diff --git a/doc/release-notes/release-6.sgml.in b/doc/release-notes/release-6.sgml.in index 364fdba59ea..98e7cd094d6 100644 --- a/doc/release-notes/release-6.sgml.in +++ b/doc/release-notes/release-6.sgml.in @@ -16,18 +16,17 @@ This new release is available for download from . + .

Support for compiling on HPUX with the native HP xcc compiler has been removed. - To build on that OS/compiler combination, it is possible to pass these environment variables - to ./configure: CC="cxx -Ae" RANLIB=":" + To build on that OS/compiler combination, it is possible to pass these environment variables + to ./configure: CC="cxx -Ae" RANLIB=":"

This release adds a dependency on C++17 support in any compiler used to build Squid. - GCC 8+ and Clang 8+ support C++17. + GCC 8+ and Clang 8+ support C++17. Changes since earlier releases of Squid-@SQUID_RELEASE@ -

-The Squid-@SQUID_RELEASE@ change history can be . +

The Squid-@SQUID_RELEASE@ change history can be . Major new features since Squid-@SQUID_RELEASE_OLD@ @@ -195,6 +194,7 @@ This section gives an account of those changes in three categories: +

@@ -278,6 +278,14 @@ This section gives an account of those changes in three categories: upgraded to an HTTP/1.1 message. +Other changes

+ + ext_time_quota_acl helper +

The -l option that enables logging of debug messages + to a custom logfile has been removed, and their format has been + changed to be in line with Squid cache.log format. + Changes to ./configure options since Squid-@SQUID_RELEASE_OLD@

@@ -307,7 +315,9 @@ This section gives an account of those changes in three categories: Changes to existing options

-

No ./configure options have been changed. + --disable-esi +

The ESI feature is now disabled by default. + Use --enable-esi if needed.

diff --git a/doc/release-notes/release-7.sgml.in b/doc/release-notes/release-7.sgml.in index 304b7500138..8e56d0bc411 100644 --- a/doc/release-notes/release-7.sgml.in +++ b/doc/release-notes/release-7.sgml.in @@ -18,11 +18,10 @@ This new release is available for download from . + . Changes since earlier releases of Squid-@SQUID_RELEASE@ -

-The Squid-@SQUID_RELEASE@ change history can be . +

The Squid-@SQUID_RELEASE@ change history can be . Major new features since Squid-@SQUID_RELEASE_OLD@ @@ -34,6 +33,7 @@ The Squid-@SQUID_RELEASE@ change history can be Removed Ident protocol support -

Ident protocol (RFC 931 obsoleted by RFC 1413) has been considered -seriously insecure and broken since at least 2009 when SANS issued an update -recommending its removal from all networks. Squid Ident implementation had its -own set of problems (that could not be addressed without significant code -refactoring). + seriously insecure and broken since at least 2009 when SANS issued an update + recommending its removal from all networks. Squid Ident implementation had its + own set of problems (that could not be addressed without significant code + refactoring).

Configurations using ident/ident_regex ACLs, %ui logformat codes, %IDENT -external_acl_type format code, or ident_lookup_access/ident_timeout directives -are now rejected, leading to fatal startup failures. + external_acl_type format code, or ident_lookup_access/ident_timeout directives + are now rejected, leading to fatal startup failures.

To avoid inconveniencing admins that do not use Ident features, -access logs with "common" and "combined" logformats now always receive a dash -in the position of what used to be a %ui record field. + access logs with "common" and "combined" logformats now always receive a dash + in the position of what used to be a %ui record field.

If necessary, an external ACL helper can be written to perform Ident transactions -and deliver the user identity to Squid through the **user=** annotation. + and deliver the user identity to Squid through the **user=** annotation. -Changes to squid.conf since Squid-@SQUID_RELEASE_OLD@ -

-This section gives an account of those changes in three categories: +Helper changes +

Removed basic_smb_lm_auth NTLM authentication helper. + Use the ntlm_auth helper from the Samba project instead. + +

Removed ntlm_smb_lm_auth NTLM authentication helper. + Use the ntlm_auth helper from the Samba project instead. + +

Removed -l option that enables ext_time_quota_acl + to log debug messages to a custom logfile, and their format has been + changed to be in line with Squid's cache.log format. + + + +Changes to squid.conf since Squid-@SQUID_RELEASE_OLD@ +

This section gives an account of those changes in three categories: @@ -148,6 +159,11 @@ This section gives an account of those changes in three categories: Changes to existing directives

+ access_log +

Built-in common and combined logformats now always + receive a dash character ("-") in the position of what used to be a + %ui record field. + acl

Changed src to detect and handle overlapping IP and IP-range values. Merging where necessary. @@ -176,24 +192,31 @@ This section gives an account of those changes in three categories:

Removed the non_peers action. See the Cache Manager for details. - dns_packet_max -

