1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2 Final//EN">
4 <META NAME=
"GENERATOR" CONTENT=
"LinuxDoc-Tools 0.9.69">
5 <TITLE>Squid
4.0.0 release notes
</TITLE>
8 <H1>Squid
4.0.0 release notes
</H1>
10 <H2>Squid Developers
</H2>
12 <EM>This document contains the release notes for version
4 of Squid.
13 Squid is a WWW Cache application developed by the National Laboratory
14 for Applied Network Research and members of the Web Caching community.
</EM>
17 <H2><A NAME=
"toc1">1.
</A> <A HREF=
"#s1">Notice
</A></H2>
20 <LI><A NAME=
"toc1.1">1.1</A> <A HREF=
"#ss1.1">Known issues
</A>
21 <LI><A NAME=
"toc1.2">1.2</A> <A HREF=
"#ss1.2">Changes since earlier releases of Squid-
4</A>
24 <H2><A NAME=
"toc2">2.
</A> <A HREF=
"#s2">Major new features since Squid-
3.5</A></H2>
27 <LI><A NAME=
"toc2.1">2.1</A> <A HREF=
"#ss2.1">Configurable helper queue size
</A>
28 <LI><A NAME=
"toc2.2">2.2</A> <A HREF=
"#ss2.2">Helper concurrency channels changes
</A>
29 <LI><A NAME=
"toc2.3">2.3</A> <A HREF=
"#ss2.3">SSLv2 support removal
</A>
30 <LI><A NAME=
"toc2.4">2.4</A> <A HREF=
"#ss2.4">MSNT-multi-domain helper removal
</A>
33 <H2><A NAME=
"toc3">3.
</A> <A HREF=
"#s3">Changes to squid.conf since Squid-
3.5</A></H2>
36 <LI><A NAME=
"toc3.1">3.1</A> <A HREF=
"#ss3.1">New tags
</A>
37 <LI><A NAME=
"toc3.2">3.2</A> <A HREF=
"#ss3.2">Changes to existing tags
</A>
38 <LI><A NAME=
"toc3.3">3.3</A> <A HREF=
"#ss3.3">Removed tags
</A>
41 <H2><A NAME=
"toc4">4.
</A> <A HREF=
"#s4">Changes to ./configure options since Squid-
3.5</A></H2>
44 <LI><A NAME=
"toc4.1">4.1</A> <A HREF=
"#ss4.1">New options
</A>
45 <LI><A NAME=
"toc4.2">4.2</A> <A HREF=
"#ss4.2">Changes to existing options
</A>
46 <LI><A NAME=
"toc4.3">4.3</A> <A HREF=
"#ss4.3">Removed options
</A>
49 <H2><A NAME=
"toc5">5.
</A> <A HREF=
"#s5">Regressions since Squid-
2.7</A></H2>
52 <LI><A NAME=
"toc5.1">5.1</A> <A HREF=
"#ss5.1">Missing squid.conf options available in Squid-
2.7</A>
55 <H2><A NAME=
"toc6">6.
</A> <A HREF=
"#s6">Copyright
</A></H2>
59 <H2><A NAME=
"s1">1.
</A> <A HREF=
"#toc1">Notice
</A></H2>
61 <P>The Squid Team are pleased to announce the release of Squid-
4.0.0 for testing.
</P>
62 <P>This new release is available for download from
63 <A HREF=
"http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/
</A> or the
64 <A HREF=
"http://www.squid-cache.org/Download/http-mirrors.html">mirrors
</A>.
</P>
66 <P>While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
</P>
68 <P>We welcome feedback and bug reports. If you find a bug, please see
69 <A HREF=
"http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting
</A>
70 for how to submit a report with a stack trace.
</P>
72 <H2><A NAME=
"ss1.1">1.1</A> <A HREF=
"#toc1.1">Known issues
</A>
75 <P>Although this release is deemed good enough for use in many setups, please note the existence of
76 <A HREF=
"http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=4">open bugs against Squid-
4</A>.
