Key changes from squid 2.5
-
-
-- Major improvements to the way that Squid handles web proxy, accelerated
-and transparent proxy requests to make it easier to configure transparent and
-acceleration functionality. The default behaviour is to function as a standard
-HTTP proxy on each port that Squid is configured to listen on, but in addition
-in this release the keywords "accel" and "transparent" can be specified
-after each port to indicate to Squid the functionality that is to be enabled on
-that port. This means that the old config directives relating to httpd_accel_*
-are now deprecated. See below for more details about these options.
-
- WCCPv2 support multiple cache engines registering with multiple WCCP
-routers and switches. WCCPv2 is preferred over WCCPv1 for performance and
-flexibility reasons if your router or switch is able to support it (all recent
-versions of IOS do so). Initially WCCPv2 under Linux is limited to registration
-with only one router due to kernel limitations in more recent versions, although
-this will be addressed in a future release of Squid.
-
- TPROXY totally transparent proxy support under Linux, which to allow Squid
-to appear totally invisible to both client and server systems when transparently
-caching requests. This works by spoofing the source and destination address to
-both the client and server.
-
- Support for Etag and Vary HTTP headers. This further moves Squid towards
-HTTP/1.1 compliance. The Vary header field is used for improved caching and
-delivery of customized content to end clients, and the Etag is used similar to
-an MD5 checksum between client and server to determine if a web page has changed
-since it was last retrieved.
-
- Collapsed forwarding, which gives Squid the ability to intelligently merge
-client requests for objects into one request to the server. Of particular
-benefit in accelerator setups but also provides some benefits to non accelerator
-setups.
-
- Support for epoll under Linux and kqueue under FreeBSD, which gives Squid
-the ability to handle many many more concurrent requests with lower CPU
-overhead. This feature is of particular benefit to very busy caches
-as the poll() and select() routines do not scale anywhere near as well as epoll
-and kqueue does under high loads.
-
- SSL assisted hardware encryption making use of OpenSSL functionality
-within Squid.
-
- Logging enhancements to allow even greater customization of the way Squid
-logs requests in the access-log or to syslog if required
-
- Authentication enhancements including Negotiate/Kerberos support, extra
-workarounds for NTLM clients and others using Microsoft Integrated Login.
-
- Additional external_acl parameters to support SSL and even more client
-side parameters.
-
- ACL changes in conjunction with SSL changes which have been merged, to
-allow matching based on SSL certificate parameters.
-
- Improvements to Cygwin support for users who wish to run Squid in a
-Microsoft Windows/Cygwin environment as a system service.
-
- New authentication helpers:
-
-
- Digest LDAP helper
-
- Native Windows basic, NTLM and negotiate helpers
-
- External acl helpers for session monitoring and native Windows group
-membership check
-
-- HTCP significantly cleaned up and added support for the CLR operation to purge contents from the cache
-
- Support for parsing X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies
-
- Support for proxying of Microsoft Integrated Login (NTLM & Negotiate) connection oriented authentication schemes, enabling access to servers or proxies using such authentication methods.
-
- Support for the Linux TPROXY patch allowing Squid to masquerade using the clients original IP address
-
- urlgroups, tagging URLs for redirection and access controls, and divides the cache allowing different users to get different results for the same URL.
-
- Optional automatic monotoring of cache peers and configured origin servers
-
- SSL client support, allowing both http->https gatewaying and SSL encrypted peers (both origin servers and proxies).
-
- Full ETag/Vary based caching, allowing efficient caching of server driven content negotiation.
-
- Customizable access log format
-
- Selective access logging, and ability to log to more than access log possibly in different formats
-
- New more efficient helper protocol allowing for multiple concurrent lookups to the same helper
-
- Ability to rewrite Location headers (redirects sent by servers)
-
- Major cleanup or CARP. Now plays well with the other peering algorithms as just another non-ICP peering method.
-
-
-Changes to squid.conf
-
-http_portNow takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual. Also there is no longer a default port and you must include a http_port directive in your squid.conf if you want Squid to listen for http requests.
-httpd_accel_* for transparent proxyNow implemented by the "transparent" http_port option
-httpd_accel_* for accelerator modeNow implemented by other options and the http_port accel option. See individual directives below.
-httpd_accel_hostReplaced by defaultsite http_port option and cache_peer originserver option.
-httpd_accel_portNo longer needed. Server port defined by the cache_peer port.
