1 <!doctype linuxdoc system>
3 <title>Squid 4.0.0 release notes</title>
4 <author>Squid Developers</author>
7 This document contains the release notes for version 4 of Squid.
8 Squid is a WWW Cache application developed by the National Laboratory
9 for Applied Network Research and members of the Web Caching community.
16 The Squid Team are pleased to announce the release of Squid-4.0.0 for testing.
18 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v4/"> or the
19 <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
21 <p>While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
23 <p>We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting">
24 for how to submit a report with a stack trace.
28 Although this release is deemed good enough for use in many setups, please note the existence of
29 <url url="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=4" name="open bugs against Squid-4">.
31 <sect1>Changes since earlier releases of Squid-4
33 The Squid-4 change history can be <url url="http://www.squid-cache.org/Versions/v4/changesets/" name="viewed here">.
36 <sect>Major new features since Squid-3.5
37 <p>Squid 4 represents a new feature release above 3.5.
39 <p>The most important of these new features are:
41 <item>Helper concurrency channels changes
42 <item>Configurable helper queue size
43 <item>SSLv2 support removal
44 <item>MSNT-multi-domain helper removal
47 Most user-facing changes are reflected in squid.conf (see below).
50 <sect1>Configurable helper queue size
51 <p>The new queue-size=N option to helpers configuration, allows users
52 to configure the maximum number of queued requests to busy helpers.
54 <sect1>Helper concurrency channels changes
55 <p> helper-mux.pl we have been distributing for the past few years to
56 encourage use of concurrency is no longer compatible with Squid. If
57 used it will spawn up to 2^64 helpers and DoS the Squid server.
59 <p> Helpers utilizing arrays to handle fixed amounts of concurrency
60 channels MUST be re-written to use queues and capable of handling a
61 64-bit int as index or they will be vulnerable to buffer overrun and
62 arbitrary memory accesses.
64 <p> 32-bit helpers need re-writing to handle the concurrency channel ID
65 as a 64-bit integer value. If not updated they will cause proxies to
66 return unexpected results or timeout once crossing the 32-bit wrap
67 boundary. Leading to undefined behaviour in the client HTTP traffic.
69 <sect1>SSLv2 support removal
70 <p>Details in <url url="https://tools.ietf.org/html/rfc6176" name="RFC 6176">
72 <p>SSLv2 is not fit for purpose. Squid no longer supports being configured with
73 any settings regarding this protocol. That includes settings manually disabling
74 its use since it is now forced to disable by default. Also settings enabling
75 various client/server workarounds specific to SSLv2 are removed.
78 <sect1>MSNT-multi-domain helper removal
80 <p>The <em>basic_msnt_multi_domain_auth</em> helper has been removed. The
81 <em>basic_smb_lm_auth</em> helper performs the same actions without extra
82 Perl and Samba dependencies.
85 <sect>Changes to squid.conf since Squid-3.5
87 There have been changes to Squid's configuration file since Squid-3.5.
89 This section gives a thorough account of those changes in three categories:
92 <item><ref id="newtags" name="New tags">
93 <item><ref id="modifiedtags" name="Changes to existing tags">
94 <item><ref id="removedtags" name="Removed tags">
98 <sect1>New tags<label id="newtags">
101 <tag>tls_outgoing_options</tag>
102 <p>New tag to define TLS security context options for outgoing
103 connections. For example to HTTPS servers.
105 <tag>url_rewrite_timeout</tag>
106 <p>Squid times active requests to redirector. This option sets
107 the timeout value and the Squid reaction to a timed out
112 <sect1>Changes to existing tags<label id="modifiedtags">
115 <tag>auth_param</tag>
116 <p>New parameter <em>queue-size=</em> to set the maximum number
119 <tag>cache_peer</tag>
120 <p>All <em>ssloption=</em> and <em>sslversion=</em> values for
121 SSLv2 configuration or disabling have been removed.
122 <p>Manual squid.conf update may be required on upgrade.
124 <tag>external_acl_type</tag>
125 <p>New parameter <em>queue-size=</em> to set the maximum number
129 <p>All <em>version=</em> <em>option=</em> values for SSLv2
130 configuration or disabling have been removed.
131 <p>Manual squid.conf update may be required on upgrade.
133 <tag>https_port</tag>
134 <p>All <em>version=</em> <em>option=</em> values for SSLv2
135 configuration or disabling have been removed.
136 <p>Manual squid.conf update may be required on upgrade.
138 <tag>sslcrtd_children</tag>
139 <p>New parameter <em>queue-size=</em> to set the maximum number
142 <tag>sslcrtvalidator_children</tag>
143 <p>New parameter <em>queue-size=</em> to set the maximum number
146 <tag>sslproxy_options</tag>
147 <p>All values for SSLv2 configuration or disabling have been removed.
148 <p>Manual squid.conf update may be required on upgrade.
150 <tag>sslproxy_version</tag>
151 <p>Value '2' for SSLv2-only operation is no longer supported.
153 <tag>url_rewrite_children</tag>
154 <p>New parameter <em>queue-size=</em> to set the maximum number
159 <sect1>Removed tags<label id="removedtags">
162 <tag>cache_peer_domain</tag>
163 <p>Superceded by <em>cache_peer_access</em>. Use dstdomain ACL
164 in the access control list to restrict domains requested.
166 <tag>refresh_pattern</tag>
167 <p>Option <em>ignore-auth</em> removed. Its original intent was
168 to improve caching. HTTP/1.1 permits caching of authenticated
169 messages under conditions which Squid does check for and obey.
171 <tag>sslproxy_cafile</tag>
172 <p>Replaced by <em>tls_outgoing_options cafile=</em>.
174 <tag>sslproxy_capath</tag>
175 <p>Replaced by <em>tls_outgoing_options capath=</em>.
177 <tag>sslproxy_cipher</tag>
178 <p>Replaced by <em>tls_outgoing_options cipher=</em>.
180 <tag>sslproxy_client_certificate</tag>
181 <p>Replaced by <em>tls_outgoing_options cert=</em>.
183 <tag>sslproxy_client_key</tag>
184 <p>Replaced by <em>tls_outgoing_options key=</em>.
186 <tag>sslproxy_flags</tag>
187 <p>Replaced by <em>tls_outgoing_options flags=</em>.
189 <tag>sslproxy_options</tag>
190 <p>Replaced by <em>tls_outgoing_options options=</em>.
192 <tag>sslproxy_version</tag>
193 <p>Replaced by <em>tls_outgoing_options version=</em>.
198 <sect>Changes to ./configure options since Squid-3.5
200 There have been some changes to Squid's build configuration since Squid-3.5.
202 This section gives an account of those changes in three categories:
205 <item><ref id="newoptions" name="New options">
206 <item><ref id="modifiedoptions" name="Changes to existing options">
207 <item><ref id="removedoptions" name="Removed options">
211 <sect1>New options<label id="newoptions">
217 <sect1>Changes to existing options<label id="modifiedoptions">
220 <tag>--enable-auth-basic</tag>
221 <p>The <em>MSNT-multi-domain</em> helper has been removed.
226 <sect1>Removed options<label id="removedoptions">
233 <sect>Regressions since Squid-2.7
235 <p>Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-4
237 <p>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
239 <sect1>Missing squid.conf options available in Squid-2.7
242 <tag>broken_vary_encoding</tag>
243 <p>Not yet ported from 2.6
245 <tag>cache_peer</tag>
246 <p><em>monitorinterval=</em> not yet ported from 2.6
247 <p><em>monitorsize=</em> not yet ported from 2.6
248 <p><em>monitortimeout=</em> not yet ported from 2.6
249 <p><em>monitorurl=</em> not yet ported from 2.6
251 <tag>cache_vary</tag>
252 <p>Not yet ported from 2.6
255 <p>Not yet ported from 2.6
257 <tag>external_refresh_check</tag>
258 <p>Not yet ported from 2.7
260 <tag>location_rewrite_access</tag>
261 <p>Not yet ported from 2.6
263 <tag>location_rewrite_children</tag>
264 <p>Not yet ported from 2.6
266 <tag>location_rewrite_concurrency</tag>
267 <p>Not yet ported from 2.6
269 <tag>location_rewrite_program</tag>
270 <p>Not yet ported from 2.6
272 <tag>refresh_pattern</tag>
273 <p><em>stale-while-revalidate=</em> not yet ported from 2.7
274 <p><em>ignore-stale-while-revalidate=</em> not yet ported from 2.7
275 <p><em>negative-ttl=</em> not yet ported from 2.7
277 <tag>refresh_stale_hit</tag>
278 <p>Not yet ported from 2.7
280 <tag>update_headers</tag>
281 <p>Not yet ported from 2.7
287 Copyright (C) 1996-2015 The Squid Software Foundation and contributors
289 Squid software is distributed under GPLv2+ license and includes
290 contributions from numerous individuals and organizations.
291 Please see the COPYING and CONTRIBUTORS files for details.