[squid-announce] Squid 3.5.0.4 beta is available

[Amos Jeffries]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Squid Software Foundation is very pleased to announce the
availability of the Squid-3.5.0.4 beta release!


This release is a bug fix and documentation update release resolving
some major issues found in the prior Squid releases.


The major changes to be aware of:

* Support http_access denials of SslBump "peeked" connections.

This bug shows up with "peek" SSL-Bump operation preventing Squid from
rejecting client connections, and "splice" connections not being
governed by the general access controls.

Starting with this release ssl_bump has the following behaviours:

- - During transparent SSL bumping, if we decide to splice at step1, do
not splice the connection immediately, but create a fake CONNECT
request first and send it through the callout code (http_access check,
ICAP/ECAP, etc.). If that fake CONNECT is denied, the code path
described below kicks in. Otherwise the connection is spliced.

- - When an error page is generated during CONNECT or transparent
bumping (e.g. because an http_access check has failed), we switch to
the "client-first" bumping mode and then serve the error page to the
client (upon receiving the first regular request on the bumped
connection).


* negotiate_kerberos_auth: MEMORY keytab and replay cache support

The Negotiate/Kerberos authentication helper has been updated to
support a MEMORY: keytab. This provides better performance over
previous versions with constant disk access.

Also, the token replay cache is now more configurable. It may be moved
from the default location as needed, or disabled entirely.



* Bug 3826: pt 2: Provide a systemd .service file for Squid

Squid is designed with a built-in daemon manager which clashes in
annoying ways with third-party daemon managers like OpenRC, Upstart,
and systemd. In particular Squid SMP support is not fully operational
under these systems.

This release provides a squid.service file under tools/ for anyone
wishing to package Squid for the systemd environment. It contains
basic signalling rules and command line arguments suitable for
managing this version of Squid via systemd (without SMP support).


* Code style reformatting

Our code style enforcement was not working properly since the Sept
2014 server outage. That has been fixed and along with it several old
bugs in the enforcement code. As a result this release includes a
large amount of style/polishing changes. It is very likely that
patches written for older releases 3.5 will need adjusting.


* Bug fixes shared with 3.4 series

This release also includes several bug fixes shared with the 3.4 stable
series in future 3.4.11 release.


All users of previous 3.5 releases are urged to upgrade to this releas
as soon as possible.

All users of 3.4 and older versions are encouraged to give this Squid
release a test run as soon as time permits. All feedback welcome.


Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html
if and when you are ready to make the switch to Squid-3.5

This new release can be downloaded from our HTTP or FTP servers

http://www.squid-cache.org/Versions/v3/3.5/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.5/

or the mirrors. For a list of mirror sites see

http://www.squid-cache.org/Download/http-mirrors.html
http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/

Amos Jeffries
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUlnxVAAoJELJo5wb/XPRjbXwH/0K+dbdvPW/iztgkouzQEgMY
J/ZkFZSMJBhUvcC8euL2EcnzqKoBNLJZ/8C/7k7aQRBQeilwJj++JYIRCrAd6Jlv
LlxYbqQgqOvyltwljuJTnLuZ4f84vBAtB5sPm+jWFDsNpADsKpFJwX5CVkGoA6I7
tVx9J7nE3f/uvyKgeUEbSPIO2uFtJnL0Cf+c1o3cFpwKkyc+ielVIhwJ1VHxB+o0
16F4RIhWl2bqY7w32S/9WUYfJttXMRciQp/Vsgu0IJexOAUMQRQi9zTBWW8Ius67
ce1XvGWak5OlNDSLhpauFc4z8SN8tVqKSEr6alvb5qq0ymX2a1koZZnC+v6qzBc=
=V1Xg
-----END PGP SIGNATURE-----