[squid-users] Squid 3.3.10 is available

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 11 Nov 2013 19:55:41 +1300

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.3.10 release!

This release is a bug fix release resolving several major issues
found in the prior Squid releases.

The major changes to be aware of:

* Avoid "hot idle": A series of rapid select() calls with zero timeout.

This bug shows up as occasional short periods of extremely high CPU
consumption (up to 1-00% of the CPU). This particular issues should not
be affecting traffic, but may slow some requests down and cause other
processes sharing the CPU to block.

* Bug #3929: request_header_add not working for tunnel requests

CONNECT tunnel requests passed to peers were mitted from the original
request_header_add design. With this release the custom headers can
be sent on any request, including CONNECT.

* Bug #3887: tcp_outgoing_tos not working for IPv6

This bug shows up as IPv6 connections bypassing routing controls
or other service controls based on TOS value. It is present in all
previous Squid releases with IPv6 support.

* Fix pinning hierarchy log information

Due to incorrect labeling of pinned connections the HIER_PINNED/* log
lines from previous Squid releases were indicating an incorrect server
name when a cache_peer server which was pinned.

* Fix race condition on pinned server connections

Squid was not watching for server connection closure if the server
connection was pinned by SSL-bump, NTLM or Negotiate authentication.

This bug shows up as any one of several request failures in Internet
Explorer and in Squid logs. Chrome and Firefox handle the race failure
with only a slower fetch time visible to the user.

* Add cache_miss_revalidate

This is an upgraded port of the Squid-2.7 ignore_ims_on_miss directive
which alters revalidation requests from clients to a form of request
whose response can be cached.

 NOTE the on/off values meaning has changed. User of the Squid-2
      feature should read the 3.3 release notes before updating.

* ntlm_fake_auth: pass DOMAIN data to Squid in original case

During the 3.2 upgrades the NTLM fake auth helper was altered to
lower-case the domain portion of credentials returned to Squid.
That broke case-sensitive credential matching against Active Directory
and similar services by scripts and group lookups depending on them.

 See the ChangeLog for the full list of changes in this and earlier
 releases.

 All users are encouraged to upgrade to this release as soon as possible.

Please remember to run "squid -k parse" when testing upgrade to a new
version of Squid. It will audit your configuration files and report
any identifiable issues the new release will have in your installation
before you "press go". We are still removing the infamous "Bungled
Config" halting points and adding checks, so if something is not
identified please report it.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
when you are ready to make the switch to Squid-3.3

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

http://www.squid-cache.org/Versions/v3/3.3/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.3/

or the mirrors. For a list of mirror sites see

http://www.squid-cache.org/Download/http-mirrors.html
http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/

Amos Jeffries
Received on Mon Nov 11 2013 - 06:55:50 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 12 2013 - 12:00:06 MST