File: RELEASENOTES.html

package info (click to toggle)
squid 2.6.5-6etch5
links: PTS
area: main
in suites: etch
size: 12,540 kB
ctags: 13,801
sloc: ansic: 105,278; sh: 6,083; makefile: 1,297; perl: 1,245; awk: 40
file content (500 lines) | stat: -rw-r--r-- 27,909 bytes
parent folder | download | duplicates (2)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>Squid 2.6 release notes</TITLE>
</HEAD>
<BODY>
<H1>Squid 2.6 release notes</H1>

<H2>Squid Developers</H2>$Id: release-2.6.html,v 1.36 2006/11/03 13:16:22 hno Exp $
<HR>
<EM>This document contains the release notes for version 2.6 of Squid.
Squid is a WWW Cache application developed by the Web Caching community.</EM>
<HR>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="#s1">Key changes from squid 2.5</A></H2>

<P>
<H2><A NAME="toc2">2.</A> <A HREF="#s2">Changes to squid.conf</A></H2>

<P>
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Known issues</A></H2>

<P>
<H2><A NAME="toc4">4.</A> <A HREF="#s4">Known limitations</A></H2>

<P>
<H2><A NAME="toc5">5.</A> <A HREF="#s5">Other issues</A></H2>

<P>
<H2><A NAME="toc6">6.</A> <A HREF="#s6">Windows support</A></H2>

<P>
<H2><A NAME="toc7">7.</A> <A HREF="#s7">Key changes squid-2.6.STABLE1 to 2.6.STABLE2</A></H2>

<P>
<H2><A NAME="toc8">8.</A> <A HREF="#s8">Key changes squid-2.6.STABLE2 to 2.6.STABLE3</A></H2>

<P>
<H2><A NAME="toc9">9.</A> <A HREF="#s9">Key changes squid-2.6.STABLE3 to 2.6.STABLE4</A></H2>

<P>
<H2><A NAME="toc10">10.</A> <A HREF="#s10">Key changes squid-2.6.STABLE4 to 2.6.STABLE5</A></H2>


<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Key changes from squid 2.5</A></H2>

<P>
<UL>
<LI>Major improvements to the way that Squid handles web proxy, accelerated 
and transparent proxy requests to make it easier to configure transparent and 
acceleration functionality.  The default behaviour is to function as a standard 
HTTP proxy on each port that Squid is configured to listen on, but in addition 
in this release the keywords "accelerated" and "transparent" can be specified 
after each port to indicate to Squid the functionality that is to be enabled on 
that port.  This means that the old config directives relating to httpd_accel_* 
are now deprecated.</LI>
<LI>WCCPv2 support multiple cache engines registering with multiple WCCP 
routers and switches.  WCCPv2 is preferred over WCCPv1 for performance and 
flexibility reasons if your router or switch is able to support it (all recent 
versions of IOS do so).  Initially WCCPv2 under Linux is limited to registration 
with only one router due to kernel limitations in more recent versions, although 
this will be addressed in a future release of Squid.</LI>
<LI>TPROXY totally transparent proxy support under Linux, which to allow Squid 
to appear totally invisible to both client and server systems when transparently 
caching requests.  This works by spoofing the source and destination address to 
both the client and server.</LI>
<LI>Support for Etag and Vary HTTP headers.  This further moves Squid towards 
HTTP/1.1 compliance.  The Vary header field is used for improved caching and 
delivery of customized content to end clients, and the Etag is used similar to 
an MD5 checksum between client and server to determine if a web page has changed 
since it was last retrieved.</LI>
<LI>Collapsed forwarding, which gives Squid the ability to intelligently merge 
client requests for objects into one request to the server.  Of particular 
benefit in accelerator setups but also provides some benefits to non accelerator 
setups.</LI>
<LI>Support for epoll under Linux and kqueue under FreeBSD, which gives Squid
the ability to handle many many more concurrent requests with lower CPU
overhead. This feature is of particular benefit to very busy caches 
as the poll() and select() routines do not scale anywhere near as well as epoll 
and kqueue does under high loads.</LI>
<LI>SSL assisted hardware encryption making use of OpenSSL functionality 
within Squid.</LI>
<LI>Logging enhancements to allow even greater customization of the way Squid 
logs requests in the access-log or to syslog if required</LI>
<LI>Authentication enhancements including Negotiate/Kerberos support, extra
workarounds for NTLM clients and others using Microsoft Integrated Login.</LI>
<LI>Additional external_acl parameters to support SSL and even more client 
side parameters.</LI>
<LI>ACL changes in conjunction with SSL changes which have been merged, to 
allow matching based on SSL certificate parameters.</LI>
<LI>Improvements to Cygwin support for users who wish to run Squid in a 
Microsoft Windows/Cygwin environment as a system service.</LI>
<LI>New authentication helpers:
<UL>
<LI>Digest LDAP helper</LI>
<LI>Native Windows basic, NTLM and negotiate helpers</LI>
<LI>External acl helpers for session monitoring and native Windows group
membership check</LI>
</UL>
</LI>
<LI>HTCP significantly cleaned up and added support for the CLR operation to purge contents from the cache</LI>
<LI>Support for parsing X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies</LI>
</UL>
</P>

