Search
Varnish Enterprise
Introduction Installation Upgrading Troubleshooting Changelog Changelog for 6.0.x Changes (Varnish Cache 4.1) Changes (Varnish Cache Plus 4.1) Features Backend SSL/TLS Client SSL/TLS termination In-Process TLS MSE 3.0 Settings mkfs.mse Memory Governor MSE 2.0 Parallel ESI Backend health counter HTTP/2 Support JSON Logging TCP Only Probes Timeouts Transit Buffer Varnish scoreboard VMODs Accept Accounting ACL (aclplus) ActiveDNS Akamai Connector AWS VCL Body Access & Transformation (xbody) Brotli Cookie Plus (cookieplus) DeviceAtlas Digest Dynamic backends (goto) Edgestash File Format Geolocation (geoip/mmdb) Header Manipulation (headerplus) HTTP communication (http) Image JSON parsing (json) JWT Key value storage (kvstore) Least connections director (leastconn) Module to control the built-in HTTP2 transport (h2) MSE control (mse) Probe Proxy ProxyV2 TLV Attribute Extraction (proxy) Pseudo Random Number Generator Purge (purge/softpurge) Real-time Status (rtstatus) Reverse DNS (resolver) Rewrite S3 VMOD Session Slicer SQLite3 Stale Standard (std) Stat (Prometheus) Strings (str) Synthetic backends (synthbackend) Tag-based invalidation (Ykey/Xkey) TCP configuration (tcp) TLS Total Encryption (crypto) Unified director object (udo) Uniform Resource Identifier (uri) Unix Socket Utilities (unix) URL Plus (urlplus) Utils Vsthrottle

Changes (Varnish Cache Plus 4.1)

Varnish Cache Plus 4.1.11r7 (2022-01-21)

  • Make the use of TRUSTED_FIRST OpenSSL certificate verification flag depend on the availability of the flag on the compiled platform. This means it will only be enabled on platforms using OpenSSL version 1.0.2 or newer.
  • Reenable Ubuntu Trusty as build target.

Varnish Cache Plus 4.1.11r6 (2022-01-03)

  • Set the TRUSTED_FIRST OpenSSL certificate verification flag on all platforms. This is the default behavior since OpenSSL version 1.1.0, but this applies the flag also on the platform using an older OpenSSL (CentOS 7). This helps with verifying certificates when there are multiple crossigned verification paths, and only some that are valid. (VS issue #1277)
  • Fix a request body timing issue. (VS issue #1353)
  • Correct the minimum heap sorting of next deadline DNS update in libvmod_goto. (VS issue #707)

Varnish Cache Plus 4.1.11r5 (2019-12-05)

  • varnishreload can handle very large VCL files.
  • The -j parameter for varnishncsa is now available also in Varnish Plus 4.1.

Varnish Cache Plus 4.1.11r4 (2019-08-19)

  • Handle sending the "null value" to urlplus.vmod_query_add.
  • Fix a crash when MSE was used to cache an empty synthetic response. (VS issue 556)
  • Fix a request and response parsing bug.

Varnish Cache Plus 4.1.11r3 (2019-06-13)

  • Allow varnishncsa to log garbage backend responses (VS issue 495)

Varnish Cache Plus 4.1.11r2 (2019-04-10)

  • Fix a bug related to releasing of temporary task variables during rush failures. (VS issue 435)
  • Fix clean up handling after a deep ESI/ES delivery failure, so that temporary task variables are properly released. (VS issue 447)
  • Guard all VMOD object destructors against NULL arguments. (VS issue 470)
  • Make the MSE cache populator wait until the first VCL is loaded before starting. This enables uses of xkey with persisted MSE caches. (VS issue 475)

Varnish Cache Plus 4.1.11r1 (2019-02-12)

  • Fully up-to-date with Varnish Cache 4.1.11. The (re)introduction of req.grace is the main new feature in this version.
  • Fix a bug where using MSE with return (synth) in several vcl function would wrongly cause a panic. This could happen if MSE was selected for transient storage.

