From squid3 at treenet.co.nz Fri Aug 10 05:41:24 2018 From: squid3 at treenet.co.nz (Amos Jeffries) Date: Fri, 10 Aug 2018 17:41:24 +1200 Subject: [squid-announce] Squid 4.2 is available Message-ID: <28241c64-b221-ca2f-1e68-6ed28c332174@treenet.co.nz> The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.2 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Regression: Restored support for the https_port clientca option This TLS/SSL option was incorrectly stating this option as no longer supported in configurations other than those using "ssl-bump" option. It was also not loading the CA certificate correctly in any build. This release removes those incorrect notices and fixes loading of the CA certificate. There are still signs of possible issues challenging for client X.509 certificate during TLS handshake which have not yet been confirmed and tracked down. There are also indications that the remaining issue(s) could be advanced OpenSSL options implicitly preventing the challenge. * Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces This bug appears when a milliseconds (%tu, %tr, %dt, %pt) logformat macro is used with a specific minimum output string size indicated. The result is a value prefixed with 0's which log processors can confuse with octal notation in some common circumstances. This release now correctly pads with whitespace unless 0's are explicitly indicated by the macro syntax. * Bug 4843 pt3: GCC-8 fixes and refactoring This release completes the formal support for GCC-8 compiler changes. At least in relation to the features and build settings normally produced by ./configure options. There are known to be some issues when building with custom compiler flags for higher than normal optimization and extended warnings. While such custom builds are intentionally permitted they are not officially supported by the Squid Project core developers. * Bug 4861: HTTPMSGLOCK missing pointer safety This bug can appear when eCAP adaptors are being used along with SSL-Bump of intercepted HTTPS traffic. It is also present in Squid-3.5.27 and older but does not have any externally triggerable effects. * Fix %>ru logging of huge URLs When dealing with an HTTP request header that Squid can parse but that contain request URI length exceeding the 8K limit, Squid should log the URL (prefix) instead of a dash. Logging the URL helps with triaging these unusual requests. The older %ru macro was already logging these huge URLs, but %>ru macro was logging a dash. Now both log the URL (or its prefix). See the logformat documentation for more details on these macros behaviour All users of Squid-4 are urged to upgrade to this release as soon as possible. All users of Squid-3 are encouraged to upgrade where possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v4/RELEASENOTES.html when you are ready to make the switch to Squid-4 This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v4/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/4/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries