forked from Moutix/squid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
5604 lines (5139 loc) · 260 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes to squid-3.5.2 (18 Feb 2015):
- Regression Bug 4176: Digest auth too many helper lookups
- Regression Bug 4180: not-fully-initialized data member in ACLUserData
- Bug 4172: Solaris broken krb5-config
- Bug 4073: Cygwin compile errors
- Bug 3919: remove several never-true / never-false comparisons
- HTTPS: Add missing root CAs when validating chains that passed internal checks
- Fix some cbdataFree related memory leaks
- Quieten CBDATA 'leak' messages
- Set SNI information in transparent bumping mode
- negotiate_kerberos_auth: fix krb5.conf backward compatibility
- Fix memory leaks in cachemgr.cgi URL parser
- Fix sslproxy_options in peek-and-splice mode
- ... and fix several portability and build issues
- ... and some documentation updates
- ... and all fixes from squid 3.4.11
Changes to squid-3.5.1 (13 Jan 2015):
- Fix handling of invalid SSL server certificates when splicing connections
- basic_smb_lm_auth: Simplified MSNT basic auth helper
- squidclient: Fix -A and -P options
- ... and several portability fixes
- ... and all fixes from squid 3.4.11
- ... and a lot of documentation updates
Changes to squid-3.5.0.4 (21 Dec 2014):
- Bug 3826: pt 2: Provide a systemd .service file for Squid
- Support http_access denials of SslBump "peeked" connections.
- Fix DONT_VERIFY_DOMAIN ssl flag
- Fix peek-and-splice mode: certificate validation for domain mismatched errors
- negotiate_kerberos_auth: MEMORY keytab and replay cache support
- ... and some documentation updates
- ... and a large amount of code polishing (non-logic changes)
Changes to squid-3.5.0.3 (09 Dec 2014):
- Bug 4146: workaround SSL Bump crash on Linux
- Bug 4135: Support \-escaped characters in regex patterns
- Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
- Fix delay_parameters parsing
- HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
- ... and all changes from squid 3.4.10
- ... and a lot of documentation updates
Changes to squid-3.5.0.2 (31 Oct 2014):
- Fix FTP socket opening during reconfigure
- ... and all changes from 3.4.9
- ... and some build errors in rarely used code
- ... and several documentation updates
Changes to squid-3.5.0.1 (17 Oct 2014):
- Port from 2.7: redirector and logging urlgroup feature
- Bug 4093: source-maintenance.sh bad perl -i option
- Bug 3608: per-service name for workers UDS sockets
- Bug 2554: 32-bit wrap in AUFS counters
- Bug 1961 pt1: URL handling redesign
- Bug 1202 pt1: documentation for refresh_pattern algorithms
- Update Squid boilerplate copyright/license
- Update the http(s)_port directives protocol= parameter
- Update forward_max_tries to permit 25 server paths
- Update Kerberos library detection and build options
- Support ACLs on ftp_epsv directive
- Support >32KB objects in cache_dir rock storage
- Support client connection annotation by helpers via clt_conn_tag=TAG
- Support native FTP Relay
- Support libgnugss Kerberos library
- Support libecap v1.0
- Support SSL Peek and Splice feature
- Support receiving PROXY protocol version 1 and 2
- Replace --enable-ssl build option with --with-openssl
- Enable -n service name command line option for all Squid builds
- Enable ICAP client by default
- Fix configuration file parsing bugs, related to quoted strings
- Fix Windows MinGW build errors
- Fix multiple TCP outgoing TOS/DiffServ bugs
- Fix Cygwin /etc/resolv.conf parsing
- Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
- Fix crash reading malformed config files
- Send selected SSL version and cipher to the certificate validation helper
- Validate server certificates without bumping
- Add zero-copy string buffer support
- Add automated squid.conf parser testing with squid -k parse
- Add adaptation_service ACL
- Add logformat code %tS to log transaction start time
- Add logformat code %>rd to log client URL domain name
- Add key_extras to proxy authentication
- Add url_rewrite_extras and store_id_extras directives
- Add send_hit and store_miss directives
- Add collapsed_forwarding directive
- Add sslproxy_cert_sign_hash directive
- Add SMP SSL session cache
- Add cache_peer standby connections
- Add helper ext_delayer_acl
- Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
- Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
- Remove COSS storage in favour of Rock storage
- Remove dnsserver and external DNS helper API in favour of mDNS
- Remove broken mallinfo() accounting and memory tracing
- Remove hierarchy_stoplist in favour of always_direct
- Deprecate tag ACL type in favour of note ACL type
- Deprecate urlgroup feature in favour of note ACL type
- HTTP/1.1: method names are case-sensitive
- HTTP/1.1: register new headers from RFC 723x
- squidclient: polish and update help display
- squidclient: support TLS with GnuTLS 3.1.5+
- squidclient: support verbosity levels
- squidclient: --ping mode module support
- url_fake_rewrite: support concurrency
- storeid_file_rewrite: support concurrency
- digest_file_auth: support concurrency
- digest_edirectory_auth: support concurrency
- digest_ldap_auth: support concurrency
- ... and many error page translation updates
- ... and much code cleanup and polishing
Changes to squid-3.4.12 (18 Feb 2015):
- Bug 4066: Digest auth nonce indefinite rollover
- Bug 3997: Excessive NTLM or Negotiate auth helper annotations
- Fix several crashes when debugging enabled
- Fix silent SSL/TLS failure on split-stack operating systems
- HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
- HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
- Remove dst ACL dependency on HTTP request message existence
- Set cap_net_admin when Squid sets TOS/Diffserv packet values
- ... and some documentation updates
Changes to squid-3.4.11 (13 Jan 2015):
- Bug 4164: SEGFAULT when %W formating code used in errorpages
- Bug 4057: Avoid on-exit crashes when adaptation is enabled.