Varnish Cache Plus 4.1.10r6 (2019-01-08)

  • Fix a panic in the request body caching code, where we would crash if the Transient storage backend was full when we attempted to allocate a new object.
  • Fix bug in VMOD urlplus where leading slash is ignored for 1 char long URLs
  • Fix a memory leak when using BackendSSL with hostname validation, where we would leak the X509 data structure of the peer's certificate (VS issue 390).
  • New parameter, override, in the cookieplus method add.
  • In VMOD cookie-plus, reset after writing Set-Cookies.

Varnish Cache Plus 4.1.10r5 (2018-10-01)

  • New VMOD: accept, backported from Varnish 6.0
  • New VMOD rewrite function: ruleset.add_rules()
  • Fixed bug in VMOD urlplus where a query string would be considered part of the extension.
  • In VMOD urlplus it is now possible to handle query parameters where a key appears multiple times, and even to clean up repeated equal key/value pairs.
  • Fixed a backend response issue
  • Added better diagnostics when the child process is unresponsive (related to the "poker")

Varnish Cache Plus 4.1.10r4 (2018-06-13)

  • Fix a crash caused by a potential relocking situation on waitinglist cleanup failure.
  • Additional logging in VMOD goto
  • Fixed URLPlus keep mode bug which affect both parameters and urls

Varnish Cache Plus 4.1.10r3 (2018-06-06)

  • Fix a crash that would happen if return (retry) was attempted on a conditional backend fetch (varnish-cache.org issue 2700).

Varnish Cache Plus 4.1.10r2 (2018-06-05)

  • Fix rare crash in VMOD goto that could be triggered just after VCL went into "cooling", and a DNS lookup finished.
  • Fixed bug in VMOD urlplus' get_extension function

Varnish Cache Plus 4.1.10r1 (2018-04-27)

  • New Edgestash variables
  • New VMOD: URL Plus
  • Include VMOD rewrite header file in the distribution

Varnish Cache Plus 4.1.9r3 (2018-02-26)

  • Imported varnish-modules 0.14.0
  • New Edgestash multi JSON csv function
  • Fix backend SSL handshake ignoring connection timeout
  • Honor .tcponly for TLS probes

Varnish Cache Plus 4.1.9r2 (2017-12-18)

  • Improved workspace_backend overflow handling. This fixes a bug where we would crash on overflow.
  • Fix a bug where we did not honor first_byte_timeout for reused backend connections (varnish-cache.org issue 1772).
  • New vmod_rewrite feature: split find/match functions.
  • New vmod_rewrite feature: multiple replacements can be defined for one regex.
  • New parameters in vmod_rewrite to control substitution: regsub, regsuball, only_matching
  • vmod_rewrite deprecation: for consistency .match_rewrite() should be used instead of .replace().

Varnish Cache Plus 4.1.9r1 (2017-11-20)

  • Fix a bug where we may end up retrying backend fetches over reused connections indefinitely (varnish-cache.org issue 2135)
  • Fix a bug where we in an out-of-threads scenario could end up leaking resources related to an ESI delivery.
  • Rename Varnish' SHA256 functions to VSHA256.

Note: This release brings with it a bump of Varnish' VMOD ABI major version, requiring all VMODs to be updated. Packaged VMODs will have updated versions in the repositories. Custom VMODs needs to be recompiled.

Varnish Cache Plus 4.1.8r2 (2017-11-07)

  • Fix race issue wrt persistence journaling and xkey
  • Correct read timeout when varnish gets a partial requests

Varnish Cache Plus 4.1.8r1 (2017-10-05)

  • Added vmod_json.
  • Added JSON dot notation support to Edgestash.
  • Added multi JSON support to Edgestash.
  • Fix unnecessary log buffer flushing (performance enhancement)

Varnish Cache Plus 4.1.8r1-beta1 (2017-09-28)

  • Added long descriptions for many counters.
  • Formatting of some man pages improved.
  • Added vmod_cookieplus.
  • Fix an MSE issue that could cause ban journal panics on startup. (VCP issue #184)
  • Fix a bug that led to incorrect TLS options in vmod-goto.
  • Fix the error handling when failing to allocated MSE write buffers. (VCP issue #185)
  • Introduce a mse_membuf_pool parameter to limit the number of write buffers kept around for future use.

