From: Amos Jeffries Date: Tue, 23 Jan 2018 06:55:51 +0000 (+1300) Subject: Docs: release notes update for v4 (#137) X-Git-Tag: M-staged-PR71~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66f92ffc8af7041d09f90ccfbb1e3f1812685096;p=thirdparty%2Fsquid.git Docs: release notes update for v4 (#137) * Update reference to Squid-3.6 * Add missing squid.conf change details --- diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml index 45665ae1d6..e6709859f4 100644 --- a/doc/release-notes/release-4.sgml +++ b/doc/release-notes/release-4.sgml @@ -216,6 +216,10 @@ This section gives a thorough account of those changes in three categories:

New directive to limit the size of a table used for sharing information about collapsible entries among SMP workers. + force_request_body_continuation +

New directive to control Squid behaviour on the client connection when + receiving an HTTP request with an Expect:100-continue header. + hopeless_kid_revival_delay

New directive to set a cool-down delay reviving a child process if the process is encountering frequent deaths. @@ -224,6 +228,9 @@ This section gives a thorough account of those changes in three categories:

New directive to set the action performed when encountering strange protocol requests at the beginning of an accepted TCP connection. + pconn_lifetime +

New directive to limit the lifetime of persistent connections. + reply_header_add

New directive to add header fields to outgoing HTTP responses to the client. @@ -262,6 +269,9 @@ This section gives a thorough account of those changes in three categories:

Unused connections received in http_port or https_port or transactions terminated before reading[parsing] request headers logged with URI error:transaction-end-before-headers. +

New option rotate= to control the number of log file rotations + to make when -k rotate command is received. Default is to + obey the logfile_rotate directive. acl

New -m flag for note ACL to match substrings. @@ -299,6 +309,14 @@ This section gives a thorough account of those changes in three categories:

Replaced option sslcafile= with tls-cafile= which takes multiple entries. + deny_info +

New format macro %O to expand the message= value supplied + by external ACL helpers. + + ecap_service +

New connection-encryption= option to determine ICAP service + effect on connections_encrypted ACL. + esi_parser

Removed custom parser option.

Changed default to auto-detect available parsers instead of custom. @@ -337,6 +355,8 @@ This section gives a thorough account of those changes in three categories: icap_service

New scheme icaps:// to enable TLS/SSL connections to Secure ICAP servers on port 11344. +

New connection-encryption= option to determine ICAP service + effect on connections_encrypted ACL.

New tls-cert= option to set TLS client certificate to use.

New tls-key= option to set TLS private key matching the client certificate used. @@ -347,6 +367,8 @@ This section gives a thorough account of those changes in three categories:

New tls-cipher= option to set a list of ciphers permitted.

New tls-cafile= option to set a file with additional CA certificate(s) to verify the server certificate. +

New tls-capath= option to set a directory with additional CA + certificate(s) to verify the server certificate.

New tls-crlfile= option to set a file with a CRL to verify the server certificate.

New tls-default-ca option to use the system Trusted CAs to @@ -354,8 +376,13 @@ This section gives a thorough account of those changes in three categories:

New tls-domain= option to verify the server certificate domain. logformat -

New code %ssl::<cert_errors to display server +

New quoting modifier to produce \-escaped output. +

New code %ssl::<cert_errors to display server X.509 certificate errors. +

New code %ssl::<cert_issuer to display Issuer field of + the received server X.509 certificate. +

New code %ssl::<cert_subject to display Subject field of + the received server X.509 certificate.

New code %ssl::>negotiated_version to display negotiated TLS version of the client connection.

New code %ssl::<negotiated_version to display @@ -380,13 +407,15 @@ This section gives a thorough account of those changes in three categories: pid_filename

Default value now based on squid -n command line parameter. +

This directive is no longer mandatory to edit for + multi-instance/tenant Squid installations. refresh_pattern

Removed option ignore-auth. Its commonly desired behaviour is performed by default with correct HTTP/1.1 revalidation. -

Removed ignore-must-revalidate. Other more HTTP compliant - directives (cache, store_miss) can be used to prevent objects from - caching. +

Removed option ignore-must-revalidate. Other more HTTP compliant + directives (cache, store_miss) can be used to prevent + objects from caching. sslcrtd_children

New parameter queue-size= to set the maximum number diff --git a/src/cf.data.pre b/src/cf.data.pre index 248c360745..fdecc02e7b 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -4966,7 +4966,7 @@ DOC_START Note, from Squid-3.1 this option is only a default for cache.log, that log can be rotated separately by using debug_options. - Note, from Squid-3.6 this option is only a default for access.log + Note, from Squid-4 this option is only a default for access.log recorded by stdio: module. Those logs can be rotated separately by using the rotate=N option on their access_log directive.