- Bug 3760: squidclient ignores --disable-ipv6
- Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
- Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
- cachemgr.cgi: memory leak in request parser
- Deleting first fs left psstate->servers pointing to uninitialized memory
- ... and some build issues
Changes to squid-3.4.10 (09 Dec 2014):
- Bug 4148: external_acl_type header format does not accept the new libformat syntax
- Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
- Bug 4033: Rebuild corrupted ssl_db/size file
- Bug 3902: Docs: external_acl_type cache hash key
- Fix segmentation fault in ACL urlpath_regex
- Fix bootstrap.sh dependency on SPONSORS.list
- Alternate-Protocol is a hop-by-hop header
- HTTP/2: Support 421 (Misdirected Request) status code
Changes to squid-3.4.9 (31 Oct 2014):
- Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
- Bug 4102: sslbump cert contains only a dot character in key usage extension
- Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
- Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
- Bug 4024: Bad host/IP ::1 when using IPv4-only environment
- Bug 3803: ident leaks memory on failure
- kerberos_ldap_group/cert_tool: Remove ksh dependency
- ... and some automated code style updates
- ... and some documentation updates
Changes to squid-3.4.8 (15 Sep 2014):
- Fix off by one in SNMP subsystem
- pinger: Fix various ICMP handling issues
Changes to squid-3.4.7 (28 Aug 2014):
- Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
- Bug 4080: worker hangs when client identd is not responding
- Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
- HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
- SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
- Enable compile-time override for MAXTCPLISTENPORTS
- ntlm_sspi_auth: Fix various build errors
- negotiate_wrapper: Fix build issues with non-portable vfork()
- negotiate_sspi_auth: Portability fixes for MinGW
- ext_lm_group_acl: Portability fixes for MinGW
- ... and several minor memory leaks
Changes to squid-3.4.6 (25 Jun 2014):
- Regression: segmentation fault logging with %tg format specifier
- Bug 4065: round-robin neighbor selection with unequal weights
- Bug 4056: assertion MemPools[type] from netdbExchangeStart()
- Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
- Fix segmentation fault setting up server SSL connnection
- Fix hanging Non-HTTPS connections on SSL-bump enabled port
- Fix Cache Manager actions listed more than once
- ... and many minor memory leaks
- ... and several portability build issues
- ... and some documentation updates
Changes to squid-3.4.5 (02 May 2014):
- Regression Bug 4051: inverted test on CONNECT payload existence
- Regression Fix: order dependency between cache_dir and maximum_object_size
- Fix logformat %note display
- Resolve 'dying from an unhandled exception: c'
Changes to squid-3.4.4.2 (23 Apr 2014):
- version bump for packaging re-build with altered toolchain
Changes to squid-3.4.4.1 (23 Apr 2014):
- Regression Bug 4019: Cache digest exchange segmentation fault
- Regression Bug 3982: EUI logging and helpers show blank MAC address
- Bug 4047: Support Android builds
- Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
- Bug 4041: Missing files in compat/Makefile.am
- Bug 4014: Build failure with --disable-optimizations --disable-auth
- Bug 3986: (partial) assertion due to incorrect error page buffer size
- Bug 3955: Solaris EUI-48 lookup leaks FDs
- Bug 3371: CONNECT with data sent at once loses data
- C++11: Upgrade auto-detection to use the formal -std=c++11
- Crypto-NG: libnettle MD5 algorithm support
- SSL-Bump: Fix Basic auth caching on bumped connections
- Store-ID: Fix request URI when forwarding requests to peers
- ... and fix several other build errors
- ... and some documentation updates
Changes to squid-3.4.4 (09 Mar 2014):
- Bug 4029: intercepted HTTPS requests bypass caching checks
- Bug 4001: remove use of strsep()
- Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
- Fix stalled concurrent rock store reads
- Fix helper ID number assignment
- Fix build failures from CMSG related definitions
- Fix build failures from libcompat unsafe.h protections
- Copyright: Relicense helpers by Treehouse Networks Ltd.
