+Changes to squid-3.5.0.1 (17 Oct 2014):
+
+ - Port from 2.7: redirector and logging urlgroup feature
+ - Bug 4093: source-maintenance.sh bad perl -i option
+ - Bug 3608: per-service name for workers UDS sockets
+ - Bug 2554: 32-bit wrap in AUFS counters
+ - Bug 1961 pt1: URL handling redesign
+ - Bug 1202 pt1: documentation for refresh_pattern algorithms
+ - Update Squid boilerplate copyright/license
+ - Update the http(s)_port directives protocol= parameter
+ - Update forward_max_tries to permit 25 server paths
+ - Update Kerberos library detection and build options
+ - Support ACLs on ftp_epsv directive
+ - Support >32KB objects in cache_dir rock storage
+ - Support client connection annotation by helpers via clt_conn_tag=TAG
+ - Support native FTP Relay
+ - Support libgnugss Kerberos library
+ - Support libecap v1.0
+ - Support SSL Peek and Splice feature
+ - Support receiving PROXY protocol version 1 and 2
+ - Replace --enable-ssl build option with --with-openssl
+ - Enable -n service name command line option for all Squid builds
+ - Enable ICAP client by default
+ - Fix configuration file parsing bugs, related to quoted strings
+ - Fix Windows MinGW build errors
+ - Fix multiple TCP outgoing TOS/DiffServ bugs
+ - Fix Cygwin /etc/resolv.conf parsing
+ - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
+ - Fix crash reading malformed config files
+ - Send selected SSL version and cipher to the certificate validation helper
+ - Validate server certificates without bumping
+ - Add zero-copy string buffer support
+ - Add automated squid.conf parser testing with squid -k parse
+ - Add adaptation_service ACL
+ - Add logformat code %tS to log transaction start time
+ - Add logformat code %>rd to log client URL domain name
+ - Add key_extras to proxy authentication
+ - Add url_rewrite_extras and store_id_extras directives
+ - Add send_hit and store_miss directives
+ - Add collapsed_forwarding directive
+ - Add sslproxy_cert_sign_hash directive
+ - Add SMP SSL session cache
+ - Add cache_peer standby connections
+ - Add helper ext_delayer_acl
+ - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
+ - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
+ - Remove COSS storage in favour of Rock storage
+ - Remove dnsserver and external DNS helper API in favour of mDNS
+ - Remove broken mallinfo() accounting and memory tracing
+ - Remove hierarchy_stoplist in favour of always_direct
+ - Deprecate tag ACL type in favour of note ACL type
+ - Deprecate urlgroup feature in favour of note ACL type
+ - HTTP/1.1: method names are case-sensitive
+ - HTTP/1.1: register new headers from RFC 723x
+ - squidclient: polish and update help display
+ - squidclient: support TLS with GnuTLS 3.1.5+
+ - squidclient: support verbosity levels
+ - squidclient: --ping mode module support
+ - url_fake_rewrite: support concurrency
+ - storeid_file_rewrite: support concurrency
+ - digest_file_auth: support concurrency
+ - digest_edirectory_auth: support concurrency
+ - digest_ldap_auth: support concurrency
+ - ... and many error page translation updates
+ - ... and much code cleanup and polishing
+
Changes to squid-3.4.8 (15 Sep 2014):
- Fix off by one in SNMP subsystem
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.5/"> or the
<url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
+<p>While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
-We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting">
- for how to submit a report with a stack trace.
+<p>We welcome feedback and bug reports. If you find a bug, please see <url url="http://wiki.squid-cache.org/SquidFaq/BugReporting">
+ for how to submit a report with a stack trace.
<sect1>Known issues
<p>
acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
</verb>
-<p>The squid.conf macro ${service_name} is added to provide the service name
+<p>The squid.conf macro <em>${service_name}</em> is added to provide the service name
of the process parsing the config.
<p>There have also been changes to individual directives in the config file.
<p>Ported from Squid-2 with no configuration or visible behaviour changes.
Collapsing of requests is performed across SMP workers.
+ <tag>ftp_client_idle_timeout</tag>
+ <p>This new configuration directive controls how long Squid should
+ wait for an FTP request on a connection to an ftp_port. Many FTP
+ clients do not deal with idle connection closures well,
+ necessitating a longer default timeout (30 minutes) than
+ client_idle_pconn_timeout used for incoming HTTP requests (2
+ minutes). The current default may be changed as we get more
+ experience with FTP relaying.
+
+ <tag>ftp_client_idle_timeout</tag>
+ <p>New directive controlling how long to wait for an FTP request on a
+ client connection to Squid <em>ftp_port</em>.
+
+ <tag>ftp_port</tag>
+ <p>New configuration directive to accept and relay native FTP
+ commands. Typically used for port 21 traffic. By default, native
+ FTP commands are not accepted.
+
<tag>proxy_protocol_access</tag>
<p>New directive to control which clients are permitted to open PROXY
protocol connections on a port flagged with <em>require-proxy-header</em>.
based on ACL selection. ACL can be based on client request or cached
response details.
+ <tag>sslproxy_cert_sign_hash</tag>
+ <p>New directive to set the hashing algorithm to use when signing generated certificates.
+
<tag>sslproxy_session_cache_size</tag>
<p>New directive which sets the cache size to use for TLS/SSL sessions cache.
<verb>
[channel-ID] url [extras]
</verb>
- <p>The default value for extras is: "%>a/%>A %un %>rm myip=%la myport=%lp"
+ <p>The default value for extras is: "%>a/%>A %un %>rm myip=%la myport=%lp"
<tag>store_miss</tag>
<p>New configuration directive to enable/disable caching of MISS responses.
<verb>
[channel-ID] url [extras]
</verb>
- <p>The default value for extras is: "%>a/%>A %un %>rm myip=%la myport=%lp"
-
- <tag>ftp_port</tag>
-
- <p>New configuration directive to accept and relay native FTP
- commands. Typically used for port 21 traffic. By default, native
- FTP commands are not accepted.
-
- <tag>ftp_client_idle_timeout</tag>
-
- <p>This new configuration directive controls how long Squid should
- wait for an FTP request on a connection to an ftp_port. Many FTP
- clients do not deal with idle connection closures well,
- necessitating a longer default timeout (30 minutes) than
- client_idle_pconn_timeout used for incoming HTTP requests (2
- minutes). The current default may be changed as we get more
- experience with FTP relaying.
+ <p>The default value for extras is: "%>a/%>A %un %>rm myip=%la myport=%lp"
</descrip>
<p>
<descrip>
<tag>acl</tag>
+ <p>Deprecated type <em>tag</em>. Use type <em>note</em> with 'tag' key
+ name instead.
<p>New type <em>adaptation_service</em> to match the name of any
icap_service, ecap_service, adaptation_service_set, or
adaptation_service_chain that Squid has used (or attempted to use)
for the HTTP transaction so far.
+ <p>New type <em>at_step</em> to match the current SSL-Bump processing step.
+ Never matches and should not be used outside of <em>ssl_bump</em>.
<tag>auth_param</tag>
<p>New parameter <em>key_extras</em> to send additional parameters to
maximum slot size is 32KB.
<p>Removal of old rock cache dir followed by <em>squid -z</em> is required
when upgrading from earlier versions of Squid.
+ <p><em>COSS</em> storage type is formally replaced by Rock storage type.
+ COSS storage type and all COSS specific options are removed.
<tag>cache_peer</tag>
<p>New <em>standby=N</em> option to retain a set of N open and unused
have not been used for HTTP messaging (and may never be). They may be
turned into persistent connections after their first use subject to the
same keep-alive critera any HTTP connection is checked for.
+ <p>Squid-2 option <em>idle=</em> replaced by <em>standby=</em>.
+ <p>NOTE that standby connections are started earlier and available in
+ more circumstances than squid-2 idle connections were. They are
+ also spread over all IPs of the peer.
+
+ <tag>external_acl_type</tag>
+ <p>New format code <em>%ssl::>sni</em> to send SSL client SNI.
+ <p>New format code <em>%ssl::<cert_subject</em> to send SSL server certificate DN.
+ <p>New format code <em>%ssl::<cert_issuer</em> to send SSL server certificate issuer DN.
+ <p>New response kv-pair <em>clt_conn_tag=</em> to associates a given tag with the client TCP connection.
<tag>forward_max_tries</tag>
<p>Default value increased to <em>25 destinations</em> to allow better
Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1
<tag>logformat</tag>
- <p>New format code <em>%credentials</em> to log the client credentials
- token.
+ <p>New format code <em>%credentials</em> to log the client credentials token.
+ <p>New format code <em>%ssl::>sni</em> to TLS client SNI sent to Squid.
<p>New format code <em>%tS</em> to log transaction start time in
"seconds.milliseconds" format, similar to the existing access.log
"current time" field (%ts.%03tu) which logs the corresponding
transaction finish time.
+ <p>New format codes <em>%<rs</em> and <em>%>rs</em> to log request URL
+ scheme from client or sent to server/peer respectively.
+ <p>New format codes <em>%<rd</em> and <em>%>rd</em> to log request URL
+ domain from client or sent to server/peer respectively.
+ <p>New format codes <em>%<rP</em> and <em>%>rP</em> to log request URL
+ port from client or sent to server/peer respectively.
+
+ <tag>ssl_bump</tag>
+ <p>Bumping 'modes' redesigned as 'actions' and ACLs evaluated repeatedly in a number of steps.
+ <p>Renamed <em>server-first</em> as <em>bump</em> action.
+ <p>Renamed <em>none</em> as <em>splice</em> action.
+ <p>New actions <em>peek</em> and <em>stare</em> to receive client or server
+ certificate while preserving the ability to later decide between bumping
+ or splicing the connections later.
+ <p>New action <em>terminate</em> to close the client and server connections.
+
+ <tag>url_rewrite_program</tag>
+ <p>New response kv-pair <em>clt_conn_tag=</em> to associates a given tag with the client TCP connection.
</descrip>
<sect1>Removed tags<label id="removedtags">
<p>
<descrip>
- <tag>cache_dir</tag>
- <p><em>COSS</em> storage type is formally replaced by Rock storage type.
-
<tag>cache_dns_program</tag>
<p>DNS external helper interface has been removed. It was no longer
able to provide high performance service and the internal DNS
client library with multicast DNS cover all modern use-cases.
- <tag>cache_peer</tag>
- <p><em>idle=</em> replaced by <em>standby=</em>.
- <p>NOTE that standby connections are started earlier and available in
- more circumstances than squid-2 idle connections were. They are
- also spread over all IPs of the peer.
-
<tag>dns_children</tag>
<p>DNS external helper interface has been removed.
projects / thirdparty / squid.git / commitdiff
