The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.12 release! This release is a bug fix release resolving issues found in the prior Squid releases. The major changes to be aware of: * Bug #4374: refresh_pattern config parser (%) For some time the squid.conf parser has been reporting errors when the refresh_pattern percentage parameter was configured with values over 100%. Due to the nature of the revalidaton algorithm refresh often works better with very large percentage values, particularly when dealing with very young objects. This release now permits large percentage values to be configured. * Bug #4228: links with krb5 libs despite --without options The Kerberos library --without-mit-kb5 and --without-heimdal-krb5 options were not working in previous 3.5 releases and could result in build errors. This has been corrected. * Bug #4373: assertion 'redirect_state == REDIRECT_NONE' Squid could exit with the above assertion if a misconfigured SquidGuard helper was used. This release will now correctly handle the SquidGuard response without exiting. Note that it appears the SquidGuard project is no longer being maintained. All its capabilities are available directly within Squid. Users still relying on it should evaluate upgrading their config to no longer use a rewriter, or to migrate to one of the alternative helpers which are available and being maintained. * TLS: Handshake Problem during Renegotiation Previous Squid did not support server-initiated renegotiation and would close the TLS connection even if the renegotiation occured during the handshake process. Squid now supports this TLS feature during TLS handshake when SSL-Bumping the traffic. * Revert r13921: Migrate StoreEntry to using MEMPROXY_CLASS An attempted performance optimization in Squid-3.5.10 r13921 has been found to uncover hidden bugs in the cache handling. As a result objects could become MISS or revalidate unnecessarily. Some SNMP reporting issues could also be resulting. The change has now been removed from 3.5. * Fix SSL_get_certificate() problem detection The autoconf checks for this sometimes broken function fail on library builds which don't include SSLv3; as a result of the autoconf decision this can end up triggering the assert(0) in Ssl::verifySslCertificate(). * Fix cache_peer forceddomain= in CONNECT CONNECT messages output by Squid to peers in configurations using forcedomain= parameter could be sent with the original domain name in the Host: header. While this should not have had any effect, it is possible that broken recipients and downstream traffic analysis could be confused. Squid will now consistently apply forcedomain= on all HTTP requests. All users of Squid are encouraged to upgrade to this release as time permits. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html when you are ready to make the switch to Squid-3.5 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries _______________________________________________ squid-announce mailing list squid-announce@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-announce
