[squid-users] [squid-announce] Squid 3.5.12 is available
squid3 at treenet.co.nz
Sun Nov 29 06:01:13 UTC 2015
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.12 release!
This release is a bug fix release resolving issues found in the prior
The major changes to be aware of:
* Bug #4374: refresh_pattern config parser (%)
For some time the squid.conf parser has been reporting errors when the
refresh_pattern percentage parameter was configured with values over
100%. Due to the nature of the revalidaton algorithm refresh often works
better with very large percentage values, particularly when dealing with
very young objects.
This release now permits large percentage values to be configured.
* Bug #4228: links with krb5 libs despite --without options
The Kerberos library --without-mit-kb5 and --without-heimdal-krb5
options were not working in previous 3.5 releases and could result in
build errors. This has been corrected.
* Bug #4373: assertion 'redirect_state == REDIRECT_NONE'
Squid could exit with the above assertion if a misconfigured SquidGuard
helper was used. This release will now correctly handle the SquidGuard
response without exiting.
Note that it appears the SquidGuard project is no longer being
maintained. All its capabilities are available directly within Squid.
Users still relying on it should evaluate upgrading their config to no
longer use a rewriter, or to migrate to one of the alternative helpers
which are available and being maintained.
* TLS: Handshake Problem during Renegotiation
Previous Squid did not support server-initiated renegotiation and would
close the TLS connection even if the renegotiation occured during the
handshake process. Squid now supports this TLS feature during TLS
handshake when SSL-Bumping the traffic.
* Revert r13921: Migrate StoreEntry to using MEMPROXY_CLASS
An attempted performance optimization in Squid-3.5.10 r13921 has been
found to uncover hidden bugs in the cache handling. As a result objects
could become MISS or revalidate unnecessarily. Some SNMP reporting
issues could also be resulting. The change has now been removed from 3.5.
* Fix SSL_get_certificate() problem detection
The autoconf checks for this sometimes broken function fail on library
builds which don't include SSLv3; as a result of the autoconf decision
this can end up triggering the assert(0) in Ssl::verifySslCertificate().
* Fix cache_peer forceddomain= in CONNECT
CONNECT messages output by Squid to peers in configurations using
forcedomain= parameter could be sent with the original domain name in
the Host: header. While this should not have had any effect, it is
possible that broken recipients and downstream traffic analysis could be
confused. Squid will now consistently apply forcedomain= on all HTTP
All users of Squid are encouraged to upgrade to this release as time
See the ChangeLog for the full list of changes in this and earlier
Please refer to the release notes at
when you are ready to make the switch to Squid-3.5
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
or the mirrors. For a list of mirror sites see
If you encounter any issues with this release please file a bug report.
squid-announce mailing list
squid-announce at lists.squid-cache.org
More information about the squid-users