[master] 5af986947 docs: be a bit more verbose about vcc_acl_pedantic and related
nils.goroll at uplex.de
Mon Sep 14 07:52:06 UTC 2020
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Mon Sep 14 09:49:59 2020 +0200
docs: be a bit more verbose about vcc_acl_pedantic and related
We actually changed behavior also for vcc_acl_pedantic=false
diff --git a/doc/sphinx/whats-new/changes-trunk.rst b/doc/sphinx/whats-new/changes-trunk.rst
index 29ccd5a5b..d40314b1e 100644
@@ -20,12 +20,20 @@ merged, may be found in the `change log`_.
+Access Control Lists (ACLs)
+The VCL compiler now emits warnings if network numbers used in ACLs do
+not have an all-zero host part (as, for example,
+``"192.168.42.42"/24``). By default, such ACL entries are fixed to
+all-zero and that fact logged with the ``ACL`` VSL tag.
-A new ``vcc_acl_pedantic`` parameter will turn warnings into errors for the
-case where an ACL entry includes a network prefix, but host bits aren't all
+A new ``vcc_acl_pedantic`` parameter, when set to ``true``, turns the
+ACL warnings documented above into errors for the case where an ACL
+entry includes a network prefix, but host bits aren't all zeroes.
The ``solaris`` jail has been improved and can reduce privileges even further.
There is now a new optional ``-j solaris,worker=...`` argument which allows to
More information about the varnish-commit