The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.12 release!

This release is a bug fix release resolving issues found in the prior
Squid releases.

The major changes to be aware of:

* Bug #4374: refresh_pattern config parser (%)

For some time the squid.conf parser has been reporting errors when the
refresh_pattern percentage parameter was configured with values over
100%. Due to the nature of the revalidaton algorithm refresh often works
better with very large percentage values, particularly when dealing with
very young objects.
This release now permits large percentage values to be configured.

* Bug #4228: links with krb5 libs despite --without options

The Kerberos library --without-mit-kb5 and --without-heimdal-krb5
options were not working in previous 3.5 releases and could result in
build errors. This has been corrected.

* Bug #4373: assertion 'redirect_state == REDIRECT_NONE'

Squid could exit with the above assertion if a misconfigured SquidGuard
helper was used. This release will now correctly handle the SquidGuard
response without exiting.

Note that it appears the SquidGuard project is no longer being
maintained. All its capabilities are available directly within Squid.
Users still relying on it should evaluate upgrading their config to no
longer use a rewriter, or to migrate to one of the alternative helpers
which are available and being maintained.

* TLS: Handshake Problem during Renegotiation

Previous Squid did not support server-initiated renegotiation and would
close the TLS connection even if the renegotiation occured during the
handshake process. Squid now supports this TLS feature during TLS
handshake when SSL-Bumping the traffic.

* Revert r13921: Migrate StoreEntry to using MEMPROXY_CLASS

An attempted performance optimization in Squid-3.5.10 r13921 has been
found to uncover hidden bugs in the cache handling. As a result objects
could become MISS or revalidate unnecessarily. Some SNMP reporting
issues could also be resulting. The change has now been removed from 3.5.

* Fix SSL_get_certificate() problem detection

The autoconf checks for this sometimes broken function fail on library
builds which don't include SSLv3; as a result of the autoconf decision
this can end up triggering the assert(0) in Ssl::verifySslCertificate().

* Fix cache_peer forceddomain= in CONNECT

CONNECT messages output by Squid to peers in configurations using
forcedomain= parameter could be sent with the original domain name in
the Host: header. While this should not have had any effect, it is
possible that broken recipients and downstream traffic analysis could be
confused. Squid will now consistently apply forcedomain= on all HTTP

 All users of Squid are encouraged to upgrade to this release as time

 See the ChangeLog for the full list of changes in this and earlier

Please refer to the release notes at
when you are ready to make the switch to Squid-3.5

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

or the mirrors. For a list of mirror sites see

If you encounter any issues with this release please file a bug report.

Amos Jeffries
squid-announce mailing list

Reply via email to