[squid-announce] Squid-4.5 is available

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[squid-announce] Squid-4.5 is available

Amos Jeffries
Administrator
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.5 release!


This release is a security and bug fix release resolving several issues
found in the prior Squid releases.


The major changes to be aware of:

* Bug 4253: ssl_bump prevents access to some web contents

The SSL-Bump initial implementation was entangled with reverse-proxy
handling of decrypted HTTPS messages. This was a mistake we have been
reversing across the 3.5 and 4 cycles.

With this release SSL-Bump traffic handling is no longer tied to
reverse-proxy mode. As a result complications with ESI and
Surrogate-Control header handling have finally been resolved.


* Redesign forward_max_tries to count TCP connection attempts

This release includes an overhaul of the counting for HTTP message
forwarding and re-send attempts. This has an impact on how long it takes
Squid to detect and report connection errors to clients, persistent
connection overload recovery and detection of DEAD peer states.

The documentation for forward_max_tries and connect_retries has been
updated to more clearly specify the current expected behaviour.

Any users with systems tuned to optimize these behaviours should read
the updated squid.conf documentation and check their tuning after
upgrade to this release or any later.


* Fix client_connection_mark ACL handling of clientless transactions

This bug shows up as crashes when a client_connection_mark or
clientside_mark type ACL is used for access control. From this release
transactions without a client TCP connection will now produce a
non-match result when this ACL is tested.


* Multiple NetDB behaviour updates

NetDB state was not being recorded for connections to peers using TLS
nor for CONNECT tunnels. With the growth of HTTPS in recent times these
are increasingly important to optimize.

This release will now ping and record the latency information for these
connections to aid with optimizing connection setup of future transactions.


* The logformat code %>handshake is added

This code allows logging of initial bytes received for many protocols
to allow better debugging of unknown-protocol issues and external ACL
decision making.


* Use pkg-config for detecting libxml2

This release adds support for auto-detection of libxml2 location using
the pkg-config tools at build time. This may affect users of OS placing
libraries at a location outside the FHS layout. For example
cross-building or multi-architecture systems.

Note that support for custom PATH parameter is not yet implemented for
the --with-libxml2 build option. It is planned but did not make this
release. The pkg-config environment variables may be used for that if
necessary.



  All users of Squid-4 with SSL-Bump functionality are urged to upgrade
as soon as possible.

  All other users of Squid-4 are encouraged to upgrade as time permits.

  All users of Squid-3 are encouraged to upgrade where possible.


See the ChangeLog for the full list of changes in this and earlier
releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
  http://bugs.squid-cache.org/


Amos Jeffries
_______________________________________________
squid-announce mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-announce
Reply | Threaded
Open this post in threaded view
|

Re: [squid-announce] Squid-4.5 is available

Markus Moeller
Hi Amos,

  Is there any reason that kerberos_sid_group is not included in the tar ?

Thank you
Markus

"Amos Jeffries"  wrote in message
news:d6159d58-f75b-1af7-4690-5819cd465188__18406.7017086365$1546614300$gmane$[hidden email]...

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.5 release!


This release is a security and bug fix release resolving several issues
found in the prior Squid releases.


The major changes to be aware of:

* Bug 4253: ssl_bump prevents access to some web contents

The SSL-Bump initial implementation was entangled with reverse-proxy
handling of decrypted HTTPS messages. This was a mistake we have been
reversing across the 3.5 and 4 cycles.

With this release SSL-Bump traffic handling is no longer tied to
reverse-proxy mode. As a result complications with ESI and
Surrogate-Control header handling have finally been resolved.


* Redesign forward_max_tries to count TCP connection attempts

This release includes an overhaul of the counting for HTTP message
forwarding and re-send attempts. This has an impact on how long it takes
Squid to detect and report connection errors to clients, persistent
connection overload recovery and detection of DEAD peer states.

The documentation for forward_max_tries and connect_retries has been
updated to more clearly specify the current expected behaviour.

Any users with systems tuned to optimize these behaviours should read
the updated squid.conf documentation and check their tuning after
upgrade to this release or any later.


* Fix client_connection_mark ACL handling of clientless transactions

This bug shows up as crashes when a client_connection_mark or
clientside_mark type ACL is used for access control. From this release
transactions without a client TCP connection will now produce a
non-match result when this ACL is tested.


* Multiple NetDB behaviour updates

NetDB state was not being recorded for connections to peers using TLS
nor for CONNECT tunnels. With the growth of HTTPS in recent times these
are increasingly important to optimize.

This release will now ping and record the latency information for these
connections to aid with optimizing connection setup of future transactions.


* The logformat code %>handshake is added

This code allows logging of initial bytes received for many protocols
to allow better debugging of unknown-protocol issues and external ACL
decision making.


* Use pkg-config for detecting libxml2

This release adds support for auto-detection of libxml2 location using
the pkg-config tools at build time. This may affect users of OS placing
libraries at a location outside the FHS layout. For example
cross-building or multi-architecture systems.

Note that support for custom PATH parameter is not yet implemented for
the --with-libxml2 build option. It is planned but did not make this
release. The pkg-config environment variables may be used for that if
necessary.



  All users of Squid-4 with SSL-Bump functionality are urged to upgrade
as soon as possible.

  All other users of Squid-4 are encouraged to upgrade as time permits.

  All users of Squid-3 are encouraged to upgrade where possible.


See the ChangeLog for the full list of changes in this and earlier
releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
when you are ready to make the switch to Squid-4

This new release can be downloaded from our HTTP or FTP servers

  http://www.squid-cache.org/Versions/v4/
  ftp://ftp.squid-cache.org/pub/squid/
  ftp://ftp.squid-cache.org/pub/archive/4/

or the mirrors. For a list of mirror sites see

  http://www.squid-cache.org/Download/http-mirrors.html
  http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
  http://bugs.squid-cache.org/


Amos Jeffries
_______________________________________________
squid-announce mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-announce
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: [squid-announce] Squid-4.5 is available

Amos Jeffries
Administrator
On 9/01/19 12:55 am, Markus Moeller wrote:
> Hi Amos,
>
>  Is there any reason that kerberos_sid_group is not included in the tar ?
>

That helper is in the queue for Squid-5 release, whenever that happens.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users