From: Amos Jeffries Date: Mon, 21 Jan 2013 10:57:02 +0000 (-0700) Subject: Release Notes for 3.4 X-Git-Tag: SQUID_3_4_0_1~362 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee2e3b4ae0e040802a3ce1f4a47deb40a2fcede0;p=thirdparty%2Fsquid.git Release Notes for 3.4 --- diff --git a/doc/release-notes/Makefile b/doc/release-notes/Makefile index fd4a06dda9..e96e81dfce 100644 --- a/doc/release-notes/Makefile +++ b/doc/release-notes/Makefile @@ -1,6 +1,6 @@ -all: release-3.3.html +all: release-3.4.html -DOC= release-3.3 +DOC= release-3.4 $(DOC).ps: $(DOC).sgml linuxdoc -B latex -o ps $(DOC) diff --git a/doc/release-notes/release-3.4.html b/doc/release-notes/release-3.4.html new file mode 100644 index 0000000000..2f5544569a --- /dev/null +++ b/doc/release-notes/release-3.4.html @@ -0,0 +1,373 @@ + + + + + Squid 3.4.0.0 release notes + + +

Squid 3.4.0.0 release notes

+ +

Squid Developers

+
+This document contains the release notes for version 3.4 of Squid. +Squid is a WWW Cache application developed by the National Laboratory +for Applied Network Research and members of the Web Caching community. +
+

+

1. Notice

+ + +

+

2. Major new features since Squid-3.3

+ + +

+

3. Changes to squid.conf since Squid-3.3

+ + +

+

4. Changes to ./configure options since Squid-3.3

+ + +

+

5. Regressions since Squid-2.7

+ + + +
+

1. Notice

+ +

The Squid Team are pleased to announce the release of Squid-3.4.0.0 for testing.

+

This new release is available for download from +http://www.squid-cache.org/Versions/v3/3.HEAD/ or the +mirrors.

+

While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

+

We welcome feedback and bug reports. If you find a bug, please see +http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d for how to submit a report with a stack trace.

+ +

1.1 Known issues +

+ +

Although this release is deemed good enough for use in many setups, please note the existence of +open bugs against Squid-3.4.

+ +

1.2 Changes since earlier releases of Squid-3.4 +

+ +

The 3.4 change history can be +viewed here.

+ +

2. Major new features since Squid-3.3

+ +

Squid 3.4 represents a new feature release above 3.3.

+ +

The most important of these new features are: +

+

+

Most user-facing changes are reflected in squid.conf (see below).

+ + +

2.1 Helper protocol extensions +

+ +

Details at +http://wiki.squid-cache.org/Features/AddonHelpers.

+ +

The Squid helper protocol used to communicate with authenticators, +URL-rewriters, Redirectors, and External ACL helpers has been updated +and extended.

+ +

BH status code is now accepted from all helpers to report +internal error events separate from ERR rejection code. +Permitting Squid to perform recovery operations specific to +helper failure instead of a blanket client rejection.

+ +

Arbitrary key-value pairs can be returned from any helper. +Allowing future helpers to be forward- and backward- compatible +with this and future version of Squid.

+ + +

2.2 SSL Server Certificate Validator +

+ +

Details at +http://wiki.squid-cache.org/Features/SslServerCertValidator.

+ +

The helper consulted after the internal OpenSSL validation, regardless of the +validation results. The helper will receive:

+

+

+

+ +

If the helper decides to honor an OpenSSL error or report another validation +error(s), the helper will return:

+

+

+

+ +

The returned information mimics what the internal OpenSSL-based validation code +collects now. Returned errors, if any, are fed to sslproxy_cert_error, +triggering the existing SSL error processing code.

+ +

The helper invocation controlled by the sslcrtvalidator_program and +sslcrtvalidator_children configurations options which are similar to the +ssl_crtd related options.

+ + +

3. Changes to squid.conf since Squid-3.3

+ +

There have been changes to Squid's configuration file since Squid-3.3.

+

This section gives a thorough account of those changes in three categories:

+

+

+

+ + +

3.1 New tags +

+ +

+

+
note
+

Use ACLs to annotate a transaction with customized annotations +which can be logged in access.log

+ +
sslcrtvalidator_children
+

Specifies the settings for how many SSL server certificate +validator helpers are run and when they are started.

+ +
sslcrtvalidator_program
+

Specifies the location of a SSL server certificate validator helper.

+ +
+

+ +

3.2 Changes to existing tags +

+ +

+

+
acl
+

New test type server_cert_fingerprint to match against +server SSL certificate fingerprint.

