[squid-announce] Squid-4.5 is available
Amos Jeffries
squid3 at treenet.co.nz
Fri Jan 4 14:37:47 UTC 2019
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.5 release!
This release is a security and bug fix release resolving several issues
found in the prior Squid releases.
The major changes to be aware of:
* Bug 4253: ssl_bump prevents access to some web contents
The SSL-Bump initial implementation was entangled with reverse-proxy
handling of decrypted HTTPS messages. This was a mistake we have been
reversing across the 3.5 and 4 cycles.
With this release SSL-Bump traffic handling is no longer tied to
reverse-proxy mode. As a result complications with ESI and
Surrogate-Control header handling have finally been resolved.
* Redesign forward_max_tries to count TCP connection attempts
This release includes an overhaul of the counting for HTTP message
forwarding and re-send attempts. This has an impact on how long it takes
Squid to detect and report connection errors to clients, persistent
connection overload recovery and detection of DEAD peer states.
The documentation for forward_max_tries and connect_retries has been
updated to more clearly specify the current expected behaviour.
Any users with systems tuned to optimize these behaviours should read
the updated squid.conf documentation and check their tuning after
upgrade to this release or any later.
* Fix client_connection_mark ACL handling of clientless transactions
This bug shows up as crashes when a client_connection_mark or
clientside_mark type ACL is used for access control. From this release
transactions without a client TCP connection will now produce a
non-match result when this ACL is tested.
* Multiple NetDB behaviour updates
NetDB state was not being recorded for connections to peers using TLS
nor for CONNECT tunnels. With the growth of HTTPS in recent times these
are increasingly important to optimize.
This release will now ping and record the latency information for these
connections to aid with optimizing connection setup of future transactions.
* The logformat code %>handshake is added
This code allows logging of initial bytes received for many protocols
to allow better debugging of unknown-protocol issues and external ACL
decision making.
* Use pkg-config for detecting libxml2
This release adds support for auto-detection of libxml2 location using
the pkg-config tools at build time. This may affect users of OS placing
libraries at a location outside the FHS layout. For example
cross-building or multi-architecture systems.
Note that support for custom PATH parameter is not yet implemented for
the --with-libxml2 build option. It is planned but did not make this
release. The pkg-config environment variables may be used for that if
necessary.
All users of Squid-4 with SSL-Bump functionality are urged to upgrade
as soon as possible.
All other users of Squid-4 are encouraged to upgrade as time permits.
All users of Squid-3 are encouraged to upgrade where possible.
See the ChangeLog for the full list of changes in this and earlier
releases.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v4/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/4/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.html
http://www.squid-cache.org/Download/mirrors.html
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
More information about the squid-announce
mailing list