<H2><A NAME="s2">2.</A> <A HREF="#toc2">Changes to squid.conf</A></H2>

<P>
<DL>
<DT><B>http_port</B><DD><P>Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.</P>
<DT><B>httpd_accel_* for transparent proxy</B><DD><P>Now implemented by the "transparent" http_port option</P>
<DT><B>httpd_accel_host</B><DD><P>Replaced by defaultsite http_port option and cache_peer originserver option.</P>
<DT><B>httpd_accel_port</B><DD><P>No longer needed. Server port defined by the cache_peer port.</P>
<DT><B>httpd_accel_uses_host_header</B><DD><P>Replaced by vhost http_port option</P>
<DT><B>https_port</B><DD><P>Many new options. Reconstructs URLs as https:// by default.</P>
<DT><B>cache_peer</B><DD><P>Many new options to support origin servers and SSL encryption</P>
<DT><B>ssl_engine</B><DD><P>New directive for hardware assisted SSL encryption</P>
<DT><B>sslproxy_*</B><DD><P>New directives defining how to gateway http-&gt;https</P>
<DT><B>sslpassword_program</B><DD><P>New helper directive to query an external program for SSL key encryption password (if any)</P>
<DT><B>no_cache</B><DD><P>Renamed to cache to better reflect the functionaliy. no_cache still accepted.</P>
<DT><B>cache</B><DD><P>New name for the old no_cache directive.</P>
<DT><B>cache_vary</B><DD><P>New directive to disable caching of Vary:ing responses</P>
<DT><B>broken_vary_encoding</B><DD><P>New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding.</P>
<DT><B>logformat</B><DD><P>New directive for defining custom log formats</P>
<DT><B>cache_access_log</B><DD><P>Renamed to access_log</P>
<DT><B>access_log</B><DD><P>Select what requests to log where any by what format. Support for multiple log files and multiple log formats.</P>
<DT><B>check_hostnames</B><DD><P>New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.</P>
<DT><B>allow_underscore</B><DD><P>New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.</P>
<DT><B>dns_defnames</B><DD><P>Allow for domain searches. Now possible even when using the internal DNS client</P>
<DT><B>redirect_*</B><DD><P>Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)</P>
<DT><B>url_rewrite_concurrency</B><DD><P>Activates a new and more efficient helper protocol. Requires changes in the helper.</P>
<DT><B>location_rewrite_*</B><DD><P>New helper hook for rewriting Location headers</P>
<DT><B>auth_param basic blankpassword</B><DD><P>New option to allow the use of blank passwords.</P>
<DT><B>auth_param basic/digest concurrency</B><DD><P>New option enabling a multiplexed helper protocol allowing the same helper to process multiple concurrent requests in an efficient manner. Requires support from the helper. (2.6.STABLE2 and later)</P>
<DT><B>auth_param ntlm max_challenge_reuse / max_challenge_lifetime</B><DD><P>No longer supported</P>
<DT><B>auth_param ntlm use_ntlm_negotiate</B><DD><P>Directive no longer supported. Use of NTLM negotiate packet is always on.</P>
<DT><B>auth_param ntlm keep_alive</B><DD><P>New option to fine-tune the use of HTTP keep-alive in combination with NTLM</P>
<DT><B>auth_param negotiate</B><DD><P>New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.</P>
<DT><B>external_acl_type</B><DD><P>Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.</P>
<DT><B>refresh_pattern</B><DD><P>Several new HTTP override/ignore options</P>
<DT><B>read_ahead_gap</B><DD><P>New directive to set the response buffer size.</P>
<DT><B>collapsed_forwarding</B><DD><P>New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.</P>
<DT><B>refresh_stale_hit</B><DD><P>New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.</P>
<DT><B>acl urlgroup</B><DD><P>New acl class</P>
<DT><B>acl user_cert</B><DD><P>New acl class matching the user SSL certificate (https_port)</P>
<DT><B>acl ca_cert</B><DD><P>New acl class matching the CA of the user SSL certificate (https_port)</P>
<DT><B>acl ext_user / ext_user_regex</B><DD><P>New acl matching usernames returned by external acl</P>
<DT><B>follow_x_forwarded_for</B><DD><P>New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies</P>
<DT><B>http_access2</B><DD><P>New http_access type directive but evaluated after url rewrites</P>
<DT><B>htcp_access, htcp_clr_access</B><DD><P>Access control on HTCP requests</P>
<DT><B>log_access</B><DD><P>New directive to limit what gets logged.</P>
<DT><B>httpd_suppress_version_string</B><DD><P>Enable hiding of the Squid version</P>
<DT><B>umask</B><DD><P>New directive to specify the minimum umask Squid should run under</P>
<DT><B>error_map</B><DD><P>New directive to allow dynamic rewrites of error pages</P>
<DT><B>via</B><DD><P>New directive to disable the use of the Via directive</P>
<DT><B>wccp2_*</B><DD><P>WCCP2 protocol support</P>
<DT><B>minimum_expiry_time</B><DD><P>tune the magic 60 seconds limit of what is considered cachable when the object doesn't have any cache validators. (2.6.STABLE2)</P>
<DT><B>wccp2_rebuild_wait</B><DD><P>make Squid delay registering with a WCCP router until store rebuild have finished. Default on. (2.6.STABLE2)</P>
<DT><B>wccp2_weight</B><DD><P>Cache server load weigth in the cluster. (2.6.STABLE4)</P>