- ... and all bug fixes from 3.3.12
Changes to squid-3.4.3 (02 Feb 2014):
- Bug 4008: HttpHeader warnOnError should be an int not a bool
- Bug 4002: clang 3.4 unable to compile
- Bug 3996: Malformed DNS reply leads to crash
- Bug 3995: compile error on CentOS 5 with GCC 4.1.2
- Bug 3975: atomic detection cross-compilation failure
- Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
- Bug 3954: compile failure in CpuAffinity.cc
- Bug 3927: tests/testRock fatal.cc required
- Fix memory leak in peer Cache Digest exchange
- Fix external_acl_type async loop failures
- Fix destination IP address cycling
- ... and a few polishing changes
Changes to squid-3.4.2 (30 Dec 2013):
- Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
- Regression Fix: \-unescaping in quoted strings from helpers
- Regression Fix: URL helper API bypassing on URL containing '=' character
- Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
- Bug 3806: Caching responses with Vary header
- Bug 3498: FTP PUT assertion
- WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
- Enable concurrency by default for SSL certificate validator
- ... and fix several build errors
Changes to squid-3.4.1 (09 Dec 2013):
- Bug 3935: Invalid pointer dereference when peeking at origin server certificate
- Bug 3589: intercepted and ICAP modified request using a cache_peer
- ... and several portability fixes
- ... and some documentation updates
Changes to squid-3.4.0.3 (01 Dec 2013):
- Bug 3941: Release notes error
- Receive annotations from authentication and external ACL helpers
- basic_nis_auth: Improved portability
- ... and several documentation updates
- ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
Changes to squid-3.4.0.2 (03 Oct 2013):
- Regression Bug 3891: squid.conf parser errors in 3.4.0.1
- Regression Fix: re-disable MinGW C++11 support
- Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
- Fix memory leak in refresh_pattern parsing
- negotiate_kerberos_auth: upgrade to present group= keys
- Handle NTLM helper returning OK without user= value
- Add dns_multicast_local to control mDNS operation
- Add --disable-arch-native build option
- Display Build-Info in cache manager info report
- ... and all changes from squid 3.3.9
- ... and some code and debug output polishing
Changes to squid-3.4.0.1 (29 Jul 2013):
- Port from 2.7: StoreURL (renamed Store-ID) support
- Bug 3795: fix several mistakes in the MIB file
- Bug 3793: configure: improved helper detection
- Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
- Bug 3676: Support GCC 4.7 with -Wshadow option
- Bug 3643: NTLM helpers stuck in reserved state by Safari
- Bug 3389: Auto-reconnect for tcp access_log
- Bug 2066: squid does not do chdir() after chroot()
- Fix uninitialized fields in IcapLogEntry
- Fix a number of minor issues detected by Coverity Scan
- Fix some potential memory leaks detected by Coverity Scan
- Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
- Fix ACL matching algorithm to avoid repeating tests
- basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
- squidpurge: fix META TLV parsing issues
- squid.conf: enforce all the directive and option names are lower-case
- Support EUI on HTTPS and FTP data connections
- Support OK/ERR/BH response codes from any helper
- Support No-lookup flag (-n) on DNS ACLs
- Support -march=native compiler optimization by default
- Support forwarding intercepted but not bumped connections to cache_peers
- Support IPv6 NAT interception on Linux and some BSD
- Deprecate log_icap and log_access configuration directives
- HTTP/1.1: improved method invalidation and cacheability detection
- HTTP/1.1: support length configuration for pipeline_prefetch queue
- Improved TPROXY support for OpenBSD and FreeBSD
- Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
- Add all-of and any-of ACL types for grouping sets of ACL tests
- Add note directive for transaction annotations
- Add %note log format for transaction annotation logging
- Add note ACL type for matching annotated transactions with by annotation name or value
- Add kv-pair support to URL-rewrite/redirector interface
- Add SSL server certificate validator interface, helper and result cache
- Add SSL server certificate fingerprint ACL type
- Add spoof_client_ip access control
- Add pt-bz (Belize Portuguese) dialect to translations
- ... and many Windows portability changes (still incomplete)
- ... and many documentation changes
- ... and much code cleanup and polishing
Changes to squid-3.3.13 (28 Aug 2014):
- Fix segmentation fault setting up server SSL connnection
- HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
Changes to squid-3.3.12 (09 Mar 2014):
- Regression Bug 3769: client_netmask not evaluated since Comm redesign
- Bug 4026: Fix SSL and adaptation_access handling of aborted connections
- Bug 3969: Fix credentials caching for Digest authentication
- Bug 3806: Caching responses with Vary header
- Fix umask default on crash report generated email
- Fix pthread library detection on FreeBSD 10
- Avoid assertions on Range requests that trigger Squid-generated errors.
Changes to squid-3.3.11 (01 Dec 2013):
- Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
- Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
- Bug 3970: max_filedescriptors disabled due to missing setrlimit
- Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
- Bug 3960: DEAD cache_peer are not revived
- Bug 3956: xstrndup: tried to dup a NULL pointer
- Bug 3906: Filedescriptor leaks in SNMP
- Bug 3782: Digest authentication not obeying nonce_max_count
- HTTP/1.1: Make header parser obey relaxed_header_parser
- HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
- SMP: Replace blocking sleep(3) and close UDS socket on failures
- Windows: fix several compile errors
Changes to squid-3.3.10 (03 Nov 2013):
- Bug 3929: request_header_add not working for tunnel requests
- Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
- Bug 3918: Self Test Failures on Mac OS X 10.8
- Bug 3887: tcp_outgoing_tos not working for IPv6
- Bug 3836: Fix issues with automake 1.13+ and make check
- Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
- Fix pinning hierarchy log information
- Fix close idle client connections associated with closed idle pinned connections.