</P>
78 <H2><A NAME=
"ss1.2">1.2</A> <A HREF=
"#toc1.2">Changes since earlier releases of Squid-
4</A>
81 <P>The Squid-
4 change history can be
82 <A HREF=
"http://www.squid-cache.org/Versions/v4/changesets/">viewed here
</A>.
</P>
85 <H2><A NAME=
"s2">2.
</A> <A HREF=
"#toc2">Major new features since Squid-
3.5</A></H2>
87 <P>Squid
4 represents a new feature release above
3.5.
</P>
89 <P>The most important of these new features are:
91 <LI>Helper concurrency channels changes
</LI>
92 <LI>Configurable helper queue size
</LI>
93 <LI>SSLv2 support removal
</LI>
94 <LI>MSNT-multi-domain helper removal
</LI>
97 <P>Most user-facing changes are reflected in squid.conf (see below).
</P>
100 <H2><A NAME=
"ss2.1">2.1</A> <A HREF=
"#toc2.1">Configurable helper queue size
</A>
103 <P>The new queue-size=N option to helpers configuration, allows users
104 to configure the maximum number of queued requests to busy helpers.
</P>
106 <H2><A NAME=
"ss2.2">2.2</A> <A HREF=
"#toc2.2">Helper concurrency channels changes
</A>
109 <P> helper-mux.pl we have been distributing for the past few years to
110 encourage use of concurrency is no longer compatible with Squid. If
111 used it will spawn up to
2^
64 helpers and DoS the Squid server.
</P>
113 <P> Helpers utilizing arrays to handle fixed amounts of concurrency
114 channels MUST be re-written to use queues and capable of handling a
115 64-bit int as index or they will be vulnerable to buffer overrun and
116 arbitrary memory accesses.
</P>
118 <P> 32-bit helpers need re-writing to handle the concurrency channel ID
119 as a
64-bit integer value. If not updated they will cause proxies to
120 return unexpected results or timeout once crossing the
32-bit wrap
121 boundary. Leading to undefined behaviour in the client HTTP traffic.
</P>
123 <H2><A NAME=
"ss2.3">2.3</A> <A HREF=
"#toc2.3">SSLv2 support removal
</A>
127 <A HREF=
"https://tools.ietf.org/html/rfc6176">RFC
6176</A></P>
129 <P>SSLv2 is not fit for purpose. Squid no longer supports being configured with
130 any settings regarding this protocol. That includes settings manually disabling
131 its use since it is now forced to disable by default. Also settings enabling
132 various client/server workarounds specific to SSLv2 are removed.
</P>
135 <H2><A NAME=
"ss2.4">2.4</A> <A HREF=
"#toc2.4">MSNT-multi-domain helper removal
</A>
138 <P>The
<EM>basic_msnt_multi_domain_auth
</EM> helper has been removed. The
139 <EM>basic_smb_lm_auth
</EM> helper performs the same actions without extra
140 Perl and Samba dependencies.
</P>
143 <H2><A NAME=
"s3">3.
</A> <A HREF=
"#toc3">Changes to squid.conf since Squid-
3.5</A></H2>
145 <P>There have been changes to Squid's configuration file since Squid-
3.5.
</P>
146 <P>This section gives a thorough account of those changes in three categories:
</P>
150 <A HREF=
"#newtags">New tags
</A></LI>
152 <A HREF=
"#modifiedtags">Changes to existing tags
</A></LI>
154 <A HREF=
"#removedtags">Removed tags
</A></LI>
159 <H2><A NAME=
"newtags"></A> <A NAME=
"ss3.1">3.1</A> <A HREF=
"#toc3.1">New tags
</A>
164 <DT><B>tls_outgoing_options
</B><DD>
165 <P>New tag to define TLS security context options for outgoing
166 connections. For example to HTTPS servers.
