAP filters break download resume
2021 - Bug 2556: HTCP fails without icp_port
2022 - Bug 2564: logformat '%tl' field not working as advertised
2023 - Port from 3.1: TestBed basic build consistency checks
2024 - Policy: Change half_closed_clients default to off
2025 - Policy: Removed -V command line option, deprecated by 2.6
2026 - ... and several other minor code cleanups
2028 Changes to squid-3.0.STABLE11 (24 Dec 2008):
2030 - Bug 2424: filedescriptors being left unnecessary opened
2031 - Bug 2545: fault passing ICAP filtered traffic to peers
2032 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
2033 - ... and some minor admin and debug cleanups.
2035 Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
2037 - Removes patch causing cache of bad objects
2038 - Bug 2526: bad security default in ACLChecklist
2039 - Fixes regression: access.log request size tag
2040 - Fixes cache_peer forceddomainname=X option
2041 - ... and many minor documentation cleanups
2043 Changes to squid-3.0.STABLE10 (14 Oct 2008):
2045 - Bug 2391: Regression: bad assert in forwarding
2046 - Bug 2447: Segfault on failed TCP DNS query
2047 - Bug 2393: DNS requests getting stuck in idns queue
2048 - Bug 2433: FTP PUT gives bad gateway
2049 - Bug 2465: Limited DragonflyBSD support
2050 - ... and other minor bugs and documentation
2052 Changes to squid-3.0.STABLE9 (9 Sep 2008):
2054 - Policy Enforcement: COSS is unusable in 3.0
2055 - Port from 3.1: Language Pack compatibility
2056 - Port from 2.6: Windows Support Notes
2057 - Fix several minor regressions:
2058 HTCP stats reporting
2059 cachemgr delay pool config
2061 - Bug 2340: uudecode dependency for icons removed
2062 - Bug 2352: no_check.pl ntlm challenge fix
2063 - Bug 2426: buffer increase for kerberos auth fields
2064 - Bug 2427: squid_ldap_group codes fix
2065 - Bug 2437: peer name now shown in access.log
2066 - Add sane display of unsupported method errors
2067 - ... and various other code cleanups
2069 Changes to squid-3.0.STABLE8 (18 Jul 2008):
2071 - Port from 2.6: Support for cachemgr sub-actions
2072 - Port from 2.6: userhash peer selection method
2073 - Port from 2.6: sourcehash peer selection method
2074 - Bug 2376: round-robin balancing fixes
2075 - Bug 2388: acl documentation cleanup
2076 - Bug 2365: cachemgr.cgi HTML output encoding
2077 - Bug 2301: Regression: Log format size options
2078 - Bug 2396: Correct the opening of PF device file.
2079 - Bug 2400: ICAP accept mechanism
2080 - Bug 2411: Regression: fakeauth_auth crashes
2081 - Many fixes to the Windows support (not complete yet).
2082 - Boost error pages HTML standards.
2083 - Fixes several issues on 64-bit systems
2084 - Fixes several issues on older or stricter compilers
2085 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
2086 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
2088 Changes to squid-3.0.STABLE7 (22 Jun 2008):
2090 - Fix several ASN issues
2091 - Fix SNMP reporting of counters
2092 - Fix round-robin algorithms
2094 - Netfilter v1.4.0 bug workaround
2095 - Bugs 2350 and 2323: memory issues
2096 - Bugs 2384, 951, 1566: ESI assertions
2097 - Various minor debug and documentation cleanups
2099 Changes to squid-3.0.STABLE6 (20 May 2008):
2101 - Bug 2254: umask Feature from 2.6 added
2102 - cachemgr.cgi default config file added
2103 - Several authentication bug fixes
2104 - Improved Windows Support
2105 - better DNS lookup methods for unqualified hostames
2106 - better support for 64-bit environments
2107 - Bug 2332: Crash when tunnelling
2108 - Removed the advertisement clause from BSD licenses
2109 according to the GPLv2+ changes in BSD
2110 - ... and other bugs and minor cleanups
2112 Changes to squid-3.0.STABLE5 (28 Apr 2008):
2114 - Support for resolv.conf 'domain' option
2115 - Improved URI support, including
2116 longer URI up to 8192 bytes accepted
2117 better handling of intercepted URI
2118 better port for non-FQDN URI lookups
2119 - Improved logging, including
2120 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
2121 Fixed 'log_ip_on_direct' option behaviour
2122 - Support for profiling on x86 64-bit systems
2123 - .. and other bugs and minor code cleanups.
2125 Changes to squid-3.0.STABLE4 (2 Apr 2008):
2127 - Bug 2288: compile error slipped into STABLE3.
2129 Changes to squid-3.0.STABLE3 (31 Mar 2008):
2131 - Improved HTTP 1.1 support.
2132 - Improved MacOSX (Leopard) support
2133 - Bug 2206: Proxy-Authentication regression in STABLE2.
2134 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
2135 - ... and other bugs and minor code cleanup
2137 Changes to squid-3.0.STABLE2 (1 Mar 2008):
2139 - Add myportname ACL for matching the accepting port name (see release notes)
2140 - Add include directive for squid.conf (see release notes)
2141 - Add ability to strip kerberos realm from usernames during Auth
2142 - License cleanup to comply with GPLv2 or later
2143 - Updated Error Pages and Translations
2144 - Updated configuration examples
2145 - Updated valgrind support for valgrind-3.3.0
2146 - Improved support for Windows and MacOS X Leopard
2147 - Improved support for files larger than 2GB
2148 - Improved support for CARP arrays and WCCPv2
2149 - Improved cachmgr, SNMP, and log reporting
2150 - ... and as usual Many bug fixes since STABLE 1
2152 Changes to squid-3.0.STABLE1 (13 Dec 2007):
2154 - Major rewrite translating the code to C++, originally based on
2156 - Internal client streams concept for content adaptation
2157 - ICAP (Internet Content Adaptation Protocol) client support
2158 - ESI (Edge Side Includes) support added
2159 - Improved support for files larger than 2GB.
2160 - And a lot more. Most features from Squid-2.6 is supported, but not
2161 all. See the release notes for details.
2164 Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
2166 Changes to squid-2.6.STABLE22 (19 October 2008)
2168 - Bug #2396: Correct the opening of the PF device file.
2169 - Make --with-large-files and --with-build-envirnment=default play
2171 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
2173 - Make dns_nameserver work when using --disable-internal-dns on glibc
2175 - Bug #2426: Increase negotiate auth token buffer size
2176 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
2177 - Bug #2477: swap.state permission issues if crashing during "squid -k
2179 - Windows port: Fix build error using latest MinGW runtime.
2183 Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
2184 authorative for this release and mirrored here for reference only.
2186 - CARP now plays well with the other peering algorithms,
2187 and support for CARP peerings is compiled by default. Can be
2188 disabled by --disable-carp
2189 - Configuration file can be read from an external program
2190 or preprocessor. See squid.8 man page.
2191 - http_port is now optional, allowing for SSL only operation
2192 - Satellite and other high latency peering relations enhancements
2194 - Nuked num32 types, and made type detection more robust by the
2195 use of typedefs rather than #defines.
2196 - the mailto links on Squid's ERR pages now contain data about the
2197 occurred error by default, so that the email will contain this data in
2198 its body. This feature can be disabled via the email_err_data directive.
2200 - COSS now uses a file called stripe and the path in squid.conf is the
2201 directory this is placed in. Additionally squid -z will create the
2203 - WCCPv2 support, including mask assignment support
2204 - HTCP support for access control and the CRL operation for
2205 purgeing of cache content
2206 - ICAP related fixes
2207 - Windows-related fixes, including Vista and Longhorn identification
2208 - Client-side parsing and some string use optimisations
2209 - Lots of off-by-one and memory leaks in corner cases have been fixed
2211 - Improved high-resolution profiling
2212 - Windows overlapped-IO and thread support added to the Async IO disk code
2213 - Improvements for handling large DNS replies
2215 Changes to squid-2.6.STABLE15 (31 Aug 2007)
2217 - The select() I/O loop got broken by the /dev/poll addition
2219 - Bug #2017: Fails to work around broken servers sending just the HTTP
2221 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
2223 - squid.conf.default updated and reorganised in more sensible groups
2224 - correct and document the syslog access_log format
2225 - Armenian error pages translation
2226 - digest_ldap_helper usage help updated
2227 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
2228 - Improve delay pools in low traffic environment by checking timeouts
2229 at a steady 1 second interval even when there is not much activity
2230 - Don't request authentication on transparently intercepted
2232 - Cleanup linux capabilities for tproxy
2233 - Bug #2003: 'via' config directive doesn't affect response headers
2234 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
2235 - Add missing $|=1 to squid_db_auth
2236 - Bug #2050: Persistent connection dropped if cache has no
2238 - Verify the URL on memory cache hits
2239 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
2240 - Bug #1972: Squid sets peers to down state when they are in fact
2242 - potential segmentation fault in storeLocateVary()
2243 - Bug #2066: chdir after chroot
2244 - Windows port: Fix compiler warnings when building Squid as
2245 application (not Windows service mode)
2246 - Spelling correction of received
2248 Changes to squid-2.6.STABLE14 (15 Jul 2007)
2250 - squid.conf.default cleanup to have options in their proper sections.
2251 - documentation correction in the refresh_pattern ignore-auth option
2252 - URI-escaping not uses the recommended upper-case hex codes
2253 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
2254 - Always use xisxxxx() Squid defined macros instead of ctype
2256 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
2257 - Database basic auth helper using Perl DBI to connect to most SQL DBs
2258 - Solaris /dev/poll network I/O support
2259 - configure fixes to make cross compilation somewhat easier
2260 - Removed incorrect -a reference from http_port documentation
2261 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
2262 - Bug #1968: Squid hangs occasionally when using DNS search paths
2263 - Novell eDirectory digest auth helper (digest_edir_auth)
2264 - Bug #1130: min-size option for cache_dir
2265 - POP3 basic auth helper querying a POP3 server
2266 - Cosmetic squid_ldap_auth fixes from Squid-3
2267 - Bug #1085: Add no-wrap to cache manager HTML tables
2268 - Automatically restart if number of available filedescriptors becomes
2269 alarmingly low, preventing a situation where Squid would otherwise
2270 permanently stop processing requests.
2271 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
2273 - Deal better with forwarding loops
2275 Changes to squid-2.6.STABLE13 (11 May 2007)
2277 - Make sure reply headers gets sent even if there is no body available
2278 yet, fixing RealMedia streaming over HTTP issues.
2279 - Undo an accidental name change of storeUnregisterAbort.
2280 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
2281 - Bug #1814: SSL memory leak on persistent SSL connections
2282 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
2283 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
2284 - Ukrainan error messages
2285 - Convert various error pages from DOS to UNIX text format
2286 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
2287 - Clarify the max-conn=n cache_peer option syntax slightly
2288 - Bug #1892: COSS segfault on shutdown
2289 - Windows port: fix undefined ECONNABORTED
2290 - Make refreshIsCachable handle ETag as a cache validator, not
2292 - in_port_t is not portable, use unsigned short instead
2293 - Fix fs / auth / snmp dependencies
2294 - Portability: statfs() may reqire #include <sys/statfs.h>
2296 Changes to squid-2.6.STABLE12 (20 Mar 2007)
2298 - Assertion error on TRACE
2300 Changes to squid-2.6.STABLE11 (17 Mar 2007)
2302 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
2303 !conn->body.request"
2304 - Handle garbage helper responses better in concurrent protocol format
2305 - Fix kqueue when overflowing the changes queue
2306 - Make sure the child worker process commits suicide if it could
2308 - Don't log short responses at debug level 1
2309 - Fix bswap16 & bwsap32 error on NetBSD
2310 - Fix collapsed_forwarding for non-GET requests
2312 Changes to squid-2.6.STABLE10 (4 Mar 2007)
2314 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
2315 - various diskd bugfixes
2316 - In the access.log hierarchy field log the unique peer name
2317 instead of the host name
2318 - unlinkdClose() should be called after (not before) storeDirSync()
2319 - CLEAN_BUF_SZ was defined, but never used anywhere
2320 - logging HTTP-request size
2321 - Fix icmp pinger communication on FreeBSD and other not supporing
2322 large dgram AF_UNIX sockets
2323 - Release objects on swapin failure
2324 - Bug #1787: Objects stuck in cache if origin server clock in future
2325 - Bug #1420: 302 responses with an Expires header is always cached
2326 - Primitive support for HTTP/1.1 chunked encoding, working around
2328 - Clean up relations between TCP probing and DNS checks of peers with
2330 - Fix a minor HTML coding error in ftp directory listings with // in
2332 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
2333 non-refreshable content
2334 - Gopher cleanups and bugfixes
2335 - Negotiate authentication fixed again. Broken since STABLE7 by the
2336 patch for Bug #1792.
2337 - Bug #1892: COSS tries to shut down the same directory twice on exit
2338 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
2340 - Added support for Subversion HTTP request methods MKACTIVITY,
2343 Changes to squid-2.6.STABLE9 (24 Jan 2007)
2345 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
2346 - Bug #1877 diskd bug in storeDiskdIOCallback()
2348 Changes to squid-2.6.STABLE8 (21 Jan 2007)
2350 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
2351 - Document the https_port vhost option, useful in combination with
2352 a wildcard certificate
2353 - Document the existence of connection pinning / forwarding of NTLM
2354 auth and a few other features overlooked in the release notes.
2355 - Spelling correction of the ssl cache_peer option
2356 - Add back the optional "accel" http_port option. Makes accelerator
2357 mode configurations easier to read.
2358 - Bug #1872: Date parsing error causing objects to get unexpectedly
2360 - Cleanup to have the access.log tags autogenerated from enums.h
2361 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
2363 - Don't update object timestamps on a failed revalidation.
2364 - Fix how ftp://user@host URLs is rendered when Squid is built with
2365 leak checking enabled
2367 Changes to squid-2.6.STABLE7 (13 Jan 2007)
2369 - Windows port: Fix intermittent build error using Visual Studio
2370 - Add missing tproxy info from the dump of http port configuration
2371 - Bug #1853: Support for ARP ACL on NetBSD
2372 - clientNatLookup(): fix wrong function name in debug messages
2373 - Convert ncsa_auth man page from DOS to Unix text format.
2374 - Bug #1858: digest_ldap_auth had some remains of old hash format
2375 - Correct the select_loops counter when using select(). Was counted twice
2376 - Clarify the http_port vhost option a bit
2377 - Fix cache-control: max-stale without value or bad value
2378 - Bug #1857: Segmentation fault on certain types of ftp:// requests
2379 - Bug #1848: external_acl crashes with an infinite loop under high load
2380 - Bug #1792: max_user_ip not working with NTLM authentication
2381 - Bug #1865: deny_info redirection with authentication related acls
2382 - Small example on how to use the squid_session helper
2383 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
2384 - Clarify the transparent http_port option a bit more
2385 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
2386 - Bug #1867: squid.pid isn't removed on shutdown
2388 Changes to squid-2.6.STABLE6 (12 Dec 2006)
2390 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
2391 - Add client source port logformat tag >p
2392 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
2393 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
2394 - automake no longer recommends mkinstalldirs. Removed.
2395 - Only use crypt() if it's available, allowing ncsa_auth to be built
2396 on platofms without crypt() support.
2397 - Windows port documentation updates
2398 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
2399 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
2400 - Remove extra newline in redirect message sent by deny_info http://... aclname
2401 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
2402 - Clarify the external_acl_type helper format specification and some defaults
2403 - Add support for the weight= parameter to round-robin peers
2404 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
2405 - Convert snmpDebugOid to use a temporary String object instead of strcat
2406 - Document that proxy_auth also accepts -i for case-insensitive operation
2407 - Remove malloc/free of temporary buffer in time parsing routines.
2408 - Reduce memory allocator pressure by not continually allocating client-side read buffers
2409 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
2410 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
2411 - Bug #1584: Unable to register with multiple WCCP2 routers
2412 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
2413 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
2414 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
2415 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
2416 - Bug #1840: Disable digest and netdb queries to multicast peers
2417 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
2418 - Fix build errors when using latest MinGW Windows environment
2420 Changes to squid-2.6.STABLE5 (3 Now 2006)
2422 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
2423 - COSS improvements and cleanups
2424 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
2425 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
2426 - Bug #1719: Incorrect error message on invalid cache_peer specifications
2427 - Bug #1785: Memory leak in handling of negatively cached objects
2428 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
2429 - Bug #1782: Memory leak in ncsa_auth on password changes
2430 - Suppress some annoying coss startup messages raising the debug level to 2.
2431 - Clarify the external_acl_helper concurrency= change.
2432 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
2433 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
2434 - Bug #1795: Theoretical memory leak in storeSetPublicKey
2435 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
2436 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
2437 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
2438 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
2439 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
2440 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
2441 - Bug #1796: Assertion error HttpHeader.c:914: "str"
2442 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
2443 - Silence harmless gcc compile warning.
2444 - Clean up poll memory on shutdown
2445 - Ported select, poll and win32 to new comm event framework
2446 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
2447 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
2448 - Safeguard from kb_t counter overflows on 32-bit platforms
2450 Changes to squid-2.6.STABLE4 (23 Sep 2006)
2452 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
2453 - Windows port enhancement: added native exception handler with signal emulation
2454 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
2455 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
2456 - Bug #212: variable %i always 0.0.0.0 in many error pages
2457 - Bug #1708: Ports in ACL accepts characters and out of range
2458 - Bug #1706: Squid time acl accepts invalid time range.
2459 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
2460 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
2461 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
2462 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
2463 - Bug #1598: start_announce cannot be disabled
2464 - Periodically flush cache.log to disk when "buffered_logs on" is set
2465 - Numerous COSS improvements and fixes
2466 - Windows port: merge of MinGW support
2467 - Windows port: Merged Windows threads support into aufs
2468 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
2469 - Numerous portability fixes
2470 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
2471 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
2472 - Bug #1760: FTP related memory leak
2473 - Bug #1770: WCCP2 weighted assignment
2474 - Bug #1768: Redundant DNS PTR lookups
2475 - Bug #1696: Add support for wccpv2 mask assignment
2476 - Bug #1774: ncsa_auth support for cramfs timestamps
2477 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
2478 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
2479 - Bug #1590: Silence those ETag loop warnings
2480 - Bug #1740: Squid crashes on certain malformed HTTP responses
2481 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
2482 - Improve error reporting on unexpected CONNECT requests in accelerator mode
2483 - Cosmetic change to increase cache.log detail level on invalid requests
2484 - Bug #1229: http_port and other directives accept invalid ports
2485 - Reject http_port specifications using both transparent and accelerator options
2486 - Cosmetic cleanup to not dump stacktraces on configuration errors
2489 Changes to squid-2.6.STABLE3 (18 Aug 2006)
2491 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
2492 very large cache_dir. Limit number of objects stored to slightly
2494 - Bug #1705: Correct error message on invalid time weekday specification
2495 - Don't attempt to guess netmask in src/dst acl specifications
2496 if none was provided. Assume it's an IP even if it ends in 0
2497 - Bug #1665: log_format %ue, %us tags for external or ssl user id
2498 - Bug #1707: delay pools often ignored the set limit
2499 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
2500 (0.9.8 always worked)
2501 - COSS fixes and performance improvements
2502 - Memory leak when reading configuration files with overlapping
2503 ACL data where squid -k parse complains.
2504 - Memory leak related to pinned connections
2505 - Show include acls unexpanded in cachemgr configuration dumps
2506 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
2507 - Bug #1304: Downloads may hang when using the cache_dir max-size option
2508 - Optimization of network I/O
2509 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
2510 - Fixed a memory leak on certain invalid requests
2511 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
2512 - Bug #582: ntlm fake_auth not handles non-ascii login names
2513 - New startup message indicating the type of event loop used
2514 - Bug #1602: TCP fallback on truncated DNS responses
2515 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
2516 - Bug #1723: cachemgr now works in accelerator mode
2518 Changes to squid-2.6.STABLE2 (31 Jul 2006)
2520 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
2521 - Releasenotes Table of contents should use relative links without
2523 - Reject HTTP/0.9 formatted CONNECT requests.
2524 - Cosmetic cleanup to use safe_free instead of xfree + manual
2526 - Bug #1650: transparent interception "Unable to forward this
2527 request at this time"
2528 - Bug #1658: Memory corruption when using client-side SSL certificates
2529 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
2530 deleting the underlying object.
2531 - Many COSS fixes and new coss data dumper utility for diagnostics
2532 - Bug #1669: SEGV in storeAddVaryReadOld
2533 - Many fixes in debug sections and spelling of debug messages
2534 - Don't keep client connection persistent if there was a mismatch in
2536 - Move eventCleanup debug messages to debug level 2 (was 0)
2537 - Add the missing concurrency parameters to basic and digest auth
2539 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
2540 - Log SSL user id in the custom log User name format (%un)
2541 - Bug #1653: Username info not logged into Cachemgr active_requests
2543 - Added to the redirectors interface the support for SSL client
2545 - squid.conf.default cleanup to remove references to old options
2546 - Fix many filedescriptors in combination with TPROXY
2547 - Fix connection pinning in transparently intercepted connections
2548 - Bug #1679: LDFLAGS not honored in some programs.
2549 - Minor cleanup of port numbers in transparent interception or
2551 - Bug #1671: transparent interception fails with FreeBSD ipfw or
2553 - Bug #1660: Accept-Encoding related memory corruption
2554 - Bug #1651: Odd results if url_rewriter defined multiple times
2555 - Bug #1655: Squid does not produce coredumps under linux when
2557 - Bug #1673: cache digests not served to other caches
2558 - Cleanup of Linux capability code used by tproxy
2559 - Bug #1684: xstrdup: tried to dup a NULL pointer!
2560 - Bug #1668: unchecked vsnprintf() return code could lead to log
2562 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
2564 - Cygwin support fir --disable-internal-dns
2565 - Silence those annoying sslReadServer: Connection reset by peer
2567 - Bug #1693: persistent connections broken in transparent
2569 - Bug #1691: multicast peering issues
2570 - Bug #1696: Correct WCCP2 processing of router capability info
2572 - Bug #1694: Assertion failure in mgr:config if using
2573 access_log_format %<h
2574 - Bug #1677: Duplicate etags in the If-None-Match header
2575 - Bug #1665: access_log_format codes for login names from external
2577 - Bug #1681: All ntlmauthenticator processes are busy
2578 - Added ARP acl support for OpenBSD and ARP fixes for Windows
2579 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
2581 - WCCP2 correct dampening of assign buckets when there it lots of
2583 - minimum_expiry_time to tune the magic 60 seconds limit of what
2584 is considered cachable when the object doesn't have any cache
2586 - Bug #1703: wrong path to diskd helper corrected, and config
2587 parser extended to trap incorrect paths early
2588 - Bug #1703: COSS failed to initialize async-io threads
2589 - Bug #1703: should abort if diskd helper exits unexpectedly
2590 - Bug #1702: Warn if acl name is too long
2591 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
2592 - wccp2_rebuild_wait directive to delay registering with WCCP until the
2593 - Bug #1662: Infinite loop in external acl with grace period if the
2594 same http_access line had multiple external acls
2596 Changes to squid-2.6.STABLE1 (1 Jul 2006)
2598 - New --enable-default-hostsfile configure option
2599 - Added username info to active_requests cachemgr stats
2600 - Modified squid MIB to incorporate squid.conf visible_hostname
2601 - Added multi-line capability in squid.conf
2602 - Added new httpd_suppress_version_string configuration directive
2604 - Negotiate authentication scheme support
2605 - NTLM authentication scheme rewritten
2606 - Customizable access log formats
2607 - Selective access logging
2608 - Access logging via syslog
2609 - Reverse proxy enhancements, with new cache_peer based forwarding
2611 - LDAP based Digest helper (Note: not true LDAP integration, just using
2612 LDAP for storage of the Digest hashes)
2613 - Improved helper communication protocol
2614 - External ACL improvements. %PATH, log=, grace=, and more..
2615 - Improved SSL support with hardware offload, client certificate
2616 support (primitive), chained certificates and numerous bug fixes
2617 - DNS lookups now use the search path from /etc/resolv.conf or
2618 the Windows registry
2619 - Linux epoll support
2620 - collapsed forwarding to optimize reverse proxies or other
2621 setups having very many clients going to the same URL
2622 - New improved COSS implementation
2623 - Optional support for blank passwords
2624 - The old and obsolete Samba-2.2.X winbind helpers have been removed
2625 - external acls now uses the simplified URL-escaped protol "3.0" by
2627 - Linux TPROXY support
2628 - Support for proxying of Microsoft Integrated Login by adding
2629 support for the deviations from the HTTP protocol required
2630 to support these authentication mechanisms
2631 - Added the capability to run as a Windows service under Cygwin
2632 - CARP now plays well with the other peering algorithms
2633 - read_ahead_gap option to read ahead more than 16KB of the reply
2634 - check_hostnames and allow_underscore squid.conf options
2635 - http_port is now optional, allowing for SSL only operation
2636 - Full ETag/Vary support, caching responses which varies with
2637 request details (browser, language etc).
2638 - umask now defaults to 027 to protect the content of cache and
2639 log files from local users
2640 - HTCP support for access control and the CRL operation for
2641 purgeing of cache content
2642 - Optionally follow X-Forwarded-For headers to determine the original
2643 client IP behind sedond level proxies
2644 - FreeBSD kqueue support
2646 Changes to squid-2.5.STABLE14 (20 May 2006)
2647 - [Minor] icons not displayed when visible_hostname is a
2648 short hostname (without domain). (Bug #1532)
2649 - [Medium] Memleak in HTCP client code (default disabled)
2651 - [Major] memory leak in ident processing (Bug #1557)
2652 - [Medium] Memory leak in header processing related to external_acl
2653 header detail format tag (Bug #1564)
2655 Changes to squid-2.5.STABLE13 (12 Mar 2006)
2656 - [Minor] Fails to compile on Solaris and some other platforms
2657 with undefined reference to setenv (Bug #1435)
2658 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
2659 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
2660 odd results if --enable-ntlm-fail-open is used (Bug #1022)
2661 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
2663 - [Minor] Squid crash when asyncio function counters url accessed
2664 from Cachemgr CGI (Bug #1464)
2665 - [Cosmetic] Linux compile warning about prctl called with too few
2666 arguments (Bug #1483)
2667 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
2668 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
2669 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
2670 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
2671 - [Minor] Ident access lists don't work in delay_access statements
2673 - [Minor] Some clients support NTLM even if not initially negotiating
2674 persistent connections (Bug #1447)
2675 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
2676 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
2678 - [Cosmetic] New persistent_connection_after_error configuration
2679 directive (Bug #1482)
2680 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
2682 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
2683 - [Cosmetic] Typo in ftp.c (Bug #1507)
2684 - [Cosmetic] Error in FTP listings of files with -> in their name
2686 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
2687 in cache.log (Bug #779)
2688 - [Minor] Fails to process long host names (Bug #1434)
2689 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
2690 - [Cosmetic] misleading error message message for bad/unresolveable
2691 cache_peer name (Bug #1504)
2692 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
2694 - [Major] connstate memory leak (Bug #1522)
2696 Changes to squid-2.5.STABLE12 (22 Oct 2005)
2698 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
2699 when using delay pools (Bug #1405)
2700 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
2701 with server_persistent_connections (Bug #454)
2702 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
2703 diagnostics easier on squid_ldap_auth configuration errors
2705 - [Minor] $HOME not set when started as root (Bug #1401)
2706 - [Minor] httpd_accel_single_host breaks in combination with
2707 server_persistent_connections (Bug #1402)
2708 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
2709 implemented, effectively ignored. (Bug #1403)
2710 - [Minor] CNAME based DNS addresses could get cached for longer
2711 than intended (Bug #1404)
2712 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
2713 in transparently intercepting proxies (Bug #1410).
2714 - [Minor] Cache revalidations on HEAD requests causing poor cache
2715 hit ratio (Bug #1411).
2716 - [Minor] Not possible to send 302 redirects via a redirector in
2717 response to CONNECT requests (bug #1412)
2718 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
2720 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
2721 - [Minor] Delay pools class 3 fails on clients in network 255
2724 Changes to squid-2.5.STABLE11 (22 Sep 2005)
2726 - [Minor] Workaround for servers sending double content-length headers
2728 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
2729 - [Cosmetic] Date header corrected on internal objects (icons etc)
2731 - [Minor] squid -k fails in combination with chroot after patch for
2732 bug 1157 (Bug #1307)
2733 - [Cosmetic] Segmentation fault if compiled with
2734 --enable-ipf-transparent but denied access to the NAT device.
2736 - [Minor] httpd_accel_signle_host incompatible with redireection
2738 - [Minor] squid -k reconfigure internal corruption if the type of
2739 a cache_dir is changed (Bug #1308)
2740 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
2742 - [Minor] Title in FTP listings somewhat messed up after previous
2743 patch for bug 1220 (Bug #1220)
2744 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
2745 confusing authentication. (Bug #1204)
2746 - [Minor] winfo_group.pl only looked for the first group if multiple
2747 groups were defined in the same acl. (Bug #1333)
2748 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
2749 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
2750 - [Cosmetic] The new --with-build-environment=... option doesn't work
2751 - [Cosmetic] New 'mail_program' configuration option in squid.conf
2752 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
2754 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
2755 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
2756 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
2757 - [Cosmetic] Invalid URLs in error messages when failing to connect
2758 to peer, and a few other inconsistent error messages (Bug #1342)
2759 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
2761 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
2763 - [Cosmetic] Greek translation of error messages (Bug #1351)
2764 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
2765 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
2766 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
2768 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
2769 - [Minor] E-mail sent when cache dies is blocked from many antispam
2771 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
2772 - [Cosmetic] Incorrect store dir selection debug message on objects
2773 larger than 2Gigabyte (Bug #1343)
2774 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
2775 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
2776 - [Medium] Clients could bypass delay_pool settings by faking a cache
2777 hit request (Bug #500)
2778 - [Minor] IP-Filter 4.X support (Bug #1378)
2779 - [Medium] Odd results on pipelined CONNECT requests
2780 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
2781 when using NTLM authentication.
2782 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
2783 authentication (bug #1396)
2784 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
2786 - [Cosmetic] New --with-maxfd=N configure option to override build
2787 time filedescriptor limit test
2788 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
2790 Changes to squid-2.5.STABLE10 (17 May 2005)
2792 - [Minor Security] Fix race condition in relation to old Netscape
2793 Set-Cookie specifications
2794 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
2795 format and PASV resposes (Bug #1252)
2796 - [Medium] BASE HREF missing on ftp directory URLs without /
2798 - [Minor security] confusing http_access results on configuration
2800 - [Cosmetic] More robust Date parser (Bug #321)
2801 - [Minor] reload_with_ims fails to refresh negatively cached objects
2803 - [Cosmetic] delay_access description clarification (Bug #1245)
2804 - [Cosmetic] Check for integer overflow in size specifications in
2805 squid.conf (Bug #1247)
2806 - [Cosmetic] bzero is a non-standard function not available on all
2807 platforms (Bug #1256)
2808 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
2809 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
2810 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
2812 - [Minor] Duplicate content-length headers logged incorrectly or
2813 not cleaned up properly (Bug #1262)
2814 - [Cosmetic] Extend relaxed_header_parser to work around "excess
2815 data from" errors from many major web servers. (Bug #1265)
2816 - [Minor] Add HTTP headers to a netdb error messages
2817 - [Minor] Multiple minor aufs issues (Bug #671)
2818 - [Minor] Basic authentication fails with very long logins or
2819 password (Bug #1171)
2820 - [Minor] CONNECT requests truncated if client side disconnects first
2822 - [Minor] --disable-hostname-checks configure option did not work
2823 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
2824 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
2825 - [Medium] Failed to process requests for files larger than 2GB in size
2826 - [Cosmetic] rename() related cleanup
2827 - [Cosmetic] New cachemgr pending_objects and client_objects actions
2828 - [Cosmetic] external acls requiring authentication did not request
2829 new credentials on access denials like proxy_auth does.
2830 - [Cosmetic] Syslog facility now configurable via command line options.
2831 - [Cosmetic] New %a error page template code expanding into the
2832 authenticated user name. (Bug #798)
2833 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
2834 - [Minor] Support interception of multiple ports
2835 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
2836 can not be determined (Bug #1196)
2837 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
2838 configuration files with CRLF lineendings proper.
2839 - [Minor] Unrecognized Cache-Control directives now forwarded properly
2841 - [Minor] Authentication helpers now returns useable information
2842 in the %m error page macro on failed authentication (Bug #1223)
2843 - [Minor] pid file management corrected in chroot use (Bug #1157)
2844 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
2845 cachemgr.cgi now reads a config file telling which proxy servers
2847 - [Minor] aufs statistics improvements
2848 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
2849 - [Minor] ARP acl documentation and cachemgr config dump corrections
2850 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
2851 hostnames in addition to the reverse lookup of the domain name.
2852 - [Security] Internal DNS client hardened against spoofing
2854 Changes to squid-2.5.STABLE9 (24 Feb 2005)
2856 - [Medium] Don't retry requests on 403 errors (Bug #1210)
2857 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
2858 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
2859 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
2860 - [Minor] relaxed_header_parser extended to work around even more
2861 broken web servers (Bug #1242)
2862 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
2863 better with Mozilla but also to improve security slightly on
2865 - [Minor] High characters allowed un-encoded in FTP and Gopher
2866 listings to allow the user-agent to display data in non-iso8859-1
2867 charsets. (Bug #1220)
2868 - [Cosmetic] format fixes to silence compiler warnings on many
2870 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
2872 Changes to squid-2.5.STABLE8 (11 Feb 2005)
2874 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
2876 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
2877 - [Minor] The new req_header and resp_header acls segfaults
2878 immediately on parse of squid.conf (Bug #961)
2879 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
2881 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
2882 - [Minor] Squid fails to close TCP connection after blank HTTP
2883 response (Bug #1116)
2884 - [Minor security] Random error messages in response to malformed
2885 host name (Bug #1143)
2886 - [Minor] PURGE should not be able to delete internal objects
2888 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
2890 - [Minor] cachemgr vm_objects segfault (Bug #1149)
2891 - [Minor security] Confusing results on empty acl declarations (Bug
2893 - [Minor] Don't close all "other" filedescriptors on startup (Bug
2895 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
2897 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
2898 - [Medium security] Denial of service with forged WCCP messages
2900 - [Minor] DNS related memory leak on certain malformed DNS responses
2902 - [Minor] Internal DNS sometimes truncates host names in reverse
2903 (PTR) lookups (Bug #1136)
2904 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
2905 - [Security] Harden Squid against HTTP request smuggling attacks
2906 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
2907 short_icon_urls is on (Bug #1203)
2908 - [Security] Harden Squid against HTTP response splitting attacks
2910 - [Medium security] Buffer overflow in WCCP recvfrom() call
2912 - [Security] Properly handle oversized reply headers (Bug #1216)
2913 - [Minor] LDAP helpers search fixed to properly ask for no attributes
2914 - [Minor] A sporadic segmentation fault when using ntlm authentication
2916 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
2917 - [Medium] Persistent connection mismatch on failed PUT/POST request
2919 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
2920 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
2921 - [Major] HTTP reply data corruption in certain situations involving
2922 reply headers split over multiple packets (Bug #1233)
2924 Changes to squid-2.5.STABLE7 (11 Oct 2004)
2926 - [Medium] No objects cached in ufs cache_dir type in some
2927 configurations. Issue introduced in 2.5.STABLE6 by the patch for
2928 Bug #676. (Bug #1011)
2929 - [Minor] LDAP helpers update to correct LDAP connection management
2930 and add support for literal password compare instead of binding
2931 - [Minor] A large number of queued DNS lookups for the same domain
2933 - [Cosmetic] request_header_max_size configuration partly ignored
2935 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
2936 - [Cosmetic] HEAD requests may return stale information
2938 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
2939 - [Minor] case insensitive authentication (Bug #431)
2940 - [Cosmetic] Add delay pools information to active_requests. (Bug
2942 - [Minor] Apparent memory leak in client_db (Bug #833)
2943 - [Minor] NTLM authentication truncated causing failures. (Bug
2945 - [Cosmetic] Grammatical corrections in squid.conf.default
2946 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
2948 - [Medium] Segfaults and other strange crashes when using heap
2949 policies. (Bug #1009)
2950 - [Minor] Supplementary group memberships not set (Bug #1021)
2951 - [Cosmetic] ERR_TOO_BIG Portuguese translation
2952 - [Minor] external_acl does not handle newlines (Bug #1038)
2953 - [Major] NTLM authentication denial of service when using msnt_auth
2954 or fake_auth (Bug #1045)
2955 - [Medium] Memory leaks when using NTLM authentication without
2956 challenge reuse. (Bug #994)
2957 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
2959 - [Minor] assertion failed: "n_ufs_dirs <=
2960 Config.cacheSwap.n_configured". (Bug #1053)
2961 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
2962 - [Minor] acl time fails to parse multiple time specifications
2964 - [Minor] cachemgr config dumps mixed up Range and Request-Range
2965 headers in http_header_access & replace directives. (Bug #1056)
2966 - [Minor] Content-Disposition added as a well known header (Bug #961)
2967 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
2969 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
2970 - [Medium] New acl types to match arbitrary HTTP headers. In addition
2971 the http_header_access & replace directives now support arbitrary
2972 headers and not only the well known ones. (Bug #961)
2973 - [Cosmetic] ncsa_auth now accepts Window formatted password files
2975 - [Cosmetic] Support the --program-prefix/suffix options or other
2976 configure program name transforms (Bug #1019)
2977 - [Minor] Fix race condition in CONNECT and also handle aborts of
2978 CONNECT requests in a more graceful manner. (Bug #859)
2979 - [Minor] New balance_on_multiple_ip directive to work around certain
2980 broken load balancers and optimized ipcache on reload requests
2982 - [Medium] New reply_header_max_size directive
2984 - [Minor] Suspected instability on aborted PUT/POST requests
2986 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
2988 Changes to squid-2.5.STABLE6 (9 Jul 2004)
2990 - Bug #937: NTLM assertion error "srv->flags.reserved"
2991 - Bug #935: squid_ldap_auth can be confused by the use of reserved
2993 - Helper queue warnings imprecise on the number of helpers required
2994 - squid_ldap_auth TLS mode works correctly again
2995 - Bug #940, #305: pkg-config support for finding correct OpenSSL
2997 - Bug #426: "Vary: *" is ignored
2998 - 100% CPU usage on Linux-2.2
2999 - Version number should not include -CVS if autoconf is run
3000 - Bug #947: deny_info redirection with requested URL escaped wrongly
3001 - Bug #495: CONNECT timeout should produce a 504 or 503
3002 - Bug #956: cache_swap_log documentation referred to swap.state by
3003 it's old swap.log name
3004 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
3006 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
3007 - Bug #954: Segment violation when using a blank user name in digest
3009 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
3010 - Spelling corrections in configure and squid.conf.default
3011 - The meaning of ERR in digest helper protocol clarified in the
3012 squid.conf documentation
3013 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
3014 - Bug #616: Negative cached 404 replies with VARY header never matched
3015 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
3016 due to a shortcoming in the fix to bug #817
3017 - Bug #570: Very large cache_mem values reported wrongly in cache.log
3018 - Bug #676: store_dir_select_algorithm least-load doesn't work for
3020 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
3021 - Bug #948: Show client ip in cache.log debug output
3022 - Bug #960: compilation issue on OpenBSD/m88k
3023 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
3024 - Bug #991: dns_servers should default to localhost if no resolv.conf
3025 - Bug #717: msnt_auth documentation update
3026 - Bug #753: Segfault in memBufVPrintf on certain architectures
3028 - Bug #941: Negative size in access.log on long running CONNECT
3030 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
3031 - Bug #981: sasl_auth updated to work with SALS2
3032 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
3033 authentication to a NT domain without using Samba.