+ +
auth_param
+

New result code BH to signal helper internal errors +available in all authentication schemes.

+

New key message= for error message details in all authentication schemes.

+

New result code OK and key ha1= in Digest authentication.

+

New result codes OK, ERR replace result codes AF, +and NA in NTLM and Negotiate authentication.

+

New key token= for NTLM and Negotiate authentication OK responses.

+

Details at +http://wiki.squid-cache.org/Features/AddonHelpers.

+ +
external_acl_type
+

Deprecated protocol=3.0 option. No longer necessary.

+

New result code BH to signal helper internal errors

+

Details at +http://wiki.squid-cache.org/Features/AddonHelpers.

+ +
logformat
+

New format code %note to log a transaction annotation linked to the +transaction by ICAP, eCAP, a helper, or the note squid.conf directive.

+ +
unlinkd_program
+

New helper response format utilizing result codes OK and BH, +to signal helper lookup results. Also, key-value response values to return +multiple values to Squid.

+

Details at +http://wiki.squid-cache.org/Features/AddonHelpers.

+ +
url_rewrite_program
+

New helper response format utilizing result codes OK, ERR, +and BH to signal helper lookup results. Also, key-value response +values to return multiple values to Squid.

+

Details at +http://wiki.squid-cache.org/Features/AddonHelpers.

+ +
+

+ +

3.3 Removed tags +

+ +

+

+

There are no removed squid.conf tags in Squid-3.4.

+ +
+

+ + +

4. Changes to ./configure options since Squid-3.3

+ +

There have been some changes to Squid's build configuration since Squid-3.3.

+

This section gives an account of those changes in three categories:

+

+

+

+ + +

4.1 New options +

+ +

+

+

There are no new ./configure options in Squid-3.4.

+ +
+

+ +

4.2 Changes to existing options +

+ +

+

+

There are no changed ./configure options in Squid-3.4.

+ +
+

+

4.3 Removed options +

+ +

+

+

There are no removed ./configure options in Squid-3.4.

+ +
+

+ + +

5. Regressions since Squid-2.7

+ +

Some squid.conf and ./configure options which were available in Squid-2.7 are not yet available in Squid-3.3

+ +

If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.

+ +

5.1 Missing squid.conf options available in Squid-2.7 +

+ +

+

+
broken_vary_encoding
+

Not yet ported from 2.6

+ +
cache_dir
+

COSS storage type is lacking stability fixes from 2.6

+

COSS overwrite-percent= option not yet ported from 2.6

+

COSS max-stripe-waste= option not yet ported from 2.6

+

COSS membufs= option not yet ported from 2.6

+

COSS maxfullbufs= option not yet ported from 2.6

+ +
cache_peer
+

idle= not yet ported from 2.7

+

monitorinterval= not yet ported from 2.6

+

monitorsize= not yet ported from 2.6

+

monitortimeout= not yet ported from 2.6

+

monitorurl= not yet ported from 2.6

+ +
cache_vary
+

Not yet ported from 2.6

+ +
collapsed_forwarding
+

Not yet ported from 2.6

+ +
error_map
+

Not yet ported from 2.6

+ +
external_acl_type
+

%ACL format tag not yet ported from 2.6

+

%DATA format tag not yet ported from 2.6

+ +
external_refresh_check
+

Not yet ported from 2.7

+ +
http_port
+

act-as-origin not yet ported from 2.7

+ +
ignore_ims_on_miss
+

Not yet ported from 2.7

+ +
location_rewrite_access
+

Not yet ported from 2.6

+ +
location_rewrite_children
+

Not yet ported from 2.6

+ +
location_rewrite_concurrency
+

Not yet ported from 2.6

+ +
location_rewrite_program
+

Not yet ported from 2.6

+ +
refresh_pattern
+

stale-while-revalidate= not yet ported from 2.7

+

ignore-stale-while-revalidate= not yet ported from 2.7

+

negative-ttl= not yet ported from 2.7

+ +
refresh_stale_hit
+

Not yet ported from 2.7

+ +
storeurl_access
+

Not yet ported from 2.7

+ +
storeurl_rewrite_children
+

Not yet ported from 2.7

+ +
storeurl_rewrite_concurrency
+

Not yet ported from 2.7

+ +
storeurl_rewrite_program
+

Not yet ported from 2.7

+ +
update_headers
+

Not yet ported from 2.7

+ +
+

+ + + diff --git a/doc/release-notes/release-3.4.sgml b/doc/release-notes/release-3.4.sgml new file mode 100644 index 0000000000..357916f644 --- /dev/null +++ b/doc/release-notes/release-3.4.sgml @@ -0,0 +1,290 @@ + +
+Squid 3.4.0.0 release notes +Squid Developers + + +This document contains the release notes for version 3.4 of Squid. +Squid is a WWW Cache application developed by the National Laboratory +for Applied Network Research and members of the Web Caching community. + + + + +Notice +