</P>
168 <DT><B>url_rewrite_timeout
</B><DD>
169 <P>Squid times active requests to redirector. This option sets
170 the timeout value and the Squid reaction to a timed out
176 <H2><A NAME=
"modifiedtags"></A> <A NAME=
"ss3.2">3.2</A> <A HREF=
"#toc3.2">Changes to existing tags
</A>
181 <DT><B>auth_param
</B><DD>
182 <P>New parameter
<EM>queue-size=
</EM> to set the maximum number
183 of queued requests.
</P>
185 <DT><B>cache_peer
</B><DD>
186 <P>All
<EM>ssloption=
</EM> and
<EM>sslversion=
</EM> values for
187 SSLv2 configuration or disabling have been removed.
</P>
188 <P>Manual squid.conf update may be required on upgrade.
</P>
190 <DT><B>external_acl_type
</B><DD>
191 <P>New parameter
<EM>queue-size=
</EM> to set the maximum number
192 of queued requests.
</P>
194 <DT><B>http_port
</B><DD>
195 <P>All
<EM>version=
</EM> <EM>option=
</EM> values for SSLv2
196 configuration or disabling have been removed.
</P>
197 <P>Manual squid.conf update may be required on upgrade.
</P>
199 <DT><B>https_port
</B><DD>
200 <P>All
<EM>version=
</EM> <EM>option=
</EM> values for SSLv2
201 configuration or disabling have been removed.
</P>
202 <P>Manual squid.conf update may be required on upgrade.
</P>
204 <DT><B>sslcrtd_children
</B><DD>
205 <P>New parameter
<EM>queue-size=
</EM> to set the maximum number
206 of queued requests.
</P>
208 <DT><B>sslcrtvalidator_children
</B><DD>
209 <P>New parameter
<EM>queue-size=
</EM> to set the maximum number
210 of queued requests.
</P>
212 <DT><B>sslproxy_options
</B><DD>
213 <P>All values for SSLv2 configuration or disabling have been removed.
</P>
214 <P>Manual squid.conf update may be required on upgrade.
</P>
216 <DT><B>sslproxy_version
</B><DD>
217 <P>Value '
2' for SSLv2-only operation is no longer supported.
</P>
219 <DT><B>url_rewrite_children
</B><DD>
220 <P>New parameter
<EM>queue-size=
</EM> to set the maximum number
221 of queued requests.
</P>
226 <H2><A NAME=
"removedtags"></A> <A NAME=
"ss3.3">3.3</A> <A HREF=
"#toc3.3">Removed tags
</A>
231 <DT><B>cache_peer_domain
</B><DD>
232 <P>Superceded by
<EM>cache_peer_access
</EM>. Use dstdomain ACL
233 in the access control list to restrict domains requested.
</P>
235 <DT><B>refresh_pattern
</B><DD>
236 <P>Option
<EM>ignore-auth
</EM> removed. Its original intent was
237 to improve caching. HTTP/
1.1 permits caching of authenticated
238 messages under conditions which Squid does check for and obey.
</P>
240 <DT><B>sslproxy_cafile
</B><DD>
241 <P>Replaced by
<EM>tls_outgoing_options cafile=
</EM>.
</P>
243 <DT><B>sslproxy_capath
</B><DD>
244 <P>Replaced by
<EM>tls_outgoing_options capath=
</EM>.
</P>
246 <DT><B>sslproxy_cipher
</B><DD>
247 <P>Replaced by
<EM>tls_outgoing_options cipher=
</EM>.
</P>
249 <DT><B>sslproxy_client_certificate
</B><DD>
250 <P>Replaced by
<EM>tls_outgoing_options cert=
</EM>.
</P>
252 <DT><B>sslproxy_client_key
</B><DD>
253 <P>Replaced by
<EM>tls_outgoing_options key=
</EM>.
</P>
255 <DT><B>sslproxy_flags
</B><DD>
256 <P>Replaced by
<EM>tls_outgoing_options flags=
</EM>.
</P>
258 <DT><B>sslproxy_options
</B><DD>
259 <P>Replaced by
<EM>tls_outgoing_options options=
</EM>.
</P>
261 <DT><B>sslproxy_version
</B><DD>
262 <P>Replaced by
<EM>tls_outgoing_options version=
</EM>.