-httpd_accel_uses_host_headerReplaced by vhost http_port option
-https_portMany new options. Reconstructs URLs as https:// by default.
-cache_peerMany new options to support origin servers and SSL encryption
-ssl_engineNew directive for hardware assisted SSL encryption
-sslproxy_*New directives defining how to gateway http->https
-sslpassword_programNew helper directive to query an external program for SSL key encryption password (if any)
-no_cacheRenamed to cache to better reflect the functionaliy. no_cache still accepted.
-cacheNew name for the old no_cache directive.
-cache_varyNew directive to disable caching of Vary:ing responses
-broken_vary_encodingNew directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding.
-logformatNew directive for defining custom log formats
-cache_access_logRenamed to access_log
-access_logSelect what requests to log where any by what format. Support for multiple log files and multiple log formats.
-check_hostnamesNew option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.
-allow_underscoreNew option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.
-dns_defnamesAllow for domain searches. Now possible even when using the internal DNS client
-redirect_*Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)
-url_rewrite_concurrencyActivates a new and more efficient helper protocol. Requires changes in the helper.
-location_rewrite_*New helper hook for rewriting Location headers
-auth_param basic blankpasswordNew option to allow the use of blank passwords.
-auth_param basic/digest concurrencyNew option enabling a multiplexed helper protocol allowing the same helper to process multiple concurrent requests in an efficient manner. Requires support from the helper. (2.6.STABLE2 and later)
-auth_param ntlm max_challenge_reuse / max_challenge_lifetimeNo longer supported
-auth_param ntlm use_ntlm_negotiateDirective no longer supported. Use of NTLM negotiate packet is always on.
-auth_param ntlm keep_aliveNew option to fine-tune the use of HTTP keep-alive in combination with NTLM
-auth_param negotiateNew Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.
-external_acl_typeMany new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.
-refresh_patternSeveral new HTTP override/ignore options
-read_ahead_gapNew directive to set the response buffer size.
-collapsed_forwardingNew directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.
-refresh_stale_hitNew directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.
-acl urlgroupNew acl class
-acl user_certNew acl class matching the user SSL certificate (https_port)
-acl ca_certNew acl class matching the CA of the user SSL certificate (https_port)
-acl ext_user / ext_user_regexNew acl matching usernames returned by external acl
-follow_x_forwarded_forNew option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies
-http_access2New http_access type directive but evaluated after url rewrites
-htcp_access, htcp_clr_accessAccess control on HTCP requests
-log_accessNew directive to limit what gets logged.
-httpd_suppress_version_stringEnable hiding of the Squid version
-umaskNew directive to specify the minimum umask Squid should run under
-error_mapNew directive to allow dynamic rewrites of error pages
-viaNew directive to disable the use of the Via directive
-wccp2_*WCCP2 protocol support
-minimum_expiry_timetune the magic 60 seconds limit of what is considered cachable when the object doesn't have any cache validators. (2.6.STABLE2)
-wccp2_rebuild_waitmake Squid delay registering with a WCCP router until store rebuild have finished. Default on. (2.6.STABLE2)
-wccp2_weightCache server load weigth in the cluster. (2.6.STABLE4)
-check_hostnamesControl if Squid should check the sanity of host names before trying to look them up in DNS
-allow_underscoresControl if _ is to be considered a valid character in hostnames or not
-cache_peer carp-load-factorOption removed. CARP now uses the weight parameter instead.
-cache_peer login=Controls how Squid forwards login information to peer caches and servers.
-
-
-Known issues
-
-There is a few known issues in this version of Squid which we hope to correct in a later release
-
-
-- Bug #761: Unstable under load when using diskd
-
-
-Known limitations
-
-In addition there is a set of limitations in this version of Squid which we hope to correct later
-
-
-- Bug #1420: 302 responses with an Expires header is always cached
-
- Bug #1059: mime.conf and referenced icons must be within chroot
-
- Bug #692: tcp_outgoing_address using an ident ACL does not work
-
- Bug #581: acl max_user_ip and multiple authentication schemes
-
- Bug #528: miss_access fails on "slow" acl types such as dst.
