SearchVarnish Enterprise 6.0.16r13 is a feature and bug fix release. This release contains important bug fixes and stability improvements, and all users are encouraged to upgrade.
A major highlight of this release is that substantial work has been done to
make Varnish run stable on aarch64 (ARM64) hardware. The ARM64 build has
been promoted to General Availability (GA) status and is now part of our
mainline repositories.
Other key highlights include improved observability for vmod_nodes
and backend metrics, memory governor tuning improvements, TLS
connection handling fixes, and a new DataDome bot detection VMOD
available as a feature add-on.
The new features and optimizations are highlighted below. Please see the changelog for the complete list of changes in this version and previous versions.
We are introducing vmod_datadome, a new feature add-on providing native
integration with DataDome’s bot detection service. Please note that the API for
this VMOD is currently considered experimental.
This VMOD validates requests by forwarding specific data to DataDome’s external
service to make a blocking or routing decision. The service returns a status
code which the VMOD writes directly to the X-DataDomeResponse header.
To optimize performance and reduce external API calls, it is highly recommended
to only check non-static requests. We provide a bundled VCL file
(datadome_api.vcl) to drastically reduce boilerplate code; this bundled VCL
automatically skips validation for known static file extensions.
Example using the bundled VCL:
vcl 4.1;
include "datadome_api.vcl";
sub vcl_init {
# Insert your Server-side Module key
dd_api.set_key("YOUR_DATADOME_KEY");
}
sub vcl_recv {
# This macro validates the request, automatically
# skipping configured static file extensions.
call datadome_api_check_request;
}
The memory governor algorithm has been tuned to be less dependent on specific memory allocators, resulting in more consistent eviction behavior.
Two new tunables have been introduced: memory_eviction_factor and
memory_eviction_max_items.
The previously undocumented MSE4 specific configuration key eviction_batch_size
is now deprecated and has no effect.
For platform-specific optimizations, aarch64 builds now use jemalloc version
5.3, while x86_64 builds continue using jemalloc version 3.6.
Backend Visibility: Deleted backends are no longer visible in
varnishstat, which removes duplicate backend metrics that could occur when
dynamic backends resolved intermittently. We also added two new gauges to track
hidden backends: MAIN.n_backend_cold for backends in a cold VCL, and
MAIN.n_backend_deleted for deleted backends observing their backend_cooloff
period.
TLS Diagnostics: When a TLS handshake is aborted due to an unknown server name, Varnish now logs the requested SNI hostname. This makes it much easier to diagnose connection failures caused by missing or misconfigured certificates.
Node Tracking: vmod_nodes now features a new set of counters for
specific events and error conditions, and it logs detailed debug information
under the Nodes tag (masked by default).