[squid-announce] Squid 4.0.1 beta is available

Amos Jeffries squid3 at treenet.co.nz
Mon Oct 19 02:36:42 UTC 2015 

The Squid Software Foundation is very pleased to announce the
availability of the Squid-4.0.1 beta release!


This new 4.x series of Squid brings useful new features and changes
providing improved performance over earlier release series.

More detailed descriptions of the major new features are available in
the release notes and wiki:
  <http://www.squid-cache.org/Versions/v4/RELEASENOTES.html>
  <http://wiki.squid-cache.org/Squid-4>

Detailed lists of the ./configure build and squid.conf changes can also
be found in the release notes.

This code is released as beta for wider testing purposes and potential
use. There are no more planned alterations to the existing features,
./configure options or squid.conf options.

  NOTE:  Since the 4.0.1 package was bundled there have been some
important issues have been found and resolved. Testers are encouraged to
use the daily snapshot or apply the patches in the "Change Details"
listing where relevant.



This release adds a dependency on C++11 support in any compiler used to
build Squid. As a result older C++03 -only and most C++0x compilers will
no longer build successfully. GCC 4.9+ and Clang 3.5+ are known to have
working C++11 support and are usable. GCC-4.8 will also build for now
despite lack of full C++11 support, but some future features may not be
available.


This Squid version begins the transition from SSL behaviour to TLS
behaviour. While these protocols are often considered to be the same,
they in fact have some small but significant differences. Most relevant
to Squid is the negotiation for RFC protocol version and thus cipher
sets and connection capabilities. Parameters for configuring SSL are
being renamed to TLS options in this version. Other options may be
renamed in upcoming versions.
 Please ensure you run "squid -k parse" to check squid.conf during
upgrade and check the relevant parameters documentation to avoid surprises.


Squid is now capable of configuring Elliptic Curve ciphers in TLS. These
ciphers are the most secure algorithms currently available, and are
being required by some browser implementations and security policies.
But they do require a slightly different configuration in squid.conf to
enable. More details in the release notes.


Squid is now capable of communicating with ICAP services over TLS.
squid.conf options the connection to these services can be configured
similar to those previously available on the cache_peer directive. See
the release notes for further details.


External ACL helpers can now be passed a much wider range of details
using any of the logformat codes for the format parameter. Whether any
given macro expands is dependent on whether the detail is available yet
in the transaction. Not all access controls have been tested yet - some
regressions may occur, if you find one please report the bug ASAP.


The ID assignment algorthm for helper concurrency channels feature has
been altered significantly. It requires 64-bit ID support in helpers and
will cycle through ID numbers sequentually instead of using the lowest
unused channel. This may require some helpers to be re-designed, and all
32-bit helpers definitely need to be rebuilt with 64-bit ID support. See
release notes for specific requirements on helpers.


SMP support availability on several OS has been improved with the use of
C++11 atomics and shared memory features. These features are
auto-enabled by default. There may be behaviour differences noticed with
memory caching on OS where SMP support was previously being auto-disabled.


Major features dropped:

 * SSLv2 support is officially purged from the code.

RFC 6176 requires new and updated releases of software supporting SSL no
longer provide support negotiating SSLv2 ciphers or protocol behaviours.
This release of Squid removes SSLv2 support including all squid.conf
configuration options used to enable or disable SSLv2 related behaviours.

Manual config file updates may be required to avoid warnings or errors
about unsupported options.

 * basic_msnt_multi_domain_auth removal

The SMB LM helpers were deprecated some time ago. Additionally, the MSNT
multi-domain auth helper has been found to overlap completely with
features still available in the basic_smb_lm_auth helper.



All users are encouraged to give this Squid release a test run as soon
as time permits. All feedback welcome.


Please refer to the release notes at
<http://www.squid-cache.org/Versions/v4/RELEASENOTES.html> if and when
you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  <http://www.squid-cache.org/Versions/v4/>
  <ftp://ftp.squid-cache.org/pub/squid/>
  <ftp://ftp.squid-cache.org/pub/archive/4/>

or the mirrors. For a list of mirror sites see

  <http://www.squid-cache.org/Download/http-mirrors.html>
  <http://www.squid-cache.org/Download/mirrors.html>

If you encounter any issues with this release please file a bug report.
  <http://bugs.squid-cache.org/>

Amos Jeffries

More information about the squid-announce mailing list