<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.2.0.13 release notes</TITLE>
+ <TITLE>Squid 3.2.0.14 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.2.0.13 release notes</H1>
+<H1>Squid 3.2.0.14 release notes</H1>
<H2>Squid Developers</H2>
<HR>
<UL>
<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Fixed CVE-2009-0801 : NAT interception vulnerability to malicious clients.</A>
-<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">NCSA helper DES algorithm password limits</A>
-<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">SMP scalability</A>
-<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">Helper Multiplexer</A>
-<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Helpers On-Demand</A>
-<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Helper Name Changes</A>
-<LI><A NAME="toc2.7">2.7</A> <A HREF="#ss2.7">Multi-Lingual manuals</A>
-<LI><A NAME="toc2.8">2.8</A> <A HREF="#ss2.8">Solaris 10 pthreads Support (Experimental)</A>
-<LI><A NAME="toc2.9">2.9</A> <A HREF="#ss2.9">Surrogate/1.0 protocol extensions to HTTP</A>
-<LI><A NAME="toc2.10">2.10</A> <A HREF="#ss2.10">Logging Infrastructure Updated</A>
-<LI><A NAME="toc2.11">2.11</A> <A HREF="#ss2.11">Client Bandwidth Limits</A>
-<LI><A NAME="toc2.12">2.12</A> <A HREF="#ss2.12">Better eCAP Suport</A>
-<LI><A NAME="toc2.13">2.13</A> <A HREF="#ss2.13">Cache Manager access changes</A>
+<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">SMP scalability</A>
+<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">Helper Multiplexer</A>
+<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">Helpers On-Demand</A>
+<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Helper Name Changes</A>
+<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Multi-Lingual manuals</A>
+<LI><A NAME="toc2.7">2.7</A> <A HREF="#ss2.7">Solaris 10 pthreads Support (Experimental)</A>
+<LI><A NAME="toc2.8">2.8</A> <A HREF="#ss2.8">Surrogate/1.0 protocol extensions to HTTP</A>
+<LI><A NAME="toc2.9">2.9</A> <A HREF="#ss2.9">Logging Infrastructure Updated</A>
+<LI><A NAME="toc2.10">2.10</A> <A HREF="#ss2.10">Client Bandwidth Limits</A>
+<LI><A NAME="toc2.11">2.11</A> <A HREF="#ss2.11">Better eCAP Suport</A>
+<LI><A NAME="toc2.12">2.12</A> <A HREF="#ss2.12">Cache Manager access changes</A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.1</A></H2>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.2.0.13 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.2.0.14 for testing.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.2/">http://www.squid-cache.org/Versions/v3/3.2/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
<P>The most important of these new features are:
<UL>
<LI>Fixed CVE-2009-0801 : NAT interception vulnerability to malicious clients.</LI>
-<LI>NCSA helper DES algorithm password limits</LI>
<LI>SMP scalability</LI>
<LI>Helper Multiplexer and On-Demand</LI>
<LI>Helper Name Changes</LI>
error status page.</P>
-<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">NCSA helper DES algorithm password limits</A>
-</H2>
-
-<P>Details in Advisory
-<A HREF="http://www.squid-cache.org/Advisories/SQUID-2011_1.txt">SQUID-2011:2</A></P>
-
-<P>The DES algorithm used by the NCSA Basic authentication helper has an
-limit of 8 bytes but some implementations do not error when truncating
-longer passwords down to this unsafe level.</P>
-
-<P>This both significantly lowers the threshold of difficulty decrypting
-captured password files and hides from users the fact that the extra bits
-of their chosen long password is not being utilized.</P>
-
-<P>The NCSA helper bundled with Squid will prevent passwords longer than 8
