[master] 5af986947 docs: be a bit more verbose about vcc_acl_pedantic and related

Nils Goroll nils.goroll at uplex.de
Mon Sep 14 07:52:06 UTC 2020


commit 5af98694788289485563dab34984255364eacd8c
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Mon Sep 14 09:49:59 2020 +0200

    docs: be a bit more verbose about vcc_acl_pedantic and related
    
    We actually changed behavior also for vcc_acl_pedantic=false

diff --git a/doc/sphinx/whats-new/changes-trunk.rst b/doc/sphinx/whats-new/changes-trunk.rst
index 29ccd5a5b..d40314b1e 100644
--- a/doc/sphinx/whats-new/changes-trunk.rst
+++ b/doc/sphinx/whats-new/changes-trunk.rst
@@ -20,12 +20,20 @@ merged, may be found in the `change log`_.
 varnishd
 ========
 
+Access Control Lists (ACLs)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The VCL compiler now emits warnings if network numbers used in ACLs do
+not have an all-zero host part (as, for example,
+``"192.168.42.42"/24``). By default, such ACL entries are fixed to
+all-zero and that fact logged with the ``ACL`` VSL tag.
+
 Parameters
 ~~~~~~~~~~
 
-A new ``vcc_acl_pedantic`` parameter will turn warnings into errors for the
-case where an ACL entry includes a network prefix, but host bits aren't all
-zeroes.
+A new ``vcc_acl_pedantic`` parameter, when set to ``true``, turns the
+ACL warnings documented above into errors for the case where an ACL
+entry includes a network prefix, but host bits aren't all zeroes.
 
 The ``solaris`` jail has been improved and can reduce privileges even further.
 There is now a new optional ``-j solaris,worker=...`` argument which allows to


More information about the varnish-commit mailing list