</DL>
</P>

<H2><A NAME="s3">3.</A> <A HREF="#toc3">Known issues</A></H2>

<P>There is a few known issues in this version of Squid which we hope to correct in a later release</P>
<P>
<UL>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=761">#761</a>: Unstable under load when using diskd</LI>
</UL>
</P>

<H2><A NAME="s4">4.</A> <A HREF="#toc4">Known limitations</A></H2>

<P>In addition there is a set of limitations in this version of Squid which we hope to correct later</P>
<P>
<UL>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1420">#1420</a>: 302 responses with an Expires header is always cached</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1584">#1584</a>: WCCPv2 unable to register with more than one router on Linux</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1059">#1059</a>: mime.conf and referenced icons must be within chroot</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=692">#692</a>: tcp_outgoing_address using an ident ACL does not work</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=581">#581</a>: acl max_user_ip and multiple authentication schemes</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=528">#528</a>: miss_access fails on "slow" acl types such as dst.</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=513">#513</a>: squid -F is starting server sockets to early</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=457">#457</a>: does not handle swap.state corruption properly</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=410">#410</a>: unstable if runs out of disk space</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=355">#355</a>: diskd may appear slow on low loads</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=219">#219</a>: delay_pools stops working on -k reconfigure</LI>
</UL>
</P>

<H2><A NAME="s5">5.</A> <A HREF="#toc5">Other issues</A></H2>

<P>Ipfilter 4.x compile problem on HP Tru64
<UL>
<LI>Running configure --enable-ipf-transparent on an HP Tru64 5.1B system with ipfilter 4.x installed, the following error can occur:
<PRE>
      checking if IP-Filter header files are installed... no
      WARNING: Cannot find necessary IP-Filter header files
               Transparent Proxy support WILL NOT be enabled
</PRE>