3035 Changes to squid-2.5.STABLE5 (1 Mar 2004):
3037 - cache.log message on "squid -k reconfigure" was slightly confusing,
3038 claiming Squid restarted when it just reread the configuration.
3039 - Bug #787: digest auth never detects password changes
3040 - Bug #789: login with space confuses redirector helpers
3041 - Bug #791: FQDNcache discards negative responses when using
3043 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
3044 PAM connections are unsafe and now disabled by default.
3045 - auth_param documentation clarifications and added default realm
3046 values making only the helper program a required attribute
3047 - Bug #795: German ERR_DNS_FAIL correction
3048 - Bug #803: Lithuanian error messages update
3049 - Bug #806: Segfault if failing to load error page
3050 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
3051 - Bug #817: maximum_object_size too large causes squid not to cache
3052 - Bug #824: 100% CPU loop if external_acl combined with separate
3053 authentication acl in the same http_access line
3054 - squid_ldap_group updated to version 2.12 with support for ldaps://
3055 (LDAPv2 over SSL) and a numer of other improvements.
3056 - Bug #799: positive_dns_ttl ignored when using internal DNS.
3057 - Bug #690: Incorrect html on empty Gopher responses
3058 - Bug #729: --enable-arp-acl may give warning about net/route.h
3059 - Bug #14: attempts to establish connection may look like syn flood
3060 attack if the contacted server is refusing connections
3061 - errorpage README files included in the distribution again showing
3062 who contributed which translation
3063 - Bug #848: connect_timeout connect_timeout ends up twice the length.
3064 forward_timeout option added to address this.
3065 - Bug #849: DNS log error messages should report the failed query
3066 - Bug #851: DNS retransmits too often
3067 - Bug #862: Very frequently repeated POST requests may cause a
3068 filedescriptor shortage due to persitent connections building up
3069 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
3070 - Bug #571: Need to limit use of persistent connections when
3071 filedescriptor usage is high
3072 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
3073 does not work properly
3074 - Bug #860: redirector_access does not handle "slow" acls such as
3075 "dst" or "external" requiring a external lookup.
3076 - Bug #865: Persistent connection usage too high after sudden burst
3078 - Bug #867: cache_peer max-conn=.. option does not work
3079 - Bug #868: refuses to start if pid_filename none is specified
3080 - Bug #887: LDAP helper -Z (TLS) option does not work
3081 - Bug #877: Squid doesn't follow telnet protocol on FTP control
3083 - Bug #908: Random auth popups and account lockouts when using ntlm
3084 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
3085 - Bug #585: cache_peer_access fails with NTLM authentication
3086 - Bug #592: always/never_direct fails with NTLM authentication
3087 - wbinfo_group update for Samba-3
3088 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
3089 - Bug #924: miss_access restricts internal and cachemgr requests
3090 even if these are local
3091 - Bug #925: auth headers send by squidclient are mildly malformed
3092 - Bug #922: miss_access and delay_access and several other
3093 authentication related bug fixes.
3094 - Bug #909: Added ARP acl support for FreeBSD
3095 - Bug #926: deny_info with http_reply_access or miss_access
3096 - Bug #872: reply_body_max_size problems when using NTLM auth
3097 - Bug #825: random segmentation faults when using digest auth
3098 - Bug #910: Partial fix for temporary memory leaks when using NTLM
3099 auth. There is still problems if challenge reuse is enabled.
3100 - ftp://anonymous@host/ now accepted without requiring a password
3101 - Bug #594: several mime type updates (ftp:// related)
3102 - url_regex enhanced to allow matching of %00
3104 Changes to squid-2.5.STABLE4 (15 Sep 2003):
3106 - Lithuanian error messages added to the distribution
3107 - Bug #660: segfauld if more than one custom deny_info line
3108 - cache_dir disd documentation cleanup
3109 - check open of /dev/null to avoid 100% CPU loop in badly
3110 configured chroot environments
3111 - documentation update on uri_whitespace to refer to the correct RFC
3112 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
3113 - Bug #683: external_acl does not wait for ident lookups to complete
3114 - aufs: Fix a minor use-after-free problem which could cause the
3115 count of opening filedescriptors to grow larger than it should
3116 - Syntax changes to make GCC-3.3 accept Squid without complaints
3117 - Warning if CARP server defined in incorrect load factor order
3118 - neighbor_type_domain documentation update
3119 - http_header_access now works when using cache peers
3120 - high_memory_warning now uses sbrk as fallback mechanism on
3121 platforms where neither mallinfo or mstats are available.
3122 - hosts_file now handles comments at the end of lines correcly
3123 - storeCheckCachable() Stats corrected for release_request and
3124 wrong_content_length.
3125 - cachePeerPingsSent MIB type corrected
3126 - unused minimum_retry_timeout directive removed
3127 - Bug #702: ERR_TO_BIG spanish translation
3128 - Bug #705: Memory leak on deny_info TCP_RESET
3129 - Code cleanup to fix compile error in httpHeaderDelById
3130 - Bug #699: Host header now forwarded exactly where it was in the
3131 original request to work around certain broken firewalls or
3132 load balancers which fail if this header is too far into the
3134 - Bug #704: Memory leak on reply_body_max_size
3135 - Bug #686: requests denied due to http_reply_access are now
3136 logged with TCP_DENIED (instead of TCP_MISS, etc).
3137 - Bug #708: ie_refresh now sends no-cache to have the reload
3138 request propagate properly in cache meshes
3139 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
3140 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
3142 - Bug #710: round-robin cache_dir selection incorrectly
3144 - Statistics corrections in HTTP header statitics
3145 - QUICKSTART cleanups
3146 - Bug #715: statCounter.syscalls.disk counters treated
3147 inconsistently. Now increment the counters in AUFS
3148 functions and for unlinkd.
3149 - Improvements to the (experimental) COSS storage scheme.
3150 - Bug #721: User name field in access.log sometimes blank
3151 - Bug #94: assertion failed: http.c: "-1 == cfd ||
3152 FD_SOCKET == fd_table[cfd].type"
3153 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
3154 - Bug #732: aufs calculates number of threads and limits wrongly
3155 - Bug #663: Username not logged into access.log in case of /407
3156 - Bug #267: Form POSTing troubles with NTLM authentication
3157 and occationally in differen other error conditions.
3158 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
3159 - Bug #733: No explicit error message when ncsa_auth can't access
3161 - Bug #267, #757: POST with NTLM stops after persistent connection
3163 - Bug #742: Wrong status code on access denials if delay_access
3164 is used. Most notably 407 instead of 403 could be returned.
3165 - Bug #763: segfault if using ntlm in http_reply_access
3166 - Bug #638: assertion error if using proxy_auth in delay_access
3167 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
3168 - The issue of reply_body_max_size limiting the size of error
3169 messages no longer applies.
3170 - external_acl_type concurrency= option renamed to children= to
3171 prepare for Squid-3 upgrades. Old syntax still accepted for the
3172 duration of the Squid-2.5 release.
3173 - number of filedescriptors rounded down to an even multiple of 64
3174 to work around issues in certain libc implementations.
3175 - winbind helpers less noisy in cache.log on restarts/shutdown.
3176 - Squid now automatically restarts helpers if too many of them
3179 Changes to squid-2.5.STABLE3 (25 May 2003):
3181 - Bug #573: Occational false negatives in external acl lookups
3182 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
3183 external_acl helpers crashes
3184 - Bug #590: Squid may hang or behave oddly on shutdown while
3185 requests is being processed.
3186 - Bug #590: external acl lookups does not deal well with queue
3188 - cache_effective_user documentation update
3189 - cache_peer documentation update for htcp and carp
3190 - Bug #600: The example header_access paranoid setting is
3191 missing WWW-Authenticate
3192 - Bug #605: Segmentation fault in idnsGrokReply() on certain
3194 - Fixes to build properly on AIX 5
3195 - Bug #574: wb_group updated to version 1.1 to make group names
3196 case insensitive and correct a segfault issue in the helper
3197 - SNMP mib updates to make cacheNumObjCount,
3198 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
3199 correctly report as gauges (was reporting as counters).
3200 - Woraround for --enable-ssl Kerberos issue on RedHat 9
3201 - Bug #579: Close and repopen log files on "squid -k reconfigure"
3202 - Bug #598: squid_ldap_auth could segfault if LDAP server is
3204 - Bug #609,#612: msntauth helper fixes in dealing with large
3205 or non-existing allow/deny user files.
3206 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
3207 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
3208 and also fails to block large objects where the content-length
3210 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
3211 multiple proxy_auth ACLs combined in one line and login fails.
3212 - squid_ldap_auth updated with support for TLS and SSL
3213 - Bug #623: segfault if using negated external acls in certain
3214 configurations involving other acls later on the same http_access
3216 - Bug #622: wb_group helper update to version 1.2 to ass support for
3217 Domain-Qualified groups refering to groups in a specific domain
3218 - Bug #596: logic error in poll() error management
3219 - Bug #597: logic errors in error management
3220 - Bug #591: segmentation fault in authentication on "squid -k debug"
3221 - Bug #587: smb_auth fails on complex logins involving domain names
3222 or other odd characters
3223 - Bug #558, #587: smb_auth.pl fails on complex logins involving
3224 domain names or other odd characters
3225 - Bug #643: external_acl fails with ttl=0 due to a change introduced
3226 by the patch for Bug #553 in 2.5.STABLE2.
3227 - Bug #630: minor issues in digest authantication causing random
3228 authentication failures and incompability with many mainstream
3229 browser digest implementations due to browser qop bugs. To deal
3230 with those broken browser nonce_stricness now defaults to off,
3231 and two new digest options have been added (check_nonce_count
3232 and post_workaround) to allow workarounds to other quite bad
3233 browser bugs if needed.
3234 - Bug #644: digest authentication fails on requests with one
3235 or more comma in the requested URL
3236 - Bug #648: deny_info TCP_RESET not working. The fix for this also
3237 adds the ability to send redirects.
3239 Changes to squid-2.5.STABLE2 (Mars 17, 2003):
3241 - Contrib files added back to the distribution
3242 - Several compiler warnings fixed when using --disable-ident or
3243 --disable-http-violations
3244 - authentication can now be used in most access controls, but
3245 must in most cases first be enforced in http_access to force
3246 the user to authenticate.
3247 - cleanups in the developer bootstrap.sh process when preparing
3249 - several squid.conf.default documentation updated to correctly
3250 refer to the current names when refering to other directives
3251 - authenticate_ip_ttl documentation updates
3252 - several assertion faults and segmentation violations corrected
3253 - the RunCache/RunAccel and squid.rc scripts updated to refer to
3254 the squid binary in sbin rather than the old bin location.
3255 - squid_ldap_auth command line processing fixes when specifying
3256 the LDAP server last on the line instead of -h option
3257 - aufs data corruption bugfix
3258 - aufs performance improvement for low traffic systems
3259 - aufs stability improvements
3260 - external_acl corrected to properly deal with quoted strings
3261 - WCCPv1 bugfix to make sure the router accepts the hash assignments
3262 - "Total accounted memory" now correctly reported in cachemgr
3263 - several small memory leaks (mostly reconfigure related)
3264 - new squid.conf option to allow GET/HEAD requests with a request
3266 - "make uninstall" no longer removes squid.conf
3267 - cachemgr.cgi now uses POST to avoid having the cachemgr password
3268 logged in the web server logs
3269 - authentication schemes which are known to not be proxyable are now
3270 filtered out from forwarded server replies to avoid that the clients
3271 tries to use such schemes when we know for a fact it won't work
3272 - spelling corrections in various error messages
3273 - now possible to define acl values with spaces in them
3274 by using the "include file" feature
3275 - squid_ldap_group updated to 2.10 to fix compilation issues with
3276 recent (and older) OpenLDAP libraries and to make the helper deal
3277 correctly with true LDAP groups by first looking up the user DN.
3278 - Some internal code cleanups
3279 - now verifies that programs etc exists iside the chroot directory
3280 when using chroot_dir. No longer neccesary to set up a split view
3281 environment where the same paths works both inside the chroot and
3282 outside just to convince Squid that the files is actually there..
3283 - improved memory usage reporting
3284 - --disable-hostname-checks configure option
3285 - no longer ignores double dots in host names. Any hostname with
3286 double dots is now rejected as invalid.
3287 - log_mime_hdrs no longer logs garbage if very long headers
3289 - 'select_fds_hist' object added to cachemgr 'histogram' output
3290 - pid file now unlinked when squid has really shut down, not
3291 immediately when the shutdown request is received. This allows
3292 the pid file to be monitored to determine when Squid has shut down
3294 - correct authentication scheme setups on some platforms or compilers
3295 - several squid.conf.default documentation updates to remove references
3296 to renamed or replaced directives by changing them to their current
3298 - the SSL reverse proxy support updated to allow building with
3299 OpenSSL 0.9.7 and and later.
3300 - Corrected a minor performance problem while processing HEAD replies
3301 from various broken web servers not sending a correct HTTP reply
3302 - time acls can now specify multiple times in the same acl name, like
3303 most other acl types.
3304 - winbind helpers updated to match Samba-2.2.7a and should
3305 work with Samba-2.2.6 or later (required). For compability with
3306 older Samba versions A new configure option --with-samba-sources=...
3307 has been added to allow you to specify which Samba version the
3308 helpers should be built for if different than the above versions.
3309 - Squid MIB definition syntax correction to work better with newer
3310 (and older) SNMP tools.
3311 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
3312 requests where parsing the HTTP identifier (HTTP/1.0) failed.
3313 - "make distclean" no longer removes the icons, this avoids the
3314 dependency on "uudecode" to rebuild Squid after "make distclean"
3315 - User name returned by external acl lookups (external_acl_type)
3316 is now available as "ident" in later acl checks in addition to
3317 the logging in access.log.
3318 - Incorrect behaviour of Digest authentication partly corrected - it
3319 will not handle sessions, but will always enforce password
3320 correctness.. (patch submitted by Sean Burford).
3321 - Issue with persistent connections and PUT/POST request corrected
3323 Changes to squid-2.5.STABLE1 (September 25, 2002):
3325 - Major rewrite of proxy authentication to support other schemes
3326 than basic. First in the line is NTLM support but others can
3327 easily be added (minimal digest is present). See Programmers Guide.
3328 (Robert Collins & Francesco Chemolli)
3329 - Reworked how request bodies are passed down to the protocols.
3330 Now all client side processing is inside client_side.c, and
3331 the pass and pump modules is no longer used.
3333 - Optimized searching in proxy_auth and ident ACL types. Squid should
3334 now handle large access lists a lot more efficiently.
3335 (Francesco Chemolli)
3336 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
3337 now a peer is ignored if it turns out to be us, rather than
3339 - Changed the internal URL code to obey appendDomain for internal
3340 objects if it needs appending. This fixes weirdnesses where
3341 a machine can think it is "foo.bar.com", and "foo" is requested.
3343 - Added the use of Automake to create the Makefile.in's in the squid
3344 source tree. This will allow libtool in the future, and immediately
3345 allows better dependency tracking - with or without gcc - as well
3346 as the dist-all and distcheck targets for developers which respectively
3347 build a tar.gz and a tar.bz2 distribution, and check that what will be
3349 - Added TOS and source address selection based on ACLs,
3350 written by Roger Venning. This allows administrators to set
3351 the TOS precedence bits and/or the source IP from a set of
3352 available IPs based upon some ACLs, generally to map different
3353 users to different outgoing links and traffic profiles.
3354 - Added 'max-conn' option to 'cache_peer'
3355 - Added SSL gatewaying support, allowing Squid to act as a SSL server
3356 in accelerator setups.
3357 - SASL authentication helper by Ian Castle
3358 - msntauth updated to v2.0.3
3359 - no_cache now applies to cache hits as well as cache misses
3360 - the Gopher client in Squid has been significantly improved
3361 - Squid now sanity checks FTP data connections to ensure the
3362 connection is from the requested server. Can be disabled if
3363 needed by turning off the ftp_sanitycheck option.
3364 - external acl support. A mechanism where flexible ACL checks
3365 can be driven by external helpers. See the external_acl_type
3366 and acl external directives.
3367 - Countless other small things and fixes
3368 - HTML pages generated by Squid or CacheMgr as well as the
3369 ERR documents now contain a doctype declaration so that
3370 browsers know which HTML specification the document uses.
3371 In addition to that they have a new look (background-color, font)
3372 and are valid according to the HTML standards at www.w3.org.
3374 - Login and password send to Basic auth helpers is now URL escaped
3375 to allow for spaces and other "odd" characters in logins and
3377 - Proxy Authentication is no longer blindly forwarded to peer
3378 caches if not used locally. If forwarding of proxy authentication
3379 is desired then it must now be configured with the login=PASS
3381 - Responses with Vary: in the header are now cached by squid.
3383 - Removed unused 'siteselect_timeout' directive.
3385 Changes to Squid-2.4.STABLE7 (July 2, 2002):
3387 - Squid now drops any requests using transfer-encoding.
3388 Squid is a HTTP/1.0 proxy and as such do not support
3389 the use of transfer-encoding.
3390 - The MSNT auth helper has been updated to v2.0.3+fixes for
3391 buffer overflow security issues found in this helper.
3392 - A security issue in how Squid forwards proxy authentication
3393 credentials has been fixed
3394 - Minor changes to support Apple MAC OS X and some other platforms
3396 - The client -T option has been implemented
3397 - HTCP related bugfixes in "squid -k reconfigure"
3398 - Several bugfixes and cleanup of the Gopher client, both
3399 to correct some security issues and to make Squid properly
3400 render certain Gopher menus.
3401 - FTP data channels are now sanity checked to match the address of
3402 the requested FTP server. This to prevent theft or injection of
3403 data. See the new ftp_sanitycheck directive if this is not desired.
3404 - Security fixes in how Squid parses FTP directory listings into HTML
3406 Changes to Squid-2.4.STABLE6 (March 19, 2002):
3408 - The patch for 2.4.STABLE5 was insufficiently tested and
3409 introduced a bug that causes frequent assertions when
3410 handling DNS PTR answers.
3412 Changes to Squid-2.4.STABLE5 (March 15, 2002):
3414 - Fixed an array bounds bug in lib/rfc1035.c. This bug
3415 could allow a malicious DNS server to send bogus replies
3416 and corrupt the heap memory.
3418 Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
3420 - htcp_port 0 now properly disables htcp
3421 - Fixed problem with certain non-anonymous ftp:// style URL's
3422 - SNMP bugfixes including several memory leaks
3424 Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
3426 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
3428 - Fixed bug #246: corrupt on-disk meta information preventing
3429 rebuilds of lost swap.state files
3430 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
3431 - Fixed a coredump when creating FTP directories
3432 - Fixed a compile time problem with statHistDump prototype mistmatch,
3433 reported by some compilers
3434 - Fixed a potential coredump situation on snmpwalk in certain
3436 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
3437 store implementation
3438 - Serbian error message translations
3440 Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
3442 - Expanded configure's GCC optimization disabling check to
3444 - avoid negative served_date in storeTimestampsSet().
3445 - Made 'diskd' pathnames more configurable
3446 - Make sure squid parent dies if child is killed with
3448 - Changed diskd offset args to off_t instead of int
3449 - Fixed bugs #102, #101, #205: various problems with useragent
3451 - Fixed bug #116: Large Age: values still cause problems
3452 - Fixed bug #119: Floating point exception in
3453 storeDirUpdateSwapSize()
3454 - Fixed bug #114: usernames not logged with
3455 authenticate_ip_ttl_is_strict
3456 - Fixed bug #115: squid eating up resources (eventAdd args)
3457 - Fixed bug #125: garbage HTCP requests cause assertion
3458 - Fixed bug #134: 'virtual port' support ignores
3459 httpd_accel_port, causes a loop in httpd_accel mode
3460 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
3462 - Fixed bug #137: Ranges on misses are over-done
3463 - Fixed bug #160: referer_log doesn't seem to work
3464 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
3465 comm_dns_incoming histogram)
3466 - Fixed bug #165: "Store Mem Buffer" leaks badly
3467 - Fixed bug #172: Ident Based ACLs fail when applied to
3469 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
3470 - Fixed bug #182: 'config' cachemgr option dumps core with
3472 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
3473 of args in debug/printf
3474 - Fixed bug #187: bugs in lib/base64.c
3475 - Fixed bug #184: storeDiskdShmGet() assertion; changed
3476 diskd to use bitmap instead of linked list
3477 - Fixed bug #194: Compilation fails on index() on some
3479 - Fixed bug #197: refreshIsCachable() incorrectly checks
3480 entry->mem_obj->reply
3481 - Fixed bug #215: NULL pointer access for proxy requests
3484 Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
3486 - Fixed a bug in and cleaned up class 2/3 delay pools
3488 - Fixed a coredump bug when using external dnsservers that
3490 - Fixed some NULL pointer bugs for NULL storage system
3492 - Fixed a bug with useragent logging that caused Squid to
3493 think the logfile never got opened.
