This document contains notes from the Varnish developers about ongoing development and past versions:
- Developers will note here changes which they consider particularly relevant or otherwise noteworthy
- This document is not necessarily up-to-date with the code
- It serves as a basis for release managers and others involved in release documentation
- It is not rendered as part of the official documentation and thus only available in ReStructuredText (rst) format in the source repository and -distribution.
Official information about changes in releases and advise on the
upgrade process can be found in the doc/sphinx/whats-new/
directory, also available in HTML format at
http://varnish-cache.org/docs/trunk/whats-new/index.html and via
individual releases. These documents are updated as part of the
release process.
- Attempts to mark well-known headers like Content-Length and Host hop-by-hop through a Connection-header will now cause a 400 "Bad request" response. (VSV00010)
- Apply the same character set rules to HTTP/2 pseudo-headers as is done on the corresponding HTTP/1 request-line field parsing. (VSV00011)
The
cookie.format_rfc1123()
function was renamed tocookie.format_date()
, and the former was retained as a deprecated alias.The VCC file
$Alias
stanza has been added to support vmod alias functions/methods.VCC now supports alias symbols.
There is a new
experimental
parameter that is identical to thefeature
parameter, except that it guards features that may not be considered complete or stable. An experimental feature may be promoted to a regular feature or dropped without being considered a breaking change.ESI includes now support the
onerror="continue"
attribute of<esi:include/>
tags.The
+esi_include_onerror
feature flag controls if the attribute is honored: If enabled, failure of an include stops ESI processing unless theonerror="continue"
attribute was set for it.The feature flag is off by default, preserving the existing behavior to continue ESI processing despite include failures.
The deprecated sub-argument of the
-l
option was removed, it is now a shorthand for thevsl_space
parameter only.The
-T
,-M
and-P
command line options can be used multiple times, instead of retaining only the last occurrence.The
debug.xid
CLI command has been extended to also set and query the VXID cache chunk size.The
vtc.barrier_sync()
VMOD function now also works invcl_init
The
abort
command in thelogexpect
facility ofvarnishtest
can now be used to trigger anabort()
to help debugging the vsl client library code.The
vtc.vsl()
andvtc.vsl_replay()
functions have been added to the vtc vmod to generate arbitraty log lines for testing.The limit of the
vsl_reclen
parameter has been corrected.Varnish now closes client connections correctly when request body processing failed.
Filter init methods of types
vdp_init_f
andvfp_init_f
gained aVRT_CTX
argument.The
param.set
CLI command accepts a-j
option. In this case the JSON output is the same asparam.show -j
of the updated parameter.A new
cc_warnings
parameter contains a subset of the compiler flags extracted fromcc_command
, which in turn grew new expansions:%d
: the raw defaultcc_command
%D
: the expanded defaultcc_command
%w
: thecc_warnings
parameter%n
: the working directory (-n
option)
For
return(pipe)
, the backend transactions now emit a Start timestamp and both client and backend transactions emit the Process timestamp.http_IsHdr()
is now exposed as part of the strict ABI for VMODs.The
req.transport
VCL variable has been added, which returns "HTTP/1" or "HTTP/2" as appropriate.The
vtc.workspace_reserve()
VMOD function now zeroes memory.Parameter aliases have been added to facilitate parameter deprecation.
Two bugs in the catflap facility have been fixed which could trigger panics due to the state pointer not being cleared. (3752, 3755)
It is now possible to assign to a
BODY
variable either aSTRING
type or aBLOB
.When the
vcl.show
CLI command is invoked without a parameter, it now defaults to the active VCL.The reporting of
logexpect
events invarnishtest
was rearranged for readability.Workspace debugging as enabled by the
+workspace
debug flag is now logged with the corresponding transaction.VMODs should now register and unregister fetch and delivery filters with
VRT_AddFilter()
andVRT_RemoveFilter()
.HSH_purge()
has been rewritten to properly handle concurrent purges on the same object head.VSL_WriteOpen()
,varnishlog
andvarnishncsa
have been changed to support writing to stdout with-w -
when not in daemon mode.In VSL, the case has been optimized that the space remaining in a buffer is close to
vsl_reclen
.std.ip()
has been changed to always return a valid (bogo ip) fallback if the fallback argument is invalid.New VCL variables
{req,req_top,resp,bereq,beresp,obj}.time
have been added to track when the respective object was born.VRT_StaticDirector()
has been added to mark directors with VCL lifetime, to avoid the overhead of reference counting.Dynamic backends are now reference-counted, and VMOD authors must explicitly track assignments with
VRT_Assign_Backend()
.Varnish will use libunwind by default when available at configure time, the
--without-unwind
configure flag can prevent this and fall back to libexecinfo to generate backtraces.A new
debug.shutdown.delay
command is available in the Varnish CLI for testing purposes.New utility macros
vmin[_t]
,vmax[_t]
andvlimit[_t]
available invdef.h
.The macros
TOSTRAND(s)
andTOSTRANDS(x, ...)