-characters being sent to the DES algorithm. The MD5 hash algorithm which
-supports longer than 8 character passwords is also supported by this helper
-and should be used instead.</P>
-
-
-<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">SMP scalability</A>
+<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">SMP scalability</A>
</H2>
<P>The new "workers" squid.conf option can be used to launch multiple worker
configuration" and "SMP-Related Macros" sections in squid.conf.documented.</P>
-<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">Helper Multiplexer</A>
+<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">Helper Multiplexer</A>
</H2>
<P>The helper multiplexer's purpose is to relieve some of the burden
</P>
-<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Helpers On-Demand</A>
+<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">Helpers On-Demand</A>
</H2>
<P>Traditionally Squid has been configured with a fixed number of helpers and started them during
of starting the maximum number of helpers will occur.</P>
-<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Helper Name Changes</A>
+<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Helper Name Changes</A>
</H2>
<P>To improve the understanding of what each helper does and where it should be used the helper binaries
<LI>squid_kerb_ldap - ext_kerberos_ldap_group_acl - Check logged in Kerberos or NTLM users Group membership using LDAP.</LI>
<LI>squid_ldap_group - ext_ldap_group_acl - Check logged in users Group membership using LDAP.</LI>
<LI>mswin_check_lm_group - ext_lm_group_acl - Check logged in users Group membership using LanManager.</LI>
-<LI>squid_session - ext_session_acl - Maintain a session cache of client identifiers (usually IP address).</LI>
+<LI>squid_session - ext_session_acl - Maintain a session cache of client identifiers (usually IP address).
+This helper has also gone through a version update and now uses more current BerkeleyDB 4.1+ APIs.</LI>
<LI>squid_unix_group - ext_unix_group_acl - Check logged in users Group membership using local UNIX groups.</LI>
<LI>wbinfo_group.pl - ext_wbinfo_group_acl - Check logged in users Group membership using wbinfo.</LI>
</UL>
</P>
-<H2><A NAME="ss2.7">2.7</A> <A HREF="#toc2.7">Multi-Lingual manuals</A>
+<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Multi-Lingual manuals</A>
</H2>
<P>The man(8) and man(1) pages bundled with Squid are now provided online for all
This move begins the Localization of the internal administrator facing manuals.</P>
-<H2><A NAME="ss2.8">2.8</A> <A HREF="#toc2.8">Solaris 10 pthreads Support (Experimental)</A>
+<H2><A NAME="ss2.7">2.7</A> <A HREF="#toc2.7">Solaris 10 pthreads Support (Experimental)</A>
</H2>
<P>Automatic detection and use of the pthreads library available from Solaris 10</P>
We recommend giving AUFS a try for faster disk storage and encourage feedback.</P>
-<H2><A NAME="ss2.9">2.9</A> <A HREF="#toc2.9">Surrogate/1.0 protocol extensions to HTTP</A>
+<H2><A NAME="ss2.8">2.8</A> <A HREF="#toc2.8">Surrogate/1.0 protocol extensions to HTTP</A>
</H2>
<P>The <EM>Surrogate</EM> extensions to HTTP protocol enable an origin web server to specify separate
is required to prevent an unacceptable surrogate ID of 'localhost' being generated.</P>
-<H2><A NAME="ss2.10">2.10</A> <A HREF="#toc2.10">Logging Infrastructure Updated</A>
+<H2><A NAME="ss2.9">2.9</A> <A HREF="#toc2.9">Logging Infrastructure Updated</A>
</H2>
<P>The advanced logging modules introduced in Squid-2.7 are now available from Squid-3.2.</P>
These logs are now created using an access_log line with the format "referrer" or "useragent".</P>