3494 - Fixed a compiling bug with --disable-unlinkd.
3495 - Changed src/squid.h to always use O_NONBLOCK on Solaris
3497 - Fixed a bug with signed/unsigned bitfield flag variables
3498 that caused problems on Solaris.
3499 - Fixed a bug in clientBuildReplyHeader() that could add
3500 an Age: header with a negative value, causing an assertion
3502 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
3503 was returning the number of FDs in use, rather than
3504 the number of reserved FDs.
3505 - Added the 'pipeline_prefetch' configuration option.
3506 - cache_dir syntax changed to use options instead of many
3507 arguments. This means that the max_objsize argument now
3508 is an optional option, and that the syntax for how to
3509 specify the diskd magics is slightly different.
3510 - Various fixes for CYGWIN
3511 - Upgraded MSNT auth module to version 2.0.
3512 - Fixed potential problems with HTML by making sure all
3513 HTML output is properly encoded.
3514 - Fixed a memory initialization problem with resource records in
3516 - Rewrote date parsing in lib/rfc1123.c and made it a little
3518 - Added Cache-control: max-stale support.
3519 - Fixed 'range_offset_limit' again. The problem this time
3520 is that client_side.c wouldn't set the we_dont_do_ranges
3521 flag for normal cache misses. It was only being set for
3522 requests that might have been hits, but we decided to
3524 - Added the Authenticate-Info and Proxy-Authenticate-Info
3525 headers from RFC 2617.
3526 - HTTP header lines longer than 64K could cause an assertion.
3527 Now they get ignored.
3528 - Fixed an IP address scanning bug that caused "123.foo.com"
3529 to be interpreted as an IP address.
3530 - Converted many structure allocations to use mem pools.
3531 - Changed proxy authentication to strip leading whitespace
3532 from usernames after decoding.
3533 - Prevented NULL pointer access in aclMatchAcl(). Some
3534 ACL types require checklist->request_t, but it won't be
3535 available in some cases (like snmp_access). Warn the
3536 admin that the ACL can't be checked and that we're denying
3538 - Allow zero-size disk caches.
3539 - The actual filesystem blocksize is now used to account
3540 for space overheads when calculating on-disk cache size.
3541 - Made the maximum memory cache object size configurable.
3542 - Added 'minimum_direct_rtt' configuration option.
3543 - Added 'ie_refresh' configuration option, which is a hack
3544 to turn IMS requests into no-cache requests.
3545 - Added support for netfilter in linux-2.4. This allows transparent
3546 proxy connections to function correctly in the absence of a Host:
3547 header. This requires --enable-linux-netfilter to be passed through
3548 to configure. (Evan Jones)
3549 - Fixed a bug with clientAccessCheck() that allowed proxy
3550 requests in accel mode.
3551 - Fixed a bug with 301/302 replies from redirectors. Now
3552 we force them to be cache misses.
3553 - Accommodated changes to the IP-Filter ioctl() interface
3554 for intercepted connections.
3555 - Fixed handling of client lifetime timeouts.
3556 - Fixed a buffer overflow bug with internal DNS replies
3557 by truncating received packets to 512 bytes, as per
3559 - Added "forward.log" support, but its work in progress.
3560 - Rewrote much of the IP and FQDN cache implementation.
3561 This change gets rid of pending hits.
3562 - Changed peerWouldBePinged() to return false if our
3563 ICP/HTCP port is zero (i.e. disabled).
3564 - Changed src/net_db.c to use src/logfile.c routines,
3565 rather than stdio, because of solaris stdio filedescriptor
3567 - Made netdbReloadState() more robust in case of corrupted
3569 - Rewrote some freshness/staleness functions in src/refresh.c,
3570 partially inspired to support cache-control max-stale.
3571 - Fixed status code logging for SSL/CONNECT requests.
3572 - Added a hack to subtract cache digest network traffic
3573 from statistics so that byte hit ratio stays positive
3574 and more closely reflects what people expect it to be.
3575 - Fixed a bug with storeCheckTooSmall() that caused
3576 internal icons and cache digests to always be released.
3577 - Added statfs(2) support for displaying actual filesystem
3578 usage in the cache manager 'storedir' output.
3579 - Changed status reporting for storage rebuilding. Now it
3580 prints percentage complete instead of number of entries
3582 - Use mkstemp() rather than problem-prone tempnam().
3583 - Changed urlParse() to condense multiple dots in hostnames.
3584 - Major rewrite of async-io (src/fs/aufs) to make it behave
3585 a bit more sane with substantially less overhead. Some
3586 tuning work still remains to make it perform optimal.
3587 See the start of store_asyncufs.h for all the knobs.
3588 - Fixed storage FS modules to use individual swap space
3589 high/low values rather than the global ones.
3590 - Fixed storage FS bugs with calling file_map_bit_reset()
3591 before checking the bit value. Calling with an invalid
3592 value caused memory corruption in random places.
3593 - Prevent NULL pointer access in store_repl_lru.c for
3594 entries that exist in the hash but not the LRU list.
3596 Changes to Squid-2.4.DEVEL4 ():
3598 - Added --enable-auth-modules=... configure option
3599 - Improved ICP dead peer detection to also work when the workload
3601 - Improved TCP dead peer detection and recovery
3602 - Squid is now a bit more persistent in trying to find a alive
3603 parent when never_direct is used.
3604 - nonhierarchical_direct squid.conf directive to make non-ICP
3605 peer selection behave a bit more like ICP selection with respect
3607 - Bugfix where netdb selection could override never_direct
3608 - ICP timeout selection now prefers to use parents only when
3609 calculating the dynamic timeout to compensate for common RTT
3610 differences between parents and siblings.
3611 - No longer starts to swap out objects which are known to be above
3612 the maximum allowed size.
3613 - allow-miss cache_peer option disabling the use of "only-if-cached".
3614 Meant to be used in conjunction with icp_hit_stale.
3615 - Delay pools tuned to allow large initial pool values
3616 - cachemgr filesystem space information changed to show useable space
3617 rather than raw space, and platform support somewhat extended.
3618 - Logs destination IP in the hierarchy log tag when going direct.
3619 (can be disabled by turning log_ip_on_direct off)
3620 - Async-IO on linux now makes proper use of mutexes. This fixes some
3621 odd pthread segfaults on SMP Linux machines, at a slight performance
3623 - %s can now be used in cache_swap_log and will be substituted with
3624 the last path component of cache_dir.
3625 - no_cache is now a full ACL check without, allowing most ACL types
3627 - The CONNECT method now obeys miss_access requirements
3628 - proxy_auth_regex and ident_regex ACL types
3629 - Fixed a StoreEntry memory leak during "dirty" rebuild
3630 - Helper processes no longer hold unrelated filedescriptors open
3631 - Helpers are now restarted when the logs are rotated
3632 - Negatively cached DNS entries are now purged on "reload".
3633 - PURGE now also purges the DNS cache
3634 - HEAD on FTP objects no longer retrieves the whole object
3635 - More cleanups of the dstdomain ACL type
3636 - Squid no longer tries to do Range internally if it is not supported
3637 by the origin server. Doing so could cause bandwidth spikes and/or
3639 - httpd_accel_single_host squid.conf directive
3640 - "round-robin" cache_peer counters are reset every 5 minutes to
3641 compensate previously dead peers
3642 - DNS retransmit parameters
3643 - Show all FTP server messages
3644 - squid.conf.default now indicates if a directive isn't enabled in
3645 the installed binary, and what configure option to use for enabling it
3646 - Fixed a temporary memory leak on persistent POSTs
3647 - Fixed a temporary memory leak when the server response headers
3648 includes NULL characters
3649 - authenticate_ip_ttl_is_strict squid.conf option
3650 - req_mime_type ACL type
3651 - A reworked storage system that supports storage directories in
3652 a more modular fashion. The object replacement and IO is now
3653 responsibility of the storage directory, and not of the storage
3655 - Fixed a bogus MD5 mismatch warning sometimes seen when using
3656 aufs or diskd stores
3657 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
3658 and extended support for this to Linux/GNU libc.
3659 - Disabled the "request timeout" error message sent if the user agent
3660 did not provide a request in a timely manner after opening the
3661 connection. Now the connection is silently closed. The error message
3662 was confusing user agents utilizing persistent connections.
3663 - Fixed configure --enable descriptions to match the arg names.
3664 - Eliminated compile warnings from auth_modules/MSNT code.
3665 - Require first character of hostnames to be alphanumeric.
3666 - Made ARP ACL work for Solaris.
3667 - Removed storeClientListSearch().
3668 - Added counters to track diskd operation success and
3670 - Fixed range_offset_limit.
3671 - Added code to retry ServFail replies for internal DNS
3673 - Added referer header logging (Jens-S. Voeckler).
3674 - Added "multi-domain-NTLM" authentication module, a Perl
3675 script from Thomas Jarosch.
3676 - Added configurable warning messages for high memory usage,
3677 high response time, and high page faults.
3678 - Made store dir selection algorithm configurable.
3679 - Added support for admin-definable extension methods,
3681 - Added 'maximum_object_size_in_memory' as a configuration option -
3682 this defines the watermark where objects transit from being true
3683 hot objects to being in-transit objects in memory. It currently
3685 - Change to the fqdn code which changes how pending DNS requests
3686 are treated as private and only become public once they are
3687 completed. This can add extra load on DNS servers but prevents
3688 all the pending clients blocking if one of the queries got
3689 stuck. (Duane Wessels)
3690 - Converted more code to use MemPools, from Andres Kroonmaa.
3691 - Added more CYGWIN patches from Robert Collins.
3693 Changes to Squid-2.4.DEVEL3 ():
3695 - Added Logfile module.
3696 - Added DISKD stats via cachemgr.
3697 - Added squid.conf options for DISKD magic constants.
3699 Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
3701 Changes to Squid-2.4.DEVEL1 ():
3703 Changes to Squid-2.3.STABLE4 (July 18, 2000):
3705 - Fixed --localstatedir configure option (IKEDA Shigeru).
3706 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
3708 - Added pthread_sigmask() check to configure (Daniel
3710 - Added CYGWIN patches from Robert Collins.
3711 - Changed internal DNS lookups to retry queries that are
3712 returned with RCODE 2 (ServFail).
3713 - Added 'virtual port' support (Gregg Kellogg). If
3714 'httpd_accel_uses_host_header' is enabled, then we use
3715 the port number from the Host header. Otherwise, when
3716 'httpd_accel_port' is set to "0" we use the port number
3717 of the local end of the client socket.
3718 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
3719 - Made Squid accept GET requests that have a "content-length:
3721 - Added a sanity check on the NHttpSockets[] array index
3723 - Added a friendlier message when Squid can't find any DNS
3724 nameserver addresses to use (Daniel Kiracofe).
3725 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
3727 - Added missing '%c' token replacement in error page
3729 - Fixed a bug with 'minimum_object_size' that prevented
3730 internal icons from being loaded.
3731 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
3732 that could prevent any objects from being replaced.
3733 - Make sure that storeDirDiskFull() doesn't actually
3734 *increase* the cache size.
3735 - Changed a storeSwapMetaUnpack() assertion to a recoverable
3737 - Removed "wccpHereIam" event check that could cause Squid
3738 to stop sending HERE_I_AM messages.
3740 Changes to Squid-2.3.STABLE3 (May 15, 2000):
3742 - Fixed malloc linking problems on Solaris. The configure
3743 script incorrectly set options for dlmalloc.
3744 - Added a configure check to remove compiler optimization
3746 - Updated MSNT authenticator module.
3747 - Updated Estonian error pages.
3748 - Updated Japanese error pages.
3749 - Fixed expires bug in httpReplyHdrCacheInit. It was
3750 incorrectly setting expires based on max-age. It was using
3751 the current time as a basis, instead of the response date.
3752 - Fixed "USE_DNSSERVER" typos.
3753 - Added a workaround for getpwnam() problems on Solaris.
3754 getpwnam() could fail if there are fewer than 256 FDs
3755 available. This causes root to own some disk files.
3756 - Added an 'offline_toggle' option via the cache manager.
3757 - Added a 'minimum_object_size' option. Files smaller than
3758 this size are not stored.
3759 - Added 'passive_ftp' option to disable passive FTP transfers.
3760 - Added 'wccp_version' option because some Cisco IOS versions
3761 require WCCP version 3.
3762 - The 'client' program in ping mode (-g) now prints transfer
3764 - Fixed logging of proxy auth username for redirected
3766 - Fixed bogus Age values for IMS requests.
3767 - Fixed persistent connection timeout for client-side
3768 connections. It was hard-coded to 15 seconds, now uses
3769 the 'pconn_timeout' value.
3770 - Fixed up httpAcceptDefer. It wasn't being used properly
3771 and caused high CPU usage when Squid gets close to the FD
3773 - Numerous delay_pools fixes and checks.
3774 - Fixed SNMP coredumps from running snmpwalk.
3775 - Added a check for errno == EPIPE in icmp.c when pinger uses
3776 a Unix socket instead of a UDP socket.
3777 - Fixed ACL checklist memory initialization bugs.
3778 - Cleaned up the MIB file. Replaced contact information and
3779 checked description fields.
3780 - Removed LRU reference_age hard-coded upper limit.
3781 - Fixed async I/O FD leak.
3782 - Made getMyHostname() more robust.
3783 - Fixed domain list matching bug. "x-foo.com" wasn't properly
3784 compared to ".foo.com" and confused splay tree ordering.
3785 - Added a check for whitespace in hostnames and optionally
3786 strip whitespace if 'uri_whitespace' setting allows.
3787 - Added status code and checking to ASN/whois queries.
3789 Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
3791 - Changed Copyright text.
3792 - Changed configure so that some IRIX-6.4 hacks apply to
3793 all IRIX-6.* versions.
3794 - Cleaned up HTML bugs in error pages.
3795 - Told configure to check for netinet/if_ether.h, which
3796 is used in ARP ACL code, but might not be required.
3797 - Added "Cookie" to known HTTP headers so it can be
3798 used in anonymizer configuration.
3799 - Added optional TCP_REDIRECT log code for logging
3800 of 301/302 responses returned by Squid.
3801 - Added a check for a currently running Squid process.
3802 If the pid file exists, and the pid is running,
3803 Squid complains and refuses to start another instance.
3804 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
3806 - Fixed a bug with the PURGE method. The purge enable
3807 flag was not getting cleared during reconfigure.
3808 Also required PURGE method to be used in http_access
3809 list before enabling.
3810 - Fixed async I/O assertions for file open errors.
3811 - Fixed internal DNS assertion when unpacking truncated
3813 - Fixed anonymize_headers bug that caused all headers
3814 to be allowed after a reconfigure.
3815 - Fixed an access denied bug for accelerator-only installations.
3816 - Fixed internal DNS initialization so that it uses
3817 'dns_nameservers' settings in squid.conf if set.
3818 - Fixed 'maxconn' ACL bug that caused it to work backwards
3820 - Fixed syslog bug for daemon mode on Linux.
3821 - Fixed 'http_port' parsing bugs.
3822 - Fixed internal DNS byte ordering bugs for PTR queries.
3823 - Fixed internal DNS queue getting stuck during periods
3824 of low activity (Henrik).
3825 - Fixed byte ordering bugs for parsing EPLF FTP listings
3827 - Fixed 'request_body_max_size' bug that caused all
3828 POST, PUT requests to be denied if max size is set
3830 - Fixed 'redirector_access' bug when using 'myport' ACLs.
3831 - Fixed CARP neighbor selection bugs for down peers.
3832 - Added 'client_persistent_connections' and
3833 'server_persistent_connections' flags to disable persistent
3834 connections for clients and servers.
3835 - Fixed access logging bug that caused many requests to be
3837 - Added some bounds checking to delay pools code.
3839 Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
3841 - Updated PAM authentication module from Henrik Nordstrom.
3842 - Updated Bulgarian error messages from Svetlin Simeonov.
3843 - Changed ACL routines so that User-Agent (browser) string
3844 is always taken from compiled HTTP request headers
3845 instead of passed as an argument to aclCreateChecklist.
3846 - Added a 'strip' option to the 'uri_whitesace' configuration
3847 directive and made it the default behavior. Whitespace
3848 found in URI's is now stripped out by default.
3849 - Added chroot feature. The 'chroot_dir' config option enables
3850 it and specifies the directory.
3851 - Changed clientBuildReplyHeader so that the Age header is
3852 added only for cache hits, and only when we can calculate
3853 a valid, positive age value.
3854 - Changed clientWriteComplete and clientGotNotEnough so
3855 that they keep persistent connections open for more types
3856 of replies that don't have bodies.
3857 - Changed filemap.c routines to dynamically grow filemap
3859 - Added a hack to ftp.c to deal with ftp.netscape.com, which
3860 sometimes doesn't acknowledge PASV commands.
3861 - Fixed FTP bug with ftpScheduleReadControlReply; there
3862 was not always a timeout handler on the control socket
3863 after the transfer completed.
3864 - Fixed FTP filedescriptor leak from invalid PASV replies.
3865 - Changed httpBuildRequestHeader so that it doesn't
3866 copy the Host header from the client request. Instead
3867 we should generate our own Host header which is known
3869 - Changed storeTimestampsSet to adjust entry->timestamp
3870 if the response includes an Age header.
3871 - Removed size limit from storeKeyHashBuckets.
3872 - Changed fwdConnectStart from a "heavy" to a "light" event.
3873 - Fixed an 'anonymize_headers' bug that affects unknown
3874 HTTP headers. With the bug, if you list a header that
3875 Squid doesn't know about (such as "Charset"), it would
3876 add HDR_OTHER to the allow/deny mask. This caused all
3877 unknown headers to be allowed or denied (depending on
3878 the scheme you use). Now, with the bug fixed, an unknown
3879 header in the 'anonymize_headers' list is simply ignored.
3881 Changes to Squid-2.3.DEVEL3 ():
3883 - Added MSNT auth module from Antonino Iannella.
3884 - Added --enable-underscores configure option. This allows
3885 Squid to accept hostnames with underscores in them. Your
3886 DNS resolver may still complain about them, however.
3887 - Added --heap-replacement configure option. This enables
3888 the alternative cache replacement policies, such as
3890 - WCCP establishes and registers with the router faster.
3891 - Added 'maxconn' acl type to limit the number of established
3892 connections from a single client IP address. Submitted
3894 - Close FTP data socket as soon as transfer completes
3895 (Alexander V. Lukyanov).
3896 - Fixed ftpReadPass() to not clobber ctrl.message when
3897 the PASS command fails.
3898 - Added a redirect.c patch so squidGuard is able to do
3899 per-user access control (Antony T Curtis).
3900 - discard the pumpMethod() function, and instead use the
3901 fact that the request has a request entity (content-length
3903 - Reload the MIME icons at reconfigure time (Radu Greab).
3904 - Updated Richard Huveneers' SMB authentication module to
3905 his version 0.05 package.
3906 - Fixed lib/heap.c::heap_delete() bug when deleting the
3908 - Fixed an integer conversion bug in
3909 lib/rfc1035.c::rfc1035AnswersUnpack().
3910 - Fixed lib/rfc1738 routines to encode reserved characters,
3911 in addition to encoding the unsafe characters (Henrik).