Varnish Cache Plus 4.1.7r3 (2017-07-27)

  • Per MSE segment counters added to the manual.
  • Incorporated the fix of 2379, also known as VSV00001, present in Varnish Cache from 2017-08-02.

Varnish Cache Plus 4.1.7r2 (2017-07-07)

  • Fit full backend names in 128 chars (VCP issue #151)
  • The default value for vcl_reclen is now 4048 bytes (up from 255)
  • Fix goto.dns_backend()

Varnish Cache Plus 4.1.7r1 (2017-06-28)

  • Makes goto's backend resolutions always non-blocking.
  • Add dns_director() and dns_backend() to goto and deprecate the other methods.
  • Add vmod_vha to ease VHA integration.
  • Close a race in probe's release of connection pool handles.

Varnish Cache Plus 4.1.7r1-beta1 (2017-06-23)

  • Work around a synchronization issue with regard to late overwrites of object attributes in the fetch cycle. (VCP issue #143)

Varnish Cache Plus 4.1.6r2 (2017-05-30)

  • Edgestash 1.0.6 via vmod_edgestash.
  • Embedded VMODs from varnish-modules have been updated to version 0.12.0.
  • Add libvmod_rewrite. This is a utility vmod for giving lists of rewrite rules to apply.
  • Make debug.jemalloc_stats take a default argument of 'a'. This reduces the amount of output significantly (VCP issue #142).
  • Increase default cli_limit to 128k. This makes it possible to transfer larger buffers in the varnishgather data (VCP issue #142).

Varnish Cache Plus 4.1.6r1 (2017-05-09)

  • Add a debug.jemalloc_stats CLI command to print statistics from the jemalloc library.
  • Fix a potential backend leak in vmod-goto.
  • Add optional host_header argument to goto functions.
  • Add a serial number in goto backend names to avoid collisions.
  • Make startup_timeout only take effect if it is larger than cli_timeout. This fixes issues experienced on upgrade to the latest VCP when the change to cli_timeout didn't take effect. (VCP issue 141).

Varnish Cache Plus 4.1.5r2 (2017-04-21)

  • Added a new startup_timeout for CLI commands that take a long time when the child process is starting. This is especially useful for very large MSE setups.
  • Added SSL support to vmod-named.
  • Fix a workspace and proxy protocol related issue (VCP issue 134).

Varnish Cache Plus 4.1.5r2-beta2 (2017-04-07)

  • Fix a VCL temperature issue when the child fails on warming the VCL, which would cause a mismatch between master and child's VCL temperature state leading to asserts later. (VC pull 2273)
  • Fix a couple of issues with regard to libvmod_goto's cleanup code that would cause problems when discarding a VCL and the VCL was never set to warm, and when transitioning from warm to cold and then back to warm again. This could lead to asserts and/or leaking of threads. (VCP issue 127).
  • Add more verbose error logging on master-child CLI communication.
  • Fix a problem related to dynamic backend cleanup that would cause the child process' CLI thread to become stuck. This would again cause the master process to kill the child because of CLI timeout. (VC issue 2295)

Varnish Cache Plus 4.1.5r2-beta1 (2017-02-23)

  • Add protocol byte counters to the ReqAcct and BereqAcct log records. These counters show the number of bytes that were successfully read or written to/from the OS socket buffers, including protocol overhead. These counters are more accurate, as they will not show bytes that was never sent e.g. on a client hangup. Varnishncsa has been updated to make use of these new byte counts. (Issue #116).
  • Fix request body support on cache miss (VC issue 1927)

Varnish Cache Plus 4.1.5r1 (2017-02-13)

No changes since 4.1.5r1-beta1

Varnish Cache Plus 4.1.5r1-beta1 (2017-02-10)

  • Add parameters connect_timeout, first_byte_timeout, between_bytes_timeout and max_connections to vmod-goto.
  • Fix a resource leak in vmod-goto leading to unreleased backends.
  • Backend SSL code updated to support OpenSSL 1.1.0
  • Embedded VMODs from varnish-modules have been updated to v0.11.0.
  • Add parameters ssl_sni, ssl_verify_peer and ssl_verify_host to vmod-goto. These function like their counterparts used in backend definitions.
  • Fix an issue with MSE2 where we did not journal correctly that an object had been deleted. This could lead to a situation where we attempted to repopulate a half deleted object on restart, leading to assert. (Issue #112).