-
- Bug #513: squid -F is starting server sockets to early
-
- Bug #457: does not handle swap.state corruption properly
-
- Bug #410: unstable if runs out of disk space
-
- Bug #355: diskd may appear slow on low loads
-
- Bug #219: delay_pools stops working on -k reconfigure
-
-
-Other issues
-
-Ipfilter 4.x compile problem on HP Tru64
-
- - Running configure --enable-ipf-transparent on an HP Tru64 5.1B system with ipfilter 4.x installed, the following error can occur:
-
- checking if IP-Filter header files are installed... no
- WARNING: Cannot find necessary IP-Filter header files
- Transparent Proxy support WILL NOT be enabled
- To fix the problem first check if the ip_fil.h, ip_compat.h, ip_nat.h and ipl.h files are present in
- /usr/include/netinet and copy them from ipfilter source tree if needed.
- Don't forget to fix files permission and ownership after the copy.
- If the error still persist, run configure making it skip the ip_compat.h test:
-
- env ac_cv_header_netinet_ip_compat_h=yes ./configure --enable-ipf-transparent
-
- On Sun Solaris 10, ipfilter 4.0.22 is provided with the OS, but related include files (ip_fil.h, ip_compat.h, ip_nat.h, ipl.h) are missing.
- Before running configure --enable-ipf-transparent, they must be downloaded from the
-
- in the /usr/include local directory. Don't forget to fix files permission and ownership after the download.
-
-
-
-Windows support
-This Squid version can run on Windows as a system service using the Cygwin emulation environment,
-or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.
-On Windows 2000 and later the service is configured to use the Windows Service Recovery option
-restarting automatically after 60 seconds.
-
-
-Usage
-
-Some new command line options was added for the Windows service support:
-
-The service installation is made with -i command line switch, it's possible to use -f switch at
-the same time for specify a different config-file settings for the Squid Service that will be
-stored on the Windows Registry.
-
-A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed.
-squid -i [-f file] [-n name]
-
-Service uninstallation is made with -r command line switch with the appropriate -n switch.
-
-The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:
-
-squid -k command [-f file] -n service-name
-where squid -O cmdline [-n service-name]
-If multiple service command line options must be specified, use quote. The -n switch is
-needed only when a non default service name is in use.
-
-Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are
-specific to Windows services functionality and Squid is not designed for understand they.
-
-In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":
-
-squid -O "-D -u 3130" -n squidsvc
-
-
-
-PSAPI.DLL (Process Status Helper) Considerations
-
-The process status helper functions make it easier for you to obtain information about
-processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These
-functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform
-Software Development Kit (SDK). The same information is generally available through the
-performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is
-freely redistributable.
-
-PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is
-aware of this, and try to use it only on the right platform.
-
-On Windows NT PSAPI.DLL can be found as component of many applications, if you need it,
-you can find it on Windows NT Resource KIT. If you have problem, it can be
-downloaded from here:
-
-
-On Windows 2000 and later it is available installing the Windows Support Tools, located on the
-Support\Tools folder of the installation Windows CD-ROM.
-
-
-
-Registry DNS lookup
-On Windows platforms, if no value is specified in the
-
-
-Compatibility Notes
-
-- It's recommended to use '/' char in Squid paths instead of '\'
-
- Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid
-
- When using ACL like 'acl aclname acltype "file"' the file must be in DOS text
-format (CR+LF) and the full Windows path must be specified, for example:
-
-acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"
-
-
- The Windows equivalent of '/dev/null' is 'NUL'
-
- Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd,
-.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
-
-redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
-redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd
-
- When Squid runs in command line mode, the launching user account must have administrative privilege on the system
-
- "Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used
-
- Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported
-
-
-
-
-Known Limitations:
-
-- Squid features not operational:
-
-
- DISKD: still needs to be ported
-
- WCCP: cannot work because user space GRE support on Windows is missing
-
- Transparent Proxy: missing Windows non commercial interception driver
-
-- Some code sections can make blocking calls.
-
- Some external helpers may not work.
-
- File Descriptors number hard-limited to 2048 when building with MinGW.
-
-
-
-
-Building Squid on Windows:
-A reasonably recent release of or is needed.
-The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed.
-For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately:
-OpenSSL:
-libcrypt:
-db-1.85:
-uudecode:
-When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors.
-
-- New configure options:
-
-
- --enable-win32-service
-
-- Updated configure options:
-
-
- --enable-arp-acl
-
- --enable-default-hostsfile
-
-- Unsupported configure options:
-
-
- --enable-coss-aio-ops: On Windows Posix AIO is not available
-
- --with-large-files: No suitable build environment is available on both Cygwin and MinGW, but --enable-large-cache-files works fine
-
-- Recommended configure minimal options for Windows:
-
-
- --prefix=c:/squid --disable-wccp --disable-wccpv2 --enable-win32-service --enable-default-hostsfile=none
-
-
-
-Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW):
-
-- Copy C:\OpenSSL\lib\MinGW content to C:\MinGW\lib
-
- Copy C:\OpenSSL\include\openssl content to C:\MinGW\include\openssl
-
- Rename C:\MinGW\lib\ssleay32.a to C:\MinGW\lib\libssleay32.a
-
-
-
-
-
-Using cache manager on Windows:
-On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.