3912 - Changed the interface for splay compare and "walk"
3913 functions to take a void pointer, instead of a splayNode
3915 - Changed numerous HTTP parsing routines to use ssize_t
3916 instead of size_t. This was done because size_t may be
3917 signed or unsigned. When it is unsigned, gcc emits
3918 numerous "comparison is always true" warnings. At least
3919 we know ssize_t is always signed.
3920 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
3921 friends so that it properly handles multi-value lists.
3922 - Added an "end" (ssize_t) parameter to
3923 src/HttpReply::httpReplyParse() so that we know exactly
3924 where to terminate the header buffer.
3925 - Changed src/access_log.c::log_quote() so that it only
3926 encodes whitespace characters, and not all URL-special
3927 characters (Henrik).
3928 - Added local port ACL type ("myport") (Henrik).
3929 - Added maximum number of connections per client ("maxconn")
3931 - Fixed proxy authentication username/password parsing to
3932 be more robust (Henrik).
3933 - Fixed ACL domain/host and domain/domain comparison
3934 functions yet again. Eliminated duplicate code so that
3935 only src/url.c::matchDomainName() contains this mysterious
3937 - Changed the 'http_port' option to accept an IP address
3938 or hostname as well (Henrik).
3939 - Removed 'tcp_incoming_addr' option.
3940 - Added an access control list for the redirector
3941 ('redirector_access'). Requests which match are sent to
3942 the redirector. All requests. are redirected by default.
3943 - Added the 'authenticate_ip_ttl' option. It specifies
3944 how long a valid proxy authentication credential is
3945 bound to a specific address.
3946 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
3947 - Removed the unused and highly questionable 'forward_snmpd_port'
3949 - Added an option to accept DNS messages from unknown nameservers.
3950 This may be necessary if replies come from a different address
3951 than queries are sent to.
3952 - Added #includes for IP Filter files in netinet directory.
3953 - Fixed a bug with retrying forwarded IMS requests (Henrik).
3954 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
3955 where we were checking a cache-control bit before getting the
3956 mask from the HTTP headers (pallo@initio.no).
3957 - Fixed a bug with "no_cache" access list. If not defined,
3958 everything was uncachable by default.
3959 - Fixed a bug with timed-out client-side HTTP connections.
3960 We didn't cancel the read handler, which could lead to
3961 "rwstate != NULL" warnings.
3962 - Changed comm_open() to only call fdAdjustReserved() for
3963 specific errors (ENFILE, EMFILE);
3964 - Fixed NULL pointer bug in idnsParseResolvConf().
3965 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
3966 - Added DELETE request method.
3967 - Added RFC 2518 HTTP status codes.
3968 - Fixed handling of URL passwords when we need to rewrite a
3969 BASE HREF URL (Henrik).
3970 - Fixed a bug with FTP requests where a request gets aborted,
3971 but we try to complete it anyway. It would result in a
3972 "store_status != STORE_PENDING" assertion. The solution
3973 is to check for ENTRY_ABORTED before reading from
3974 the control channel too.
3975 - Changed FTP to retry a request if Squid fails to establish
3976 a PASV data connection (Henrik).
3977 - Fixed numerous HTCP memory leaks and an uninitialized memory
3979 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
3981 - Minor fixes for Rhapsody systems.
3982 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
3983 don't include varargs.h.
3984 - Changed src/store_client.c::storeClientType() so that
3985 an entry can have more than one STORE_MEM_CLIENT.
3986 - Changed src/store_client.c::storeClientReadHeader()
3987 to check swapfile metadata (Henrik).
3988 - Changed src/url.c::urlCheckRequest() to return FALSE for
3989 any "https://" URL. These should always be CONNECT
3990 instead. If Squid gets an "https://" URL, it is a browser
3992 - Added numerous squid.conf options for controlling cache
3993 digests. Previously these were hard-coded in
3994 src/store_digest.c. (Martin Hamilton)
3995 - Added 'cache_peer' option called 'digest-url' that
3996 lets you specify the URL for a peer's digest.
3998 - Added DELAY_POOLS hacks to scan "slow" connections in
3999 a random order (David Luyer).
4000 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
4001 per-interface arp/neighbour cache, whereas 2.0.x uses a
4002 unified cache. Under 2.2.x you are required to specify
4003 a interface name when looking up ARP table entries with
4005 - If the process umask is not set (i.e. 0), then Squid
4008 Changes to Squid-2.3.DEVEL2 ():
4010 - Added --enable-truncate configure option.
4011 - Updated Czech error messages ()
4012 - Updated French error messages ()
4013 - Updated Spanish error messages ()
4014 - Added xrename() function for better debugging.
4015 - Disallow empty ("") password in aclDecodeProxyAuth()
4017 - Fixed ACL SPLAY subdomain detection (again).
4018 - Increased default 'request_body_max_size' from 100KB
4019 to 1MB in cf.data.pre.
4020 - Added 'content_length' member to request_t structure
4021 so we don't have to use httpHdrGetInt() so often.
4022 - Fixed repeatedly calling memDataInit() for every reconfigure.
4023 - Cleaned up the case when fwdDispatch() cannot forward a
4024 request. Error messages used to report "[no URL]".
4025 - Added a check to return specific error messages for a
4026 "store_digest" request when the digest entry doesn't exist
4027 and we reach internalStart().
4028 - Changed the interface of storeSwapInStart() to avoid a bug
4029 where we closed "sc->swapin_sio" but couldn't set the
4031 - Changed storeDirClean() so that the rate it gets called
4032 depends on the number of objects deleted.
4034 - Added 'hostname_aliases' option to detect internal requests
4035 (cache digests) when a cache has more than one hostname
4037 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
4039 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
4040 - Added OPTIONS request method.
4042 Changes to Squid-2.3.DEVEL1 ():
4044 - Added WCCP support. This adds the 'wccp_router' squid.conf
4046 - Added internal DNS queries; Most installations can run
4047 without the external dnsserver processes.
4048 - Rewrote much of the code that stores cache objects on
4049 disk. Developed a programming interface that should
4050 allow new storage systems to be added easily. This still
4051 is pretty ugly and needs a lot of work, however.
4052 - Replaced async_io.c "tags" with callback data locks.
4053 This probably breaks async IO in a bad way.
4054 - Tried to write an Async IO disk storage module.
4055 - Added code to replace the StoreEntry linked list with a
4056 heap structure. This allows for different replacement
4057 algorithms, instead of being stuck with LRU. This adds
4058 the 'replacement_policy' squid.conf option. (John Dilley
4060 - Fixed HTCP queries by actually checking for freshness
4061 based on the HTCP header fields.
4062 - Fixed passing of redirector command line arguments.
4063 - Added 'request_header_max_size' squid.conf option.
4064 - Added 'request_body_max_size' squid.conf option.
4065 - Added 'reply_body_max_size' squid.conf option.
4066 - Added 'peer_connect_timeout' squid.conf option.
4067 - Added 'redirector_bypass' squid.conf option.
4068 - Added RFC 2518 (WEBDAV) request methods.
4070 Changes to Squid-2.2 (April 19, 1999):
4072 - Removed all SNMP specific ACL code
4073 SNMP now uses generic squid ACL's
4074 - Removed view-based access crontrol
4075 - Cleaned up and simplified SNMP section of squid.conf
4076 - Changed the SNMP code to use a tree stucture.
4077 - Added objects to MIB:
4081 - Changed SNMP Agent to return object instances correctly.
4082 - Added our own assert() macro so we can use debug() instead of
4084 - Added eventFreeMemory().
4085 - Fixed ipcCreate() bug when debug_log has FD <= 2.
4086 - Changed watchChild() and related code in main.c so that
4087 Squid can behave more like a proper daemon process.
4088 - Added 'prefer_direct' option (enabled by default) so that
4089 people can give parents higher preference than direct.
4090 - Fixed ipc.c close() bug for async IO. On FreeBSD,
4091 comm_close() doesn't work for child processes when async IO is
4093 - Fixed setting the public key for large ``icons'' (Henrik
4095 - Rewrote peer digest module to fix memory leaks on reconfigure
4096 and clean the code. Increased "current" digest version to 5
4097 ("required" version is still 3). Revised "Peer Select" cache
4099 - Added "-k parse" command line option: parses the config file
4100 but does not send a signal unlike other -k options.
4101 - Revamped storeAbort() calling. Only store_client.c has all
4102 the right information to determine if the request should
4103 be aborted. Now client and server modules just storeUnregister
4104 without ever needing to call storeAbort.
4105 - Small change of Squid output for FTP (Andrew Filonov,
4107 - clientGetsOldEntry() sends old entry if new request status
4108 is in the 500-range (Henrik Nordstrom).
4109 - Changed configure so it works with IRIX6.4 C compiler (broken?)
4110 option -OPT:fast_io=ON.
4111 - Fixed comm_connect_addr() non-blocking connections for
4112 SONY NEWSOS (Makoto MATSUSHITA).
4113 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
4114 by autoconf documentation.
4115 - Fixed client-side cache-control max-age (Henrik Nordstrom).
4116 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
4117 this error if it is called while squid is in the process of
4119 - Added support for linuxthreads package under FreeBSD (Tony Finch).
4120 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
4121 functions non-static (Michael Pelletier).
4122 - Fixed logging of authenticated usernames even if the
4123 authorization is not cached (Dancer).
4124 - Fixed pconnPush() bug that prevented holding on to
4125 persistent connections (Manfred Bathelt).
4126 - Pid file now rewritten on SIGHUP.
4127 - Numerous Ident changes:
4128 - Ident lookups will now be done on demand if you use the
4130 - The 'ident_lookup on|off' option has been replaced with
4131 an access list, so you can do lookups only for some
4133 - Added an 'ident_timeout' option to specifiy the amount
4134 of time to wait for an ident lookup.
4135 - Added a (local) hit rate to mempool metering.
4136 - FTP Restarts (REST command) is now supported.
4137 - Check for libintl.a on SCO3.2.
4138 - Disable poll() on SCO3.2.
4139 - Numerous Async IO enhancements from Henrik.
4140 - Removed cache_mem_low and cache_mem_high options (Henrik
4142 - Replaced 'persistent_client_posts' with 'broken_posts' access
4144 - Rewrote the anonymizer.
4145 - Removed the http_anonymizer option.
4146 - Added the anonymize_headers option to allow individual
4147 referencing of headers for addition or removal. See
4148 'anonymize_headers' in squid.conf for additional
4150 - Fixed config file parser's handing of optional directives.
4151 Some people might get new warnings about unknown config
4153 - Added 'myip' ACL type. This is the local IP address for
4154 connected sockets (Luyer).
4155 - Fixed parsing of FTP DOS directory listings with spaces
4157 - Numerous DELAY_POOL changes/fixes from David Luyer:
4158 - Makes no-delay neighbors for DELAY_POOLS work by
4159 using a fd_set with the connections to no-delay
4161 - Makes IP addresses ending in 0 and 255, and
4162 network number 255, work with individual and
4163 network delay pools (they were previously not
4164 permitted, and documented as such).
4165 - Massive overhaul of delay pools code - dynamically
4166 allocated delay pools, as many as required.
4167 - delayPoolsUpdate stops running if DELAY_POOLS is
4168 configured but no delay pools are configured.
4169 - Initial delay pool levels are now configurable
4170 as a percentage of the maximum for the pool in
4171 question (used to be all set to 1 second worth
4172 of traffic). Pools are restored to this level
4174 - Changed storeClientCopy to give a swap-in failure if
4175 the number of open disk FD's is above the 'max_open_disk_fds'
4176 limit. Otherwise, a very loaded cache will end up with
4177 all disk files open for reading, and none for writing.
4178 - Added lib/inet_ntoa.c from BSD Unix for systems that have
4179 broken inet_ntoa(). (Erik Hofman).
4180 - Added more specific FTP error messages for "permission
4181 denied, "file not found," and "service unavailable."
4183 - Added xisspace(), xisdigit(), etc, macros to cast function
4184 args and eliminate compiler warnings.
4185 - Fixed case-sensitive comparisons of domain names (Henrik
4187 - Added proxy-authentication to cachemgr.cgi's requests
4189 - Changed Squid to *truncate* rather than *unlink* purged
4190 swap files. Can be reversed by undefining
4191 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
4192 - Changed internal icon headers to use Cache-control
4193 Max-age instead of Expires.
4194 - Changed storeMaintainSwapSpace behavior to be adjusted
4195 smoothly, instead of discretely, between store_swap_low
4196 and store_swap_high. This includes the number of
4197 objects to scan, number to remove, and time until the
4198 next storeMaintainSwapSpace event.
4199 - Fixed a quick_abort bug that incorrectly calculated
4201 - Added getpwnam() auth module from Erik Hofman.
4202 - Added 'coredump_dir' option.
4203 - Fixed a peerDestroy() assertion that required peer->digest
4204 to be NULL at the end of peerDestroy().
4205 - configure script now automatically enables dlmalloc for
4207 - configure enables poll() on linux 2.2 and later (Henrik).
4208 - Icon files are now distributed in binary format, install
4209 will not need to run 'sh' and 'uudecode'.
4210 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
4211 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
4212 fwdCheckDeferRead() will NOT defer reading if the
4213 ENTRY_FWD_HDR_WAIT bit is set.
4214 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
4215 - Fixed a (double) cast problem that caused statAvgTick()
4216 events to be added as fast as possible.
4217 - Changed httpPacked304Reply() to not include the Content-Length
4218 header for 304 replies that Squid generates. We used to
4219 include the length of the cached object, and this broke
4220 persistent connections.
4224 - Fixed configure bug for statvfs() checks. Configure reports
4225 "test: =: unary operator expected" or similar because an
4226 unquoted variable is not defined.
4227 - Fixed aclDestroyAcls() assertion because some ACL types
4228 are not listed in the switch statement. Occurs for
4229 srcdom_regex and dstdom_regex ACL types during reconfigure.
4230 - Typo "applicatoin" in src/mime.conf
4231 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
4232 #define because it didn't include squid.h.
4233 - Fixed commRetryFD() when bind() fails. commRetryFD was
4234 closing the filedescriptor, but it is the upper layer's
4236 - Changed configure's "maximum number of filedescriptors"
4237 detection to only use getrlimit() for Linux. On AIX,
4238 getrlimit returns RLIM_INFINITY.
4239 - Fixed snmpInit() nesting bug.
4240 - Fixed a bug with peerGetSomeParent(). It was adding
4241 a parent to the FwdServers list, regardless of the
4242 ps->direct value. This could cause every request to
4243 go to a parent even when always_direct is used.
4244 - Changed fwdServerClosed() to rotate the "forward servers"
4245 list when a connection establishment fails. Otherwise
4246 it always kept trying to connect to the first server
4251 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
4252 - Avoid coredump in aclMatchAcl() if someone tries to use
4253 proxy authentication with a non-HTTP request (e.g. icp_access).
4254 - Moved 'ident_lookup_access' in squid.conf so it appears
4255 after the ACL section.
4256 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
4257 - Fixed a case in clientCacheHit() where we thought it
4258 was a hit, but the reply status was not 200, so we
4259 had to perform a cache miss. We forgot to change the
4260 log_type and these were being recorded as TCP_HIT's.
4261 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
4262 - Fixed delay_pools coredump and memory leak bugs from
4263 NULL delay_id values.
4264 - Fixed a SEGV bug with delay_pools when requesting
4265 'objects' or 'vm_objects' from the cachemgr.
4266 - Added a workaround for buggy FTP servers that return
4267 a size of zero for non-zero-sized objects.
4268 - Removed umask(0) call from main().
4269 - Fixed a peer selection bug that caused us to never select
4270 a neighbor based on ICP replies if the ICP timeout occurs.
4271 In conjunction with this, removed the PING_TIMEOUT state.
4272 - Fixed a store_rebuild bug that caused us to get stuck trying
4273 if a cache_dir subdirectory didn't exist.
4274 - Fixed a buffer overrun bug in gb_to_str().
4278 - Fixed a dread_ctrl leak caused in store_client.c
4279 - Fixed a memory leak in eventRun().
4280 - Fixed a memory leak of ErrorState structures due to
4282 - Fixed detection of subdomain collisions for SPLAY trees.
4283 - Fixed logging of hierarchy codes for SSL requests (Henrik
4285 - Added some descriptions to mib.txt.
4286 - Fixed a bug with non-hierarchical requests (e.g. POST)
4287 and cache digests. We used to look up non-hierarchical
4288 requests in peer digests. A false hit may cause Squid
4289 to forward a request to a sibling. In combination with
4290 'Cache-control: only-if-cached, this generates 504 Gateway
4291 Timeout responses and the request may not be re-forwardable.
4292 - Fixed a filedescriptor leak for some aborted requests.
4295 Changes to Squid-2.1 (November 16, 1998):
4297 - Changed delayPoolsUpdate() to be called as an event.
4298 - Replaced comm_select FD scanning loops with global fd_set
4299 structures. Inspired by Jeff Mogul's patch for squid 1.1.
4300 - Moved functions common to dns.c, redirect.c, authenticate.c,
4301 ipcache.c, and fqdncache.c into helper.c.
4302 - Changed storeClientCopy2() so that it keeps sending the remainder
4303 of a STORE_ABORTED request, instead of cutting off the client as
4304 soon as the object becomes aborted.
4305 - Fixed combined ipf-transparent proxy and a local http-accelerator
4306 operation (Quinton Dolan).
4307 - Rewrote base64_decode.c because of potential buffer overrun
4309 - Configurable handling of whitespace in request URI's.
4310 See 'uri_whitespace' in squid.conf.
4311 - Added ability to generate HTTP redirect messages from
4312 the redirector output by prepending "301:" or "302:" to the
4313 new url. See FAQ 4.16 for more details.
4314 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
4315 potentially causing under-utilized cache digests
4316 - Maintain refreshCheck statistics on per-protocol basis so we
4317 can tell why ICP or Digests return too many misses, etc.
4318 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
4319 - Changed squid.conf's default access controls to deny all
4320 HTTP requests. Admins must write ACL rules to specifically
4321 allow their local clients.
4322 - Patched French error messages (Mathias HERBERTS).
4323 - NextStep porting fixes by Mike Laster:
4324 - use xstrdup() in cf_gen.c
4325 - check for putenv() in configure
4326 - #define S_ISDIR macro
4327 - Added --disable-poll configure option (Henrik Nordstrom).
4328 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
4329 - Patched ftp.c so we never cache autenticated FTP requests
4331 - Fixed FTP authentication. We tried to unescape authentication
4332 given by basic authentication which is not URL escaped
4334 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
4335 - Added 'redirect_rewrites_host_header' option to disable rewriting
4336 of Host header for redirector responses (Henrik Nordstrom).
4337 - Allow semi-customized error message signatures (Henrik Nordstrom).
4338 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
4339 - Fixed handling of blank lines in ACL input files (Henrik
4341 - Changed proxy_auth ACL type to consist of a list of valid
4342 users. REQUIRED == any (same as ident ACL). ACL type user
4343 changed to ident since this is what it really is.
4345 - Fixed long URL bugs; make sure 'log_uri' never exceeds
4347 - Allow comments in external ACL files (Gerhard Wiesinger).
4348 - Added 'range_offset_limit' configuration option. Requests
4349 with ranges that start after this value will be passed
4350 on unmodified, and Squid will not cache the response
4352 - Added Client HTTP Hit byte counters to 'counters' output
4354 - Got Squid to compile with --enable-async-io on FreeBSD.
4355 - Fixed infinite loop bug for cachemgr 'config' option.
4356 - Fixed cachability bugs for replies with Pragma: no-cache.
4357 - Made content-type multipart/x-mixed-replace uncachable.
4358 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
4359 format (Richard Kettlewell).