have been added to create astruct strands *
(intended to be used as aVCL_STANDS
) from a single strings
orx
strings, respectively.Note that the macros create a compund literal whose scope is the enclosing block. Their value must thus only be used within the same block (it can be passed to called functions) and must not be returned or referenced for use outside the enclosing block.
As before,
VRT_AllocStrandsWS()
orVRT_StrandsWS()
must be used to createVCL_STRANDS
with task scope for use outside the current block.A bug in the backend connection handling code has been fixed which could trigger an unwarranted assertion failure (3664).
std.strftime()
has been added.Lck_CondWait()
has lost the timeout argument and now waits forever.Lck_CondWaitUntil()
andLck_CondWaitTimeout()
have been added to wait on a condition variable until some point in time or until a timeout expires, respectively.All mutex locks in core code have been given the
PTHREAD_MUTEX_ERRORCHECK
attribute.Host
andContent-Length
header checks have been moved to protocol independent code and thus implicitly extended to HTTP2.A potential race on busy objects has been closed.
Use of the
ObjGetSpace()
for synthetic objects has been fixed to support stevedores returning less space than requested (as permitted by the API).The
FINI_OBJ()
macro has been added to standardize the common pattern of zeroing a mini object and clearing a pointer to it.The deprecated
vsm_space
parameter was removed.The
varnishtest
err_shell
commando has been removed after having been deprecated since release 5.1.0.
An assertion failure has been fixed which triggered when matching bans on non-existing headers (3706).
A VCL compilation issue has been fixed when calling builtin functions directly (3719).
It is now again possible to concatenate static strings to produce combined strings of type VCL_REGEX (3721).
An issue has been fixed that would cause the VCL dependency checker to incorrectly flag VCLs as dependants of other VCLs when using labels, preventing them from being discarded (3734).
VCLs loaded through CLI or the use of startup CLI scripts (-I option to varnishd) will, when no active VCL has previously been set, no longer automatically set the first VCL loaded to the active VCL. This prevents situations where it was possible to make a cold VCL the active VCL (3737).
There is now a configure build-time requirement on working SO_RCVTIMEO and SO_SNDTIMEO socket options.
We no longer check whether they effectively work, so the
SO_RCVTIMEO_WORKS
feature check has been removed fromvarnishtest
.The socket option inheritance checks now correctly identifies situations where UDS and TCP listening sockets behave differently, and are no longer subject to the order the inheritance checks happens to be executed (3732).
IPv6 listen endpoint address strings are now printed using brackets.
- Added convenience
vrt_null_strands
andvrt_null_blob
constants. - New VCL flag syntax
foo <name> +bar -baz { ... }
, starting with ACL flagslog
,pedantic
andtable
. - ACLs no longer produce VSL
VCL_acl
records by default, this must be explicitly enabled withacl <name> +log { ... }
. - ACLs can be compiled into a table format, which runs a little bit slower, but compiles much faster for large ACLs.
- ACLs default to
pedantic
which is now a per-ACL feature flag. - New
glob
flag for VCLinclude
(3193). - The maximum number of headers for a request or a response in
varnishtest
was increased to 64. - The backend lock class from struct backend was moved to struct director and renamed accordingly.
- New
%{sec,msec,usec,msec_frac,usec_frac}t
formats invarnishncsa
. vstrerror()
was renamed toVAS_errtxt()
.- New
varnishncsa -j
option to format for JSON (3595). - To skip a test in the presence of a feature instead of it absence, a new
feature !<name>
syntax was added tovarnishtest
. - Accept-Ranges headers are no longer generated for passed objects,
but must either come from the backend or be created in
vcl_deliver{}
(3251). - The busyobj
do_pass
flag is gone in favor ofuncacheable
. - The objcore flag ABANDON was renamed to CANCEL.