Varnish Cache Plus 4.1.4r5 (2016-12-13)

  • Fix a leak in parsing string in vmod-goto.
  • Introducing parallel ESI: Varnish will now do fetches of ESI fragments in parallel.
  • Add an esi_maxdepth counter. This indicates the number of times parameter max_esi_depth was hit.
  • vmod-kvstore added get/set for BACKEND types and ini file support
  • Fix vmod-goto related crash when discarding VCLs.
  • vmod-goto now logs failures to retrieve at least one IP.

Varnish Cache Plus 4.1.4r4 (2016-12-02)

  • Send stream events from the MSE object iterator when reaching the end of available data. This allows receiving streaming client connections to keep closer to the end of available data. (Issue #99)
  • Fix and clarify argument priority of goto.backend() and goto.director().
  • Various fixes in vmod-named

Varnish Cache Plus 4.1.4r4-beta1 (2016-11-24)

  • vmod-session has been added. It lets you set the session idle timeout on a per session basis. Some changes in the core was necessary.

Varnish Cache Plus 4.1.4r3 (2016-11-03)

  • Fix timeout issue on SSL backend probes. (Issue #90)
  • vmod-rtstatus 1.2.1 (28f1ffc) has been added to the distribution.
  • New runtime parameter clock_step specifying how much observed clock step we allow before panicking. (varnish-cache.org issue 1874)
  • Least-connection backend director has been added to the distribution.
  • Avoid losing varnishadm CLI synchronization. (varnish-cache.org issues 2026 and 2010)
  • Clean up vsm files on startup failure. (varnish-cache.org issue 2115)
  • Fix bug that added superfluous "duplicate link" in varnishlog. (varnish-cache.org issue 1830)

Varnish Cache Plus 4.1.4r2 (2016-10-10)

  • [vmod-goto] Added support for acting as a director, allowing for stacking them behind other directors.
  • Close a race between the ban lurker and nuked objects allowing the lurker to evaluate objects being dismantled. (VS issue #91 and #92)
  • Remove a feature designed to reduce the size of coredumps by eliminating unneeded object payload data. This caused an excessive amount of process map entries to be created, causing kernel resource exhaustion and memory allocation failures. (VS issue #93)

Varnish Cache Plus 4.1.4r1 (2016-09-22)

  • vmod-goto has been added to the distribution, allowing for using backends defined at request-time.

Varnish Cache Plus 4.1.4r1-beta1 (2016-09-14)

  • Changes added between Varnish Cache 4.1.3 and Varnish Cache 4.1.4-beta1 except commits ca3fde2, fe1c483, 2b279cd and 1774719 has been added. See doc/changes.rst for details.
  • Add .ssl_verify_host attribute to backend . If enabled, the connection will fail if the peer's certificate hostname does not match the hostname for this connection.

Varnish Cache Plus 4.1.3r2-beta1 (unreleased)

  • Parameter workspace_client default increased from 64k to 96k.
  • Parameter workspace_backend default increased from 64k to 128k.
  • Fix an MSE persistent issue when having a combination of ESI, gzip and failed fetch which would lead to an assert. (VS issue #76)
  • Fix a problem where MSE would attempt to persist failing objects (e.g. due to fetch failure), causing persisted problems. (VS issue #77)
  • Fix a locking issue in MSE object freeing code path allowing the hole expansion to attempt to free an object being dismantled in another thread causing assertion. (VS issue #69)
  • Fix a race on setting maximum stream limits for the simple stevedores. This affected all of the stevedores except MSE. (VS issue #71).