4360 - Fixed passing -s option to dnsserver processes (Alvaro Jose
4362 - Changed proxy_auth to work on internal objects and when in
4363 accelerator mode. (Henrik Nordstrom)
4364 - Added login=user:password option to cache_peer directive to
4365 be used from a dial-up cache where the parent requires proxy
4366 authentication. (Henrik Nordstrom)
4367 - If you want to "auto-login", then use a URL on the form
4368 http://username:password@server/.... Squid now picks this up
4369 when going direct, and turns it into basic WWW
4370 authentication. It is also possible to do automatic login to
4371 certain servers by using a redirector to add the needed
4372 authentication information. (Henrik Nordstrom)
4373 - Changed refreshCheck() so that objects with negative age
4375 - Fixed "plain" FTP listings (Henrik Nordstrom).
4376 - Fixed showing banner/logon message for top-level FTP
4377 directories (Henrik Nordstrom).
4378 * Changes below have been made to SQUID_2_1_PATCH1
4379 - Fixed pinger packet size assertion.
4380 - Fixed WAIS forwarding.
4381 - Fixed dnsserver coredump bug caused by using both -D and
4383 * Changes below have been made to SQUID_2_1_PATCH2
4384 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
4385 - Fixed proxy auth NULL password bug.
4386 - Fixed queueing of multiple peerRefreshDNS events.
4387 - Added a stack of StoreEntry objects to be released after
4388 store rebuild completes.
4389 - Fixed NULL pointer bugs with too-large requests (found by
4391 - Fixed reading replies from buggy ident servers. Replies
4392 might not have terminating CR or LF (Henrik Nordstrom).
4393 - Changed internal StoreEntry key so that the request method
4394 is encoded as a single octet. Encoding an enumerated type
4395 has size and byte-order incompatibilities, especially for
4397 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
4398 are not always locked. This fixes having multiple
4399 store_digest's stuck in memory.
4400 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
4401 unregisters from "cache hit" entries.
4402 * Changes below have been made to SQUID_2_1_PATCH3
4403 - Fixed memory leak in clientHandleIMSReply for
4404 storeClientCopy failures.
4406 Changes to Squid-2.0 (October 2, 1998):
4408 - Added NAT/Transparent hijacking code from Quinton Dolan.
4409 - Added actual filesystem usage to cachemgr 'storedir' page.
4410 Only works for operating systems which support statvfs().
4411 - Fixed HTCP compile-time bugs.
4412 - Fixed quick_abort bugs. Configured values are stored as
4414 - Removed fwdAbortFetch(). It breaks quick_abort and seems
4416 - Changed storeDirSelectSwapDir() to skip swap directories
4417 when their utilization is over the high water mark ratio.
4418 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
4419 - fixed bugs in Content-Range header generation
4420 - changed the way Range requests are handled:
4421 - do not "advertise" our ability to process ranges at
4423 - on hits, handle simple ranges and forward complex
4425 - on misses, fetch the whole document for simple ranges
4426 and forward range request for complex ranges
4427 The change is supposed to decrease the number of cases when
4428 clients such as Adobe acrobat reader get confused when we
4429 send a "200" response instead of "206" (because we cannot
4430 handle complex ranges, even for hits) Note: Support for
4431 complex ranges requires storage of partial objects.
4432 - Removed SNMP mib-2.system group from squid.
4433 - Removed SNMP ability to iterate through ipcache and friends.
4434 - Added SNMP ipcache/fqdncache basic statistics.
4435 - Converted SQUID-MIB to SMIv2 (RFC 1902).
4436 - Moved SQUID-MIB to enterprises section of the tree in preparation
4437 of the split into PROXY-MIB & SQUID-MIB.
4438 - Corrected minor errors in SQUID-MIB.
4439 - Moved uptime into cacheSystem from cacheConfig.
4440 - Corrected a number of get-next-request bugs, snmpwalk should now
4441 return all objects and not skip some.
4442 - Fixed netdbClosestParent() so it won't return sibling
4444 - Fixed a bug with secondary clients on entries with
4445 ENTRY_BAD_LENGTH set. We should release the
4446 bad entry to prevent secondary clients jumping on.
4447 - Changed MIB to prevent parse warnings at startup.
4448 * Changes below have been made to SQUID_2_0_PATCH1
4449 - Fixed a forwarding loop bug. Even though we were detecting
4450 a loop, it was not being broken.
4451 - Try to prevent sibling forwarding loops by NOT forwarding a
4452 request to a sibling if we have a stale copy of the object.
4453 Validation requests should only be sent to parents (or
4455 - Fixed ncsa_auth hash bugs when re-reading password file.
4456 - Changed clientHierarchical() so that by default SSL/CONNECT
4457 requests do NOT go to neighbor caches.
4458 - Changed clientHandleIMSReply() to not call storeAbort()
4459 because there can be more than one client hanging on the
4460 StoreEntry. This hopefully fixes "store_status !=
4461 STORE_ABORTED" assertions.
4462 - Added temporary fix to httpMakePublic() to prevent assertions
4463 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
4464 * Changes below have been made to SQUID_2_0_PATCH2
4465 - PATCH1 introduced a seriously stupid bug which prevented ICP
4466 queries for all requests. Fixed by checking
4467 request->hierarchical in peerSelectFoo().
4469 Changes to squid-1.2.beta25 (September 21, 1998):
4471 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
4472 callbacks (Henrik Nordstrom).
4473 - Fixed store_swapout.c assertion. We were freeing object data
4474 past the swapout_done offset. This probably happens (only?)
4475 when an object changes from cachable to uncachable while
4476 it is being swapped out.
4477 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
4478 of the buffers used for writing data to the client sockets.
4479 - Added configure check for libbind.a. If found, it will be
4480 used instead of libresolv.a.
4481 - Changed fwdStart() to always allow internally generated
4482 requests, such as for peer digests. These requests are
4483 known to fwdStart() because the address arg is set to
4485 - Completed initial HTCP implementation. It works, but is not
4487 - Added counters for I/O syscalls.
4488 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
4489 (netapp) Squid doesn't use private keys. This caused us
4490 to remove almost every object from the cache.
4491 - Added 'asndb' cachemgr stats to show AS Number tree.
4492 - Fixed AS Number byte-order bug for netmasks.
4493 - Fixed comm_incoming calling rate for high loads (Stewart
4495 - Give always_direct higher precedence than never_direct
4497 - Changed PORT ACL type to accept ranges. Now you can easily
4498 deny, for example, all priveleged ports except 80, 70, 21,
4500 - ARP ACL fixes for Linux (David Luyer).
4501 - Replaced various "EBIT" flags bitfileds with structures of
4503 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
4504 efficient by removing snprintf(). This causes an
4505 incompatibility with old cache keys, however. To transition,
4506 we will look up both the new and old style keys for about the
4507 next 30 days. After that, if you haven't run this (or a
4508 future) version, your cache contents will be lost.
4509 - Made the client-side write buffer size configurable with
4510 a #define in defines.h. By default it is still 4096 bytes.
4511 - Removed redirectUnregister(). It should be unnecessary
4512 because of cbdata locks.
4513 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
4514 - Changed non-blocking connect(2) code to call getsockopt()
4515 instead of connect() again. This is the approach recommended
4516 by Stevens, and fixes bugs on BSD-ish systems when subsequent
4517 connect() calls loop with EAGAIN status.
4518 - Added MD5 cache keys to memory pool accounting.
4519 - Added code to track number of open DISK descriptors and stop
4520 swapping out objects if the number of disk descriptors becomes
4521 too large. For now the limit must be manually configured with
4522 the 'max_open_disk_fds'. By default, there is no limit.
4523 - Stopped encoding a request method in the high byte of the ICP
4524 reqnum field. Instead queried cache keys are copied to a
4525 static array, indexed by the reqnum, modulo the array size.
4526 Now we just use the request number to lookup a cache key,
4527 instead of rebuilding it from the ICP reply URL and method,
4528 unless we have netapp neighbors--they don't do reqnum
4530 - Fixed reconfigure memory access bugs in redirect.c.
4531 - Ignore unreasonably large ICP RTT values which cause overflow
4532 bugs in calculating the average RTT (thanks Niall!)
4534 Changes to squid-1.2.beta24 (August 21, 1998):
4536 - Added Bulgarian error pages by Evgeny Gechev.
4537 - Changed StoreEntry->lock_count to a u_short.
4538 - Replaced urlcmp with strcmp
4539 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
4541 - Eliminated unneeded BASE HREF on "root" directories (Henrik
4543 - Fixed peerDigestFetchFinish() assertion caused by forwarding
4544 failures (e.g. miss_access rules).
4545 - Changed signal handlers with ASYNC_IO and Linux so that
4546 -k command line options work (Miquel van Smoorenburg).
4547 - Rewrote shutdown code to use events instead of setting
4549 - Fixed cachemgr 'objects' (statObjects()) by adding a check
4550 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
4551 storeBufferFlush(). Otherwise, the read-past pages would
4553 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
4554 were being closed by the dnsServerShutdown event.
4555 - Modified storeHashInsert() to insert PRIVATE objects at
4556 the tail of the LRU list, and PUBLIC objects at the head.
4557 Thus, PRIVATE objects get kicked out quicker.
4558 - Added David Luyer's DELAY_POOLS code.
4559 - Fixed a bug due to HEAD replies which lack the end-of-headers
4561 - Made proxy-auth realm string configurable (Bob Franklin)
4562 - Changed default mime time to a viewable one (Henrik Nordstrom).
4563 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
4564 - Fixed 'you are running out of filedescriptors' bug which
4565 could cause the HTTP incoming connection handler to not
4567 - Changed syslog logging. Now squid debug levels 0 and 1 go
4568 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
4569 (this needs more work!)
4570 - Fixed memory access errors in statAvgTick().
4571 - Fixed duplicate requestUnlink() bug in forward.c
4572 - Fixed possible memory access bugs from not setting e->mem_obj
4573 = NULL in destroy_MemObject().
4574 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
4575 - Modified headersEnd and httpMsgIsolateHeaders to account
4576 for funky line terminations such as CRCRNL.
4577 (``but Netscape and IE _tolerate_ this'')
4578 - Fixed carp functions (Eric Stern).
4579 - Replaced internal proxy_auth code with extern authentication
4580 module (Arjan de Vet).
4581 - moved hash.c to libmiscutil.a.
4582 - Fixed handling of ICP queries with whitespace in URLs.
4583 Now we return ICP error and escape the URL before logging.
4584 - Added configure check for socklen_t (David Luyer).
4585 - Removed USE_SPLAY #defines; it is now standard.
4586 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
4587 temporary disk_ctrl_t structures.
4588 - Changed ENOSPC disk write errors to reduce specific cache_dir
4589 sizes, and not just the size of the cache as a whole.
4590 - Added httpMaybeRemovePublic() to purge public objects for
4591 certain responses even though they are uncachable. This is
4592 needed, for example, when an initially cachable object
4593 later becomes uncachable.
4594 - Added refresh_pattern options to ignore client reloads
4596 - Relocated disk.c code which combines blocks for writing
4599 Changes to squid-1.2.beta23 (June 22, 1998):
4601 - Added Turkish error pages by Tural KAPTAN.
4602 - Added basic support for Range requests. For most cachable
4603 requests, Squid replies with an "Accept-Ranges" header. Upon
4604 receiving a potentially cachable Range request for a not
4605 cached object, Squid requests the whole object from origin
4606 server and then replies with specified range(s) to the
4607 client. Multi-range requests are supported. Adjacent
4608 overlapping ranges are merged. If-Range requests are
4609 supported. Limitations: Multi-range requests with out of
4610 order ranges are not supported.
4611 - Made md5.c use standard memcpy and memset if they are
4613 - Memory pools will now shrink if Squid is run-time
4614 reconfigured with smaller value of memory_pools_limit tag.
4615 - Added counter for number of clients (Tomi Hakala).
4616 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
4617 connections for UP->DOWN transition.
4618 - Added 'unique_hostname' configuration option when its
4619 necessary to have multiple machines with the same visible
4621 - Fixed pumpReadFromClient() to not read too many bytes on
4622 persistent connections.
4623 - We can now cache HTTP replies with Set-Cookie. These evil
4624 headers are now filtered out for cache hits on the client
4626 - Fixed SNMP bugs caused by using snmpwalk.
4627 - Fixed snmp system Group; all objects are now returned.
4628 - Fixed snmp system Group sysDescr and sysContact.
4629 - Fixed snmp system Group sysObjectID it now returns a OBJECT
4631 - Allocate FwdState from mem pools.
4632 - Minor HTCP progress.
4633 - Moved 'miss_access' ACL check from client_side.c to forward.c
4634 - Fixed logging of usernames for requests which require
4635 proxy-authentication.
4636 - Fixed HTTP request parser to accept lowercase HTTP identifier
4638 - Fixed FTP listings to always include links to the parent
4639 directory (Henrik Nordstrom).
4640 - Fixed FTP to show an "empty" listing instead of showing
4641 a "document contains no data" error (Henrik Nordstrom).
4642 - Fixed refreshCheck() bug. Often it was checking the
4643 refresh patterns against the string "[null_mem_obj]"
4644 because we moved URLs to MemObject.
4645 - Added CARP support by Eric Stern.
4646 - Fixed select-spin bug when an ICP reply actually gets queued
4647 and we failed to execute the write callback.
4648 - Fixed a storeCheckSwapOut bug. We were freeing up to
4649 the queued offset instead of the done offset. This
4650 resulted in a small chunk of object data not being in
4651 memory and not yet written to disk. A client could
4652 recieve a partial object because file_read() unexpectedly
4654 - Fixed proxy-authentication hangs (Henrik Nordstrom).
4655 - Fixed request_t->flags bug causing authenticated, proxied
4656 responses to be cached (Arjan de Vet).
4657 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
4658 - Added view and download options to FTP listings (Henrik
4660 - Modified configure to allow using pre-installed libdlmalloc.a
4662 - Fixed cachemgr 'objects' implementation.
4663 - Changed refreshCheck() algorithm. For cached objects, we
4664 now check, in the following order:
4666 * response Expires (if present)
4667 * refresh_pattern max-age
4668 * response Last-Modified compared to refresh_pattern
4669 LM-factor (only if Last-Modified is present)
4670 * refresh_pattern min-age
4671 - Changed Copyrights.
4673 Changes to squid-1.2.beta22 (June 1, 1998):
4675 - do not cut off "; parameter" from "digitized" Content-Type
4677 - Added X-Request-URI for persistent connection debugging
4679 - Added Polish error pages from Maciej Kozinski.
4680 - Fixed hash_first/hash_next bugs with **Current pointer.
4681 Replaced with *next pointer.
4682 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
4683 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
4684 - Fixed eventRun "spin" bug when event delta time == 0.
4685 - Fixed setting Last Modified time on cached entries when
4686 receiving a 304 reply.
4687 - Added while loop in httpAccept().
4688 - Added while loop in icpHandleUdp().
4689 - Fixed some small memory leaks.
4690 - Fixed single-bit-int flag checks (Henrik Nordstrom).
4691 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
4692 - Do not send only-if-cached cc directive with requests
4694 - Added "automatic tuning" for incoming request rate, i.e.
4695 how often to check HTTP and ICP sockets. See comm.c
4696 comments for details.
4698 Changes to squid-1.2.beta21 (May 22, 1998):
4700 - Added Italian error pages by Alessio Bragadini.
4701 - Added Estonian error pages by Toomas Soome.
4702 - Added Russian (koi-r) error pages by Andrew L. Davydov.
4703 - Added Czech error pages by Jakub Nantl.
4704 - Fixed asnAclInitialize calling to prevent coredump.
4705 - Fixed FTP directory parsing again.
4706 - Made FTP directory listing "Generated" tagline like
4707 the one for error pages.
4708 - Fixed an assertion coredump in statHistCopy from
4709 reconfiguring with different #peers in squid.conf
4710 - Ignore leading whitespace on requests (and replies). RFC
4711 2068 section 4.1, robustness (Henrik Nordstrom)
4712 - Fixed keep_alive bug. We did not always honour reply
4713 headers, but rather assumed connections could be persistent.
4714 - Fixed reading whois output for AS numbers, especially when
4715 they are longer than 4 KB.
4716 - Removed 'cache_stoplist_pattern' configuration option. This
4717 feature is now handled by 'no_cache'.
4718 - If a URN resolves to only one URL, just return it immediately
4719 instead of giving the user a "choice" (Andy Powell).
4720 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
4721 - Changed squid-internal object names.
4722 - Added netdb exchange protocol.
4723 - Fixed wordlistDestroy() uninitialized pointer bug in
4724 ftpParseControlReply.
4725 - Fixed redirector subprocess to show real program name.
4726 - Changed URN menu output to be sorted.
4727 - Added fast select(2) timeouts when using ASYNC_IO.
4728 - Added ARP ACL support for Linux (David Luyer).
4729 - Added binary http headers to requests
4730 - request_t objects are now created and destroyed in a consistent way
4731 - Fixed cache control printf bug
4732 - Added a lot of new http header ids
4733 - Improved Connection: header handling; now both Connection and
4734 Proxy-Connection headers are checked for connection directives
4735 - Connection request header is now handled correctly regardless
4736 of its position and the number of entries
4737 - Only replies with valid Content-Length can be sent with keep-alive
4738 connection directive (Henrik Nordstrom)
4739 - Better handling of persistent connection "clues" in HTTP headers;
4740 the decision now depends on HTTP version (and User-Agent exceptions)
4741 - Removed handling of "length=" directive in IMS headers;
4742 the directive is not in the HTTP/1.1 standard;
4743 standing by for objections
4744 - allowed/denied headers are now checked using bit masks instead of
4746 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
4747 - removed processing of Request-Range header (not in specs?)
4748 - Fixed byte-order bugs in cacheDigestHashKey.
4749 - Changed hash_remove_link() to return void.
4750 - Changed ipcache_gethostbyname() to return NULL if
4751 i->addrs.count == 0.
4752 - Added millisecond-timing to select/poll loops and event
4754 - Changed 'peerPingTimeout' value to be twice the average
4755 of all the peer ICP RTT's.
4756 - Added 'half_closed_clients' option to force closing of
4757 client connections which might only be half-closed.
4758 - Fixed matchDomainName coredump bug.
4759 - Don't cache HTTP replies with Vary: headers until we
4760 get content negotiation working.
4761 - Fixed SSL proxying to forward full HTTP request headers.
4762 - Changed storeGetMemSpace(). Only purge down to the HIGH
4763 water mark; move locked entries to the head of the inmem
4765 - Changed clientReadRequest() to locally handle any
4766 "squid-internal-static" URL for any host.
4767 - Disable persistent connections for client connections
4768 from broken Netscape User-Agent, version 3.* (Stewart Forster)
4770 Changes to squid-1.2.beta20 (April 24, 1998):
4772 - Improved support for only-if-cached cache control directive.
4773 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
4774 - Fixed 'quick_abort' percent calculation bug.
4775 - Fixed quick_abort FPE bug.
4776 - Changed more errno-checking functions to use ignoreErrno().
4777 - Added ERESTART to ignoreErrno() because of report from
4779 - Fixed '#elsif' typo.
4780 - Fixed MemPool assertion by moving memInit() to before
4781 configuration parsing functions.
4782 - Fixed default 'announce_period' value (was 1 day, should
4784 - Added configure warning for low filedescriptors and pointer
4786 - Fixed httpBodySet() bug causing URN related coredumps.
4787 - Changed ipcacheCycleAddr() to always cycle through all all
4788 available addresses, and not just advance when one of
4790 - Fixed squid-internal bug for mixed-case hostnames (Henrik
4792 - Fixed ICP counting probelm. icpUdpSend() arg should be
4793 LOG_ICP_QUERY instead of LOG_TAG_NONE.
4794 - Added some additional fault toleranse on FTP data channels
4796 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
4797 - Added lock/unlock for StoreEntry during storeAbort().
4798 - Added filemap bit usage stats to cachemgr 'storedir' and
4800 - Replaced 'cache_stoplist' with 'no_cache' Access list.
4801 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
4802 - Fixed default hierarchy_stoplist to be ``default if none.''
4803 - Fixed 'fake a recent reply' hack for detecting DEAD
4804 and ALIVE neighbors (Joe Ramey).
4805 - Fixed FTP directory parsing bugs (Joe Ramey).
4806 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
4808 - Fixed daylight savings time bug (again).
4809 - A lot of Cache Digests additions, fixes, and tuning.
