[squid-announce] Squid 4.0.25 beta is available

Fri Jun 15 00:14:44 UTC 2018

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.0.25 release!

This release is a bug fix and stability release resolving several issues
found in the prior Squid releases.

The major changes to be aware of:

* Various regressions

 - Bug 4855: querying private entries for HTCP/ICP
 - Bug 4852: deny_info %R macro not being expanded
 - Bug 4847: proxy_auth ACL -i/+i flags not working
 - Bug 4831: filter chain certificates for validity when loading
 - Regression fix: Transient reader locking broken in 4.0.24

These are all fairly recent regressions, mostly found in the 4.0.24
release with some from earlier. Anyone having issues with these in older
betas please upgrade to this release.

* Bug 4845: NegotiateSsl crash on aborting transaction

This bug has been plaguing people since at least Squid-3.3. It has
turned out to be a timing race between TCP connection closure and the
TLS handshake callback event. As such it appears with unpredictable
times and varying frequency. Being most problematic at high traffic loads.

* Bug 4829: IPC shared memory leaks when disker queue overflows

This issue only affects proxies under high load. It was showing up as
"run out of shared memory pages for IPC I/O" errors in the logs at peak
traffic times and may have required a restart of Squid to recover normal
behaviour.

* Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4

Squids' older helper protocol cannot easily handle whitespace or
non-ASCII characters in user names, group names, and passwords. This
results in partial usernames being logged, and possibly also some users
being denied login when they should have been permitted.

With this update to the newer helper protocol all these issues should
now be resolved for anyone using this helper.

NOTE: The NTLM and some other helpers still need to be updated. Which
means this issues behaviour may still remain IF multiple helpers are in use.

* Bug 4707: purge tool does not obey --sysconfdir= build option

This issue was showing up as purge (aka. "squid-purge") tool being
unable to locate the squid.conf file unless it was explicitly provided
in command line arguments.

Effective immediately the tool obeys the --sysconfdir= build option
which is the correct way to set the squid.conf location. Packagers
setting build flags or patching the config location will have to update
their packaging.

* Add timestamps to (most) FATAL messages

Effective immediately. Most cache.log "FATAL: ..." messages are being
recorded with the timestamp prefix as used on other log entries. This
should make it a lot clearer whether the line(s) above a FATAL message
are related or happen much earlier.

Anyone responsible for log parsers scanning cache.log needs to check
that their parsers can cope with the updated log format.

  All users of Squid-4.x are urged to upgrade to this release as
  soon as possible.

  All users of Squid-3 are encouraged to test this release out and plan
  for upgrades where possible.

See the ChangeLog for the full list of changes in this and earlier
releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
  http://bugs.squid-cache.org/

Amos Jeffries