The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.2 release!
This release is a bug fix release resolving several issues found in the
prior Squid releases.
The major changes to be aware of:
* Regression: Restored support for the https_port clientca option
This TLS/SSL option was incorrectly stating this option as no longer
supported in configurations other than those using "ssl-bump" option.
It was also not loading the CA certificate correctly in any build.
This release removes those incorrect notices and fixes loading of
the CA certificate.
There are still signs of possible issues challenging for client X.509
certificate during TLS handshake which have not yet been confirmed and
tracked down. There are also indications that the remaining issue(s)
could be advanced OpenSSL options implicitly preventing the challenge.
This bug appears when a milliseconds (%tu, %tr, %dt, %<pt, %>pt)
logformat macro is used with a specific minimum output string size
indicated. The result is a value prefixed with 0's which log processors
can confuse with octal notation in some common circumstances. This
release now correctly pads with whitespace unless 0's are explicitly
indicated by the macro syntax.
* Bug 4843 pt3: GCC-8 fixes and refactoring
This release completes the formal support for GCC-8 compiler changes. At
least in relation to the features and build settings normally produced
by ./configure options.
There are known to be some issues when building with custom compiler
flags for higher than normal optimization and extended warnings. While
such custom builds are intentionally permitted they are not officially
supported by the Squid Project core developers.
* Bug 4861: HTTPMSGLOCK missing pointer safety
This bug can appear when eCAP adaptors are being used along with
SSL-Bump of intercepted HTTPS traffic. It is also present in
Squid-3.5.27 and older but does not have any externally triggerable effects.
* Fix %>ru logging of huge URLs
When dealing with an HTTP request header that Squid can parse but that
contain request URI length exceeding the 8K limit, Squid should log the
URL (prefix) instead of a dash. Logging the URL helps with triaging
these unusual requests. The older %ru macro was already logging these
huge URLs, but %>ru macro was logging a dash. Now both log the URL (or