- Fix cbdata 'error: expression result unused' errors
- Avoid "hot idle": A series of rapid select() calls with zero timeout.
- Append Connection:close to OPTIONS requests when icap_persistent_connections is off
- ntlm_fake_auth: pass DOMAIN data to Squid in original case
- kerberos_ldap_group: fix LDAP string duplication
- Use IPv6 localhost nameserver on DNS configuration errors
- Add cache_miss_revalidate
- ... and several portability improvements
Changes to squid-3.3.9 (11 Sep 2013):
- Regression Bug 3077: off-by-one error in Digest header decoding
- Bug 3895: fix acl_uses_indirect_client and cache_peer_access
- Bug 3879: assertion failed ConnStateData::validatePinnedConnection
- Bug 3863: myportname acl causes segmentation fault
- Bug 3849: Duplicate certificate sent when using https_port
- Bug 2287: Better fix for unsupported HTTP version handling
- Bug 2112: Reload into If-None-Match
- Fix several assert with side effects in ICAP/eCAP response handling
- Fix myportname ACL on ICAP/eCAP transactions
- Fix external ACL user:pass detail logging after adaptation
- Fix SMP mgr:info report 'Largest file desc currently in use'
- Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
- Improved compatibility with gcc 4.8, clang and icc
- Show number of available filedescriptors when reserved FD changes
- Sync with newest OpenSSL error codes
- Register Http2-Settings header
- ... and many Windows portability fixes
Changes to squid-3.3.8 (13 Jul 2013):
- Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
- Improved handling of port values in Host: header validation
Changes to squid-3.3.7 (11 Jul 2013):
- Bug 3297: Fix openSSL related build failures
- Fix build on FreeBSD 9.x platform with clang
- Protect against buffer overrun in DNS query generation
Changes to squid-3.3.6 (01 Jul 2013):
- Bug 3854: pt1: compile errors on AIX
- Bug 3802: Fix wrong check inside Format::Format::assemble
- Bug 3762: remove bogus WARNING in cache.log
- Bug 3717: assertion failed with dstdom_regex with IP based URL
- Bug 1991: kqueue causes SSL to hang
- Ask for SSL key password when started with -N but without sslpassword_program
- Make sure %<tt includes all [failed] connection attempts
- Support HTTP reply ACLs in icap_log and log_icap
- Fix incorrect external_acl_type codes
- Fix ICAP logging request headers and segmentation faults
- ... and some documentation polish
Changes to squid-3.3.5 (20 May 2013):
- Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
- Bug 3845: http_port tcpkeepalive= option fails parsing
- Bug 3840: assertion failed 'sde' in UFS cache loading
- Bug 3836: make check failures with automake-1.13
- Bug 3827: Remove AccessLogEntry::cache.authuser
- Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
- Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
- Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
- Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
- Port from 2.6: external acl %ACL and %DATA tags
- Update copyright on SN.png
- ... and several minor memory leaks
- ... and some documentation polish
Changes to squid-3.3.4 (27 Apr 2013):
- Bug 3831: basic_ncsa_auth Blowfish and SHA support
- Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
- Bug 3794: MacOS: workaround compiler errors and case-insensitivity
- Bug 3781: Proxy Authentication not sent to cache_peer
- Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
- Bug 3720 pt2: Add missing include in /dev/poll I/O module
- Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
- Add support for TPROXY on BSD
- Fix SSL Bump bypass for intercepted traffic
- Fix memory leaks in ConnStateData pinning
- Fix external_acl.cc "inBackground" assertion on queue overloads
- CacheMgr: fix missing column separator in helper stats
- OpenBSD: libpthreads requires OpenBSD 5.2 or later
- ... and lots of documentation updates
- ... and all changes from squid 3.2.10
Changes to squid-3.3.3 (12 Mar 2013):
- Bug 3720: Add missing include in /dev/poll I/O module (pt2)
- ... and all changes from squid 3.2.9
Changes to squid-3.3.2 (02 Mar 2013):
- Bug 3781: Proxy Authentication not sent to cache_peer
- Bug 3794: MacOS: workaround compiler errors
- Bug 3720: Compile error in Solaris /OpenIndiana
- ... and all changes from squid 3.2.8
Changes to squid-3.3.1 (09 Feb 2013):
- Bug 3726: build errors with --disable-ssl
- Propigate pinned connection persistency and closures to the client.