Honor positive dns_packet_max values when sending DNS A queries - and PTR queries containing IPv4 addresses. Prior to this change, Squid did - not add EDNS extension (RFC 6891) to those DNS queries because 2010 tests - revealed compatibility problems with some DNS resolvers. We hope that those - problems are now sufficiently rare to enable this useful optimization for - all DNS queries, as originally intended. Squid still sends EDNS extension - with DNS AAAA queries and PTR queries containing IPv6 addresses (when - dns_packet_max is set to a positive value). Rare deployments that must use - buggy DNS resolvers should not set dns_packet_max. + client_ip_max_connections +

Fixed off-by-one enforcement. Squid now allows at most N + concurrent connections per client IP (not N+1), where N + is the configured directive value. Deployments that relied on the extra + connection should increase the configured limit by one to preserve + previous behavior. - access_log -

Built-in common and combined logformats now always - receive a dash character ("-") in the position of what used to be a - %ui record field. + collapsed_forwarding +

Squid no longer revalidates responses to collapsed requests, treating + all such responses as fresh. This change follows IETF HTTP Working Group + advice (in an HTTP gray area) and prevents arguably excessive freshness + checks for responses to collapsed requests. This change does not prevent + freshness checks for responses that were, at the time of a hit request, + either fully cached or still receiving response body bytes. - logformat -

Removed %ui format code with Ident protocol support. + dns_packet_max +

Honor positive dns_packet_max values when sending DNS A queries + and PTR queries containing IPv4 addresses. Prior to this change, Squid did + not add EDNS extension (RFC 6891) to those DNS queries because 2010 tests + revealed compatibility problems with some DNS resolvers. We hope that those + problems are now sufficiently rare to enable this useful optimization for + all DNS queries, as originally intended. Squid still sends EDNS extension + with DNS AAAA queries and PTR queries containing IPv6 addresses (when + dns_packet_max is set to a positive value). Rare deployments that must use + buggy DNS resolvers should not set dns_packet_max. email_err_data

Since Squid-7.2, the default for this directive is off. @@ -201,27 +224,22 @@ This section gives an account of those changes in three categories: external_acl_type

Removed %IDENT format code with Ident protocol support. - collapsed_forwarding -

Squid no longer revalidates responses to collapsed requests, treating - all such responses as fresh. This change follows IETF HTTP Working Group - advice (in an HTTP gray area) and prevents arguably excessive freshness - checks for responses to collapsed requests. This change does not prevent - freshness checks for responses that were, at the time of a hit request, - either fully cached or still receiving response body bytes. + logformat +

Removed %ui format code with Ident protocol support. quick_abort_pct

Instead of ignoring quick_abort_pct settings that would, - together with other conditions, abort a pending download of a 99-byte or - smaller response, Squid now honors quick_abort_pct for all - response sizes. Most Squids are not going to be affected by this change - because default quick_abort_min settings (16KB) prevent aborts of 99-byte - responses even before quick_abort_pct is checked. + together with other conditions, abort a pending download of a 99-byte or + smaller response, Squid now honors quick_abort_pct for all + response sizes. Most Squids are not going to be affected by this change + because default quick_abort_min settings (16KB) prevent aborts of 99-byte + responses even before quick_abort_pct is checked.

Due to conversion from integer to floating point math, this change may - affect responses larger than 99 bytes as well, but these effects ought to - be limited to cases where the decision is based on a tiny difference (e.g., - receiving 1% more bytes would have triggered full download). In most such - cases, the decision could probably go either way due to response header - size fluctuations anyway. + affect responses larger than 99 bytes as well, but these effects ought to + be limited to cases where the decision is based on a tiny difference (e.g., + receiving 1% more bytes would have triggered full download). In most such + cases, the decision could probably go either way due to response header + size fluctuations anyway. @@ -231,6 +249,12 @@ This section gives an account of those changes in three categories: esi_parser

Edge Side Includes (ESI) protocol is no longer supported natively. + ident_lookup_access +

Ident protocol is no longer supported natively. + + ident_timeout +

Ident protocol is no longer supported natively. + mcast_miss_addr

The corresponding code has not built for many years, indicating that the feature is unused. @@ -247,12 +271,6 @@ This section gives an account of those changes in three categories:

The corresponding code has not built for many years, indicating that the feature is unused. - ident_lookup_access -

Ident protocol is no longer supported natively. - - ident_timeout -

Ident protocol is no longer supported natively. - @@ -289,7 +307,6 @@ This section gives an account of those changes in three categories: Changes to existing options

- --disable-arch-native

The -march=native compiler option is no longer used by default. It is possible to enable it by using the @@ -300,12 +317,23 @@ This section gives an account of those changes in three categories: The symptom is crashes with "illegal instruction" errors. We do not recommend enabling this optimization in virtualized environments. + --enable-auth-basic= +

Removed SMB_LM helper, in favour of the ntlm_auth + alternative offered by the Samba project. + + --enable-auth-ntlm= +

Removed SMB_LM helper, in favour of the ntlm_auth + alternative offered by the Samba project. +

Removed options