doc/release-notes/release-3.4.sgml

   1 <!doctype linuxdoc system>
   2 <article>
   3 <title>Squid 3.4.0.0 release notes</title>
   4 <author>Squid Developers</author>
   5
   6 <abstract>
   7 This document contains the release notes for version 3.4 of Squid.
   8 Squid is a WWW Cache application developed by the National Laboratory
   9 for Applied Network Research and members of the Web Caching community.
  10 </abstract>
  11
  12 <toc>
  13
  14 <sect>Notice
  15 <p>
  16 The Squid Team are pleased to announce the release of Squid-3.4.0.0 for testing.
  17
  18 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.HEAD/"> or the
  19  <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
  20
  21 While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
  22
  23 We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting">
  24  for how to submit a report with a stack trace.
  25
  26 <sect1>Known issues
  27 <p>
  28 Although this release is deemed good enough for use in many setups, please note the existence of
  29 <url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&version=3.4" name="open bugs against Squid-3.4">.
  30
  31
  32 <sect1>Changes since earlier releases of Squid-3.4
  33 <p>
  34 The 3.4 change history can be <url url="http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/" name="viewed here">.
  35
  36 <sect>Major new features since Squid-3.3
  37 <p>Squid 3.4 represents a new feature release above 3.3.
  38
  39 <p>The most important of these new features are:
  40 <itemize>
  41         <item>Helper protocol extensions
  42         <item>SSL Server Certificate Validator
  43 </itemize>
  44
  45 Most user-facing changes are reflected in squid.conf (see below).
  46
  47
  48 <sect1>Helper protocol extensions
  49 <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
  50
  51 <p>The Squid helper protocol used to communicate with authenticators,
  52    URL-rewriters, Redirectors, and External ACL helpers has been updated
  53    and extended.
  54
  55 <p><em>BH</em> status code is now accepted from all helpers to report
  56    internal error events separate from <em>ERR</em> rejection code.
  57    Permitting Squid to perform recovery operations specific to
  58    helper failure instead of a blanket client rejection.
  59
  60 <p>Arbitrary key-value pairs can be returned from any helper.
  61    Allowing future helpers to be forward- and backward- compatible
  62    with this and future version of Squid.
  63
  64
  65 <sect1>SSL Server Certificate Validator
  66 <p>Details at <url url="http://wiki.squid-cache.org/Features/SslServerCertValidator">.
  67
  68 <p>The helper consulted after the internal OpenSSL validation, regardless of the
  69    validation results. The helper will receive:
  70
  71 <itemize>
  72         <item>the origin server certificate (chain),
  73         <item>the intended domain name, and
  74         <item>a list of OpenSSL validation errors (if any).
  75 </itemize>
  76
  77 <p>If the helper decides to honor an OpenSSL error or report another validation
  78    error(s), the helper will return:
  79
  80 <itemize>
  81         <item>A list of certificates.
  82         <item>A list of items consists the the validation error name (see <em>%err_name</em>
  83         error page macro and <em>%err_details</em> code for <em>logformat</em>), error reason
  84         (<em>%ssl_lib_error macro</em>), and the offending certificate.
  85 </itemize>
  86
  87 <p>The returned information mimics what the internal OpenSSL-based validation code
  88    collects now. Returned errors, if any, are fed to <em>sslproxy_cert_error</em>,
  89    triggering the existing SSL error processing code.
  90
  91 <p>The helper invocation controlled by the <em>sslcrtvalidator_program</em> and
  92    <em>sslcrtvalidator_children</em> configurations options which are similar to the
  93    <em>ssl_crtd</em> related options.
  94
  95
  96 <sect>Changes to squid.conf since Squid-3.3
  97 <p>
  98 There have been changes to Squid's configuration file since Squid-3.3.
  99
 100 This section gives a thorough account of those changes in three categories:
 101
 102 <itemize>
 103         <item><ref id="newtags" name="New tags">
 104         <item><ref id="modifiedtags" name="Changes to existing tags">
 105         <item><ref id="removedtags" name="Removed tags">
 106 </itemize>
 107 <p>
 108
 109 <sect1>New tags<label id="newtags">
 110 <p>
 111 <descrip>
 112         <tag>note</tag>
 113         <p>Use ACLs to annotate a transaction with customized annotations
 114            which can be logged in access.log
 115
 116         <tag>sslcrtvalidator_children</tag>
 117         <p>Specifies the settings for how many SSL server certificate
 118            validator helpers are run and when they are started.
 119
 120         <tag>sslcrtvalidator_program</tag>
 121         <p>Specifies the location of a SSL server certificate validator helper.
 122
 123 </descrip>
 124
 125 <sect1>Changes to existing tags<label id="modifiedtags">
 126 <p>
 127 <descrip>
 128         <tag>acl</tag>
 129         <p>New test type <em>server_cert_fingerprint</em> to match against
 130            server SSL certificate fingerprint.
 131
 132         <tag>auth_param</tag>
 133         <p>New result code <em>BH</em> to signal helper internal errors
 134            available in all authentication schemes.
 135         <p>New key <em>message=</em> for error message details in all authentication schemes.
 136         <p>New result code <em>OK</em> and key <em>ha1=</em> in Digest authentication.
 137         <p>New result codes <em>OK</em>, <em>ERR</em> replace result codes <em>AF</em>,
 138            and <em>NA</em> in NTLM and Negotiate authentication.
 139         <p>New key <em>token=</em> for NTLM and Negotiate authentication <em>OK</em> responses.
 140         <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
 141
 142         <tag>external_acl_type</tag>
 143         <p>Deprecated <em>protocol=3.0</em> option. No longer necessary.