- 'Scientific Notation' numbers like 6.62607004e-34 are no longer supported in VCL. (The preparation of RFC8941 made it clear that there are neither reason nor any need to support scientific notation in context of HTTP headers.
- New
tunnel
command invarnishtest
to gain the ability to shape traffic between two peers without having to change their implementation. - Global VCL symbols can be defined after use (3555).
- New
req.hash_ignore_vary
flag in VCL. varnishtest
can register macros backed by functions, which is the case for${date}
and the brand new${string,<action>[,<args>...]}
macro (3627).- Migration to pcre2 with extensive changes to the VRE API, parameters renamed
to
pcre2_match_limit
andpcre2_depth_limit
, and the addition of a newpcre2_jit_compilation
parameter. Thevarnishtest
undocumented feature checkpcre_jit
is gone (3635). This change is transparent at the VRT layer and only affects direct VRE consumers. - New inverted mode in
vtc-bisect.sh
to find the opposite of regressions. - The default values for
workspace_client
,workspace_backend
andvsl_buffer
on 64bit systems were increased to respectively 96kB, 96kB and 16kB (3648). - The deprecated
WS_Inside()
was replaced withWS_Allocated()
andWS_Front()
was removed. - VCL header names can be quoted, for example
req.http."valid.name"
. - Added
VRT_UnsetHdr()
and removedvrt_magic_string_unset
. - Removed depcreated
STRING_LIST
in favor ofSTRANDS
. All functions that previously took aSTRING_LIST
hadconst char *, ...
arguments, they now takeconst char *, VCL_STRANDS
arguments. The magic cookievrt_magic_string_end
is gone andVRT_CollectStrands()
was renamed toVRT_STRANDS_string()
. - The default value for
thread_pool_stack
was increased to 80kB for 64bit systems and 64kB for 32bit to accomodate the PCRE2 jit compiler. - Removed deprecated
VSB_new()
andVSB_delete()
, which resulted in a major soname bump of libvarnishapi to 3.0.0, instead of the 2.7.0 version initially planned. - The default workdir (the default
-n
argument) is now/var/run
instead of${prefix}/var
(3672). Packages usually configure this to match local customs. - The minimum
session_workspace
is now 384 bytes - Emit minimal 500 response if
vcl_synth
fails (3441). - New
--enable-coverage
configure flag, and renovated sanitizer setup. - New feature checks in
varnishtest
:sanitizer
,asan
,lsan
,msan
,ubsan
andcoverage
. - New
--enable-workspace-emulator
configure flag to swap the worksapce implementation with a sparse one ideal for fuzzing (3644). - Strict comparison of items from the HTTP grammar (3650).
- New request body h2 window handling using a buffer to avoid stalling an
entire h2 session until the relevant stream starts consuming DATA frames.
As a result the minimum value for
h2_initial_window_size
is now 65535B to avoid running out of buffer with a negative window that was simpler to not tolerate, and a newh2_rxbuf_storage
parameter was added (3661). SLT_Hit
now includes streaming progress when relevant.- The
http_range_support
adds consistency checks for pass transactions (3673). - New
VNUM_uint()
andVNUM_hex()
functions geared at token parsing.
Body bytes accounting has been fixed to always represent the number of bodybytes moved on the wire, exclusive of protocol-specific overhead like HTTP/1 chunked encoding or HTTP/2 framing.
This change affects counters like
MAIN.s_req_bodybytes
,MAIN.s_resp_bodybytes
,VBE.*.*.bereq_bodybytes
andVBE.*.*.beresp_bodybytes
as well as the VSL records
ReqAcct
,PipeAcct
andBereqAcct
.
VdpAcct
log records have been added to output delivery filter (VDP) accounting details analogous to the existingVfpAcct
. Both tags are masked by default.Many filter (VDP/VFP) related signatures have been changed:
vdp_init_f
vdp_fini_f
vdp_bytes_f
VDP_bytes()
as well as
struct vdp_entry
andstruct vdp_ctx
VFP_Push()
andVDP_Push()
are no longer intended for VMOD use and have been removed from the API.The VDP code is now more strict about
VDP_END
, which must be sent down the filter chain at most once.Core code has been changed to ensure for most cases that
VDP_END
gets signaled with the object's last bytes, rather than with an extra zero-data call.Reason phrases for more HTTP Status codes have been added to core code.
