1 <!doctype linuxdoc system>
3 <title>Squid 3.4.0.0 release notes</title>
4 <author>Squid Developers</author>
7 This document contains the release notes for version 3.4 of Squid.
8 Squid is a WWW Cache application developed by the National Laboratory
9 for Applied Network Research and members of the Web Caching community.
16 The Squid Team are pleased to announce the release of Squid-3.4.0.0 for testing.
18 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.HEAD/"> or the
19 <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
21 While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
23 We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting">
24 for how to submit a report with a stack trace.
28 Although this release is deemed good enough for use in many setups, please note the existence of
29 <url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&version=3.4" name="open bugs against Squid-3.4">.
32 <sect1>Changes since earlier releases of Squid-3.4
34 The 3.4 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/" name="viewed here">.
36 <sect>Major new features since Squid-3.3
37 <p>Squid 3.4 represents a new feature release above 3.3.
39 <p>The most important of these new features are:
41 <item>Helper protocol extensions
42 <item>SSL Server Certificate Validator
45 Most user-facing changes are reflected in squid.conf (see below).
48 <sect1>Helper protocol extensions
49 <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
51 <p>The Squid helper protocol used to communicate with authenticators,
52 URL-rewriters, Redirectors, and External ACL helpers has been updated
55 <p><em>BH</em> status code is now accepted from all helpers to report
56 internal error events separate from <em>ERR</em> rejection code.
57 Permitting Squid to perform recovery operations specific to
58 helper failure instead of a blanket client rejection.
60 <p>Arbitrary key-value pairs can be returned from any helper.
61 Allowing future helpers to be forward- and backward- compatible
62 with this and future version of Squid.
65 <sect1>SSL Server Certificate Validator
66 <p>Details at <url url="http://wiki.squid-cache.org/Features/SslServerCertValidator">.
68 <p>The helper consulted after the internal OpenSSL validation, regardless of the
69 validation results. The helper will receive:
72 <item>the origin server certificate (chain),
73 <item>the intended domain name, and
74 <item>a list of OpenSSL validation errors (if any).
77 <p>If the helper decides to honor an OpenSSL error or report another validation
78 error(s), the helper will return:
81 <item>A list of certificates.
82 <item>A list of items consists the the validation error name (see <em>%err_name</em>
83 error page macro and <em>%err_details</em> code for <em>logformat</em>), error reason
84 (<em>%ssl_lib_error macro</em>), and the offending certificate.
87 <p>The returned information mimics what the internal OpenSSL-based validation code
88 collects now. Returned errors, if any, are fed to <em>sslproxy_cert_error</em>,
89 triggering the existing SSL error processing code.
91 <p>The helper invocation controlled by the <em>sslcrtvalidator_program</em> and
92 <em>sslcrtvalidator_children</em> configurations options which are similar to the
93 <em>ssl_crtd</em> related options.
96 <sect>Changes to squid.conf since Squid-3.3
98 There have been changes to Squid's configuration file since Squid-3.3.
100 This section gives a thorough account of those changes in three categories:
103 <item><ref id="newtags" name="New tags">
104 <item><ref id="modifiedtags" name="Changes to existing tags">
105 <item><ref id="removedtags" name="Removed tags">
109 <sect1>New tags<label id="newtags">
113 <p>Use ACLs to annotate a transaction with customized annotations
114 which can be logged in access.log
116 <tag>sslcrtvalidator_children</tag>
117 <p>Specifies the settings for how many SSL server certificate
118 validator helpers are run and when they are started.
120 <tag>sslcrtvalidator_program</tag>
121 <p>Specifies the location of a SSL server certificate validator helper.
125 <sect1>Changes to existing tags<label id="modifiedtags">
129 <p>New test type <em>server_cert_fingerprint</em> to match against
130 server SSL certificate fingerprint.
132 <tag>auth_param</tag>
133 <p>New result code <em>BH</em> to signal helper internal errors
134 available in all authentication schemes.
135 <p>New key <em>message=</em> for error message details in all authentication schemes.
136 <p>New result code <em>OK</em> and key <em>ha1=</em> in Digest authentication.
137 <p>New result codes <em>OK</em>, <em>ERR</em> replace result codes <em>AF</em>,
138 and <em>NA</em> in NTLM and Negotiate authentication.
139 <p>New key <em>token=</em> for NTLM and Negotiate authentication <em>OK</em> responses.
140 <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
142 <tag>external_acl_type</tag>
143 <p>Deprecated <em>protocol=3.0</em> option. No longer necessary.
