The Squid Team are pleased to announce the release of Squid-@PACKAGE_VERSION@ for testing.
This new release is available for download from http://www.squid-cache.org/Versions/v7/ or the mirrors.
While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
We welcome feedback and bug reports. If you find a bug, please see https://wiki.squid-cache.org/SquidFaq/BugReporting for how to submit a report with a stack trace.
Although this release is deemed good enough for use in many setups, please note the existence of open bugs against Squid-7.
The Squid-7 change history can be viewed here.
Squid-7 represents a new feature release above Squid-6.
The most important of these new features are:
Most user-facing changes are reflected in squid.conf (see further below).
For more information about the Cache Manager feature, see wiki.
In order to reduce workload on the Squid development team we have chosen to stop providing several tools related to Cache Manager which have previously been bundled with Squid.
Popular command-line tools such as curl or wget provide equivalent features.
Access to the Cache Manager API is available by sending HTTP(S) requests directly to Squid with the URL-path prefix /squid-internal-mgr/. A plethora of tools, such as curl, wget, or any web browser, can be used instead of cachemgr.cgi.
This custom scheme does not conform to RFC 3986 URI sytax. It has been replaced with Cache Manager access through HTTP and HTTPS URLs.
Squid still ignores unexpected ICP responses but no longer remembers the details that comprised the removed report. The senders of these ICP messages are still reported to cache.log at debugging level 1 (with an exponential backoff).
The purge tool (also known as squidpurge, and squid-purge) was limited to managing UFS/AUFS/DiskD caches and had problems parsing non-trivial squid.conf files.
The cache contents display and search it provided can be obtained with a script searching the cache manager objects report.
This tool used the custom PURGE HTTP method to remove cache objects. This can be performed directly on any Squid configured to allow the method. Like so:
acl PURGE method PURGE
http_access allow localhost PURGE
Any HTTP client (such as curl) can then be used to evict objects from the cache, for example:
curl -XPURGE --proxy http://127.0.0.1:3128 http://url.to/evict/
Alternatively the HTCP CLR mechanism can be used.
Old Squid used full language name to refer to error page translations. These have been deprecated since addition of ISO-639 language codes and support for HTTP Accept-Language negotiation in Squid-3.x.
As of this release Squid will no longer provide the symlinks needed for seamless upgrade for squid.conf containing settings such as
error_directory English
All Squid installations are expected to already have them,
or to convert to the ISO-639 equivalents. Existing symlinks are not
affected.
See http://www.squid-cache.org/Versions/langpack/ for the latest list of official Squid translations.
See https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes for the full ISO-639 list. HTTP uses the 2-letter (set 1) codes.
Ident protocol (RFC 931 obsoleted by RFC 1413) has been considered seriously insecure and broken since at least 2009 when SANS issued an update recommending its removal from all networks. Squid Ident implementation had its own set of problems (that could not be addressed without significant code refactoring).
Configurations using ident/ident_regex ACLs, %ui logformat codes, %IDENT external_acl_type format code, or ident_lookup_access/ident_timeout directives are now rejected, leading to fatal startup failures.
To avoid inconveniencing admins that do not use Ident features, access logs with "common" and "combined" logformats now always receive a dash in the position of what used to be a %ui record field.
If necessary, an external ACL helper can be written to perform Ident transactions and deliver the user identity to Squid through the **user=** annotation.
This section gives an account of those changes in three categories:
No new directives in this version.
Changed src to detect and handle overlapping IP and IP-range values. Merging where necessary.
Changed dst to detect and handle overlapping IP and IP-range values. Merging where necessary.
Changed localip to detect and handle overlapping IP and IP-range values. Merging where necessary.
Changed ssl::server_name to detect and handle overlapping sub-domain and wildcard domains. Merging or ignoring where necessary.
Changed srcdomain to detect and handle overlapping sub-domain and wildcard domains. Merging or ignoring where necessary.
Changed dstdomain to detect and handle overlapping sub-domain and wildcard domains. Merging or ignoring where necessary.
Changed http_status to detect and handle overlapping status and status-range values. Merging where necessary.
Removed ident with Ident protocol support.
Removed ident_regex with Ident protocol support.
Honor the off setting in 'udp' access_log module.
Removed the non_peers action. See the Cache Manager section for details.
Honor positive dns_packet_max values when sending DNS A queries and PTR queries containing IPv4 addresses. Prior to this change, Squid did not add EDNS extension (RFC 6891) to those DNS queries because 2010 tests revealed compatibility problems with some DNS resolvers. We hope that those problems are now sufficiently rare to enable this useful optimization for all DNS queries, as originally intended. Squid still sends EDNS extension with DNS AAAA queries and PTR queries containing IPv6 addresses (when dns_packet_max is set to a positive value). Rare deployments that must use buggy DNS resolvers should not set dns_packet_max.
Built-in common and combined logformats now always receive a dash character ("-") in the position of what used to be a %ui record field.
Removed %ui format code with Ident protocol support.
Removed %IDENT format code with Ident protocol support.
Instead of ignoring quick_abort_pct settings that would, together with other conditions, abort a pending download of a 99-byte or smaller response, Squid now honors quick_abort_pct for all response sizes. Most Squids are not going to be affected by this change because default quick_abort_min settings (16KB) prevent aborts of 99-byte responses even before quick_abort_pct is checked.
Due to conversion from integer to floating point math, this change may affect responses larger than 99 bytes as well, but these effects ought to be limited to cases where the decision is based on a tiny difference (e.g., receiving 1% more bytes would have triggered full download). In most such cases, the decision could probably go either way due to response header size fluctuations anyway.
Edge Side Includes (ESI) protocol is no longer supported natively.
The corresponding code has not built for many years, indicating that the feature is unused.
The corresponding code has not built for many years, indicating that the feature is unused.
The corresponding code has not built for many years, indicating that the feature is unused.
The corresponding code has not built for many years, indicating that the feature is unused.
Ident protocol is no longer supported natively.
Ident protocol is no longer supported natively.
This section gives an account of those changes in three categories:
Renamed from --without-gnugss.
Disable auto-detection of Windows PSAPI library.
Disable auto-detection of Cyrus SASL (or compatible) library.
Control the listening sockets responsiveness with poll(2) and select(2). The higher the INCOMING_FACTOR, the slower the algorithm will respond to load spikes/increases/decreases in demand. A value between 3 and 8 is recommended. Default is 5.
No build options have changed behaviour in this version.
The cachemgr.cgi tool this option relates to has been removed.
Edge Side Includes (ESI) protocol is no longer supported natively.
The ESI feature using libexpat has been removed.
Renamed to --without-gss.
The ESI feature using libxml2 has been removed.
The code enabled by this preprocessor macro has not built for many years, indicating that the feature is unused.
The code enabled by this preprocessor macro has not built for many years, indicating that the feature is unused.
The option was dropped during Ident protocol support removal.
The -l option that enables ext_time_quota_acl to log debug messages to a custom logfile has been removed, and their format has been changed to be in line with Squid's cache.log format.
Copyright (C) 1996-2023 The Squid Software Foundation and contributors
Squid software is distributed under GPLv2+ license and includes contributions from numerous individuals and organizations. Please see the COPYING and CONTRIBUTORS files for details.