 144         <p>New result code <em>BH</em> to signal helper internal errors
 145         <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
 146
 147         <tag>logformat</tag>
 148         <p>New format code <em>%note</em> to log a transaction annotation linked to the
 149            transaction by ICAP, eCAP, a helper, or the <em>note</em> squid.conf directive.
 150
 151         <tag>unlinkd_program</tag>
 152         <p>New helper response format utilizing result codes <em>OK</em> and <em>BH</em>,
 153            to signal helper lookup results. Also, key-value response values to return
 154            multiple values to Squid.
 155         <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
 156
 157         <tag>url_rewrite_program</tag>
 158         <p>New helper response format utilizing result codes <em>OK</em>, <em>ERR</em>,
 159            and <em>BH</em> to signal helper lookup results. Also, key-value response
 160            values to return multiple values to Squid.
 161         <p>Details at <url url="http://wiki.squid-cache.org/Features/AddonHelpers">.
 162
 163 </descrip>
 164
 165 <sect1>Removed tags<label id="removedtags">
 166 <p>
 167 <descrip>
 168         <p><em>There are no removed squid.conf tags in Squid-3.4.</em>
 169
 170 </descrip>
 171
 172
 173 <sect>Changes to ./configure options since Squid-3.3
 174 <p>
 175 There have been some changes to Squid's build configuration since Squid-3.3.
 176
 177 This section gives an account of those changes in three categories:
 178
 179 <itemize>
 180         <item><ref id="newoptions" name="New options">
 181         <item><ref id="modifiedoptions" name="Changes to existing options">
 182         <item><ref id="removedoptions" name="Removed options">
 183 </itemize>
 184
 185
 186 <sect1>New options<label id="newoptions">
 187 <p>
 188 <descrip>
 189         <p><em>There are no new ./configure options in Squid-3.4.</em>
 190
 191 </descrip>
 192
 193 <sect1>Changes to existing options<label id="modifiedoptions">
 194 <p>
 195 <descrip>
 196         <p><em>There are no changed ./configure options in Squid-3.4.</em>
 197
 198 </descrip>
 199 </p>
 200
 201 <sect1>Removed options<label id="removedoptions">
 202 <p>
 203 <descrip>
 204         <p><em>There are no removed ./configure options in Squid-3.4.</em>
 205
 206 </descrip>
 207
 208
 209 <sect>Regressions since Squid-2.7
 210
 211 <p>Some squid.conf and ./configure options which were available in Squid-2.7 are not yet available in Squid-3.3
 212
 213 <p>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
 214
 215 <sect1>Missing squid.conf options available in Squid-2.7
 216 <p>
 217 <descrip>
 218         <tag>broken_vary_encoding</tag>
 219         <p>Not yet ported from 2.6
 220
 221         <tag>cache_dir</tag>
 222         <p><em>COSS</em> storage type is lacking stability fixes from 2.6
 223         <p>COSS <em>overwrite-percent=</em> option not yet ported from 2.6
 224         <p>COSS <em>max-stripe-waste=</em> option not yet ported from 2.6
 225         <p>COSS <em>membufs=</em> option not yet ported from 2.6
 226         <p>COSS <em>maxfullbufs=</em> option not yet ported from 2.6
 227
 228         <tag>cache_peer</tag>
 229         <p><em>idle=</em> not yet ported from 2.7
 230         <p><em>monitorinterval=</em> not yet ported from 2.6
 231         <p><em>monitorsize=</em> not yet ported from 2.6
 232         <p><em>monitortimeout=</em> not yet ported from 2.6
 233         <p><em>monitorurl=</em> not yet ported from 2.6
 234
 235         <tag>cache_vary</tag>
 236         <p>Not yet ported from 2.6
 237
 238         <tag>collapsed_forwarding</tag>
 239         <p>Not yet ported from 2.6
 240
 241         <tag>error_map</tag>
 242         <p>Not yet ported from 2.6
 243
 244         <tag>external_acl_type</tag>
 245         <p><em>%ACL</em> format tag not yet ported from 2.6
 246         <p><em>%DATA</em> format tag not yet ported from 2.6
 247
 248         <tag>external_refresh_check</tag>
 249         <p>Not yet ported from 2.7
 250
 251         <tag>http_port</tag>
 252         <p><em>act-as-origin</em> not yet ported from 2.7
 253
 254         <tag>ignore_ims_on_miss</tag>
 255         <p>Not yet ported from 2.7
 256
 257         <tag>location_rewrite_access</tag>
 258         <p>Not yet ported from 2.6
 259
 260         <tag>location_rewrite_children</tag>
 261         <p>Not yet ported from 2.6
 262
 263         <tag>location_rewrite_concurrency</tag>
 264         <p>Not yet ported from 2.6
 265
 266         <tag>location_rewrite_program</tag>
 267         <p>Not yet ported from 2.6
 268
 269         <tag>refresh_pattern</tag>
 270         <p><em>stale-while-revalidate=</em> not yet ported from 2.7
 271         <p><em>ignore-stale-while-revalidate=</em> not yet ported from 2.7
 272         <p><em>negative-ttl=</em> not yet ported from 2.7
 273
 274         <tag>refresh_stale_hit</tag>
 275         <p>Not yet ported from 2.7
 276
 277         <tag>storeurl_access</tag>
 278         <p>Not yet ported from 2.7
 279
 280         <tag>storeurl_rewrite_children</tag>
 281         <p>Not yet ported from 2.7
 282
 283         <tag>storeurl_rewrite_concurrency</tag>
 284         <p>Not yet ported from 2.7
 285
 286         <tag>storeurl_rewrite_program</tag>
 287         <p>Not yet ported from 2.7
 288
 289         <tag>update_headers</tag>
 290         <p>Not yet ported from 2.7
 291
 292 </descrip>
 293
 294 </article>