To fix the problem first check if the ip_fil.h, ip_compat.h, ip_nat.h and ipl.h files are present in
/usr/include/netinet and copy them from ipfilter source tree if needed.
Don't forget to fix files permission and ownership after the copy.<BR>
If the error still persist, run configure making it skip the ip_compat.h test:<BR>
<PRE>
    env ac_cv_header_netinet_ip_compat_h=yes ./configure --enable-ipf-transparent
</PRE>
</LI>
<LI>On Sun Solaris 10, ipfilter 4.0.22 is provided with the OS, but related include files (ip_fil.h, ip_compat.h, ip_nat.h, ipl.h) are missing.<BR>
Before running configure --enable-ipf-transparent, they must be downloaded from the
<A HREF="http://cvs.opensolaris.org/source/xref/usr/src/common/ipf/">OpenSolaris Web Site</A>
in the /usr/include local directory. Don't forget to fix files permission and ownership after the download.</LI>
</UL>
</P>


<H2><A NAME="s6">6.</A> <A HREF="#toc6">Windows support</A></H2>

<P>This Squid version can run on Windows as a system service using the Cygwin emulation environment, 
or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.<BR>
On Windows 2000 and later the service is configured to use the Windows Service Recovery option
restarting automatically after 60 seconds.
<DL>

<DT><B>Usage</B><DD><P>Some new command line options was added for the Windows service support:<BR></P>
<P>The service installation is made with -i command line switch, it's possible to use -f switch at
the same time for specify a different config-file settings for the Squid Service that will be
stored on the Windows Registry.</P>
<P>A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed.
<EM>"Squid"</EM> is the default when the switch is not used.</P>
<P>So, to install the service, the syntax is: </P>
<P>
<PRE>
squid -i [-f file] [-n name]
</PRE>
</P>
<P>Service uninstallation is made with -r command line switch with the appropriate -n switch.</P>
<P>The -k switch family must be used with the appropriate -f and -n switches, so the syntax is: </P>
<P>
<PRE>
squid -k command [-f file] -n service-name
</PRE>

where <EM>service-name</EM> is the name specified with -n options at service install time.</P>
<P>To use the Squid original command line, the new -O switch must be used ONCE, the syntax is: </P>
<P>
<PRE>
squid -O cmdline [-n service-name]
</PRE>

If multiple service command line options must be specified, use quote. The -n switch is
needed only when a non default service name is in use.</P>
<P>Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are
specific to Windows services functionality and Squid is not designed for understand they.</P>
<P>In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130": </P>
<P>
<PRE>
squid -O "-D -u 3130" -n squidsvc
</PRE>
</P>
</DL>
</P>
<P>
<DL>
<DT><B>PSAPI.DLL (Process Status Helper) Considerations</B><DD><P>The process status helper functions make it easier for you to obtain information about
processes and device drivers running on Microsoft Windows NT/Windows 2000. These
functions are available in PSAPI.DLL, which is distributed in the Microsoft Platform
Software Development Kit (SDK). The same information is generally available through the
performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is
freely redistributable.</P>
<P>PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is
aware of this, and try to use it only on the right platform.</P>
<P>On Windows NT PSAPI.DLL can be found as component of many applications, if you need it,
you can find it on Windows NT Resource KIT. If you have problem, it can be
downloaded from here:
<A HREF="http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE">http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE</A></P>
<P>On Windows 2000 and later it is available installing the Windows Support Tools, located on the
Support\Tools folder of the installation Windows CD-ROM.</P>
</DL>
</P>
<P>
<DL>
<DT><B>Registry DNS lookup</B><DD><P>On Windows platforms, if no value is specified in the <EM>dns_nameservers</EM> option on
squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are
taken from the Windows registry, both static and dynamic DHCP configurations
are supported.</P>
</DL>
</P>
<P>
<DL>
<DT><B>Compatibility Notes</B><DD><P>
<UL>
<LI>It's recommended to use '/' char in Squid paths instead of '\'</LI>
<LI>Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid</LI>
<LI>When using ACL like 'acl aclname acltype "file"' the file must be in DOS text
format (CR+LF) and the full Windows path must be specified, for example:

<PRE>
acl blocklist url_regex -i "c:/squid/etc/blocked1.txt"
</PRE>

</LI>
<LI>The Windows equivalent of '/dev/null' is 'NUL'</LI>
<LI>Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd,
.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:

<PRE>
redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd
</PRE>
</LI>
<LI>When Squid runs in command line mode, the launching user account must have administrative privilege on the system</LI>
<LI>"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used</LI>
<LI>Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported</LI>
</UL>
</P>
</DL>
</P>
<P>
<DL>
<DT><B>Known Limitations:</B><DD><P>
<UL>
<LI>Squid features not operational:<BR>
<UL>
<LI>DISKD: still needs to be ported<BR></LI>
<LI>WCCP: cannot work because user space GRE support on Windows is missing<BR></LI>
<LI>Transparent Proxy: missing Windows non commercial interception driver<BR></LI>
</UL>
</LI>
<LI>Some code sections can make blocking calls.</LI>
<LI>Some external helpers may not work.</LI>
<LI>File Descriptors number hard-limited to 2048 when building with MinGW.</LI>
</UL>
</P>
</DL>
</P>
<P>
<DL>
<DT><B>Building Squid on Windows:</B><DD><P>A reasonably recent release of Cygwin or MinGW is needed. Like other Unix/Linux environments, -devel version of libraries must be installed.<BR>
When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors.<BR>
<UL>
<LI>New configure options:<BR>
<UL>
<LI>--enable-win32-service<BR></LI>
</UL>
</LI>
<LI>Updated configure options:<BR>
<UL>
<LI>--enable-arp-acl<BR></LI>
<LI>--enable-default-hostsfile<BR></LI>
</UL>
</LI>
<LI>Unsupported configure options:<BR>
<UL>
<LI>--enable-coss-aio-ops: On Cygwin Posix AIO is not available<BR></LI>
</UL>
</LI>
</UL>
</P>
</DL>
</P>
<P>
<DL>
<DT><B>Using cache manager on Windows:</B><DD><P>On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.<BR>
Some specific configuration could be needed:<BR>
<UL>
<LI>IIS 6 (Windows 2003):<BR>
<UL>
<LI>On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed:<BR>
<UL>
<LI>Create a cgi-bin Directory</LI>
<LI>Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS
permissions, ASP scripts are not needed. This automatically defines a
cgi-bin IIS web application </LI>
<LI>Copy cachemgr.cgi into cgi-bin directory and look to file permissions:
the IIS system account and SYSTEM must be able to read and execute the file</LI>
<LI>In IIS manager go to Web Service extensions and add a new Web Service
Extension called <EM>"Squid Cachemgr"</EM>, add the cachemgr.cgi file and set the
extension status to <EM>Allowed</EM></LI>
</UL>
</LI>
</UL>
</LI>
<LI>Apache:<BR>
<UL>
<LI>On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed
to pass the TMP and TEMP Windows environment variables to CGI applications:<BR>
<PRE>
ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/"
&lt;Location /squid/cgi-bin/cachemgr.cgi&gt;
    PassEnv TMP TEMP
    Order allow,deny
    Allow from workstation.example.com
&lt;/Location&gt;
</PRE>
</LI>
</UL>
</LI>
</UL>
</P>
</DL>
</P>

<H2><A NAME="s7">7.</A> <A HREF="#toc7">Key changes squid-2.6.STABLE1 to 2.6.STABLE2</A></H2>