-Some specific configuration could be needed:
-
-- IIS 6 (Windows 2003):
-
-
- On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed:
-
-
- Create a cgi-bin Directory
-
- Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS
-permissions, ASP scripts are not needed. This automatically defines a
-cgi-bin IIS web application
-
- Copy cachemgr.cgi into cgi-bin directory and look to file permissions:
-the IIS system account and SYSTEM must be able to read and execute the file
-
- In IIS manager go to Web Service extensions and add a new Web Service
-Extension called
-
-- Apache:
-
-
- On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed
- to pass the TMP and TEMP Windows environment variables to CGI applications:
-
-ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
-<Location /squid/cgi-bin/cachemgr.cgi>
- PassEnv TMP TEMP
- Order allow,deny
- Allow from workstation.example.com
-</Location>
-
-
-
-
-
-Key changes squid-2.6.STABLE1 to 2.6.STABLE2
-
-
-
- - Bug #1650: transparent interception "Unable to forward this request at this time"
-
- Bug #1658: Memory corruption when using client-side SSL certificates
-
- Multiple fixes to the experimental COSS cache_dir type
-
- Added the missing concurrency parameter to basic/digest auth schemes
-
- Bug #1669: SEGV in storeAddVaryReadOld
-
- Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
-
- Bug #1671: transparent interception fails with FreeBSD ipfw or Linux-2.2 ipchains
-
- Bug #1660: Accept-Encoding related memory corruption
-
- Bug #1673: cache digests not served to other caches
-
- Bug #1684: xstrdup: tried to dup a NULL pointer!
-
- Bug #1688: Assertion failure in HttpHeader.c in some header_access configurations
-
- Bug #1696, Bug #1700 and more: WCCP2 fixes
-
- Bug #1677: Duplicate etags in the If-None-Match in cache validations causing lighttpd to fail with error 400
-
- Added ARP acl support for OpenBSD and ARP fixes for Windows
-
- Bug #1681: All ntlmauthenticator processes are busy
-
- new minimum_expiry_time squid.conf directive backported from Squid-3
-
- Bug #1703: Wrong default path to the diskd helper causing hangs at 100% CPU
-
- Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-
-Key changes squid-2.6.STABLE2 to 2.6.STABLE3
-
-
-
- - src/dst acl parsing changed to not attempt to guess a netmask
- if none was specified. Instead assume it's an IP address and not
- a network even if it ends in 0
-
- Several memory leaks plugged
-
- Delay pools now work again (broken in 2.6.STABLE1 & 2)
-
- New log_format %ue and %us tags for external acl or ssl user id
-
- COSS fixes and performance improvements
-
- Include acl's is now shown in their original form in cachemgr configuration dumps.
-
- ntlm fake_auth finally handles non-ascii user names
-
- TCP fallback on truncated DNS responses, making the internal
- DNS client complete.
-
- Downloads could hang when using the cache_dir max-size option
-
- Fixed some assertion failures and segmentation faults
-
- Some small optimizations to reduce CPU usage
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-
-Key changes squid-2.6.STABLE3 to 2.6.STABLE4
-
-
-
- - New wccp2_weight directive
-
- Numeros COSS fixes and improvements
-
- Support for WCCP2 hash based assignment and weighted assignments
-
- Windows port update
-
- Many small fixes to better detect invalid configurations
-
- Bug #1760: FTP related memory leak
-
- SNMP mib updates for some minor missing details
-
- Bug #1590: Silence those harmless ETag loop warnings
-
- Bug #1740: Squid crashes on certain malformed HTTP responses
-
- Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE4 to 2.6.STABLE5
-
-
-
- - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
-
- COSS improvements and cleanups
-
- Bug #1785: Memory leak in handling of negatively cached objects
-
- Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
-
- Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
-
- Bug #1796: Assertion error HttpHeader.c:914: "str"
-
- All comm loops now use the generic event framework
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE5 to 2.6.STABLE6
-
-
-
- - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
-
- Add support for the weight= parameter to round-robin peers
-
- Bug #1584: Unable to register with multiple WCCP2 routers
-
- Bug #439: Multicast ICP peering is unstable and considers most peers dead
-
- Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
-
- Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE6 to 2.6.STABLE7
-
-
-
- - Bug #1857: Segmentation fault on certain types of ftp:// requests
-
- Bug #1848: external_acl crashes with an infinite loop under high load
-
- Bug #1867: squid.pid isn't removed on shutdown
-
- Bug #1792: max_user_ip not working with ntlm_auth
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE7 to 2.6.STABLE8
-
-
-
- - Bug #1872: Date parsing error causing objects to get unexpectedly cached. Problem introduced in 2.6.STABLE6.