Varnish Cache Plus 4.1.3r1 (2016-07-08)

  • Changes added between Varnish Cache 4.1.2 and Varnish Cache 4.1.3 has been added. See doc/changes.rst for details.
  • Embedded VMODs from varnish-modules have been updated to v0.9.1.

Varnish Cache Plus 4.1.2r2 (2016-06-16)

  • Add a memory dump on CHECK_OBJ assertions. This will dump some memory from the area of the offending object to help with debugging.
  • Add MSE object structure debug output to the panic log. This is to help with debugging.
  • Add a shared maps section to the panic output.
  • Add backend mode to varnishncsa.
  • Fix failure to call fetch processor clean up (typically gzip/ungzip or ESI buffer leak) when handling fetch failures due to workspace exhaustion.
  • Fix failure to call object finalization when inserting synthetic objects in the cache. This would cause MSE objects to not store their attributes correctly, causing assertions on access. (VCP #62)
  • Fix ESI byte code allocation size handling and resulting buffer overflow. Tracked in varnish-cache.org ticket 1941.
  • Fix a ESI+gzip corner case which had escaped notice until now. Tracked in varnish-cache.org ticket 1878.
  • Avoid small memory leak on malformed ESI directives. (VC issue 1912)
  • Release memory instead of crashing on malformed ESI. (VC issue 1904)
  • Revive the backend_conn counter. Tracked in varnish-cache.org ticket 1725.
  • When the log is overrun and reacquired in the logging tools, the -d option is maintained.

Varnish Cache Plus 4.1.2r1 (2016-03-30)

No significant changes since 4.1.2r1-beta3.

Bugs fixed:

  • Avoid assertion on errors reported during fetch processor initialization (typically running out of backend workspace). Tracked in varnish-cache.org ticket 1871.

Varnish Cache Plus 4.1.2r1-beta3 (2016-03-29)

This is Varnish Cache Plus 4.1.2r1-beta3, based on Varnish Cache 4.1.2.

Changes since 4.1.2r1-beta2:

  • Man pages for new vmods have been added.
  • Correct handling of duplicate headers on IMS header merge. This ensures all instances of a header on the source (cached object) is copied to the new IMS-verified object. Previously only the first instance of a given header was copied. Tracked in varnish-cache.org ticket 1879.
  • Parameter mse_sendfile_min retired. No sendfile in MSE2.
  • Align exported bans to avoid losing one on restart. (Issue #55)
  • Remove cosmetic varnishadm tab completion warning. (Issue #34)
  • vmod-cookie updated to remove debug output. (Issue #50)
  • vmod-acl is now included.
  • mkfs.mse has been moved to /usr/sbin/.

Varnish Cache Plus 4.1.2r1-beta2 (2016-03-18)

This is Varnish Cache Plus 4.1.2r1-beta2, based on Varnish Cache 4.1.2.

Changes since 4.1.2r1-beta1:

  • Rework how the persistance MSE book is read during startup, to avoid random IO leading to long startup time.
  • vmod-kvstore (hash map datastructure in VCL) is now included.
  • mkfs.mse man page added. varnishd(1) discrepancies on mse syntax updated.
  • Workaround for VC issue #1806 added, fixing problems seen when a POST request piped over a reused backend connection.

Varnish Cache Plus 4.1.2r1-beta1 (2016-03-11)

This is Varnish Cache Plus 4.1.2r1-beta1, based on Varnish Cache 4.1.2 with the following additions:

  • MSE2 storage module. (See mkfs.mse -h)
  • Backend SSL support. See README-SSLBACKEND.rst and vcl(7).
  • Embedded Varnish modules: - cookie - header - var - vsthrottle - softpurge - saintmode - tcp - paywall - xkey

Varnish Cache Plus 4.1.2r0-tp1 (2016-02-19)

This is a technology preview (TP) release of VCP4.1.

It is based on Varnish Cache 4.1.2-beta1 with MSE2 (incl. persistence support) added. No other additions.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
News
Varnish Enterprise 6.0.12r8
Varnish Helm Chart 1.3.0
A note on how Varnish handles an HTTP/2 CONTINUATION flood
Varnish Enterprise 6.0.12r7
Varnish Controller 6.0.2
News archive