The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.3.10 release!
This release is a bug fix release resolving several major issues
found in the prior Squid releases.
The major changes to be aware of:
* Avoid "hot idle": A series of rapid select() calls with zero timeout.
This bug shows up as occasional short periods of extremely high CPU
consumption (up to 1-00% of the CPU). This particular issues should not
be affecting traffic, but may slow some requests down and cause other
processes sharing the CPU to block.
* Bug #3929: request_header_add not working for tunnel requests
CONNECT tunnel requests passed to peers were mitted from the original
request_header_add design. With this release the custom headers can
be sent on any request, including CONNECT.
* Bug #3887: tcp_outgoing_tos not working for IPv6
This bug shows up as IPv6 connections bypassing routing controls
or other service controls based on TOS value. It is present in all
previous Squid releases with IPv6 support.
* Fix pinning hierarchy log information
Due to incorrect labeling of pinned connections the HIER_PINNED/* log
lines from previous Squid releases were indicating an incorrect server
name when a cache_peer server which was pinned.
* Fix race condition on pinned server connections
Squid was not watching for server connection closure if the server
connection was pinned by SSL-bump, NTLM or Negotiate authentication.
This bug shows up as any one of several request failures in Internet
Explorer and in Squid logs. Chrome and Firefox handle the race failure
with only a slower fetch time visible to the user.
* Add cache_miss_revalidate
This is an upgraded port of the Squid-2.7 ignore_ims_on_miss directive
which alters revalidation requests from clients to a form of request
whose response can be cached.
NOTE the on/off values meaning has changed. User of the Squid-2
feature should read the 3.3 release notes before updating.
* ntlm_fake_auth: pass DOMAIN data to Squid in original case
During the 3.2 upgrades the NTLM fake auth helper was altered to
lower-case the domain portion of credentials returned to Squid.
That broke case-sensitive credential matching against Active Directory
and similar services by scripts and group lookups depending on them.
See the ChangeLog for the full list of changes in this and earlier
releases.
All users are encouraged to upgrade to this release as soon as possible.
Please remember to run "squid -k parse" when testing upgrade to a new
version of Squid. It will audit your configuration files and report
any identifiable issues the new release will have in your installation
before you "press go". We are still removing the infamous "Bungled
Config" halting points and adding checks, so if something is not
identified please report it.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
when you are ready to make the switch to Squid-3.3
Upgrade tip:
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.3/
ftp://ftp.squid-cache.org/pub/squid/
ftp://ftp.squid-cache.org/pub/archive/3.3/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.html
http://www.squid-cache.org/Download/mirrors.html
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