4810 Cache Digests are still "very experimental".
4811 - Fixed snprintf() bug. When len == 1, snprintf() would treat
4812 the buffer as unknown size, emulating sprintf() behaviour.
4813 - Made Error page language configurable with configure script
4815 - Fixed squid-internal URLs when http_port == 80.
4816 - Remember the client address on redirected requests (Henrik
4818 - Don't rebuild the request if the redirector returned the same
4819 URL (Henrik Nordstrom).
4820 - Rewrite Host: header on redirected requests (Henrik
4822 - Include port (if non-standard) in generated Host: headers
4824 - Fixed rfc1123 timezone hacks for Windows NT
4826 - Added Russian Error pages by Ilia Zadorozhko.
4827 - Added totals for ICP and HTTP hits to cachemgr client_list
4829 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
4830 because any string with an '@' must be an email address.
4831 - Fixed POST for content-length == 0.
4832 - Fixed "huge 304 reply" loop bug.
4833 - Fixed --enable-splaytree compile bugs.
4834 - Removed ASN lookup code in peer_select.c.
4835 - Added warnings if ACL code detects subdomains in SPLAY
4837 - Rewrote some bits of httpRequestFree() to eliminate
4838 possible bugs that could cause an "e->lock_count" asseertion.
4839 - Added value/bounds checking to _db_init() when setting
4840 the debugLevels[] array.
4842 Changes to squid-1.2.beta19 (Apr 8, 1998):
4844 - Squid-1.2.beta19 compiles and runs on Windows/NT with
4845 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
4846 - Added French Error pages by Frank DENIS.
4847 - Added Dutch Error pages by Mark Visser
4848 - Added German Error pages by Bernd P. Ziller, Jens Frank,
4850 - Added support for only-if-cached cache-control directive.
4851 - Added RELAXED_HTTP_PARSER #define to allow requests which are
4852 missing the HTTP identifier on the request line (e.g. buggy
4853 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
4854 - Fixed disk.c FD leak for delayed closes in
4855 diskHandleWriteComplete().
4856 - Fixed cache announcement feature.
4857 - Fixed httpReadReply() to retry failed HTTP requests on
4858 persistent connections when read() returns -1, not only
4860 - Fixed cbdata memory counting leak. cbdataUnlock() always
4861 called free(), never memFree().
4862 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
4863 - Fixed `++loopdetect < 10' assertion due to
4864 clientHandleIMSReply bug for invalid/partial HTTP
4866 - Added preliminary code for HTCP.
4867 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
4868 - Added "snmp_community" as an ACL type.
4869 - Cleaned up proxy-auth acl implementation and removed
4871 - Added generic 'hashFreeItems()' function for efficiently
4872 freeing hash table pointers.
4873 - Added whoisTimeout() for ASN code.
4874 - Removed BINARY TREE code.
4875 - Fixed forgetting to reset Config.Swap.maxSize in
4877 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
4878 bug which caused not modified replies to not get updated.
4879 - Fixed client_side.c bugs which could cause data to be written
4880 to the client in the wrong order for persistent connections.
4881 clientPurgeRequest() and clientHandleIMSComplete() must not
4882 call comm_write(). Instead they must create and write to
4884 - Fixed ICP query service time counting bug(s).
4885 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
4886 to fix buffer overruns. This also requires adding 'buf_sz'
4887 args to some functions like clientBuildReplyHeader().
4888 But we can eliminate the need to NULL-terminate the
4890 - Changed commConnectCallback() to reset the FD timeout to
4891 zero before notifying about the connection. This requires
4892 commSetTimeout() calls in numerous places to reinstall
4894 - Changed comm_poll_incoming() to be called less frequently
4895 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
4896 - Removed HAVE_SYSLOG case for debug() macro. Almost all
4897 systems do have syslog(), but more importatnly the
4898 _db_level value is needed for debugging to stderr.
4899 - Rewrote squid/dnsserver interface to use smaller, single-line
4901 - Rewrote 'dns' cachemgr output to use a table format.
4902 - Rewrote a lot of dnsserver.c.
4903 - Added eventAddIsh() for semi-random event scheduling.
4904 - Fixed an ftpTimeout bug for sessions which use PORT
4906 - Fixed ftp.c to recognized invalid PASV replies (e.g.
4908 - Removed hash_insert(). All hasing uses hash_join() now.
4909 - Renamed hash_unlink() to hash_remove_link().
4910 - Added hashPrime() to find closes prime hash table size
4912 - Fixed Keep-Alive ratio counting bug which prevented
4913 persistent connections from being used between cache
4915 - Changed icmp.c to NOT queue messages sent from squid to
4917 - Changed icp_v2.c to NOT queue ICP messages by default.
4918 But they will be queued and resent once if the first
4919 send fails. Counters.icp.queued_replies counts the
4920 number of messaages queued.
4921 - Cleaned up ICP logging.
4922 - Added identTimeout().
4923 - Fixed ipcache reply counting bug. Overcounted dnsserver
4924 replies for partial replies.
4925 - Added urlInternal() for building internal Squid URLs.
4926 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
4927 AND 'cache_peer_acl' configurations. This should be changed
4928 in the fugure to use ONLY cache_peer_acl.
4929 - Changed DEAD/REVIVED neighbor detection to avoid reporting
4930 so many false deaths. (Joe Ramey).
4931 - Added some preliminary code to support "cache digests."
4932 - Fixed pumpClose() coredumps (?).
4933 - Updated cachemgr 'info' output to show median service
4934 times for various categories.
4935 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
4936 != sizeof(int) for Alphas.
4937 - Fixed potential alignment problem in storeDirWriteCleanLogs().
4938 - Fixed store_rebuild.c to NOT replace current, but
4939 not-swapped-out StoreEntry's with on-disk entries.
4940 - Changed storeCleanup() to call storeRelease on invalid
4941 entries which don't have a swapfile (i.e. no unlink()
4943 - Fixed storeSwapInStart() to fail for unvalidated
4946 . renovated mib and added descriptions and comments
4947 . added hit and byte counters to client_db , for
4949 . cacheClientTable, netdbTable, cachePeerTable,
4950 cacheConnTable now indexed by ip address. hash_lookup was
4951 enhanced to allow for subsequent hash_next's similar to
4952 hash_first, to speed up getnext's in tables which refer to
4953 hash-table structures.
4954 . added generic (well, sorf of) table indexing functionality
4955 . added makefile dependencies for snmplib and cache_snmp.h
4956 . WaisHost, WaisPort, Timeouts removed
4957 . FdTable split into FdTable and ConnTable. FdTable simplified
4958 . PeerTable and PeerStat merged and put into new cacheMesh
4960 . cacheClientTable added for client statistics and accounting
4962 . cacheSec and cacheAccounting groups removed
4963 . fixed acl bug when communities not defined
4964 . snmp_acl now survives bad configuration
4966 Changes to squid-1.2.beta18 (Mar 23, 1998):
4968 - Added v1.1 'test_reachability' option.
4969 - Fixed hash4() len == 0 bug.
4970 - Fixed Config.Swap.maxSize reconfigure bug.
4971 - Fixed ICP query bug determining request method.
4972 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
4973 so that we know neighbors are alive even when they send
4974 us replies for unknown entries.
4975 - Changed configure script to add '-std1' for Digital Unix cc.
4976 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
4978 - Added support for 'Cache-Control: Only-If-Cached' request header.
4979 - Fixed CheckQuickAbort() bugs for multiple clients on one
4980 StoreEntry. Also changed storePendingNClients() to return
4981 mem->nclients instead of counting the number of store_client
4982 entries with pending callback functions.
4984 Changes to squid-1.2.beta17 (Mar 17, 1998):
4986 - SNMP MIB version check changed to non-rcs.
4987 - Added memory pools for variable size objects (strings).
4988 There are three pools; for small, medium, and large objects.
4989 - Extended String object to use memory pools. Most fixed size char
4990 array fields will be replaced using string pools. Same for most
4991 malloc()-ed buffers.
4992 - Changed icon handling to use the hostname and port of the squid
4993 server, instead of the special hostname "internal.squid"
4995 - All icons are now configured in mime.conf. No hardcoded icons,
4996 including gohper icons (Henrik Nordstrom).
4997 - Fixed ICP bug when we send queries, but expect zero
4999 - Fixed alignment/casting bugs for ICP messages.
5000 - A generic client-to-server "pump" was added to handle HTTP
5001 PUT as well as POST methods on the client-cache side. Based on
5002 "pump" PUT requests can be made to either HTTP or FTP url's.
5003 Code is still beta and interoperability with browsers etc has
5005 - Put #ifdefs around 'source_ping' code.
5006 - Added missing typedef for _arp_ip_data (Wesha).
5007 - Added regular-expression-based ACLs for client and server
5008 domain names (Henrik Nordstrom).
5009 - Fixed ident-related coredumps from incorrect callback data.
5010 - Fixed parse_rfc1123() "space" bug.
5011 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
5012 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
5013 - Fixed some peer->options flag-setting bugs.
5014 - Fixed single-parent feature to work again
5015 - Removed 'single_parent_bypass' configuration option; instead
5016 just use 'no-query'.
5017 - Surrounded 'source_ping' code with #ifdefs.
5018 - Changed 'deny_info URL' to use a custom Error page.
5019 - Modified src/client.c for testing POST requests.
5020 - Fixed hash4() for SCO (Vlado Potisk).
5022 Changes to squid-1.2.beta16 (Mar 4, 1998):
5024 - Added Spanish error messages from Javier Puche.
5025 - Added Portuguese error messages from Pedro Lineu Orso
5026 - Added a simple but very effective hack to cachemgr.cgi that tries to
5027 interpret lines with '\t' as table records and formats them
5028 accordingly. With a few exceptions (see source code), first line
5029 becomes a table heading ("<th>" html tag) and the rest is formated
5031 - Added "mem_pools_limit" configuration option. Semantics of
5032 "mem_pools" option has also changed a bit to reflect new memory
5034 - Reorganized memory pools. Squid now supports a global pool
5035 limit instead of individual pool limits. Per-pool limits can be
5036 implemented on top of the current scheme if needed, but it is
5037 probably hard to guess their values. Squid distributes pool
5038 memory among "frequently allocated" objects. There is a
5039 configurable limit on the total amount of "idle" memory to be
5040 kept in reserve. All requests that exceed that amount are
5041 satisfied using malloc library. Support for variable size
5042 objects (mostly strings) will be enabled soon.
5043 - memAllocate() has now only one parameter. Objects are always
5044 reset with 0s. (We actually never used that parameter before;
5045 it was always set to "clear").
5046 - Added Squid "signature" to all ERR_ pages. The signature is
5047 hardcoded and is added on-the-fly. The signature may use
5048 %-escapes. Added interface to add more hard-coded responses if
5049 needed (see errorpage.c::error_hard_text).
5050 - Both default and configured directories are searched for ERR_
5051 pages now. Configured directory is, of course, searched first.
5052 This allows you to customize a subset of ERR_ pages (in a
5053 separate directory) without danger of getting other copies out
5055 - Security controls for the SNMP agent added. Besides
5056 communities (like password) and views (part of tree
5057 accessible), the snmp_acl config option can be used to do acl
5058 based access checks per community.
5059 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
5060 can now walk through the whole mib tree. Several new variables
5061 added under cacheProtoAggregateStats
5062 - Added rudimental statistics for HTTP headers.
5063 - Adjusted StatLogHist to a more generic/flexible StatHist.
5064 Moved StatHist implementation into a separate file.
5065 - Added FTP support for PORT if PASV fails, also try the
5066 default FTP data port (Henrik Nordstrom).
5067 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
5068 request is cancelled for fails on the client side.
5069 - Filled in some squid.conf comments (never_direct,
5071 - Added RES_DNSRCH to dnsserver's _res.options when the
5072 -D command line option is given.
5073 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
5074 peer->tcp_up == 0 (Michael O'Reilly).
5075 - Fixed storeGetNextFile's incorrect "directory does not exist"
5076 errors (Michael O'Reilly).
5077 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
5079 - Added 'dns_nameservers' config option to specify non-default
5080 DNS nameserver addresses (Maxim Krasnyansky).
5081 - Added lib/util.c code to show memory map as a tree
5083 - Added HTTP and ICP median service times to Counters and
5084 cachemgr average stats.
5085 - Changed "-d" command line option to take debugging level
5086 as argument. Debugging equal-to or less-than the argument
5087 will be written to stderr.
5088 - Removed unused urlClean() function from url.c.
5089 - Fixed a bug that allowed '?' parts of urls to be recorded in
5090 store.log. Logged urls are now "clean".
5091 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
5092 script forwards basic authentication from browser to squid.
5093 Authentication info is encoded within all dynamically generated
5094 pages so you do not have to type your password often.
5095 Authentication records expire after 3 hours (default) since
5096 last use. Cachemgr.cgi now recognizes "action protection" types
5098 - Added better recognition of available protection for actions
5099 in Cache Manager. Actions are classified as "public" (no
5100 password needed), "protected" (must specify a valid password),
5101 "disabled" (those with a "disable" password in squid.conf), and
5102 "hidden" (actions that require a password, but do not have
5103 corresponding cachemgr_passwd entry). If you manage to request
5104 a hidden, disabled, or unknown action, squid replies with
5105 "Invalid URL" message. If a password is needed, and you failed
5106 to provide one, squid replies with "Access Denied" message and
5107 asks you to authenticate yourself.
5108 - Added "basic" authentication scheme for the Cache Manager.
5109 When a password protected function is accessed, Squid sends an
5110 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
5111 by specifying "name" and "password" for the specified action.
5112 The user name is currently used for logging purposes only. The
5113 password must be an appropriate "cachemgr_passwd" entry from
5114 squid.conf. The old interface (appending @password to the url)
5115 is still supported but discouraged. Note: it is not possible
5116 to pass authentication information between squid and browser
5117 *via a web server*. The server will strip all authentication
5118 headers coming from the browser. A similar problem exists for
5119 Proxy-Authentication scheme.
5120 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
5121 authentication failures when accessing Cache Manager.
5122 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
5123 - Added simple context-based debugging to debug.c. Currently,
5124 the context is defined as a constant string. Context reporting
5125 is triggered by debug() calls. Context debugging routines
5126 print minimal amount of information sufficient to describe
5127 current context. The interface will be enhanced in the future.
5128 - Replaced _http_reply with HttpReply. HttpReply is a
5129 stand-alone object that is responsible for parsing, swapping,
5130 and comm_writing of HTTP replies. Moved these functions from
5131 various modules into HttpReply module.
5132 - Added HttpStatusLine, HttpHeader, HttpBody.
5133 - All HTTP headers are now parsed and stored in a "compiled"
5134 form in the HttpHeader object. This allows for a great
5135 flexibility in header processing and builds basis for support
5136 of yet unsupported HTTP headers.
5137 - Added Packer, a memory/store redirector with a printf
5138 interface. Packer allows to comm_write() or swap() an object
5139 using a single routine.
5140 - Added MemBuf, a auto-growing memory buffer with printf
5141 capabilities. MemBuf replaces most of old local buffers for
5142 compiling text messages.
5143 - Added MemPool that maintains a pre-allocated pool of opaque
5144 objects. Used to eliminate memory thrashing when allocating
5145 small objects (e.g. field-names and field-value in http
5148 Changes to squid-1.2.beta15 (Feb 13, 1998):
5150 NOTE: This version has changes which may cause all or part
5151 of your cache to be lost. However, you can problably
5152 save most of it by doing a slow restart. Specifically:
5154 1. Kill the running squid-1.2.beta14 process; wait for it to
5156 2. Remove all 'swap.state*' files, either in each cache_dir, or
5157 as defined in your squid.conf
5158 3. Start squid-1.2.beta15. The store will be rebuilt from the
5159 existing swap files, reading the directories and opening
5162 - Fixed some problems related to disk (and pipe) write error
5163 handling. file_close() doesn't always close the file
5164 immediately; i.e. when there are pending buffers to write.
5165 StoreEntry->lock_count could become zero while a write is
5166 pending, then bad things happen during the callback.
5167 - The file_write() callback data must now be in the callback
5168 database (cbdata). We now use the swapout_ctrl_t structure
5169 for the callback data; it stays around for as long as we are
5171 - Changed the way write errors are handled by diskHandleWrite.
5172 If there is no callback function, now we exit with a fatal
5173 message under the assumption that the file in question is a
5174 log file or IPC pipe. Otherwise, we flush all the pending
5175 write buffers (so we don't see multiple repeated write errors
5176 from the same descriptor) and let the upper layer decide how
5177 to handle the failure.
5178 - Fixed storeDirWriteCleanLogs. A write failure was leaving
5179 some empty swap.state files, even though it tells us that its
5180 "not replacing the file." Don't flush/rename logs which we
5181 have prematurely closed due to write failures, indiciated by
5182 fd[dirn] == -1. Close these files LAST, not before
5184 - Fixed storeDirClean to clean directories in a more sensible
5185 order, instead of the new "MONOTONIC" order for swap files.
5186 - Merged fdstat.c functions into fd.c.
5187 - Cleaned up some debugging sections. Some unrelated source
5188 files were using the same section.
5189 - Removed curly brackets from all cachemgr output.
5190 - Removed unused filemap->last_file_number_allocated member.
5191 - Removed unused fde->lifetime_data member.
5192 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
5193 - Call setsid() before exec() in ipc.c so that child processes
5194 don't receive SIGINT (etc) when running squid on a tty.
5195 - Changed StoreEntry->object_len to ->swap_file_sz so we
5196 can verify the disk file size at restart. Moved object_len
5197 to MemObject->object_sz. Note object_sz is initialized
5198 to -1. If object_sz < 0, then we need to open the swap
5199 file and read the swap metadata.
5200 - Changed store_client->mem to ->entry because we need
5201 e->swap_file_sz to set mem->object_sz at swapin.
5202 - Renamed storeSwapData structure to storeSwapLogData.
5203 - Fixed storeGetNextFile to not increment d->dirn. Added
5204 check for opendir() failure.
5205 - Fixed storeRebuildStart to properly link the directory
5206 list for storeRebuildfromDirectory mode.
5207 - Added -S command line option to double-check store
5208 consistency with disk files in storeCleanup().
5209 - Fixed a problem with transactional logging. In many
5210 cases we were adding the public cache key and then
5211 logging a delete for the private key. This is worthless
5212 because during rebuild we could not locate the previous
5213 public-keyed entry. Now we assert that only public-keyed
5214 entries can be logged to swap.state. storeSetPublicKey()
5215 and storeSetPrivateKey() have been modified to log an
5216 ADD or DEL when the key changes.
5217 - Fixed storeDirClean bug. Needed to call
5218 storeDirProperFileno() so the "dirn bits" get set.
5219 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
5220 fullfilename[] were static to that function and did
5221 not change when the "rebuild_dir" arg did. Moved these
5222 buffers to the rebuild_dir structure.
5223 - In storeRebuildFromSwapLog, we were calling storeRelease()
5224 for cache key collisions. This only set the RELEASE_REQUEST
5225 bit and did not clear the swap_file_number in the filemap or
5226 in the StoreEntry, so the swap file could get unlinked later
5227 when it was really released.
5228 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
5229 content-type and content-encoding (Henrik Nordstrom).
5230 - Removed 'icon_content_type' configuration option. Content
5231 types now taken from mime.conf (Henrik Nordstrom).
5232 - Added additional memory malloc tracing and memory leak
5233 detection. Use --enable-xmalloc-debug-trace configure
5234 option and -m command line option (Henrik Nordstrom).
5236 Changes to squid-1.2.beta14 (Feb 6, 1998):
5238 - Replaced snmplib free() calls with xfree().
5239 - Changed the 'net_db_name' hash table structure to
5240 make it easier to move names from one network to another
5241 (copied from 1.1 code).
5242 - Filled in some of the config dump routines (dump_acl,
5244 - Full memory debugging option (--enable-xmalloc-debug-trace)
5246 - Filled-in and clarified many squid.conf comments (Oskar
5248 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5250 Changes to squid-1.2.beta13 (Feb 4, 1998):
5252 - NOTE: With this version the "swap.state" file format has
5253 changed. Running this version for the first time will
5254 cause your current cache contents to be lost!