Connection pooling behavior has been improved with respect to
Connection: close
(3400, 3405).Handling of the
Keep-Alive
HTTP header as hop-by-hop has been fixed (3417).Handling of hop-by-hop headers has been fixed for HTTP/2 (3416).
The stevedore API has been changed:
OBJ_ITER_FINAL
has been renamed toOBJ_ITER_END
ObjExtend()
signature has been changed to also cover theObjTrimStore()
use case andObjTrimStore()
has been removed.
The
verrno.h
header file has been removed and merged intovas.h
The connection close reason has been fixed to properly report
SC_RESP_CLOSE
/resp_close
where previously onlySC_REQ_CLOSE
/req_close
was reported.Unless the new
validate_headers
feature is disabled, all newly set headers are now validated to contain only characters allowed by RFC7230. A (runtime) VCL failure is triggered if not (3407).VRT_ValidHdr()
has been added for vmods to conduct the same check as thevalidate_headers
feature, for example when headers are set by vmods using thecache_http.c
Functions likehttp_ForceHeader()
from untrusted input.The shard director now supports reconfiguration (adding/removing backends) of several instances without any special ordering requirement.
Calling the shard director
.reconfigure()
method is now optional. If not called explicitly, any shard director backend changes are applied at the end of the current task.Shard director
Error
log messages with(notice)
have been turned intoNotice
log messages.All shard
Error
andNotice
messages now use the unified prefixvmod_directors: shard %s
.In the shard director, use of parameter sets with
resolve=NOW
has been fixed.Performance of log-processing tools like
varnishlog
has been improved by usingmmap()
if possible when reading from log files.An assertion failure has been fixed which could be triggered when a request body was used with restarts (3433, 3434).
A signal handling bug in the Varnish Utility API (VUT) has been fixed which caused log-processing utilities to perform poorly after a signal had been received (3436).
The
client.identity
variable is now accessible on the backend side.Client and backend finite state machine internals (
enum req_step
andenum fetch_step
) have been removed fromcache.h
.Three new
Timestamp
VSL records have been added to backend request processing:- The
Process
timestamp afterreturn(deliver)
orreturn(pass(x))
fromvcl_backend_response
, - the
Fetch
timestamp before a backend connection is requested and - the
Connected
timestamp when a connection to a regular backend (VBE) is established, or when a recycled connection was selected for reuse.
- The
The VRT backend interface has been changed:
struct vrt_endpoint
has been added describing a UDS or TCP endpoint for a backend to connect to.Endpoints also support a preamble to be sent with every new connection.
This structure needs to be passed via the
endpoint
member ofstruct vrt_backend
when creating backends withVRT_new_backend()
orVRT_new_backend_clustered()
.
VRT_Endpoint_Clone()
has been added to facilitate working with endpoints.The variables
bereq.is_hitpass
andbereq.is_hitmiss
have been added to the backend side matchingreq.is_hitpass
andreq.is_hitmiss
on the client side.The
set_ip_tos()
function from the bundledstd
vmod now sets the IPv6 Taffic Class (TCLASS) when used on an IPv6 connection.A bug has been fixed which could lead to varnish failing to start after updates due to outdated content of the
vmod_cache
directory (3243).An issue has been addressed where using VCL with a high number of literal strings could lead to prolonged c-compiler runtimes since Varnish-Cache 6.3 (3392).
The
MAIN.esi_req
counter has been added as a statistic of the number of ESI sub requests created.The
vcl.discard
CLI command can now be used to discard more than one VCL with a single command, which succeeds only if all given VCLs could be discarded (atomic behavior).The
vcl.discard
CLI command now supports glob patterns for vcl names.The
vcl.deps
CLI command has been added to output dependencies between VCLs (because of labels andreturn(vcl)
statements).The
FetchError
log messageTimed out reusing backend connection
has been renamed tofirst byte timeout (reused connection)
to clarify that it is emit for effectively the same reason asfirst byte timeout
.Long strings in VCL can now also be denoted using
""" ... """
in addition to the existing{" ... "}
.The
pdiff()
function declaration has been moved fromcache.h
tovas.h
.The interface for private pointers in VMODs has been changed:
- The
free
pointer instruct vmod_priv
has been replaced with a pointer tostruct vmod_priv_methods
, to where the pointer to the former free callback has been moved as thefini
member. - The former free callback type has been renamed from
vmod_priv_free_f
tovmod_priv_fini_f
and as gained aVRT_CTX
argument
- The
The
MAIN.s_bgfetch
counter has been added as a statistic on the number of background fetches issues.Various improvements have been made to the
varnishtest
facility:- the
loop
keyword now works everywhere - HTTP/2 logging has been improved
- Default HTTP/2 parameters have been tweaked (3442)
- Varnish listen address information is now available by default in
the macros
${vNAME_addr}
,${vNAME_port}
and${vNAME_sock}
. Macros by the names${vNAME_SOCKET_*}
contain the address information for each listen socket as created with the-a
argument tovarnishd
. - Synchronization points for counters (VSCs) have been added as
varnish vNAME -expect PATTERN OP PATTERN
- varnishtest now also works with IPv6 setups
feature ipv4
andfeature ipv6
can be used to control execution of test cases which require one or the other protocol.- haproxy arguments can now be externally provided through the
HAPROXY_ARGS
variable. - logexpect now supports alternatives with the
expect ? ...