- Mimic SSL certificate Key Usage and Basic Constraints
- Fix segmentation fault on missing squid.conf values
- ext_sql_session_acl: Fix hex decoding on UID
- ... and some code polish
- ... and a lot of documentation polish
- ... and all changes from squid 3.2.7
Changes to squid-3.3.0.3 (09 Jan 2013):
- Bug 3729: 32-bit overflow in parsing 64-bit configuration values
- Bug 3728: Improve debug for cache_dir
- Additional fixes for CVE-2012-5643 / SQUID:2012-1
- kerberos_ldap_group: support multiple groups in squid.conf ACL definition
- kqueue: update status from experimental to fully available net I/O method
- ... and many memory leaks and potential bugs detected by Coverity Scan
Changes to squid-3.3.0.2 (03 Dec 2012):
- Support matching empty header field values using req_header and rep_header
- ... and some minor code polish and input vaidations
- ... and all changes from squid 3.2.4
Changes to squid-3.3.0.1 (21 Oct 2012):
- Bug 3610: Add peername_regex ACL
- Bug 3239: rename myip/myport as localip/localport
- Bug 3130: helpers are crashing too rapidly
- Add log_db_daemon SQL Database Logging Daemon
- Add ext_time_quota_acl helper managing sessions by bandwidth usage
- Add request_header_add option
- Support C++11 features where possible
- Support bump-ssl-server-first
- Support mimic SSL server certificates
- Remove --enable-ntlm-fail-open
- Fix TLS/SSL Options does not apply to the dynamically generated certificates
- Fix SslBump stuck after error
- Polish: display ACL enumeration text in debugs
- ... and many portability fixes for MacOS X, Windows and others
- ... and many compile error fixes
- ... and a very large amount of code polish for faster compilation
Changes to squid-3.2.13 (13 Jul 2013):
- Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
- Improved handling of port values in Host: header validation
Changes to squid-3.2.12 (11 Jul 2013):
- Protect against buffer overrun in DNS query generation
- Avoid !closing assertions when helpers call comm_read during reconfigure.
- Fix several minor memory leaks during reconfigure
- Remove origin_tries limiter on forwarding and permit large max_forward_tries values
Changes to squid-3.2.11 (30 Apr 2013):
- Regression Bug 3839: build error: src/tools.h: No such file or directory
- Update copyright on SN.png
Changes to squid-3.2.10 (27 Apr 2013):
- Bug 3833: squidclient: Option '-k' is not present in man(1) page
- Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
- Bug 3822: Locate LDAP and SASL headers for BSD support
- Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
- Bug 3774: 'squid -k reconfigure' drops rock cache
- Bug 3565: Resuming postponed accept kills Squid
- HTTP/1.1: partial support for no-cache and private controls with parameters
- ssl_crtd: fix helpers dying during startup on ARM
- GNU Hurd: define MAP_NORESERVE as no-op when missing
- BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
Changes to squid-3.2.9 (12 Mar 2013):
- Regression fix: Accept-Language header parse
- Bug 3673: Silence 'Failed to select source' messages
- Fix authentication headers sent on peer digest requests
- Fix build error on Solaris, OpenIndiana, Omnios
Changes to squid-3.2.8 (02 Mar 2013):
- Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
- Bug 3763: diskd Error: no filename in shm buffer
- Bug 3752: objects that cannot be cached in memory are not cached on disk
- Bug 3753: Removes the domain from the cache_peer server pconn key
- Bug 3749: IDENT lookup using wrong ports to identify the user
- Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
- Bug 3686: cache_dir max-size default fails
- Bug 3515: crash in FtpStateData::ftpTimeout
- Bug 3329: Quieten orphan Comm::Connection messages
- Make squid -z for cache_dir rock preserve the rock DB
- Fixed several server connect problems
- ... and some build issues on Solaris, OpenIndiana, MacOS X
- ... and some documentation and debugs polishing
Changes to squid-3.2.7 (01 Feb 2013):
- Bug 3736: Floating point exception due to divide by zero
- Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
- Bug 3732: Fix ConnOpener IPv6 awareness
- Bug 3729: 32-bit overflow in parsing 64-bit configuration values
- Bug 3728: Improve debug for cache_dir
- Bug 3687: unhandled exception: c when using interception and peers
- Bug 3678: external acl grace period causes acl lookup failures
- Bug 3567: Memory leak handling malformed requests
- Bug 3111: Mid-term fix for the forward.cc "err" assertion
- Support OpenSSL NO_Compression optio
- Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
- Fix "address.GetPort() != 0" assertion for helpers
- ... and several minor memory leaks
- ... and some cache.log message polishing
Changes to squid-3.2.6 (09 Jan 2013):
- Regression Bug 3731: TOS setsockopt() requires int value
- Regression Bug 3712: Rotating logs overwrites the previous log
- Bug 3727: LLVM compile errors in kerberos_ldap_group
- Bug 3650: Negotiate auth missing challenge token
- Additional fixes for CVE-2012-5643 / SQUID:2012-1
Changes to squid-3.2.5 (10 Dec 2012):
- Bug 3698: Add missing include of errno.h
Changes to squid-3.2.4 (03 Dec 2012):
- Ported: urllogin ACL from squid 2.7
- Bug 3688: Lots of Orphan Comm:Connections to ICAP server
- Bug 3677: Port un-pinning logic changes from squid 3.3
- Bug 3405: ssl_crtd crashes failing to remove certificate
- ... and major bugs fixed in squid 3.1.22
- Fix accept_filter on Linux
- Remove 'Bungled' warning on missing component directives
- ... and many buffer and memory leak issues in the bundled helpers
- ... and a small amount of code polishing
Changes to squid-3.2.3 (21 Oct 2012):
- Regression: SMP crashes on startup with workers > 1
- Bug 3655: pinning failure breaks NTLM and Negotiate authentication
- SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
- HTTP/1.1: honour Cache-Control before Pragma:no-cache
- HTTP/1.1: Cache-Control compliance upgrade
- Remove obsoleted refresh_pattern ignore-no-cache option
- Fix IPv6 enabled squidclient
- ... and several compile fixes
Changes to squid-3.2.2 (06 Oct 2012):
- Regression: Make login=PASS send no credentials when none available
- Regression: Handle dstdomain duplicates and overlapping names better
- Bug 3661: Segmentation fault when using more than 1 worker
- Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
- Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
- Bug 3648: polish String class files
- Bug 3647: parsing hier_code acl fails
- Bug 3626: forwarding loops on intercepted traffic
- Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
- Bug 3609: several RADIUS helper improvements
- Bug 3605: memory leak in Negotiate authentication
- Fix small memory leak in src ACL parse
- Fix maximum_single_addr_tries upgrade
- Fix chunked encoding on responses carrying a Content-Range header.
- Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
- ... and several compile errors
Changes to squid-3.2.1 (15 Aug 2012):
- Bug 3605: memory leak in peer selection
- Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
- ... and some documentation updates
Changes to squid-3.2.0.19 (02 Aug 2012):
- Regression Bug 3580: IDENT request makes squid crash
- Regression Bug 3577: File Descriptors not properly closed
- Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
- Regression Fix: Restore memory caching ability
- Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
- Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
- Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
- Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
- Support custom headers in [request|reply]_header_* manglers
- ... and much code polishing
Changes to squid-3.2.0.18 (29 Jun 2012):
- Bug 3576: ICY streams being Transfer-Encoding:chunked
- Bug 3537: statistics histogram leaks memory
- Bug 3526: digest authentication crash
- Bug 3484: Docs: sslproxy_cert_error example flawed
- Bug 3462: Delay Pools and ICAP
- Bug 3405: ssl_crtd crashes failing to remove certificate
- Bug 3380: Mac OSX compile errors with CMSG_SPACE
- Bug 3258: Requests hang when Host forgery verify fails
- Bug 3186: Digest auth caches failed state without revalidating
- Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
- Bug 2885: AIX: check and set required compiler flags
- Fix ssl_crtd compile issues with libsslutil
- Fix build with GCC 4.7 (and probably other C++11 compilers).
- Fix double-escape of %R on deny_info redirect responses
- Support status 308 Permanent Redirect
- Support for TLSv1.1 and TLSv1.2 options and methods
- Support passing external_acl_type credentials on ICAP
- Language Updates: fr, hy, pt_BR
- ... and many compile issues on Windows
- ... and some minor code polish
Changes to squid-3.2.0.17 (12 Apr 2012):
- Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
- Bug 3509: kQueue compile error
- Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
- Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
- Bug 3397: do not mark connection as opened until after SYN-ACK
- Bug 3193: NTLM decoder truncating strings
- Windows FD handling polish and some fixes
- Solaris 9/10 various build fixes
- ... and some more code polish
Changes to squid-3.2.0.16 (07 Mar 2012):
- Bug 3508: Correct DNS timeout handling.
- Bug 3503: DNS PTR queries timeout due to wrong QIDs.
- Bug 3497: Bad ssl_crtd db size file causes infinite loop
- Bug 3490: part 1: SegFault opening FTP active data connections
- Bug 3490: Crash writing Apache Common and Referer/Useragent logs
- Bug 3458: Icon Serving (squid-internal-static) Broken
- Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
- Bug 3381: 32-bit overflow assertion in StatHist
- Bug 3324: loadFromFile: parse error while reading template file
- Support sslpassword_program for ssl-bump HTTP ports
- Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
- Retry requests that failed due to a persistent connection race
- Log '-' on requests with no Referer or User-Agent headers
- ... and several fixes related to in-transit object performance
- ... and some structural design changes for portability
Changes to squid-3.2.0.15 (06 Feb 2012):
- Bug 3472: segfault with the message 'urlParse: URL too large'
- Bug 3471: segfault when %la formating code used
- Bug 3449: part 3: shm_open can fail with a mangled path
- Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
- Bug 3448: 204 response problem in adaptation chains
- Bug 3447: assertion failed: CommCalls.h:150: "dp"
- Bug 3461: build regression in IPFilter NAT
- Bug 3413: raise cbdata lock limits
- Bug 3391: forwarded_for log functionality broken
- Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
- Bug 3268: remove wrong 'Ready to serve requests.' message
- Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
- Disable OpenSSL SSL/TLS bug workarounds by default
- Send DNS A and AAAA queries in parallel
- Cache Manager migration support
- Allow service of internal requests over reverse-proxy ports
- Fix trimMemory for unswappable objects
- ... and several build and polish fixes
Changes to squid-3.2.0.14 (12 Dec 2011):
- Bug 3433: Segfault closing SNMP
- Bug 3420: Request body consumption races and !theConsumer exception.
