[squid-users] Squid-2.5.PRE13 released, 2.5.STABLE1 planned

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 14 Sep 2002 02:15:58 +0200

RELEASE Squid-2.5.PRE13 - Help us BETA TEST!

Some days ago Squid-2.5.PRE13 was released. This will hopefully be the
last 2.5.PRE release before the Squid-2.5.STABLE1 release.

This message is a call for public beta testing of Squid-2.5. If you
can please test out the Squid-2.5 version under controlled forms to
familiarize you with the new release.

Note that Squid-2.5.PRE13 is a PRE-release, and as such we do not
recommend this release to be used in production environments.

The Squid-2.5 PRE-release can be found from our web or ftp sites, or
any of the mirrors.

 HTTP: <URL:http://www.squid-cache.org/Versions/v2/2.5/>
 FTP: <URL:ftp://ftp.squid-cache.org/pub/squid-2/DEVEL/>
 Mirrors: <URL:http://www.squid-cache.org/Mirrors/>

RELEASE 2.5.STABLE1

The current plan is to release 2.5.STABLE1 in about 1 weeks time
unless there is critical errors found in the 2.5.PRE13 release. A
long time awaited release after almost 2 years of coding and almost a
year of PRE-releases.

VOLUNTEERS NEEDED - Squid FAQ and Squid Users Guide

This message is also a call for volunteers for updating the Squid FAQ
and Squid Users Guide with information relevant for Squid-2.5. Both
documents are in great need of updates. If you are interested in
helping out with this task please write to squid-dev@squid-cache.org.

 Squid FAQ: <URL:http://www.squid-cache.org/Doc/FAQ/>
 Squid Users Guide: <URL:http://squid-docs.sourceforge.net/>

Preliminary release notes for the Squid-2.5 release is attached below.

Regards
The Squid HTTP Proxy developers

______________________________________________________________________

Title: Squid 2.5 release notes
Author: Squid Developers

This document contains the release notes for version 2.5 of Squid.
Squid is a WWW Cache application developed by the National Laboratory
for Applied Network Research and members of the Web Caching community.
  
______________________________________________________________________

  Table of Contents

  1. Key changes from squid 2.4:
  2. Changes to squid.conf
  3. Known limitations
 
______________________________________________________________________

1. Key changes from squid 2.4:

 o Major rewrite of proxy authentication to support other schemes
   than basic. First in the line is NTLM support but others can
   easily be added (minimal digest is present). See the Programmers
   Guide for the internals. Thanks to the SAMBA team for some
   excellent collaboration on the NTLM support! (Robert Collins
   & Francesco Chemolli)

 o Optimized searching in proxy_auth and ident ACL types. Squid
   should now handle large access lists a lot more efficiently.
   (Francesco Chemolli)

 o Fixed forwarding/peer loop detection code (Brian Degenhardt) -
   now a peer is ignored if it turns out to be us, rather than
   committing suicide

 o Changed the internal URL code to obey appendDomain for internal
   objects if it needs appending. This fixes weirdnesses where a
   machine can think it is "foo.bar.com", and "foo" is requested.
   (Brian Degenhardt)

 o Added the use of Automake to create the Makefile.in's in the
   squid source tree. This will allow libtool in the future, and
   immediately allows better dependency tracking - with or without
   gcc - as well as the dist-all and distcheck targets for
   developers which respectively build a tar.gz and a tar.bz2
   distribution, and check that what will be distributed builds.
  (Robert Collins)

 o Added TOS and source address selection based on ACLs, written
   by Roger Venning. This allows administrators to set the TOS
   precedence bits and/or the source IP from a set of available
   IPs based upon some ACLs, generally to map different users to
   different outgoing links and traffic profiles.

 o Added 'max-conn' option to 'cache_peer'

 o Added SSL gatewaying support, allowing Squid to act as a SSL
   server in accelerator setups.

 o Many new authentication helpers.

 o no_cache now applies to cache hits as well as cache misses

 o the Gopher client in Squid has been significantly improved

 o Squid now sanity checks FTP data connections to ensure the
   connection is from the requested server. Can be disabled
   if needed by turning off the ftp_sanitycheck option.