+The Squid Team are pleased to announce the release of Squid-3.4.0.0 for testing. + +This new release is available for download from or the . + +While this release is not deemed ready for production use, we believe it is ready for wider testing by the community. + +We welcome feedback and bug reports. If you find a bug, please see for how to submit a report with a stack trace. + +Known issues +

+Although this release is deemed good enough for use in many setups, please note the existence of . + +Changes since earlier releases of Squid-3.4 +

+The 3.4 change history can be . + +Major new features since Squid-3.3 +

Squid 3.4 represents a new feature release above 3.3. + +

The most important of these new features are: + + Helper protocol extensions + SSL Server Certificate Validator + + +Most user-facing changes are reflected in squid.conf (see below). + + +Helper protocol extensions +

Details at . + +

The Squid helper protocol used to communicate with authenticators, + URL-rewriters, Redirectors, and External ACL helpers has been updated + and extended. + +

BH status code is now accepted from all helpers to report + internal error events separate from ERR rejection code. + Permitting Squid to perform recovery operations specific to + helper failure instead of a blanket client rejection. + +

Arbitrary key-value pairs can be returned from any helper. + Allowing future helpers to be forward- and backward- compatible + with this and future version of Squid. + + +SSL Server Certificate Validator +

Details at . + +

The helper consulted after the internal OpenSSL validation, regardless of the + validation results. The helper will receive: + + + the origin server certificate (chain), + the intended domain name, and + a list of OpenSSL validation errors (if any). + + +

If the helper decides to honor an OpenSSL error or report another validation + error(s), the helper will return: + + + A list of certificates. + A list of items consists the the validation error name (see %err_name + error page macro and %err_details code for logformat), error reason + (%ssl_lib_error macro), and the offending certificate. + + +

The returned information mimics what the internal OpenSSL-based validation code + collects now. Returned errors, if any, are fed to sslproxy_cert_error, + triggering the existing SSL error processing code. + +

The helper invocation controlled by the sslcrtvalidator_program and + sslcrtvalidator_children configurations options which are similar to the + ssl_crtd related options. + + +Changes to squid.conf since Squid-3.3 +

+There have been changes to Squid's configuration file since Squid-3.3. + +This section gives a thorough account of those changes in three categories: + + + + + + +

+ +New tags

+ + note +

Use ACLs to annotate a transaction with customized annotations + which can be logged in access.log + + sslcrtvalidator_children +

Specifies the settings for how many SSL server certificate + validator helpers are run and when they are started. + + sslcrtvalidator_program +

Specifies the location of a SSL server certificate validator helper. + + + +Changes to existing tags

+ + acl +

New test type server_cert_fingerprint to match against + server SSL certificate fingerprint. + + auth_param +

New result code BH to signal helper internal errors + available in all authentication schemes. +

New key message= for error message details in all authentication schemes. +

New result code OK and key ha1= in Digest authentication. +

New result codes OK, ERR replace result codes AF, + and NA in NTLM and Negotiate authentication. +

New key token= for NTLM and Negotiate authentication OK responses. +

Details at . + + external_acl_type +

Deprecated protocol=3.0 option. No longer necessary. +

New result code BH to signal helper internal errors +

Details at . + + logformat +

New format code %note to log a transaction annotation linked to the + transaction by ICAP, eCAP, a helper, or the note squid.conf directive. + + unlinkd_program +

New helper response format utilizing result codes OK and BH, + to signal helper lookup results. Also, key-value response values to return + multiple values to Squid. +

Details at . + + url_rewrite_program +

New helper response format utilizing result codes OK, ERR, + and BH to signal helper lookup results. Also, key-value response + values to return multiple values to Squid. +

Details at . + + + +Removed tags

+ +

There are no removed squid.conf tags in Squid-3.4. + + + + +Changes to ./configure options since Squid-3.3 +

+There have been some changes to Squid's build configuration since Squid-3.3. + +This section gives an account of those changes in three categories: + + + + + + + + +New options

+ +

There are no new ./configure options in Squid-3.4. + + + +Changes to existing options

+ +

There are no changed ./configure options in Squid-3.4. + + +

+ +Removed options