- Bug 3406: SSL Log Error in debug
- Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
- Bug 3383: unhandled exception: theGroupBSize > 0
- Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
- Bug 3367: fix inverted check on host_strict_verify
- Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
- Bug 3364: SNMP Orphans
- Bug 3301: ERR_DNS_FAIL never shown
- Bug 3150: do not start useless unlinkd
- ext_session_acl: version 1.2
- Add adaptation_meta option
- Add a mask on the qos_flows miss configuration value
- Support intermediate CA in ssl-bump traffic certificates
- Support SSL certificate failure details on error page
- Fix flags for NAT intercept and TPROXY not set correctly
- Fix fastCheck() default result on multi-line actions
- Fix missing SMP shared memory statistics
- Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
- ... and several other TCP and SMP support behaviour fixes
- ... and many code polishing cleanups and fixed build errors
- ... and several documentation polishings
Changes to squid-3.2.0.13 (14 Oct 2011):
- Regression Bug 3363: never_direct always 'unable to forward this request at this time'
- Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
- Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
- Regression fix: always_direct/never_direct failures
- Regression fix: stop an SSL header file being included after --disable-ssl
- Regression fix: parse HTTP list headers with embedded 8-bit characters
- Bug 3355: configure setting --with-swapdir ignored
- Bug 3325: option to selectively enable strict host verify checks
- Bug 3337: HTTP status 200 is not accepted for deny_info
- Bug 3077: '\' in url query strings cause Digest authentication to fail
- Support SMP worker shared memory cache
- Support SMP worker shared disk cache (rock)
- ext_session_acl: version 1.1
- Fix Host verify: do not pinn destination IP if URL re-write has been done
- Fix IPF interception
- Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
- Fix ssl_crtd CertificateDB locking scheme
- ... and all changes from 3.1.16
- ... and many compile and polishing fixes
Changes to squid-3.2.0.12 (17 Sep 2011):
- Regression Bug 3335: ICAP service is down
- Regression Bug 3322: adapt:: and icap:: format codes do not parse
- Regression Bug 3303: Support for non-English usernames in log files
- Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
- Regression: %I shows hostname on SSL error page
- Regression: FTP outgoing port always 'in use' on PASV connections
- Bug 3337: (partial) status 200 is not accepted for deny_info
- Bug 3319: Inconsistencies in error messages
- Bug 3281: pconn in-use while closing assertion
- Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
- Fixed max-stale check. Entities not exceeding max-stale were marked as stale
- Adjust format code %la for intercepted connections
- Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
- Send RST packet when closing an ICAP connection after a transaction error
- Support maximum field width for string access.log fields
Changes to squid-3.2.0.11 (28 Aug 2011):
- Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
- Host: authority validation of intercepted destination IP
- Host: authority validation of request URL
- Host: authority validation of CONNECT tunnel destination
- Preserve client destination IP in intercepted communication
- Regression Bug 3316: Failed to connect to nameserver using TCP
- Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
- Regression Bug 3310: %<pt translates as %<p
- Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
- Regression Bug 3288: %<la and %<lp not displaying
- Bug 3289: cache manager parameters not parsed without password
- Bug 2279: Log Format options to log server source IP and port
- Bug 3211: ssl_crtd start even if no ssl-bump port is configured
- Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
- Bug 3118: ecap_enable on forces icap_enable on
- Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
- Default to vhost for accelerator mode (reverse proxy)
- Display HTTP protocol syntax at section 11 level 2
- Support for using custom keys in CARP parents
- Optimize regular expression ACLs
- ... and a lot of code portability fixes
- ... and all bugs and polish changes from 3.1.15
Changes to squid-3.2.0.10 (24 Jul 2011):
- Port from 2.7: act-as-origin for reverse proxy ports
- Regression fix: broken --disable-ipv6
- Regression fix: negative cacheing on unknown or -1 expiry timestamp
- Regression fix: vhost and defaultsite causing vport to be ignored
- Regression fix: several errors in persistent connection handling
- Regression Bug 3280: allow max-size unset and min-size=N for large objects
- Regression Bug 3245: reconfigure assertion in MemPools[type]
- Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
- Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
- Regression Bug 3269: cache.log applyQueryParams messages
- Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
- Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
- Bug 3267: workers IPC mount points disobey --localstatedir
- Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
- Bug 3247: Domain from URL Stripped when going through peers
- Bug 3244: wrong port for peer relayed requests
- Bug 3195: kerberos_ldap_group will not build without kerberos
- Bug 2862: add http(s):// support to cache manager
- kerberos_ldap_group: several fixes to -S option
- ssl_crtd: Add man(8) file
- ... and several pieces of code cleanup and polishing.
