After three years of development is presented Stable Release Proxy Servers Squid 5.1 , ready for use in working systems (releases 5.0.x had the status of beta versions). After giving a branch 5.x Stable status, it will include only corrections for vulnerabilities and stability problems, it is also allowed to introduce small optimizations. Development of new features will be made in the new experimental branch 6.0. Users of the past stable branch 4.x It is recommended to plan the transition to the branch 5.x.
Basic innovations Squid 5:
- in the implementation of the ICAP protocol (Internet Content Adaptation Protocol) used to integrate with external content verification systems,
Added support for the Data connectivity (Trailer), allowing you to attach additional headlines with metadata, placed After the body of the message (for example, you can transfer the checksum and details about the identified problems). - When recording requests, the “Happy Eyeballs” algorithm is involved, which immediately uses the received IP address, without waiting for the resolution of all potentially available target addresses IPv4 and IPv6. Instead of taking into account the “DNS_V4_FIRST” setting, to determine the order of using the IPv4 or IPv6 address family, now takes into account the response procedure in DNS: if, when you wait for the IP address resolution, the response of the DNS AAAA is received, the IPv6 address will be used. Thus, the configuration of the preferred address family is now performed at the firewall level, DNS or launch with the option “–Disable-IPv6”. The proposed change allows you to speed up the installation time of TCP connections and reduce influence on the performance of delays in a resolving in DNS.
- For use in the “EXTERNAL_ACL” directive, the “EXT_KERBEROS_SID_GROUP_ACL” handler has been added to authenticate the audit in Active Directory using Kerberos. To query the group name, use the LDAPSearch utility provided by the OpenLDAP package.
- Supports BDKELY DB database format declared outdated due to licensed problems. Berkeley DB 5.x twig is not accompanied by several years and remains with defective vulnerabilities, and go to newer issues does not allow a change in the AGPLv3 license, the requirements of which are applied to applications using BerkeleyDB in the library form – Squid is supplied under the GPLV2 license, and AgPL is incompatible with GPLV2. Instead of Berkeley DB, the project is transferred to the use of DBMS trivialdb , which, unlike Berkeley DB, is optimized for simultaneous parallel access to the database. Berkeley DB support is still saved, but in the “EXT_SESSION_ACL” and “EXT_TIME_QUOTA_ACL” processors now it is recommended to use the “libtdb” storage type instead of “libdb”.
/Media reports.