syntax and negative matches with thefail add ...
andfail clear
syntax. - The overall logexpect match expectation can now be inverted using
the
-err
argument. - Numeric comparisons for HTTP headers have been added:
-lt
,-le
,-eq
,-ne
,-ge
,-gt
rxdata -some
has been fixed.
- the
The
ban_cutoff
parameter now refers to the overall length of the ban list, including completed bans, where before only non-completed ("active") bans were counted towardsban_cutoff
.A race in the round-robin director has been fixed which could lead to backend requests failing when backends in the director were sick (3473).
A race in the probe management has been fixed which could lead to a panic when VCLs changed temperature in general and when
vcl.discard
was used in particular (3362).A bug has been fixed which lead to counters (VSCs) of backends from cold VCLs being presented (3358).
A bug in
varnishncsa
has been fixed which could lead to it crashing when header fields were referenced which did not exist in the processed logs (3485).For failing PROXY connections,
SessClose
now provides more detailed information on the cause of the failure.The
std.ban()
andstd.ban_error()
functions have been added to thestd
vmod, allowing VCL to check for ban errors.Use of the
ban()
built-in VCL command is now deprecated.The source tree has been reorganized with all vmods now moved to a single
vmod
directory.vmodtool.py
has been improved to simplify Makefiles when many VMODs are built in a single directory.The
VSA_getsockname()
andVSA_getpeername()
functions have been added to get address information of file descriptors.varnishd
now supports the-b none
argument to start with only the builtin VCL and no backend at all (3067).Some corner cases of IPv6 support in
varnishd
have been fixed.vcl_pipe {}
:return(synth)
and vmod private state support have been fixed. Trying to usestd.rollback()
fromvcl_pipe
now results in VCL failure (3329, 3330, 3385).The
bereq.xid
variable is now also available invcl_pipe {}
The
VRT_priv_task_get()
andVRT_priv_top_get()
functions have been added to VRT to allow vmods to retrieve existingPRIV_TASK
/PRIV_TOP
private pointers without creating any.varnishstat
now avoids display errors of gauges which previously could underflow to negative values, being displayed as extremely high positive values.The
-r
option and ther
key binding have been added to return to the previous behavior. When raw mode is active invarnishstat
interactive (curses) mode, the wordRAW
is displayed at the right hand side in the lower status line.The
VSC_IsRaw()
function has been added tolibvarnishapi
to query if a gauge is being returned raw or adjusted.The
busy_stats_rate
feature flag has been added to ensure statistics updates (as configured using thethread_stats_rate
parameter) even in scenarios where worker threads never run out of tasks and may remain forever busy.ExpKill
log (VSL) records are now masked by default. See thevsl_mask
parameter.A bug has been fixed which could lead to panics when ESI was used with ESI-aware VMODs were used because
PRIV_TOP
vmod private state was created on a wrong workspace (3496).The
VCL_REGEX
data type is now supported for VMODs, allowing them to use regular expression literals checked and compiled by the VCL compiler infrastructure.Consequently, the
VRT_re_init()
andVRT_re_fini()
functions have been removed, because they are not required and their use was probably wrong anyway.The
filter_re
,keep_re
andget_re
functions from the bundledcookie
vmod have been changed to take theVCL_REGEX
type. This implies that their regular expression arguments now need to be literal, whereas before they could be taken from some other variable or function returningVCL_STRING
.Note that these functions never actually handled _dynamic_ regexen, the string passed with the first call was compiled to a regex, which was then used for the lifetime of the respective VCL.
The
%{X}T
format has been added tovarnishncsa
, which generalizes%D
and%T
, but also support milliseconds (ms
) output.Error handling has been fixed when vmod functions/methods with
PRIV_TASK
arguments were wrongly called from the backend side (3498).The
varnishncsa
-E
argument to show ESI requests has been changed to imply-c
(client mode).Error handling and performance of the VSL (shared log) client code in
libvarnishapi
have been improved (3501).varnishlog
now supports the-u
option to write to a file specified with-w
unbuffered.Comparisons of numbers in VSL queries have been improved to match better the behavior which is likely expected by users who have not read the documentation in all detail (3463).
A bug in the ESI code has been fixed which could trigger a panic when no storage space was available (3502).
The
resp.proto
variable is now read-only as it should have been for long.VTCP_open()
has been fixed to try all possible addresses from the resolver before giving up (3509). This bug could cause confusing error messages (3510).VRT_synth_blob()
andVRT_synth_strands()
have been added. The latter should now be used instead ofVRT_synth_page()
.The
VCL_SUB
data type is now supported for VMODs to save references to subroutines to be called later usingVRT_call()
. Calls from a wrong context (e.g. calling a subroutine accessingreq
from the backend side) and recursive calls fail the VCL.See VMOD - Varnish Modules in the Reference Manual.
VMOD functions can also return theVCL_SUB
data type for calls from VCL as incall vmod.returning_sub();
.
VRT_check_call()
can be used to check if aVRT_call()
would succeed in order to avoid the potential VCL failure in case it would not.It returns
NULL
ifVRT_call()
would make the call or an error string why not.VRT_handled()
has been added, which is now to be used instead of access to thehandling
member ofVRT_CTX
.The session close reason logging/statistics for HTTP/2 connections have been improved (3393)
varnishadm
now has the-p
option to disable readline support for use in scripts and as a generic CLI connector.A log (VSL)
Notice
record is now emitted whenever more thanvary_notice
variants are encountered in the cache for a specific hash. The newvary_notice
parameter defaults to 10.The modulus operator
%
has been added to VCL.return(retry)
fromvcl_backend_error {}
now correctly resetsberesp.status
andberesp.reason
(3525).Handling of the
gunzip
filter with ESI has been fixed (3529).A bug where the
threads_limited
counter could be increased without reason has been fixed (3531).All varnish tools using the VUT library utilities for argument processing now support the
--optstring
argument to return a string suitable for use withgetopts
from shell scripts.An issue with high CPU consumption when the maximum number of threads was reached has been fixed (2942, 3531)
HTTP/2 streams are now reset for filter chain (VDP) errors.
The task priority of incoming connections has been fixed.
An issue has been addressed where the watchdog facility could misfire when tasks are queued.
The builtin VCL has been reworked: VCL code has been split into small subroutines, which custom VCL can prepend custom code to.
This allows for better integration of custom VCL and the built-in VCL and better reuse.
- Bump the VRT_MAJOR_VERSION from 11 to 12, to reflect the API changes that went into the 6.5.0 release. This step was forgotten for that release.
[ABI] marks potentially breaking changes to binary compatibility.
[API] marks potentially breaking changes to source compatibility (implies [ABI]).
varnishstat
now has a help screen, available via theh
key in curses modeThe initial
varnishstat
verbosity has been changed to ensure any fields specified by the-f
argument are visible (2990)Fixed handling of out-of-workspace conditions after
vcl_backend_response
andvcl_deliver
during filter initialization (3253, 3241)PRIV_TOP
is now thread-safe to support parallel ESI implementationsvarnishstat
JSON format (-j
option) has been changed:on the top level, a
version
identifier has been introduced, which will be used to mark future breaking changes to the JSON formatting. It will not be used to mark changes to the counters themselves.The new
version
is1
.All counters have been moved down one level to the
counters
object.
VSA_BuildFAP()
has been added as a convenience function to build astruct suckaddr
Depending on the setting of the new
vcc_acl_pedantic
parameter, VCC now either emits a warning or fails if network numbers used in ACLs do not have an all-zero host part.For
vcc_acl_pedantic
off, the host part is fixed to all-zero and that fact logged with theACL
VSL tag.Fixed error handling during object creation after
vcl_backend_response
(3273)obj.can_esi
has been added to identify if the response can be ESI processed (3002)resp.filters
now contains a correct value when the auto-determined filter list is read (3002)It is now a VCL (runtime) error to write to
resp.do_*
andberesp.do_*
fields which determine the filter list after settingresp.filters
andberesp.filters
, respectivelyBehavior for 304 responses was changed not to update the
Content-Encoding
response header of the stored object.[ABI]
struct vfp_entry
andstruct vdp_ctx
changed[API] VSB_QUOTE_GLOB, which was prematurely added to 6.4, has been removed again.