- ... and most bug fixes and updates from 3.1.14 and 3.1.15
Changes to squid-3.2.0.9 (18 Jun 2011):
- Bug 3159: delay pools --disable-auth compile problems
- HTTP/1.1: Support multiline quoted-string header fields
- HTTP/1.1: Send 505 Unsupported Version on mangled version codes
- Support configurable and translated SSL error details messages
- Add log format codes for split client/server views of HTTP request line
- Major upgrade of TCP connection handling
- Support split-stack IPv6 to servers
- Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
- Optimized persistent connection handling
- Optimized FTP data connection handling
- Optimized TCP failure recovery
- ... and all bug fixes and updates from 3.1.12.3
- ... and many code polish, documentation and translation cleanups
Changes to squid-3.2.0.8 (30 May 2011):
- Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
- Bug 3043: Properly detect Iphlpapi.h on windows
- Bug 2055: Honor ICAP Max-Connections
- Fix NTLM/Negotiate reply auth PASSTHRU to peers
- Support SSL SNI to origin servers
- Add %EXT_LOG and %EXT_TAG external_acl_type format options
- Add %b tag for proxy listening port display in error pages
- Optimize base64 encoding/decoding
- Require libcap before enabling netfilter MARK support
- Require libtool 2.2
- Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
- ... and all bug fixes and updates from 3.1.12.2
- ... and some documentation and code polishing
Changes to squid-3.2.0.7 (19 Apr 2011):
- Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
- Regression fix: icons/ FHS compliance
- Regression fix: Startup aborts with URL error when --disable-htcp
- Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
- Add negotiate_wrapper_auth version 1.0.1
- Fixed %dt logging in the presence of REQMOD
- Fixed chunked request forwarding in ICAP REQMOD presence
- ... all bug fixes and updates from 3.1.12.1
- ... many code polishings and display cleanups
Changes to squid-3.2.0.6 (04 Apr 2011):
- Regression fix: upgrade existing icons
- Regression fix: dont crash when accessing an SSL certificate with errors
- Regression fix: prevent stdio log module segfaults on rotate
- Regression fix: shutdown properly even if a worker process crashes on exit
- Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
- Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
- Bug 3105: malformed Proxy-Authorization leaks memory
- Bug 3007: CONNECT to cache_peer returns 000 status code
- Bug 2885: Compile errors on AIX
- Support parameterized Cache Manager queries
- Support libecap v0.2.0; fixed eCAP body handling and logging
- Support dynamic adaptation plans that cover multiple vectoring points
- Support %D details for documented OpenSSL errors
- Support logging of all transactions including those with uncertain status or no sent response
- Updrate negotiate_kerberos_auth to version 3.0.4sq
- Update ext_kerberos_ldap_group_acl to version 1.3.0sq
- Update ext_edirectory_userip_acl to version 2.1
- Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
- Change the default dns_timeout value from 2 minutes to 30 seconds
- Fix TCP log stream flushing on every line
- ... all bug fixes and updates from 3.1.12
- ... a great many compiler portability fixes
- ... many code polishings and display cleanups
Changes to squid-3.2.0.5 (12 Feb 2011):
- Regression Fix: profiler should not be built by default
- Regression Bug 3081: assertion failed: AsyncCallQueue
- Regression Bug 2948: Requests for FTP active downloads cause failed assertion
- Bug 3089: FTP command output overrides directory listing
- Bug 2870: --disable-auth does not work
- Bug 2586: multiple memory leaks during reconfigure
- Bug 2581: FTP directory listing sometimes fails
- Port from 2.7: maximum staleness limits
- HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
- HTTP/1.1: Support configurable status codes for deny_info
- Support upcoming "fresh message creation" eCAP API
- Aggregate SNMP responses when using SMP with multiple workers
- Several more Solaris, Windows and ICC support fixes
- ... all bug fixes and updates from 3.1.11
- ... and more code cleanup shufflings
- ... and several documentation updates
Changes to squid-3.2.0.4 (22 Dec 2010):
- Port 2.x: cache_dir min-size setting
- Bug 3059: Crash on digest auth headers with unknown nonce
- Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
- Fix cachemgr mem-pools reporting
- Add Dynamic SSL certificate generation
- Add useragent, referer, combined built-in log formats
- Obsolete log_fqdn directive
- Obsolete useragent/referer/forward_log directives
- HTTP/1.1: Send 1.1 on CONNECT responses
- Updated Kerberos support for newer GSSAPI releases
- Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
- Improve handling of early eCAP transaction failures
- Various ext_edirectory_acl fixes
- ... all bug and feature fixes included in 3.1.10 release
- ... and a lot of code and documentation polishing
Changes to squid-3.2.0.3 (07 Nov 2010):
- Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
- Regression fix: ESI processing of Surrogate filter
- Bug 3091: bypassed ICAP errors are not counted as service failures
- Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
- Bug 3038: Detatch libmisc from libcompat
- Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
- Bug 3002: store initialization (-z) does not work with SMP configs
- Bug 2999: v2.0 of ext_edirectory_userip_acl
- Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
- Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
- HTTP/1.1: support If-Match and If-None-Match requests
- HTTP/1.1: forward 1xx control messages to clients that support them
- HTTP/1.1: send Age:0 header even if it may break IE5
- HTTP/1.1: dechunk incoming requests and chunk outgoing requests
- HTTP/1.1: entry is stale if request has max-age=0
- HTTP/1.1: harden quoted-string parser
- Add --enable-build-info for extra "squid -v" display
- Add --with-swapdir=PATH to override default /var/cache/squid
- Add cpu_affinity_map directive to bind workers to CPU cores
- Add Netfilter MARK support for QoS
- Add upgrade process for obsolete options
- Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
- Add support for client send bandwidth limits (a.k.a., quota or delay pool)
- Fixes Eui48 support on OpenBSD
- Fixes cache manager support with SMP configs
- ... several documentation updates
- ... all bug and feature fixes included in 3.1.9 release.
- ... many more code polishes and leak removals
Changes to squid-3.2.0.2 (04 Sep 2010):
- Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
- Support rotating logs from cachemgr and squidclient
- Support Kerberos authentication in squidclient
- Add manual page for negotiate_kerberos_auth
- Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP