Squid 2.5.STABLE11 release notes

Squid Developers

$Id: release-2.5.html,v 1.1.2.62 2005/09/20 23:44:04 hno Exp $
This document contains the release notes for version 2.5 of Squid. Squid is a WWW Cache application developed by the National Laboratory for Applied Network Research and members of the Web Caching community.

1. Key changes from squid 2.4:

2. Changes to squid.conf

http_port

Allows ip address specification.

https_port

This is an option for use with SSL acceleration - it determines where squid listens for SSL requests.

ssl_unclean_shutdown

This is used to handle some bugs in browsers that don't fully support SSL.

tcp_incoming_address

This has been removed - use the http_port line to specify ip address's.

cache_peer

login= has been extended to allow pass through authentication, fixed password authentication and maximum connection limits.

hosts_file

Directs squid to read in a set of name-address associations upon startup and reconfiguration.

authenticate_program
authenticate_children
proxy_auth_realm

Removed. See auth_param.

auth_param

This replaces the authenticate_program directive. It allows configuration of multiple authentication helpers, one for each of the supported authentication schemes. Such schemes include "NTLM", "Digest (from RFC 2617)", and "Basic".

authenticate_cache_garbage_interval

This directive sets the garbage collection interval for the authentication cache.

external_acl_type

This directive configures the new external ACL Helper interface. VERY useful for authenticating by group membership - i.e. from an LDAP server or NT domain.

request_body_max_size

The default for this is now 0 - unlimited.

reply_body_max_size

Now multiple size limits are allowed based on ACL lists.

refresh_pattern

The default is now blank - users must uncomment the suggested default to use it. This allows the use of a blank refresh pattern if desired.

request_timeout

Raised the default to 5 minutes.

persistent_request_timeout

New directive - how long to wait after a reply is completed before closing the connection.

acl

New acl types

http_reply_access

Limit HTTP replies based on ACL's. This is complementary to http_access.

tcp_outgoing_tos
tcp_outgoing_ds
tcp_outgoing_dscp

These three directives allow marking of outbound connections at the IP level - i.e. for choosing routes based on the usercode.

tcp_outgoing_address

Allows mapping of requests onto specific outbound IP address's.

anonymize_headers

Removed. See header_access.

header_access

Allow granular filtering of HTTP headers.

header_replace

Replace specific headers with custom values.

pipeline_prefetch

Now defaults to off for bandwidth management and access logging reasons.

vary_ignore_expire

Enables a workaround for web servers that immediately expire Varied objects because they think squid is unable to handle Vary:.

sleep_after_fork

Give the OS a small amount of time to accomodate the fork+exec used to launch helpers - if squid has a lot of virtual memory allocated the OS may run out of virtual memory during helper spawning otherwise.

reference_age

This has been removed - starting with Squid-2.4 this directive have had no effect and has now been fully removed to avoid confusion.

siteselect_timeout

This has been removed - it is not referenced anywhere in the source code.

minimum_retry_timeout

This has been removed - it is not referenced anywhere in the source code.

forward_timeout

New directive in 2.5.STABLE5 complement connect_timeout in management of timeouts while connecting to origin servers or peers

short_icon_urls

New directive in 2.5.STABLE5 to enable an alternative way of referring to icons in FTP directory listings etc.

acl urllogin

New acl type in 2.5.STABLE5 to match the login component of Internet style URLs (protocol://user:password@host/path/to/file)

balance_on_multiple_ip

New directive in 2.5.STABLE7 to make it possible to disable the automatic round-robin load balancing on multiple IP addresses normally done by Squid.

reply_header_max_size

New directive in 2.5.STABLE7 limiting the size of HTTP reply headers, similar to request_header_max_size but in the reply direction (from servers to clients). Default is 20KB.

acl req_hdr/resp_hdr

New acl types in 2.5.STABLE7 to match arbitrary HTTP headers, useful to block certain malware/spyware etc.

relaxed_http_parser

New directive in 2.5.STABLE8 to control how strict the HTTP parser should be.

retry_on_error

New directive in 2.5.STABLE9 to aggressive retry requests on errors (was the default in earlier versions)

acl dst

No longer matches invalid hosts. Was previously using the IP address "255.255.255.255" on invalid hosts.

3. Known issues and limitations

There is a few known issues in this version of Squid which we hope to correct in a later release

Bug #761

assertion failed: cbdata.c:249: "c->locks > 0" when using diskd

Bug #649

Problems refreshing pages stored with 'vary' information

Bug #779

users going above their allowed IP count no longer logged in cache.log

Bug #888

ntlm_user_pool assertion error on shutdown

Ipfilter 4.x issues

In addition there is a set of limitations in this version of Squid which we hope to correct later

Bug #1059

mime.conf and referenced icons must be within chroot

Bug #692

tcp_outgoing_address using an ident ACL does not work

Bug #581

acl max_user_ip and multiple authentication schemes

Bug #528

miss_access fails on "slow" acl types such as dst.

Bug #513

squid -F is starting server sockets to early

Bug #457

does not handle swap.state corruption properly

Bug #410

unstable if runs out of disk space

Bug #355

diskd may appear slow on low loads

Bug #219

delay_pools stops working on -k reconfigure

4. Key changes squid-2.5.STABLE1 to 2.5.STABLE2:

5. Key changes squid-2.5.STABLE2 to 2.5.STABLE3:

6. Key changes squid-2.5.STABLE3 to 2.5.STABLE4:

7. Key changes squid-2.5.STABLE4 to 2.5.STABLE5:

8. Key changes squid-2.5.STABLE5 to 2.5.STABLE6:

9. Key changes squid-2.5.STABLE6 to 2.5.STABLE7:

10. Key changes squid-2.5.STABLE7 to 2.5.STABLE8:

11. Key changes squid-2.5.STABLE8 to 2.5.STABLE9:

12. Key changes squid-2.5.STABLE9 to 2.5.STABLE10:

13. Key changes squid-2.5.STABLE10 to 2.5.STABLE11: