+Changes in squid-5.0.1 (14 Jan 2020):
+
+ - Bug 4989: Leaking StoreEntry objects on Cache Digest rebuilds
+ - Bug 4912: same-name notes being appended instead of replaced
+ - Bug 4864: !Comm::MonitorsRead assertion in maybeReadVirginBody()
+ - Bug 4579: cannot hit an entry being written by another worker
+ - ICAP: Initial support for trailers
+ - Add auth_schemes to control schemes presence and order in 401s/407s
+ - Make CONNECT ACL a built-in default
+ - Remove USE_CHUNKEDMEMPOOLS compiler flag
+ - Two new ACLs implemented: annotate_transaction and annotate_client
+ - Add response delay pools feature for Squid-to-client speed limiting
+ - QA: allow test-suite to be run without a full build
+ - Happy Eyeballs: Use each fully resolved forwarding destination ASAP
+ - Support selective CF: collapsed_forwarding_access
+ - Reworked packet/connection marking
+ - Add new deny_info %A macro
+ - Identify collapsed transactions
+ - Add sample Kerberos group authentication external_acl helper
+ - Optimization: Fewer memory (re)allocations for HTTP headers
+ - Add TrivialDB support
+ - Do not send Content-Length in 1xx or 204 responses
+ - negotiate_kerberos_auth: fix memory leaks
+ - ntlm_fake_auth: add ability to test delayed responses
+ - Add %ssl::<cert macro for logging server X.509 certificate
+ - Reuse reserved Negotiate and NTLM helpers after an idle timeout
+ - Log PROXY protocol v2 TLVs
+ - Support logformat %codes in error page templates
+ - Fix incremental parsing of chunked quoted extensions
+ - Peering support for SslBump
+ - RFC 8586: Loop Detection in Content Delivery Networks
+ - Prevent TLS transaction stalls by preserving flags.read_pending
+ - Fix "BUG: Lost previously bumped from-Squid connection"
+ - Add %master_xaction logformat code
+ - Log "-" instead of the made-up method "NONE"
+ - Add GeneratingCONNECT step for the existing at_step ACL
+ - Report context of level-0/1 cache.log messages
+ - Re-enabled updates of stored headers on HTTP 304 responses
+ - Translations: Fix grammatical error in French error pages
+ - Smarter auth_param utf8 handling, including CP1251 support
+ - Fix rock disk entry contamination related to aborted swapouts
+ - Send HTTP/500 (Internal Server Error) when lacking peers
+ - Fix prohibitively slow search for new SMP shm pages
+ - Centralized PagePool/PageStack ID generation
+ - ... and many documentation changes
+ - ... and much code cleanup and polishing
+
+Changes to squid-4.10 (14 Jan 2020):
+
+ - Bug 5009: Build failure with older clang libc++
+ - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size
+ - Bug 5007: Docs: Fix max_filedescriptors description
+ - Bug 4735: Truncated chunked responses cached as whole
+ - ext_lm_group_acl: Improved username handling
+ - Fix FTP buffers handling
+ - Fix shared memory size calculation on 64-bit systems
+ - Fix server_cert_fingerprint on cert validator-reported errors
+ - Fix request URL generation in reverse proxy configurations
+ - ... and several documentation updates
+ - ... and several compile fixes
+
Changes to squid-4.9 (05 Nov 2019):
- Bug 4978: eCAP crash after using MyHost().newRequest()
<!doctype linuxdoc system>
<article>
-<title>Squid 5.0.0 release notes</title>
+<title>Squid 5.0.1 release notes</title>
<author>Squid Developers</author>
<abstract>
<toc>
<sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-5.0.0 for testing.
+<p>The Squid Team are pleased to announce the release of Squid-5.0.1 for testing.
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v5/"> or the
<url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
<item>Happy Eyeballs Update
<item>Kerberos Group Helper
<item>TrivialDB Support
+ <item>RFC 8586: Loop Detection in Content Delivery Networks
+ <item>Peering support for SSL-Bump
</itemize>
Most user-facing changes are reflected in squid.conf (see below).
the helpers functionality to rebuild it as needed.
+<sect1>Loop Detection in Content Delivery Networks
+<p>Details in <url url="https://tools.ietf.org/html/rfc8586" name="RFC 8586">
+
+<p>Squid now uses the CDN-Loop header as a source for loop detection.
+
+<p>This header is only relevant to CDN installations. For which the
+ <em>surrogate_id</em> configuration directive specifies the authoritative
+ ID.
+
+<p>Squid does not add this header by default, preferring to use the
+ Via mechanism instead. Administrators may add it to requests
+ with the <em>request_header_add</em> directive or remove with
+ <em>request_header_remove</em>.
+
+
+<sect1>Peering support for SSL-Bump
+<p>Squid now supports forwarding of bumped, re-encrypted HTTPS requests through
+ a cache_peer using a standard HTTP CONNECT tunnel.
+
+<p>No support for triggering client authentication when a cache_peer
+ configuration instructs the bumping Squid to relay authentication info
+ contained in client CONNECT request. The bumping Squid still responds
+ with HTTP 200 (Connection Established) to the client CONNECT request (to
+ see TLS client handshake) <em>before</em> selecting the cache_peer.
+
+<p>HTTPS cache_peers are not yet supported primarily because Squid cannot
+ yet do TLS-in-TLS.
+
+
<sect>Changes to squid.conf since Squid-4
<p>
There have been changes to Squid's configuration file since Squid-4.
<p>New access control to restrict collapsed forwarding to a subset of
eligible HTTP, ICP and HTCP requests.
+ <tag>happy_eyeballs_connect_gap</tag>
+ <p>New directive to specify the minimum delay between opening spare
+ connections to any server.
+
+ <tag>happy_eyeballs_connect_limit</tag>
+ <p>New directive to specify the maximum number of spare connections
+ to any server.
+
+ <tag>happy_eyeballs_connect_timeout</tag>
+ <p>New directive to specify the minimum delay between opening a
+ primary to-server connection and opening a spare to-server
+ connection for the same transaction.
+
<tag>mark_client_connection</tag>
<p>New access control to apply a Netfilter CONNMARK value to a TCP client
connection.
<p>New access control to determines whether a specific named response
delay pool is used for the HTTP transaction.
+ <tag>shared_transient_entries_limit</tag>
+ <p>Replacement for <em>collapsed_forwarding_shared_entries_limit</em>.
+
</descrip>
<sect1>Changes to existing directives<label id="modifieddirectives">
<p>New <em>annotate_transaction</em> type to annotate an HTTP transaction.
Annotations can be used by other ACLs or helpers and persist until
logging of the HTTP transaction is completed.
+ <p>New value <em>GeneratingCONNECT</em> for the <em>at_step</em> type to
+ match when Squid is about to send a CONNECT request to a cache peer.
<p>Replaced <em>clientside_mark</em> with <em>client_connection_mark</em>
type to match Netfilter CONNMARK of the client TCP connection.
+ <tag>auth_param</tag>
+ <p>New <em>reservation-timeout=</em> option to allow NTLM and Negotiate
+ helpers to forget about clients with outstanding authentication
+ requests.
+ <p>Added support for CP1251 charset conversion when <em>utf8</em> option
+ is configured.
+
+ <tag>authenticate_cache_garbage_interval</tag>
+ <p>Now disabled when <em>--disable-auth</em> build parameter is used.
+
+ <tag>authenticate_ttl</tag>
+ <p>Now disabled when <em>--disable-auth</em> build parameter is used.
+
+ <tag>authenticate_ip_ttl</tag>
+ <p>Now disabled when <em>--disable-auth</em> build parameter is used.
+
<tag>deny_info</tag>
<p>New code <em>%A</em> to display Squid listening IP address the client
TCP connection was connected to.
<tag>logformat</tag>
<p>New <em>ssl::<cert</em> macro code to display received server X.509
certificate in PEM format.
+ <p>New <em>proxy_protocol::>h</em> code to display received PROXY
+ protocol version 2 TLV values.
+ <p>New <em>master_xaction</em> code to display Squids internal
+ transaction ID.
<p>New <em>CF</em> value for <em>%Ss</em> code to indicate the response
was handled by Collapsed Forwarding.
+ <p>Codes <em>rm</em>, <em><rm</em> and <em>>rm</em> display "-"
+ instead of the made-up method NONE.
</descrip>
<tag>clientside_mark</tag>
<p>Replaced by <em>mark_client_packet</em>.
+ <tag>collapsed_forwarding_shared_entries_limit</tag>
+ <p>Replaced by <em>shared_transient_entries_limit</em>.
+
<tag>dns_v4_first</tag>
<p>Removed. The new "Happy Eyeballs" algorithm uses received IP
addresses as soon as they are needed.