144 <p>New result code <em>BH</em> to signal helper internal errors
145 <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
148 <p>New format code <em>%note</em> to log a transaction annotation linked to the
149 transaction by ICAP, eCAP, a helper, or the <em>note</em> squid.conf directive.
151 <tag>unlinkd_program</tag>
152 <p>New helper response format utilizing result codes <em>OK</em> and <em>BH</em>,
153 to signal helper lookup results. Also, key-value response values to return
154 multiple values to Squid.
155 <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
157 <tag>url_rewrite_program</tag>
158 <p>New helper response format utilizing result codes <em>OK</em>, <em>ERR</em>,
159 and <em>BH</em> to signal helper lookup results. Also, key-value response
160 values to return multiple values to Squid.
161 <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
165 <sect1>Removed tags<label id="removedtags">
168 <p><em>There are no removed squid.conf tags in Squid-3.4.</em>
173 <sect>Changes to ./configure options since Squid-3.3
175 There have been some changes to Squid's build configuration since Squid-3.3.
177 This section gives an account of those changes in three categories:
180 <item><ref id="newoptions" name="New options">
181 <item><ref id="modifiedoptions" name="Changes to existing options">
182 <item><ref id="removedoptions" name="Removed options">
186 <sect1>New options<label id="newoptions">
189 <p><em>There are no new ./configure options in Squid-3.4.</em>
193 <sect1>Changes to existing options<label id="modifiedoptions">
196 <p><em>There are no changed ./configure options in Squid-3.4.</em>
201 <sect1>Removed options<label id="removedoptions">
204 <p><em>There are no removed ./configure options in Squid-3.4.</em>
209 <sect>Regressions since Squid-2.7
211 <p>Some squid.conf and ./configure options which were available in Squid-2.7 are not yet available in Squid-3.3
213 <p>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
215 <sect1>Missing squid.conf options available in Squid-2.7
218 <tag>broken_vary_encoding</tag>
219 <p>Not yet ported from 2.6
222 <p><em>COSS</em> storage type is lacking stability fixes from 2.6
223 <p>COSS <em>overwrite-percent=</em> option not yet ported from 2.6
224 <p>COSS <em>max-stripe-waste=</em> option not yet ported from 2.6
225 <p>COSS <em>membufs=</em> option not yet ported from 2.6
226 <p>COSS <em>maxfullbufs=</em> option not yet ported from 2.6
228 <tag>cache_peer</tag>
229 <p><em>idle=</em> not yet ported from 2.7
230 <p><em>monitorinterval=</em> not yet ported from 2.6
231 <p><em>monitorsize=</em> not yet ported from 2.6
232 <p><em>monitortimeout=</em> not yet ported from 2.6
233 <p><em>monitorurl=</em> not yet ported from 2.6
235 <tag>cache_vary</tag>
236 <p>Not yet ported from 2.6
238 <tag>collapsed_forwarding</tag>
239 <p>Not yet ported from 2.6
242 <p>Not yet ported from 2.6
244 <tag>external_acl_type</tag>
245 <p><em>%ACL</em> format tag not yet ported from 2.6
246 <p><em>%DATA</em> format tag not yet ported from 2.6
248 <tag>external_refresh_check</tag>
249 <p>Not yet ported from 2.7
252 <p><em>act-as-origin</em> not yet ported from 2.7
254 <tag>ignore_ims_on_miss</tag>
255 <p>Not yet ported from 2.7
257 <tag>location_rewrite_access</tag>
258 <p>Not yet ported from 2.6
260 <tag>location_rewrite_children</tag>
261 <p>Not yet ported from 2.6
263 <tag>location_rewrite_concurrency</tag>
264 <p>Not yet ported from 2.6
266 <tag>location_rewrite_program</tag>
267 <p>Not yet ported from 2.6
269 <tag>refresh_pattern</tag>
270 <p><em>stale-while-revalidate=</em> not yet ported from 2.7
271 <p><em>ignore-stale-while-revalidate=</em> not yet ported from 2.7
272 <p><em>negative-ttl=</em> not yet ported from 2.7
274 <tag>refresh_stale_hit</tag>
275 <p>Not yet ported from 2.7
277 <tag>storeurl_access</tag>
278 <p>Not yet ported from 2.7
280 <tag>storeurl_rewrite_children</tag>
281 <p>Not yet ported from 2.7
283 <tag>storeurl_rewrite_concurrency</tag>
284 <p>Not yet ported from 2.7
286 <tag>storeurl_rewrite_program</tag>
287 <p>Not yet ported from 2.7
289 <tag>update_headers</tag>
290 <p>Not yet ported from 2.7