Varnish Changelog

New in version 3.0.5

December 4th, 2013
  • A bad interaction between -b, -c and -m in the varnishlog tool has been fixed.
  • A malformed request could in some configurations lead to Varnish crashing has been corrected. This is CVE-2013-4484.
  • Duplicate Content-Length headers were in some cases sent to clients when streaming is enabled, this has been fixed
  • ESI parse errors are no longer printed to standard output.
  • Stop segfaulting if the first part of a synthetic page is NULL.

New in version 3.0.4 (December 2nd, 2013)

  • The ACL code had a bug which could lead to false negatives. This has been assigned CVE-2013-4090.
  • Varnish will now return an error if the client sends multiple Host headers.
  • If the backend sent invalid gzip while using ESI, Varnish would in some cases assert. It now works correctly.
  • TCP_NODELAY is now enabled, which should lead to performance improvements in some cases.

New in version 3.0.3 (September 27th, 2012)

  • Multiple crasher bugs in streaming and the regular expression code have been fixed.
  • Better handling of timeouts.
  • Minor performance optimizations.
  • The ban lurker now works correctly again.
  • ESI and compression would sometimes deliver garbled data; this has been fixed.

New in version 2.0.4 (April 3rd, 2009)

  • Serve graced objects if the backend is unhealthy.
  • Portability fixes for Solaris, MacOS X/Darwin and NetBSD
  • Documentation updates
  • Added server.hostname and server.identity to VCL.
  • Fixed a problem where we would sleep for far too long when we would run out of file descriptors.
  • Add support for processing binary objects with ESI.

New in version 2.0.3 (February 12th, 2009)

  • Support for backend timeouts
  • Multiple fixes in how we process ESI
  • `restart` in vcl_hit is now supported
  • Documentation has been updated
  • Expiry processing is now more scalable
  • The default session workspace is now 16k instead of 8k
  • More graceful handling of too many headers from the client or the server.
  • More expressive purges

New in version 2.0.2 (November 14th, 2008)

  • Fix possible ESI crash
  • Increase stack size for varnishreplay, makes it work on Linux
  • Fix random director to actually work properly
  • Make it possible to remove duplicate purges.
  • Add man page for varnishtest
  • Make resp.status work correctly in VCL

New in version 2.0.1 (October 18th, 2008)

  • This release contains a fix for a denial of service vulnerability in which Varnish could crash when receiving a malformed HTTP request.

New in version 2.0 Beta 2 (September 25th, 2008)

  • This release has loads of new features, including load balancing (random and round-robin), even better performance, ESI support, more complete VCL, serving of objects past their expiration date, multiple backends, rewriting of URLs, PURGE over HTTP support, better handling of large numbers of viewers, improved documentation, a regression test framework, and much more.