From: Amos Jeffries Date: Sat, 28 Mar 2015 11:12:46 +0000 (-0700) Subject: Release Notes: update for 4.x X-Git-Tag: merge-candidate-3-v1~200 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=183b876f109bc68c0898255b330c1981aaa8f9e0;p=thirdparty%2Fsquid.git Release Notes: update for 4.x --- diff --git a/doc/release-notes/Makefile b/doc/release-notes/Makefile index 55f9821350..73e43125ea 100644 --- a/doc/release-notes/Makefile +++ b/doc/release-notes/Makefile @@ -5,9 +5,9 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -all: release-3.6.html +all: release-4.html -DOC= release-3.6 +DOC= release-4 $(DOC).ps: $(DOC).sgml linuxdoc -B latex -o ps $(DOC) diff --git a/doc/release-notes/release-3.6.html b/doc/release-notes/release-4.html similarity index 55% rename from doc/release-notes/release-3.6.html rename to doc/release-notes/release-4.html index 2f0f051934..2718fae3f2 100644 --- a/doc/release-notes/release-3.6.html +++ b/doc/release-notes/release-4.html @@ -2,14 +2,14 @@ - Squid 3.6.0.0 release notes + Squid 4.0.0 release notes -

Squid 3.6.0.0 release notes

+

Squid 4.0.0 release notes

Squid Developers

-This document contains the release notes for version 3.6 of Squid. +This document contains the release notes for version 4 of Squid. Squid is a WWW Cache application developed by the National Laboratory for Applied Network Research and members of the Web Caching community.
@@ -18,13 +18,16 @@ for Applied Network Research and members of the Web Caching community.

2. Major new features since Squid-3.5

3. Changes to squid.conf since Squid-3.5

@@ -55,10 +58,10 @@ for Applied Network Research and members of the Web Caching community.

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.6.0.0 for testing.

+

The Squid Team are pleased to announce the release of Squid-4.0.0 for testing.

This new release is available for download from -http://www.squid-cache.org/Versions/v3/3.6/ or the -mirrors.

+http://www.squid-cache.org/Versions/v4/ or the +mirrors.

While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

@@ -70,22 +73,25 @@ for how to submit a report with a stack trace.

Although this release is deemed good enough for use in many setups, please note the existence of -open bugs against Squid-3.6.

+open bugs against Squid-4.

-

1.2 Changes since earlier releases of Squid-3.6 +

1.2 Changes since earlier releases of Squid-4

-

The 3.6 change history can be -viewed here.

+

The Squid-4 change history can be +viewed here.

2. Major new features since Squid-3.5

-

Squid 3.6 represents a new feature release above 3.5.

+

Squid 4 represents a new feature release above 3.5.

The most important of these new features are:

Most user-facing changes are reflected in squid.conf (see below).

@@ -97,6 +103,43 @@ for how to submit a report with a stack trace.

The new queue-size=N option to helpers configuration, allows users to configure the maximum number of queued requests to busy helpers.

+

2.2 Helper concurrency channels changes +

+ +

helper-mux.pl we have been distributing for the past few years to +encourage use of concurrency is no longer compatible with Squid. If +used it will spawn up to 2^64 helpers and DoS the Squid server.

+ +

Helpers utilizing arrays to handle fixed amounts of concurrency +channels MUST be re-written to use queues and capable of handling a +64-bit int as index or they will be vulnerable to buffer overrun and +arbitrary memory accesses.

+ +

32-bit helpers need re-writing to handle the concurrency channel ID +as a 64-bit integer value. If not updated they will cause proxies to +return unexpected results or timeout once crossing the 32-bit wrap +boundary. Leading to undefined behaviour in the client HTTP traffic.

+ +

2.3 SSLv2 support removal +

+ +

Details in +RFC 6176

+ +

SSLv2 is not fit for purpose. Squid no longer supports being configured with +any settings regarding this protocol. That includes settings manually disabling +its use since it is now forced to disable by default. Also settings enabling +various client/server workarounds specific to SSLv2 are removed.

+ + +

2.4 MSNT-multi-domain helper removal +

+ +

The basic_msnt_multi_domain_auth helper has been removed. The +basic_smb_lm_auth helper performs the same actions without extra +Perl and Samba dependencies.

+ +

3. Changes to squid.conf since Squid-3.5

There have been changes to Squid's configuration file since Squid-3.5.

@@ -118,6 +161,14 @@ to configure the maximum number of queued requests to busy helpers.

+
tls_outgoing_options
+

New tag to define TLS security context options for outgoing +connections. For example to HTTPS servers.

+ +
url_rewrite_timeout
+

Squid times active requests to redirector. This option sets +the timeout value and the Squid reaction to a timed out +request.

@@ -127,29 +178,48 @@ to configure the maximum number of queued requests to busy helpers.

-
auth_param
-

New parameter queue-size= to set the maximum number +

auth_param
+

New parameter queue-size= to set the maximum number of queued requests.

