Release Notes: document CacheManager and eCAP changes

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml
index eb7afea2fb658f601fbbe85c66d5697a61be1fd6..eb4bbeb2a5e2fda0e87991cdf3e27b21f0075534 100644 (file)
--- a/doc/release-notes/release-3.2.sgml
+++ b/doc/release-notes/release-3.2.sgml
@@ -43,6 +43,7 @@ The 3.2 change history can be <url url="http://www.squid-cache.org/Versions/v3/3
        <item>Logging Infrastructure Updated
        <item>Client Bandwidth Limits
        <item>Better eCAP support
+       <item>Cache Manager access changes
 </itemize>
 
 Most user-facing changes are reflected in squid.conf (see below).
@@ -292,6 +293,7 @@ Most user-facing changes are reflected in squid.conf (see below).
 <p>The referer_log and useragent_log directives have been converted to built-in log formats.
   These logs are now created using an access_log line with the format "referrer" or "useragent".
 
+
 <sect1> Client Bandwidth Limits
 <p>In mobile environments, Squid may need to limit Squid-to-client bandwidth
    available to individual users, identified by their IP addresses. The IP
@@ -321,6 +323,30 @@ Most user-facing changes are reflected in squid.conf (see below).
    response data from Squid.  This delay may need to be lowered in 
    high-bandwidth environments.
 
+
+<sect1>Better eCAP Suport
+<p>Support for libecap version 0.2.0 has been added with this series of Squid. Bringing
+   better support for body handling, and logging.
+
+
+<sect1>Cache Manager access changes
+<p>The Squid Cache Manager has previously only been accessible under the cache_object://
+   URL scheme. Which has restricted its reporting to tools which can send arbitrary
+   URI to the proxy.
+
+<p>This version of Squid now provides access through the http:// and https:// URL schemes
+   allowing web browsers access without having to use the cachemgr.cgi gateway and enabling
+   the use of HTTPS security were desired.
+
+<p>The cache manager is available under the path prefix /squid-internal-mgr/. For example
+   the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
+   means there are some configuration changes required to lock down manager access.
+   The <em>manager</em> ACL needs changing to:
+<verb>
+       acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+</verb>
+
+
 <sect>Changes to squid.conf since Squid-3.1
 <p>
 There have been changes to Squid's configuration file since Squid-3.1.
@@ -455,6 +481,10 @@ This section gives a thorough account of those changes in three categories:
        <p>The <em>localip</em>/<em>localport</em> differ from earlier releases where they matched a mix of
           of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
           This definition is now consistent across all modes of traffic received by Squid.
+       <p>The <em>manager</em> ACL requires adjustment to cover new cache manager access:
+        <verb>
+               acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+        </verb>
 
        <tag>auth_param</tag>
        <p>New options for Basic, Digest, NTLM, Negotiate <em>children</em> settings.