 o external acl support. A mechanism where flexible ACL checks
   can be driven by external helpers. See the external_acl_type
   and acl external directives. (MARA Systems AB)

 o Countless other small things and fixes

 o HTML pages generated by Squid or CacheMgr as well as the ERR
   documents now contain a doctype declaration so that browsers
   know which HTML specification the document uses. In addition
   to that they have a new look (background-color, font) and are
   valid according to the HTML standards at www.w3.org. (Clemens
   Löser)

 o Login and password send to Basic auth helpers is now URL
   escaped to allow for spaces and other "odd" characters in
   logins and passwords

 o Proxy Authentication is no longer blindly forwarded to peer
   caches if not used locally. If forwarding of proxy
   authentication is desired then it must now be configured with
   the login=PASS cache_peer option.

 o Responses with Vary: in the header are now cached by squid.
   (Henrik Nordstrom).

 o Support for openBSD pf interface in interception mode.

 o It is now possible to send complex arguments to helpers by
   quoting the arguments by " and/or \

2. Changes to squid.conf

   http_port
      Allows ip address specification.

   https_port
      This is an option for use with SSL acceleration - it determines
      where squid listens for SSL requests.

   ssl_unclean_shutdown
      This is used to handle some bugs in browsers that don't fully
      support SSL.

   tcp_incoming_address
      This has been removed - use the http_port line to specify ip
      address's.

   cache_peer
      login= has been extended to allow pass through authentication,
      fixed password authentication and maximum connection limits.

   hosts_file
      Directs squid to read in a set of name-address associations upon
      startup and reconfiguration.

   authenticate_program
   authenticate_children
   proxy_auth_realm
      Removed. See auth_param.

   auth_param
      This replaces the authenticate_program directive. It allows
      configuration of multiple authentication helpers, one for each
      of the supported authentication schemes. Such schemes include
      "NTLM", "Digest (from RFC 2617)", and "Basic".

   authenticate_cache_garbage_interval
      This directive sets the garbage collection interval for the
      authentication cache.

   external_acl_type
      This directive configures the new external ACL Helper interface.
      VERY useful for authenticating by group membership - i.e. from
      an LDAP server or NT domain.

   request_body_max_size
      The default for this is now 0 - unlimited.

   reply_body_max_size
      Now multiple size limits are allowed based on ACL lists.

   refresh_pattern
      The default is now blank - users must uncomment the suggested
      default to use it. This allows the use of a blank refresh
      pattern if desired.

   request_timeout
      Raised the default to 5 minutes.

   persistent_request_timeout
      New directive - how long to wait after a reply is completed
      before closing the connection.

   acl
      New acl types:

      o referer_regex (match Referer headers),

      o max_user_ip (limit concurrent IP's a single user may use)

      o rep_mime_type (filter replies based on their content type).

      o external (use an external helper)

   http_reply_access
      Limit HTTP replies based on ACL's. This is complementary to
      http_access.

   tcp_outgoing_tos
   tcp_outgoing_ds
   tcp_outgoing_dscp
      These three directives allow marking of outbound connections at
      the IP level - i.e. for choosing routes based on the usercode.

   tcp_outgoing_address
      Allows mapping of requests onto specific outbound IP address's.

   anonymize_headers
      Removed. See header_access.

   header_access
      Allow granular filtering of HTTP headers.

   header_replace
      Replace specific headers with custom values.

   pipeline_prefetch
      Now defaults to off for bandwidth management and access logging
      reasons.

   vary_ignore_expire
      Enables a workaround for web servers that immediately expire
      Varied objects because they think squid is unable to handle
      Vary:.

   sleep_after_fork
      Give the OS a small amount of time to accomodate the fork+exec
      used to launch helpers - if squid has a lot of virtual memory
      allocated the OS may run out of virtual memory during helper
      spawning otherwise.

   reference_age
      This has been removed - starting with Squid-2.4 this directive
      have had no effect and has now been fully removed to avoid
      confusion.

   siteselect_timeout
      This has been removed - it is not referenced anywhere in the
      source code.

3. Known limitations

   There is a few limitations to this version of Squid that we hope to
   correct in a later release

   deny_info
      deny_info only works for http_access, not for the acls listen in
      http_reply_access

   authentication
      The proxy authentication acl types only works in http_access and
      partially in delay_access, not the other acl driven directives
      (tcp_outoing_address, redirect_access, cache_peer_access, ...)

______________________________________________________________________
Received on Fri Sep 13 2002 - 18:16:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:19 MST