-<H2><A NAME="ss2.11">2.11</A> <A HREF="#toc2.11">Client Bandwidth Limits</A>
+<H2><A NAME="ss2.10">2.10</A> <A HREF="#toc2.10">Client Bandwidth Limits</A>
</H2>
<P>In mobile environments, Squid may need to limit Squid-to-client bandwidth
high-bandwidth environments.</P>
-<H2><A NAME="ss2.12">2.12</A> <A HREF="#toc2.12">Better eCAP Suport</A>
+<H2><A NAME="ss2.11">2.11</A> <A HREF="#toc2.11">Better eCAP Suport</A>
</H2>
<P>Support for libecap version 0.2.0 has been added with this series of Squid. Bringing
better support for body handling, and logging.</P>
-<H2><A NAME="ss2.13">2.13</A> <A HREF="#toc2.13">Cache Manager access changes</A>
+<H2><A NAME="ss2.12">2.12</A> <A HREF="#toc2.12">Cache Manager access changes</A>
</H2>
<P>The Squid Cache Manager has previously only been accessible under the cache_object://
<P>
<DL>
+<DT><B>adaptation_meta</B><DD>
+<P>This option allows Squid administrator to add custom ICAP request
+headers or eCAP options to Squid ICAP requests or eCAP transactions.</P>
+
<DT><B>adaptation_send_client_ip</B><DD>
<P>Same as depricated icap_send_client_ip
but applies to both ICAP and eCAP.</P>
destination IP to another source indicated by Host: domain DNS or
cache_peer configuration. It <EM>does not</EM> affect Host: validation.</P>
+<DT><B>client_idle_pconn_timeout</B><DD>
+<P>Renamed from <EM>persistent_request_timeout</EM>.</P>
+
<DT><B>cpu_affinity_map</B><DD>
<P>New setting for SMP support to map Squid processes onto specific CPU cores.</P>
<P>The else part is optional. The keywords <EM>if</EM>, <EM>else</EM> and <EM>endif</EM>
must be typed on their own lines, as if they were regular configuration directives.</P>
+<DT><B>logfile_daemon</B><DD>
+<P>Ported from 2.7. Specify the file I/O daemon helper to run for logging.</P>
+
<DT><B>max_stale</B><DD>
<P>Places an upper limit on how stale content Squid will serve from the cache if cache validation fails</P>
</PRE>
</P>
-<DT><B>logfile_daemon</B><DD>
-<P>Ported from 2.7. Specify the file I/O daemon helper to run for logging.</P>
+<DT><B>server_idle_pconn_timeout</B><DD>
+<P>Renamed from <EM>pconn_timeout</EM>.</P>
<DT><B>tproxy_uses_indirect_client</B><DD>
<P>Controls whether the indirect client address found in the X-Forwarded-For
<DT><B>tcp_outgoing_tos</B><DD>
<P>This parameter is now compatible with persistent server connections.</P>
-<DT><B>windows_ipaddrchangemonitor</B><DD>
-<P>Now only available to be set in Windows builds.</P>
-
<DT><B>url_rewrite_children</B><DD>
<P>New options <EM>startup=N</EM>, <EM>idle=N</EM>, <EM>concurrency=N</EM>
<UL>
</UL>
</P>
+<DT><B>windows_ipaddrchangemonitor</B><DD>
+<P>Now only available to be set in Windows builds.</P>
+
</DL>
</P>
<P>The behaviour controlled by this directive is no longer possible.
It has been replaced by <EM>connect_retries</EM> option which operates a little differently.</P>
+<DT><B>pconn_timeout</B><DD>
+<P>Renamed to <EM>server_idle_pconn_timeout</EM></P>
+
+<DT><B>persistent_request_timeout</B><DD>
+<P>Renamed to <EM>client_idle_pconn_timeout</EM></P>
+
<DT><B>referer_log</B><DD>
<P>Replaced by the <EM>referrer</EM> format option on an <EM>access_log</EM> directive.</P>
<P>
<DL>
<DT><B>--enable-auth</B><DD>
-<P>No longer takes a list of arguments. This option now is restricted to building with or without for authentication.</P>
+<P>No longer takes a list of arguments. This option now is restricted to building Squid with or without authentication support.</P>
<P>The new <EM>--enable-auth-X</EM>/<EM>--disable-auth-X</EM> parameters determine which authentication protocols and helpers are built.</P>
</DL>
projects / thirdparty / squid.git / commitdiff
