The Squid Software Foundation is very pleased to announce the availability of the Squid-4.0.1 beta release! This new 4.x series of Squid brings useful new features and changes providing improved performance over earlier release series. More detailed descriptions of the major new features are available in the release notes and wiki: <http://www.squid-cache.org/Versions/v4/RELEASENOTES.html> <http://wiki.squid-cache.org/Squid-4> Detailed lists of the ./configure build and squid.conf changes can also be found in the release notes. This code is released as beta for wider testing purposes and potential use. There are no more planned alterations to the existing features, ./configure options or squid.conf options. NOTE: Since the 4.0.1 package was bundled there have been some important issues have been found and resolved. Testers are encouraged to use the daily snapshot or apply the patches in the "Change Details" listing where relevant. This release adds a dependency on C++11 support in any compiler used to build Squid. As a result older C++03 -only and most C++0x compilers will no longer build successfully. GCC 4.9+ and Clang 3.5+ are known to have working C++11 support and are usable. GCC-4.8 will also build for now despite lack of full C++11 support, but some future features may not be available. This Squid version begins the transition from SSL behaviour to TLS behaviour. While these protocols are often considered to be the same, they in fact have some small but significant differences. Most relevant to Squid is the negotiation for RFC protocol version and thus cipher sets and connection capabilities. Parameters for configuring SSL are being renamed to TLS options in this version. Other options may be renamed in upcoming versions. Please ensure you run "squid -k parse" to check squid.conf during upgrade and check the relevant parameters documentation to avoid surprises. Squid is now capable of configuring Elliptic Curve ciphers in TLS. These ciphers are the most secure algorithms currently available, and are being required by some browser implementations and security policies. But they do require a slightly different configuration in squid.conf to enable. More details in the release notes. Squid is now capable of communicating with ICAP services over TLS. squid.conf options the connection to these services can be configured similar to those previously available on the cache_peer directive. See the release notes for further details. External ACL helpers can now be passed a much wider range of details using any of the logformat codes for the format parameter. Whether any given macro expands is dependent on whether the detail is available yet in the transaction. Not all access controls have been tested yet - some regressions may occur, if you find one please report the bug ASAP. The ID assignment algorthm for helper concurrency channels feature has been altered significantly. It requires 64-bit ID support in helpers and will cycle through ID numbers sequentually instead of using the lowest unused channel. This may require some helpers to be re-designed, and all 32-bit helpers definitely need to be rebuilt with 64-bit ID support. See release notes for specific requirements on helpers. SMP support availability on several OS has been improved with the use of C++11 atomics and shared memory features. These features are auto-enabled by default. There may be behaviour differences noticed with memory caching on OS where SMP support was previously being auto-disabled. Major features dropped: * SSLv2 support is officially purged from the code. RFC 6176 requires new and updated releases of software supporting SSL no longer provide support negotiating SSLv2 ciphers or protocol behaviours. This release of Squid removes SSLv2 support including all squid.conf configuration options used to enable or disable SSLv2 related behaviours. Manual config file updates may be required to avoid warnings or errors about unsupported options. * basic_msnt_multi_domain_auth removal The SMB LM helpers were deprecated some time ago. Additionally, the MSNT multi-domain auth helper has been found to overlap completely with features still available in the basic_smb_lm_auth helper. All users are encouraged to give this Squid release a test run as soon as time permits. All feedback welcome. Please refer to the release notes at <http://www.squid-cache.org/Versions/v4/RELEASENOTES.html> if and when you are ready to make the switch to Squid-4 This new release can be downloaded from our HTTP or FTP servers <http://www.squid-cache.org/Versions/v4/> <ftp://ftp.squid-cache.org/pub/squid/> <ftp://ftp.squid-cache.org/pub/archive/4/> or the mirrors. For a list of mirror sites see <http://www.squid-cache.org/Download/http-mirrors.html> <http://www.squid-cache.org/Download/mirrors.html> If you encounter any issues with this release please file a bug report. <http://bugs.squid-cache.org/> Amos Jeffries _______________________________________________ squid-announce mailing list squid-announce@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-announce