-
- Bug #1873: authenticateNTLMFixErrorHeader: state 4. NTLM &
- Negotiate instability introduced in 2.6.STABLE6.
-
- Primitive support for HTTP/1.1 chunked encoding, working around broken servers sending chunked encoding in response to HTTP/1.0 requests.
-
- Bug #1783: STALE: Entry's timestamp greater than check time. Clock going backwards?
-
- Don't update object timestamps on a failed revalidation.
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE8 to 2.6.STABLE9
-
-
-
- - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
-
- Bug #1877 diskd bug in storeDiskdIOCallback()
-
- See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE9 to 2.6.STABLE10
-
-
-
- - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
-
- various diskd bugfixes
-
- In the access.log hierarchy field log the unique peer name
- instead of the host name
-
- logging format for HTTP-request size
-
- Primitive support for HTTP/1.1 chunked encoding, working around
- broken servers
-
- a number of other minor and cosmetic bugfixes. See the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE10 to 2.6.STABLE11
-
-
-
- - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
- !conn->body.request"
-
- Handle garbage helper responses better in concurrent protocol format
-
- Fix kqueue when overflowing the changes queue
-
- Make sure the child worker process commits suicide if it could not start up
-
- Don't log short responses at debug level 1
-
- Fix collapsed_forwarding for non-GET requests
-
- See also the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE11 to 2.6.STABLE12
-
-
-
- - Assertion error on TRACE
-
- See also the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE12 to 2.6.STABLE13
-
-
-
- - Make sure reply headers gets sent even if there is no body available
- yet, fixing RealMedia streaming over HTTP issues.
-
- Bug #1814: SSL memory leak on persistent SSL connections
-
- Ukrainan error messages
-
- See also the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE13 to 2.6.STABLE14
-
-
-
- - Make sure reply headers gets sent even if there is no body available
- yet, fixing RealMedia streaming over HTTP issues.
-
- Bug #1814: SSL memory leak on persistent SSL connections
-
- Ukrainan error messages
-
- New Kerberos Negotiate / SPNEGO helper
-
- New SQL Database basic auth helper
-
- New Solaris /dev/poll support
-
- New Novell eDirectory Digest auth helper
-
- New cache_dir min-size option
-
- New pop3 basic auth helper
-
- squid.conf.default cleanups
-
- NTLM workaround for some applications not negotiating HTTP/1.0 persistent connetions
-
- See also the list of and the file for details.
-
-
-
-Key changes squid-2.6.STABLE14 to 2.6.STABLE15
-
-
-
- - Portability fix for systems requiring select(). Got broken when
- adding /dev/poll support in 2.6.STABLE14
-
- Bug #2017: Work around broken servers sending just the HTTP headers
-
- squid.conf.default documentation update and reorganisation
-
- access_log syslog syntax cleaned up and documented
-
- Armenian error pages translation
-
- Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
-
- Bug #1972: Squid sets peers to down state when they are in fact working.
-
- Bug #2066: chdir after chroot
-
- See also the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE15 to 2.6.STABLE16
-
-
-
- - Bug #2073: assertion failed: client_side.c:4175: "buf != NULL ||
- !conn->body.request on POST
-
- Test for sys/capability.h linux include file to avoid failing on
- linux systems missing libcap
-
- More squid.conf reordering to get the dependencies between options
- sorted proper
-
- See also the list of and the file for details.
-
-
-Key changes squid-2.6.STABLE16 to 2.6.STABLE17
-
-
-
- - A temporary memory leak fixed on cache updates
-
- New squid_radius_auth RADIUS authentication helper
-
- Documentation cleanups
-
- Code cleanups and portability fixes
-
- Several minor bugfixes
-
- See also the list of and the file for details.
-
-
-