+Changes to squid-3.1.7 (23 Aug 2010):
+
+ - Regression Bug 3021: Large DNS reply causes crash
+ - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
+ - Regression Bug 2997: visible_hostname directive no longer matches docs
+ - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
+ - Bug 3006: handle IPV6_V6ONLY definition missing
+ - Bug 3004: Solaris 9 SunStudio 12 build failure
+ - Bug 3003: inconsistent concepts in documentation of cache_dir
+ - Bug 3001: dnsserver link issues
+ - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
+ - HTTP/1.1: Improved Range header field validation
+ - HTTP/1.1: Forward multiple unknown Cache-Control directives
+ - HTTP/1.1: Stop sending Proxy-Connection header
+ - Fix 32-bit wrap in refresh_pattern min/max values
+ - ... and several documentation corrections.
+
Changes to squid-3.1.6 (02 Aug 2010):
- Bug 2994, 2995: IPv4-only regressions
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.65">
- <TITLE>Squid 3.1.6 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
+ <TITLE>Squid 3.1.7 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.1.6 release notes</H1>
+<H1>Squid 3.1.7 release notes</H1>
<H2>Squid Developers</H2>
<HR>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.1.6</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.1.7</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.1/">http://www.squid-cache.org/Versions/v3/3.1/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
<LI>permit IPv6 server connection provided tcp_outgoing_address has been configured (see below).</LI>
</UL>
</P>
-<P><EM>NOTE:</EM> SNMP, ICP and HTCP are not yet opening double ports so they will only run as IPv4-only or IPv6-only.</P>
+<P><EM>NOTE:</EM> ICAP, SNMP, ICP and HTCP are not yet opening double ports so they will only run as IPv4-only or IPv6-only.</P>
<P>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited
to the IPv4 or IPv6 network that address belongs to. They are not permitted over the
<DT><B>ssl_bump</B><DD>
<P>New Access control for which CONNECT requests to an http_port
-marked with an sslBump flag are actually "bumped". Please
-see the sslBump flag of an http_port option for more details
+marked with an ssl-bump flag are actually "bumped". Please
+see the ssl-bump flag of an http_port option for more details
about decoding proxied SSL connections.
DEFAULT: No requests are bumped.
<PRE>
</PRE>
</P>
-<DT><B>http_port transparent intercept sslbump connection-auth[=on|off] ignore-cc</B><DD>
+<DT><B>http_port transparent intercept ssl-bump connection-auth[=on|off] ignore-cc</B><DD>
<P>Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</P>
<P>New port options
Warning: This option violates HTTP specifications if
used in non-accelerator setups.
- sslBump Intercept each CONNECT request matching ssl_bump ACL,
+ ssl-bump Intercept each CONNECT request matching ssl_bump ACL,
establish secure connection with the client and with
the server, decrypt HTTP messages as they pass through
Squid, and treat them as unencrypted HTTP messages,
for more information on these options.
The ssl_bump option is required to fully enable
- the SslBump feature.
+ the SSL Bump feature.
</PRE>
</P>
-<DT><B>https_port intercept sslbump connection-auth[=on|off]</B><DD>
+<DT><B>https_port intercept ssl-bump connection-auth[=on|off]</B><DD>
<P>New port options. see http_port.</P>
<DT><B>icap_service bypass=on|off|1|0 routing=on|off|1|0</B><DD>
should have the same method and vectoring point as the current
ICAP transaction. Services violating these rules are ignored.
An empty X-Next-Services value results in an empty plan which
- ends the current adaptation.
+ ends the current adaptation.
Routing is not allowed by default: the ICAP X-Next-Services
response header is ignored.
<!doctype linuxdoc system>
<article>
-<title>Squid 3.1.6 release notes</title>
+<title>Squid 3.1.7 release notes</title>
<author>Squid Developers</author>
<abstract>
<sect>Notice
<p>
-The Squid Team are pleased to announce the release of Squid-3.1.6
+The Squid Team are pleased to announce the release of Squid-3.1.7
This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
<item>permit IPv6-only snmp_incoming_address and snmp_outgoing_address to be configured.
<item>permit IPv6 server connection provided tcp_outgoing_address has been configured (see below).
</itemize>
-<p><em>NOTE:</em> SNMP, ICP and HTCP are not yet opening double ports so they will only run as IPv4-only or IPv6-only.
+<p><em>NOTE:</em> ICAP, SNMP, ICP and HTCP are not yet opening double ports so they will only run as IPv4-only or IPv6-only.
<p>Specify a specific tcp_outgoing_address and the clients who match its ACL are limited
to the IPv4 or IPv6 network that address belongs to. They are not permitted over the
<tag>ssl_bump</tag>
<p>New Access control for which CONNECT requests to an http_port
- marked with an sslBump flag are actually "bumped". Please
- see the sslBump flag of an http_port option for more details
+ marked with an ssl-bump flag are actually "bumped". Please
+ see the ssl-bump flag of an http_port option for more details
about decoding proxied SSL connections.
DEFAULT: No requests are bumped.
<verb>
X-Forwarded-For entries, and place itself as the sole entry.
</verb>
- <tag>http_port transparent intercept sslbump connection-auth[=on|off] ignore-cc</tag>
+ <tag>http_port transparent intercept ssl-bump connection-auth[=on|off] ignore-cc</tag>
<p>Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</p>
<p>New port options
Warning: This option violates HTTP specifications if
used in non-accelerator setups.
- sslBump Intercept each CONNECT request matching ssl_bump ACL,
+ ssl-bump Intercept each CONNECT request matching ssl_bump ACL,
establish secure connection with the client and with
the server, decrypt HTTP messages as they pass through
Squid, and treat them as unencrypted HTTP messages,
for more information on these options.
The ssl_bump option is required to fully enable
- the SslBump feature.
+ the SSL Bump feature.
</verb>
- <tag>https_port intercept sslbump connection-auth[=on|off]</tag>
+ <tag>https_port intercept ssl-bump connection-auth[=on|off]</tag>
<p>New port options. see http_port.
<tag>icap_service bypass=on|off|1|0 routing=on|off|1|0 ipv6=on|off</tag>
should have the same method and vectoring point as the current
ICAP transaction. Services violating these rules are ignored.
An empty X-Next-Services value results in an empty plan which
- ends the current adaptation.
+ ends the current adaptation.
Routing is not allowed by default: the ICAP X-Next-Services
response header is ignored.
projects / thirdparty / squid.git / commitdiff
