* Bug 5051: Some collapsed revalidation responses never expire
This bug appears as a 4xx or 5xx status response becoming the only
response delivered by Squid to a URL when Collapsed Forwarding
feature is used.
It primarily affects Squid which are caching the 4xx/5xx status
object since Bug 5030 fix in Squid-4.11. But may have been
occurring for short times on any proxy with Collapsed Forwarding.
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
Chrome Browser intentionally sends random garbage values in the
TLS handshake to force TLS implementations to cope with future TLS
extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3
caused our parser to be extra strict and reject this TLS garbage.
This release adds explicit support for Chrome, or any other TLS
agent performing these "GREASE" behaviours.
* Honor on_unsupported_protocol for intercepted https_port
This behaviour was one of the intended use-cases for unsupported
protocol handling, but somehow was not enabled earlier.
Squid should now be able to perform the on_unsupported_protocol
selected action for any traffic handled by SSL-Bump.
All users of Squid are urged to upgrade as soon as possible.
See the ChangeLog for the full list of changes in this and earlier