[API] Add
VDP_END
action for delivery processors, which has to be sent with or after the last buffer.Respect the administrative health for "real" (VBE) backends (3299)
Fixed handling of illegal (internal) four-digit response codes and with HTTP/2 (3301)
Fixed backend connection pooling of closed connections (3266)
Added the
.resolve
method for theBACKEND
type to resolve (determine the "real" backend) a director.Improved
vmodtool
support for out-of-tree buildsAdded
VJ_unlink()
andVJ_rmdir()
jail functionsFixed workdir cleanup (3307)
Added
JAIL_MASTER_SYSTEM
jail levelThe Varnish Jail (least privileges) code for Solaris has been largely rewritten. It now reduces privileges even further and thus should improve the security of Varnish on Solaris even more.
The Varnish Jail for Solaris now accepts an optional
worker=
argument which allows to extend the effective privilege set of the worker process.The shard director and shard director parameter objects should now work in
vcl_pipe {}
like invcl_backend_* {}
subs.For a failure in
vcl_recv {}
, the VCL state engine now returns right after return from that subroutine. (3303)The shard director now supports weights by scaling the number of replicas of each backend on the consistent hashing ring
Fixed a race in the cache expiry code which could lead to a panic (2999)
Added
VRE_quote()
to facilitate building literal string matches with regular expressions.The
BackendReuse
VSL (log) tag has been retired and replaced withBackendClose
, which has been changed to contain eitherclose
orrecycle
to signify whether the connection was closed or returned to a pool for later reuse.BackendOpen
VSL entries have been changed to containreuse
orconnect
in the last column to signify whether the connection was reused from a pool or newly opened.std.rollback()
of backend requests withreturn(retry)
has been fixed (3353)FetchError
logs now differentiate betweenNo backend
and "none resolved" asDirector %s returned no backend
Added
VRT_DirectorResolve()
to resolve a directorImproved VCC handling of symbols and, in particular, type methods
Fixed use of the shard director from
vcl_pipe {}
(3361)Handle recursive use of vcl
include
(3360)VCL: Added native support for BLOBs in structured fields notation (
:<base64>:
)Fixed handling of the
Connection:
header when multiple instances of the named headers existed.Added support for naming
PRIV_
arguments to vmod methods/functionsThe varnish binary heap implementation has been renamed to use the
VBH_
prefix, complemented with a destructor and added to header files for use with vmods (via include ofvbh.h
).A bug in
vmod_blob
for base64 decoding with alength
argument and non-padding decoding has been fixed (3378)Added
VRT_BLOB_string()
tovrt.h
VSB support for dynamic vs. static allocations has been changed:
For dynamic allocations use:
VSB_new_auto() + VSB_destroy()
For preexisting buffers use:
VSB_init() + VSB_fini()
VSB_new()
+VSB_delete()
are now deprecated.std.blobread()
has been addedNew
MAIN.beresp_uncacheable
andMAIN.beresp_shortlived
counters have been added.The
I
,X
andR
arguments have been added to the VSC API andvarnishstat
for inclusion, exclusion and required glob patterns on the statistic field names. (3394)- Added the missing
VSC_OPT_f
macro and the newVSC_OPT_I
andVSC_OPT_X
to libvarnishapi headers. - Added
-I
and-X
options tovarnishstat
.
- Added the missing
Overhaul of the workspace API
- The previously deprecated
WS_Reserve()
has been removed - The signature of
WS_Printf()
has been changed to returnconst char *
instead ofvoid *
(we do not consider this a breaking change). - Add
WS_ReservationSize()
WS_Front()
is now deprecated and replaced byWS_Reservation()
- The previously deprecated
Handle a workspace overflow in
VRY_Validate()
(3319)Fixed the backend probe
.timeout
handling for "dripping" responses (3402)New
VARNISH_VMODS_GENERATED()
macro invarnish.m4
.Prevent pooling of a
Connection: close
backend response.When this header is present, be it sent by the backend or added in
vcl_backend_response {}
, varnish closes the connection after the current request. (3400)