<P>
<UL>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1650">#1650</a>: transparent interception "Unable to forward this request at this time"</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1658">#1658</a>: Memory corruption when using client-side SSL certificates</LI>
<LI>Multiple fixes to the experimental COSS cache_dir type</LI>
<LI>Added the missing concurrency parameter to basic/digest auth schemes</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1669">#1669</a>: SEGV in storeAddVaryReadOld</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1670">#1670</a>: assertion failure: i-&gt;prefix_size &gt; 0 in client_side.c:2509</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1671">#1671</a>: transparent interception fails with FreeBSD ipfw or Linux-2.2 ipchains</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1660">#1660</a>: Accept-Encoding related memory corruption</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1673">#1673</a>: cache digests not served to other caches</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1684">#1684</a>: xstrdup: tried to dup a NULL pointer!</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1688">#1688</a>: Assertion failure in HttpHeader.c in some header_access configurations</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1696">#1696</a>, Bug #1700 and more: WCCP2 fixes</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1677">#1677</a>: Duplicate etags in the If-None-Match in cache validations causing lighttpd to fail with error 400</LI>
<LI>Added ARP acl support for OpenBSD and ARP fixes for Windows</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1681">#1681</a>: All ntlmauthenticator processes are busy</LI>
<LI>new minimum_expiry_time squid.conf directive backported from Squid-3</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1703">#1703</a>: Wrong default path to the diskd helper causing hangs at 100% CPU</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1685">#1685</a>: Crashes or other odd results after storeSwapMetaUnpack: errors</LI>
<LI>a number of other minor and cosmetic bugfixes. See the list of 
<A HREF="http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE2.html">squid-2.6.STABLE2 changes</A> and the 
<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
</UL>
</P>


<H2><A NAME="s8">8.</A> <A HREF="#toc8">Key changes squid-2.6.STABLE2 to 2.6.STABLE3</A></H2>

<P>
<UL>
<LI>src/dst acl parsing changed to not attempt to guess a netmask
if none was specified. Instead assume it's an IP address and not
a network even if it ends in 0</LI>
<LI>Several memory leaks plugged</LI>
<LI>Delay pools now work again (broken in 2.6.STABLE1 &amp; 2)</LI>
<LI>New log_format %ue and %us tags for external acl or ssl user id</LI>
<LI>COSS fixes and performance improvements</LI>
<LI>Include acl's is now shown in their original form in cachemgr configuration dumps.</LI>
<LI>ntlm fake_auth finally handles non-ascii user names</LI>
<LI>TCP fallback on truncated DNS responses, making the internal
DNS client complete.</LI>
<LI>Downloads could hang when using the cache_dir max-size option</LI>
<LI>Fixed some assertion failures and segmentation faults</LI>
<LI>Some small optimizations to reduce CPU usage</LI>
<LI>a number of other minor and cosmetic bugfixes. See the list of 
<A HREF="http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE3.html">squid-2.6.STABLE3 changes</A> and the 
<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
</UL>
</P>


<H2><A NAME="s9">9.</A> <A HREF="#toc9">Key changes squid-2.6.STABLE3 to 2.6.STABLE4</A></H2>

<P>
<UL>
<LI>New wccp2_weight directive</LI>
<LI>Numeros COSS fixes and improvements</LI>
<LI>Support for WCCP2 hash based assignment and weighted assignments</LI>
<LI>Windows port update</LI>
<LI>Many small fixes to better detect invalid configurations</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1760">#1760</a>: FTP related memory leak</LI>
<LI>SNMP mib updates for some minor missing details</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1590">#1590</a>: Silence those harmless ETag loop warnings</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1740">#1740</a>: Squid crashes on certain malformed HTTP responses</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1699">#1699</a>: assertion failed: authenticate.c:836: "auth_user_request != NULL"</LI>
<LI>a number of other minor and cosmetic bugfixes. See the list of 
<A HREF="http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE4.html">squid-2.6.STABLE4 changes</A> and the 
<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
</UL>
</P>

<H2><A NAME="s10">10.</A> <A HREF="#toc10">Key changes squid-2.6.STABLE4 to 2.6.STABLE5</A></H2>

<P>
<UL>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1776">#1776</a>: 2.6.STABLE4 aufs fails to compile if coss isn't enabled</LI>
<LI>COSS improvements and cleanups</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1785">#1785</a>: Memory leak in handling of negatively cached objects</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1780">#1780</a>: Incorrect Vary processing in combination with collapsed_forwarding</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1779">#1779</a>: Delay pools fairness when multiple connections compete for bandwidth</LI>
<LI>Bug <a href="http://www.squid-cache.org/bugs/show_bug.cgi?id=1796">#1796</a>: Assertion error HttpHeader.c:914: "str"</LI>
<LI>All comm loops now use the generic event framework</LI>
<LI>a number of other minor and cosmetic bugfixes. See the list of 
<A HREF="http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE5.html">squid-2.6.STABLE4 changes</A> and the 
<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
</UL>
</P>

</BODY>
</HTML>