5255 - NOTE: this version still has the bug where we don't rewind
5256 a swapout file and rewrite the swap meta data. Objects
5257 larger than 8KB will be lost when rebuilding from the swap
5259 - Combined various interprocess communication setup functions
5261 - Removed some leftover ICP_HIT_OBJ things.
5262 - Removed cacheinfo and proto_count() and friends; these are to
5263 be replaced in functionality by StatCounters and 5/60 minute
5264 average views via cachemgr.
5265 - Fixed --enable-acltree configure message (Masashi Fujita).
5266 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
5268 - Fixed building outside of source tree (Masashi Fujita).
5269 - FTP: Format NLST listings, and inform the user that the NLST
5270 (plain) format is available when we find a LIST listing that we
5271 don't understand (Henrik Nordstrom)
5272 - FTP: Use SIZE on Binary transfers, and not ASCII. The
5273 condition was inversed, making squid use SIZE on ASCII
5274 transfers (Henrik Nordstrom).
5275 - Enable virtual and Host: based acceleration in order to be
5276 able to use Squid as a transparent proxy without breaking
5277 either virtual servers or clients not sending Host: header
5278 the order of the virtual and Host: based acceleration needs
5279 to be swapped, giving Host: a higher precendence than virtual
5280 host (Henrik Nordstrom).
5281 - Use memmove/bcopy as detected by configure Some systems does
5282 not have memmove, but have the older bcopy implementation
5284 - Completely rewritten aiops.c that creates and manages a pool
5285 of threads so thread creation overhead is eliminated (SLF).
5286 - Lots of mods to store.c to detect and cancel outstanding
5287 ASYNC ops. Code is not proven exhaustive and there are
5288 definately still cases to be found where outstanding disk ops
5289 aren't cancelled properly (SLF).
5290 - Changes to call interface to a few routines to support disk
5291 op `tagging', so operations can be cleanly cancelled on
5292 store_abort()s (SLF).
5293 - Implementation of swap.state files as transaction logs.
5294 Removed objects are now noted with a negative object size.
5295 This allows reliatively clean rebuilds from non-clean
5297 - Now that the swap.state files are transaction logs, there's
5298 now no need to validate by stat()ing. All the validation
5299 procedure does is now just set the valid bit AFTER all the
5300 swap.state files have been read, because by that time, only
5301 valid objects can be left. Object still need to be marked
5302 invalid when reading the swap.state file because there's no
5303 guarantee the file has been retaken or deleted (SLF).
5304 - An fstat() call is now added after every
5305 storeSwapInFileOpened() so object sizes can be checked. Added
5306 code to storeRelease() the object if the sizes don't match (SLF).
5307 - #defining USE_ASYNC_IO now uses the async unlink() rather than
5309 - #defining MONOTONIC_STORE will support the creation of disk
5310 objects clustered into directories. This GREATLY improves disk
5311 performance (factor of 3) over old `write-over-old-object'
5312 method. If using the MONOTONIC_STORE, the
5313 {get/put}_unusedFileno stack stuff is disabled. This is
5314 actually a good thing and greatly reduces the risk of serving
5315 up bad objects (SLF).
5316 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
5317 rather than ASYNC/unlinkd unlinks. swap.state.new files were
5318 being removed just after they were created due to delayed
5320 - Disabled various assertions and made these into debug warning
5321 messages to make the code more stable until the bugs can be
5323 - Added most of Michael O'Reilly's patches which included many
5324 bug fixes. Ask him for full details (SLF).
5325 - Moved aio_check_callbacks in comm_{poll|select}(). It was
5326 called after the fdset had been built which was wrong because
5327 the callbacks were changing the state of the read/write
5328 handlers prior to the poll/select() calls (SLF).
5329 - Fixed ARP ACL memory leaks (Dale).
5330 - Eliminated URL and SHA cache keys. Cache keys will always
5332 - Fixed up store swap meta data.
5333 - Changed swap.state logs to a binary format.
5334 - The swap.state logs are written transaction-style.
5336 Changes to squid-1.2.beta12 (Jan 30, 1998):
5338 - Added metadata headers to cache swap files. This is an
5339 incompatible change with previous versions. Running this
5340 version for the first time will cause your current cache
5341 contents to be lost.
5342 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
5343 - Show symlink destinations as a hyperlink in FTP listings
5345 - Fixed not allocating enough space for rewriting URLs with
5346 the Host: header (Eric Stern).
5347 - Year-2000 fixes (Arjan de Vet).
5348 - Fixed looping for cache hits on HEAD requests.
5349 - Fixed parseHttpRequest() coredump for
5350 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
5352 Changes to squid-1.2.beta11 (Jan 6, 1998):
5354 - Fixed fake 'struct rusage' definition which prevented compling
5356 - Fixed copy-by-ref bug for request->headers in
5357 clientRedirectDone() (Michael O'Reilly).
5358 - Workaround for Solaris pthreads closing FD 0 upon fork()
5360 - Fixed shutdown bug with outgoing UDP sockets; we need to
5361 disable their read handlers.
5362 - For comm_poll(), use the fast 50 msec timeout only when
5363 USE_ASYNC_IO is defined.
5364 - Fixed pointer bug when freeing AS# ACL entries.
5365 - Fixed forgetting to reset Config.npeers to zero in free_peer().
5366 - Fixed ICP bug causing excessive TIMEOUTs with sibling
5367 neighbors. We must call the ICP reply callback even for
5369 - Fixed some dnsserver-related reconfigure bugs. Need to
5370 use cbdataLock, etc in fqdncache.c. Also don't want to
5371 use ipcacheQueueDrain() and fqdncacheQueueDrain().
5372 - Fixed persistent connection bug. We were incorrectly
5373 deciding that non-200 replies without content-length
5374 would not have a reply body.
5375 - Fixed intAverage() precedence bug.
5376 - Fixed memmove() 'len' arg bug.
5377 - Changed algorithm for determining alive/dead state of peers.
5378 Instead of using a fixed number of unacknowledged ICP
5379 replies, it is now based on timeouts. If there are no ICP
5380 replies received from a peer within 'dead_peer_timeout'
5381 seconds, then we call it dead.
5382 - Added calls to getCurrentTime() in
5383 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
5385 - Fixed shutdown bug when the incoming and outgoing ICP socket
5386 is the same file descriptor.
5387 - Added buffered writes for storeWriteCleanLogs() (Stewart
5389 - Patches for Qnx4 (Jean-Claude MICHOT).
5390 - Fixed returning void functions which seems to be a GCC-ism.
5391 - New configure script options (Henrik Nordstrom):
5392 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
5396 --enable-useragent-log
5397 --enable-kill-parent (this should be named -hack)
5400 --enable-cachemgr-hostname[=hostname] (new)
5401 --enable-arp-acl (new)
5402 - Added Doug Lea malloc-2.6.4 to the distribution, so that
5403 people easily can try a decent malloc package if they syspect
5404 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
5405 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
5406 function (Henrik Nordstrom).
5407 - Removed top-level Makefile. People must now run 'configure'
5409 - Fixed checkFailureRatio() implementation.
5410 - Made 'squid -z' behave like the 1.1 version.
5413 Changes to squid-1.2.beta10 (Jan 1, 1998):
5415 - Fixed content-length bugs for 204 replies, 304 replies,
5416 and HEAD requests (Henrik Nordstrom).
5417 - Fixed errorAppendEntry() bug in gopherReadReply().
5418 - Basic support for FTP URL typecodes (;type=X).
5419 - Support for access controls based on ethernet MAC addresses
5421 - Initial URN support; see
5422 http://squid.nlanr.net/Squid/urn-support.html
5423 - Fixed client-side persistent connections for objects with
5424 bad content lengths (Henrik Nordstrom).
5425 - Fixed bad call to storeDirUpdateSwapSize() for objects which
5426 never reach SWAPOUT_DONE state.
5427 - Fixed up poll() #defines in squid.h (Stewart Forster).
5428 - Changed poll() timeout from 1000 msec to 50 msec for
5429 better performance under low load (Stewart Forster).
5430 - Changed storeWriteCleanLogs() to write objects in the LRU
5431 list order instead of the random hash table order.
5432 - Fixed FTP bug when data socket connections fail or timeout.
5433 - Reuse FTP data connection when possible (Henrik Nordstrom).
5434 - Added configure options (Henrik Nordstrom)
5435 --enable-store-key=sha|md5
5436 --enable-xmalloc-statistics
5437 --enable-xmalloc-debug
5438 --enable-xmalloc-debug-count
5440 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
5441 by creating ERR_FORWARDING_DENIED and changing the
5442 content of the ERR_CANNOT_FORWARD text.
5443 - Fixed pipeline request bug from using strdup() (Henrik
5445 - Call clientReadRequest() directly instead of commSetSelect()
5446 for pipelined requests (Henrik Nordstrom).
5447 - Fixed 4k page leak in icpHandleIMSReply();
5448 - Renamed 'icp*' functions to 'client*' names in client_side.c.
5450 Changes to squid-1.2.beta8 (Dec 2, 1997):
5452 - Fixed accessLogLog() to log ident from Proxy-Authorization
5453 request header (BoB Miorelli).
5454 - Fixed #includes, prototypes, etc. in SNMP source files.
5455 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
5456 include/config.h.in to src/squid.h
5457 - Moved 'num32' typedefs from src/typedefs.h to
5458 include/config.h.in.
5459 - Moved snmplib/md5.c to lib/md5.c.
5460 - Added MD5 cache key support.
5461 - Removed xmalloc() return check in uudeocde.c
5462 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
5463 - Changed 'client' program to provide easier cache manager access,
5464 e.g.: 'client mgr:info'
5465 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
5466 for simulated keep-alive requests.
5467 - Removed 'fd' arg from clientProcess* functions.
5468 - Fixed bugs from using errorSend() on persistent/pipelined
5469 client connections. A latter request should not be allowed to
5470 write to the client fd until the current request completes.
5471 Now use errorAppendEntry() for such situations.
5472 - Fixed content-length bugs. We were using content-length == 0
5473 to also indicate a lack of content-length reply header. But
5474 'content-length: 0' might appear in a reply, so now use -1 to
5475 indicate that no content length given.
5476 - Split up clientProcessRequest() into smaller chunks so it
5477 might be easier to follow.
5478 - renamed various client_side.c functions to start with 'client'
5480 - Fixed a 'cbdata leak' from the comm.c close handlers.
5481 - Fixed a 'cbdata leak' from the comm.c connect routines.
5482 - Fixed comm_select() and comm_poll() to stop looping on the
5483 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
5484 ready for I/O, the incoming sockets might not get service, so
5485 comm_select() would be called for up to 7 times until the
5486 'incoming_counter' was incremented enough to trigger a call
5487 to comm_select_incoming(). Now we make sure
5488 comm_select_incoming() gets called if select returns less
5490 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
5491 inserted at the start of the url-path. calls ftpUrlWith2f().
5493 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
5494 for replacement and cachemgr output.
5495 - Changed ipcache.c to use LRU double-linked list instead of qsort()
5496 - Changed hash_insert() and hash_join() to return void.
5497 for replacement and cachemgr output.
5498 - Moved StoreEntry->method member to MemObject->method.
5499 - Made StoreEntry->flags 16 bits.
5500 - Made StoreEntry->refcount 16 bits.
5501 - Changed URL-based public cache key to always include the request
5504 Changes to squid-1.2.beta7 (Nov 24, 1997):
5506 - Fixed poll() for Linux (David Luyer).
5507 - SHA optimizations (David Luyer).
5508 - Fixed errno clashes with macro on Linux (David Luyer).
5509 - Fixed storeDirCloseSwapLogs(); logs might not be open.
5510 - Fixed storeClientCopy2() bug. Detect when there is
5511 no more data to send for objects in STORE_OK state.
5512 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
5513 especially directory listings.
5514 - Mega FTP fix from Henrik Nordstrom. A better job of
5515 implementing the '%2f' hack.
5516 - Fixed some pipelined request bugs. storeClientCopy() was
5517 being given the wrong StoreEntry, and we had a race condition
5518 which is now handled by storeClientCopyPending().
5519 - Added initial SNMP support.
5521 Changes to squid-1.2.beta6 (Nov 13, 1997):
5523 - Fixed Authorized responses getting swapped out when they
5524 don't have Proxy-Revalidate reply header.
5525 - Fixed Proxy Authentication support. We never sent back
5526 a 407 reply, and were incorrectly incrementing the passwd
5527 before comparing it.
5528 - Fixed stat()ing pathnames for default values before parsing
5529 config file (Ron Gomes).
5530 - Fixed logging request and response headers on separate lines
5532 - Fixed FTP Authentication message (Henrik Nordstrom).
5533 - Changed Proxy Authentication to trigger a reread of the passwd
5534 file if a password check fails (Henrik Nordstrom).
5535 - Changed FTP to retry the first CWD with a leading slash if it
5538 Changes to squid-1.2.beta5 (Nov 6, 1997):
5540 - Track the 'keep-alive ratio' for a peer as the ratio of
5541 the number of replies including 'Proxy-Connection: Keep-Alive'
5542 compared to the number of requests sent. If the peer does
5543 not support Persistent connections then this ratio will tend
5544 toward zero. If the ratio is less than 50% after 10 requests
5545 then we'll stop sending Keep-Alive.
5546 - Proper support for %nn escapes in FTP, and numerous
5547 other fixes (Henrik Nordstrom).
5548 - Support for Secure Hash Algorithm and framework for other
5549 hash functions as cache keys.
5550 - Fixed SSL snprintf() bug which broke SSL proxying.
5551 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
5552 - Fixed LRU Reference Age bug. The arg to pow() must be
5553 minutes, not seconds.
5555 Changes to squid-1.2.beta4 (Oct 30, 1997):
5557 - Fixed DST bug in rfc1123.c
5558 - Changed default http_accel_port to 80.
5559 - added errorCon() as a ErrorState constructor function
5561 - Added ERR_FTP_FAILURE message for ftpFail().
5562 - For FTP, the timeout callback must be moved to the 'data'
5563 descriptor when data transfer begins. Otherwise we are
5564 likely to get a timeout on the control descriptor.
5565 - Fixed double-free bug in httpRequestFree().
5566 - Fixed store_swap_size counting bug in storeSwapOutHandle().
5568 Changes to squid-1.2.beta3 (Oct 29, 1997):
5570 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
5571 - Fix assertions which assumed 4-byte pointers.
5572 - Fix missing % in fqdncache.c snprintf().
5574 Changes to squid-1.2.beta2 (Oct 28, 1997):
5576 - Fixed aiops.c and async_io.c so that they actually compile
5577 with USE_ASYNC_IO (Arjan de Vet).
5578 - Fixed errState->errno causing problems with some macros
5580 - Fixed memory leaks in pconn.c (Max Okumoto).
5581 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
5582 - Fixed InvokeHandlers() from calling memCopy() for ALL
5583 store_client's with callbacks. A store_client might be reading
5585 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
5586 bucket at a time. Instead we'll maintain a single LRU
5587 list. When an object is 'touched' we move it to the
5588 top of this list. When we need disk space, we delete
5590 - Removed storeGetSwapSpace().
5592 Changes to squid-1.2.beta1 ():
5594 - Reworked storage manager to not keep objects in memory during
5595 transit. In other words, no separate NOVM distribution.
5596 - Lots of cleanup and debugging for beta release.
5597 - Use snprintf() everywhere instead of sprintf().
5598 - The 'in_memory' hash table has been replaced with a
5599 doubly-linked list. New objects are added to the head of
5600 the list. When memory space is needed, old objects are
5601 purged from the tail of the list.
5603 Changes to squid-1.2.alpha7 ():
5605 - fixes fixes fixes.
5606 - Made Arjan's PROXY_AUTH ACL patch standard.
5608 Changes to squid-1.2.alpha6 ():
5610 - Simpler cacheobj implementation.
5611 - persistent connection histogram
5612 - SERVER-SIDE PERSISTENT CONNECTIONS:
5614 - Addec Cofig.Timeout.pconn; default 120 seconds
5615 - Added httpState->flags
5616 - Added flags arg to httpBuildRequestHeader()
5617 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
5618 - Added 'Connection' to allowed HTTP headers (http-anon.c)
5619 - Added 'Proxy-Connection' to allowed HTTP headers
5621 - Merged proxyhttpStart() with httpStart() and created
5622 new httpBuildState().
5623 - New httpPconnTransferDone() detects end-of-data on
5624 persistent connections.
5626 Changes to squid-1.2.alpha5 ():
5628 - New configuration system. Everything is generated from
5629 'cf.data.pre', including the main parser, setting defaults,
5630 outputting current values, and freeing memory.
5631 This also involved moving some of the local data structures
5632 (e.g. struct _acl *AclList in acl.c) to the Config
5633 structure. (Max Okumoto)
5634 - No more '/i' for regular expressions. Now insert a '-i'
5635 to switch to case-insensitive. Use '+i' for case-sensitive.
5636 - When you have a variable named the same as its type, sizeof()
5637 gets the wrong one (fde).
5638 - Need to flush unbuffered logs before fork().
5639 - Added two fields swap log: refcount and e->flag.
5640 - Removed all the .h files for each .c file. Now #include stuff
5641 is in either: defines.h, enums.h, typedefs.h, structs.h,
5642 or protos.h, globals.h. This greatly reduces dependencies
5643 between the various source files.
5644 - globals.c is generated from globals.h by a Perl script.
5645 - Started customizable error texts.
5647 Changes to squid-1.2.alpha4 ():
5649 - New MIME configuration, regular expression based
5650 - Added request_timeout config option
5651 - Multiple HTTP sockets (Lincoln Dale).
5652 - Moved 'fds_are_n_free' check to httpAccept().
5653 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
5654 - Changed storeRegister to use offsets and make immediate
5655 callbacks if appropriate.
5656 - Removed icpDetectClientClose(). Some of that functionality
5657 goes into clientReadRequest() and the rest into
5659 - Moved IP lookups to commConnect stuff.
5660 - Added support for retrying connect().
5661 - New inline debug() macro (David Luyer).
5662 - Replace frequent gettimeofday() calls with alarm(3) based
5663 clock. Need to add more gettimeofday() calls to get back
5664 high-resolution timestamp logging (Andres Kroonmaa).
5665 - Added support for Cache-control: proxy-revalidate;
5666 based on squid-1.1 patch from Mike Mitchell.
5668 Changes to squid-1.2.alpha3 ():
5670 - Implemented persistent connections between clients and squid.
5671 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
5673 - Removed use of FD as an identifier in certain callback
5674 operations (ipcache, fqdncache).
5675 - General code cleanup.
5676 - Fixed typedefs for callback functions.
5677 - Removed FD lifetime/timeout dichotomy. Now we only have
5678 timeouts, however the lifetime concept/keyword may still
5679 linger in certain places.
5680 - Change Makefile 'realclean' target to 'distclean'
5681 - Changed config file parsing of time specifications to use
5683 - Removed storetoString.c
5685 Changes to squid-1.2.alpha2 ():
5687 - Merged squid-1.1.9, squid-1.1.10 changes
5689 Changes to squid-1.2.alpha1 ():
5691 - Unified peer selection algorithm.
5692 - aiops.c and aiops.h are a threaded implementation of
5693 asynchronous file operations (Stewart Forster).
5694 - async_io.c and async_io.h are complete rewrites of the old
5695 versions (Stewart Forster).
5696 - Rewrote all disk file operations of squid to support
5697 the idea of callbacks except where not required (Stewart
5699 - Background validation of 'tainted' swap log entries (Stewart
5701 - Modified storeWriteCleanLog to create the log file using the
5702 open/write rather than fopen/printf (Stewart Forster).
5703 - Added the EINTR error response to handle badly interrupted
5704 system calls (Stewart Forster).
5705 - UDP_HIT_OBJ not supported, removed.
5706 - Different sized 'cache_dirs' supported.
5708 ==============================================================================
projects / thirdparty / squid.git / blob