</P>
268 <H2><A NAME=
"s4">4.
</A> <A HREF=
"#toc4">Changes to ./configure options since Squid-
3.5</A></H2>
270 <P>There have been some changes to Squid's build configuration since Squid-
3.5.
</P>
271 <P>This section gives an account of those changes in three categories:
</P>
275 <A HREF=
"#newoptions">New options
</A></LI>
277 <A HREF=
"#modifiedoptions">Changes to existing options
</A></LI>
279 <A HREF=
"#removedoptions">Removed options
</A></LI>
284 <H2><A NAME=
"newoptions"></A> <A NAME=
"ss4.1">4.1</A> <A HREF=
"#toc4.1">New options
</A>
293 <H2><A NAME=
"modifiedoptions"></A> <A NAME=
"ss4.2">4.2</A> <A HREF=
"#toc4.2">Changes to existing options
</A>
298 <DT><B>--enable-auth-basic
</B><DD>
299 <P>The
<EM>MSNT-multi-domain
</EM> helper has been removed.
</P>
303 <H2><A NAME=
"removedoptions"></A> <A NAME=
"ss4.3">4.3</A> <A HREF=
"#toc4.3">Removed options
</A>
313 <H2><A NAME=
"s5">5.
</A> <A HREF=
"#toc5">Regressions since Squid-
2.7</A></H2>
315 <P>Some squid.conf options which were available in Squid-
2.7 are not yet available in Squid-
4</P>
317 <P>If you need something to do then porting one of these from Squid-
2 to Squid-
3 is most welcome.
</P>
319 <H2><A NAME=
"ss5.1">5.1</A> <A HREF=
"#toc5.1">Missing squid.conf options available in Squid-
2.7</A>
324 <DT><B>broken_vary_encoding
</B><DD>
325 <P>Not yet ported from
2.6</P>
327 <DT><B>cache_peer
</B><DD>
328 <P><EM>monitorinterval=
</EM> not yet ported from
2.6</P>
329 <P><EM>monitorsize=
</EM> not yet ported from
2.6</P>
330 <P><EM>monitortimeout=
</EM> not yet ported from
2.6</P>
331 <P><EM>monitorurl=
</EM> not yet ported from
2.6</P>
333 <DT><B>cache_vary
</B><DD>
334 <P>Not yet ported from
2.6</P>
336 <DT><B>error_map
</B><DD>
337 <P>Not yet ported from
2.6</P>
339 <DT><B>external_refresh_check
</B><DD>
340 <P>Not yet ported from
2.7</P>
342 <DT><B>location_rewrite_access
</B><DD>
343 <P>Not yet ported from
2.6</P>
345 <DT><B>location_rewrite_children
</B><DD>
346 <P>Not yet ported from
2.6</P>
348 <DT><B>location_rewrite_concurrency
</B><DD>
349 <P>Not yet ported from
2.6</P>
351 <DT><B>location_rewrite_program
</B><DD>
352 <P>Not yet ported from
2.6</P>
354 <DT><B>refresh_pattern
</B><DD>
355 <P><EM>stale-while-revalidate=
</EM> not yet ported from
2.7</P>
356 <P><EM>ignore-stale-while-revalidate=
</EM> not yet ported from
2.7</P>
357 <P><EM>negative-ttl=
</EM> not yet ported from
2.7</P>
359 <DT><B>refresh_stale_hit
</B><DD>
360 <P>Not yet ported from
2.7</P>
362 <DT><B>update_headers
</B><DD>
363 <P>Not yet ported from
2.7</P>
368 <H2><A NAME=
"s6">6.
</A> <A HREF=
"#toc6">Copyright
</A></H2>
370 <P>Copyright (C)
1996-
2015 The Squid Software Foundation and contributors
</P>
371 <P>Squid software is distributed under GPLv2+ license and includes
372 contributions from numerous individuals and organizations.
373 Please see the COPYING and CONTRIBUTORS files for details.
</P>