-
external_acl_type
+
cache_peer
+

All ssloption= and sslversion= values for +SSLv2 configuration or disabling have been removed.

+

Manual squid.conf update may be required on upgrade.

-
-

New parameter queue-size= to set the maximum number +

external_acl_type
+

New parameter queue-size= to set the maximum number of queued requests.

-
url_rewrite_children
+
http_port
+

All version= option= values for SSLv2 +configuration or disabling have been removed.

+

Manual squid.conf update may be required on upgrade.

-
-

New parameter queue-size= to set the maximum number -of queued requests.

+
https_port
+

All version= option= values for SSLv2 +configuration or disabling have been removed.

+

Manual squid.conf update may be required on upgrade.

sslcrtd_children
-

New parameter queue-size= to set the maximum number +

New parameter queue-size= to set the maximum number of queued requests.

sslcrtvalidator_children
-

New parameter queue-size= to set the maximum number +

New parameter queue-size= to set the maximum number of queued requests.

+ +
sslproxy_options
+

All values for SSLv2 configuration or disabling have been removed.

+

Manual squid.conf update may be required on upgrade.

+ +
sslproxy_version
+

Value '2' for SSLv2-only operation is no longer supported.

+ +
url_rewrite_children
+

New parameter queue-size= to set the maximum number +of queued requests.

+

@@ -158,6 +228,38 @@ of queued requests.

+
cache_peer_domain
+

Superceded by cache_peer_access. Use dstdomain ACL +in the access control list to restrict domains requested.

+ +
refresh_pattern
+

Option ignore-auth removed. Its original intent was +to improve caching. HTTP/1.1 permits caching of authenticated +messages under conditions which Squid does check for and obey.

+ +
sslproxy_cafile
+

Replaced by tls_outgoing_options cafile=.

+ +
sslproxy_capath
+

Replaced by tls_outgoing_options capath=.

+ +
sslproxy_cipher
+

Replaced by tls_outgoing_options cipher=.

+ +
sslproxy_client_certificate
+

Replaced by tls_outgoing_options cert=.

+ +
sslproxy_client_key
+

Replaced by tls_outgoing_options key=.

+ +
sslproxy_flags
+

Replaced by tls_outgoing_options flags=.

+ +
sslproxy_options
+

Replaced by tls_outgoing_options options=.

+ +
sslproxy_version
+

Replaced by tls_outgoing_options version=.

@@ -193,6 +295,8 @@ of queued requests.

+
--enable-auth-basic
+

The MSNT-multi-domain helper has been removed.

@@ -208,7 +312,7 @@ of queued requests.

5. Regressions since Squid-2.7

-

Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.6

+

Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-4

If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.

diff --git a/doc/release-notes/release-3.6.sgml b/doc/release-notes/release-4.sgml similarity index 93% rename from doc/release-notes/release-3.6.sgml rename to doc/release-notes/release-4.sgml index 026700a231..6c473bf10b 100644 --- a/doc/release-notes/release-3.6.sgml +++ b/doc/release-notes/release-4.sgml @@ -1,10 +1,10 @@
-Squid 3.6.0.0 release notes +Squid 4.0.0 release notes Squid Developers -This document contains the release notes for version 3.6 of Squid. +This document contains the release notes for version 4 of Squid. Squid is a WWW Cache application developed by the National Laboratory for Applied Network Research and members of the Web Caching community. @@ -13,9 +13,9 @@ for Applied Network Research and members of the Web Caching community. Notice

-The Squid Team are pleased to announce the release of Squid-3.6.0.0 for testing. +The Squid Team are pleased to announce the release of Squid-4.0.0 for testing. -This new release is available for download from or the +This new release is available for download from or the .

While this release is not deemed ready for production use, we believe it is ready for wider testing by the community. @@ -26,15 +26,15 @@ This new release is available for download from . +. -Changes since earlier releases of Squid-3.6 +Changes since earlier releases of Squid-4

-The 3.6 change history can be . +The Squid-4 change history can be . Major new features since Squid-3.5 -

Squid 3.6 represents a new feature release above 3.5. +

Squid 4 represents a new feature release above 3.5.

The most important of these new features are: @@ -121,7 +121,7 @@ This section gives a thorough account of those changes in three categories: SSLv2 configuration or disabling have been removed.

Manual squid.conf update may be required on upgrade. - external_acl_type + external_acl_type

New parameter queue-size= to set the maximum number of queued requests. @@ -150,7 +150,7 @@ This section gives a thorough account of those changes in three categories: sslproxy_version

Value '2' for SSLv2-only operation is no longer supported. - url_rewrite_children + url_rewrite_children

New parameter queue-size= to set the maximum number of queued requests. @@ -232,7 +232,7 @@ This section gives an account of those changes in three categories: Regressions since Squid-2.7 -

Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.6 +

Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-4

If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.