What's new in 2.4 compared to 2.3 ? Lots of cool stuff! The work was spread
on several fronts:
- performance and latency: a lot of work was done on locking reduction,
bringing 2.4 a much lower latency than 2.3 had, and a higher scalability.
2.4 is NUMA-aware on Linux and will avoid binding to cross-socket cores
by default. Idle server-side connections are now reusable even when SNI,
proxy protocol or transparent proxy are used, saving costly round trips.
Lua now supports lock-free multi-threading. Idle frontend connections
will now be closed as soon as possible during reloads.
- reliability: "strict-limits" is on by default, experimental features
are protected against accidental use from a copy-paste, a diagnostic
mode was added to report suspicious or uncommon constructs that could
be mistakes, new live debugging tools were added for better in-field
debugging. Backend idle connections will be closed before quitting
so that they don't consume source ports in TIME_WAIT.
- management and integration: maps and ACLs now support atomic updates,
server-side SSL certificates can also be updated without reloading,
servers can be added/removed without reloading (still experimental),
more server settings can be edited at run time, global variables can
be listed/edited at run time, "defaults" section can now be named,
reused an inherited, line numbers and file names can be included in
any command, file paths can now be relative to the config file, some
new ".if/.elif/.else/.endif" config directives permit a smoother
transition between versions using a same config file (particularly
useful for automated rollbacks),
- interoperability / protocol support: WebSocket over HTTP/2 (RFC8441)
is now supported on both sides, regardless of the version on the other
side. The cache now supports the "Vary" header with a few commonly
used headers, including "Accept-encoding" which gets normalized for
optimal cache hit ratio. The Prometheus exporter got a significant
liftup, requires less tricks on the Prometheus side, and supports
listing only certain metrics for faster retrieval. Optional native
support for Opentracing was also integrated (via USE_OT=1). The DNS
resolvers now support talking to servers over TCP. Basic support for
extracting information from MQTT and FIX protocol was added. Timeouts
can now be adjusted on the fly and per-request in order to adapt to
particuarly slow servers or special protocols.
- user-friendliness: TCP loggers now do not require a ring section
declaration anymore, it's transparently done now. Header deletion
using a pattern matching on the name is now supported instead of
having to list many names. Checking for real server-side errors got
easier than before with http_fail_cnt/http_fail_rate. The config
parser and CLI will now provide suggestions when some keywords are
misspelled. The CLI's help output can now be filtered to subsets of
commands and will be sorted for easier finding.
- processing: the new "wait-for-body" HTTP action allows to wait for
a request or response body up to a certain size or delay. This is
convenient to detect POST contents or to detect error patterns or
information leaks in responses. TCP frontends can now be manually
upgraded to HTTP, allowing HTTP rules to be used in a frontend in
a tcp->http scenario. JSON parameters can be decoded to extract some
fields values. A URL encoder is now available to pass some fields in
a way that is suitable for query string parameters. Base64 variants
are now supported (such as the URL-compatible one used by JWT).
- for distros: building optional addons will be easier thanks to the
removal of the contrib/ directory and the cleaner integration with
the regular build process and include files. Libslz was included by
default, simplifying the packaging work. A few example configs were
added into examples/ to serve as starters for users. A CPU entry was
added to produce executables that works well both on old and new
ARMv8 CPUs.
- observability: more stats were added (SSL, H2). "show info" can now
emit floating point values for rates and uptimes if requested.
2.3.10
- BUILD: backend: fix build breakage in idle conn locking fix
- BUG/MINOR: tcp: fix silent-drop workaround for IPv6
- BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
- BUG/MINOR: ssl: Fix update of default certificate
- BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one
- BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
- BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free
- REGTESTS: ssl: "set ssl cert" and multi-certificates bundle
- DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options
- REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken
- CONTRIB: halog: fix issue with array of type char
- BUG/MINOR: tools: fix parsing "us" unit for timers
- DOC: clarify that compression works for HTTP/2
- MINOR: No longer rely on deprecated sample fetches for predefined ACLs
- BUG/MEDIUM: sample: Fix adjusting size in field converter
- DOC: ssl: Certificate hot update only works on fronted certificates
- BUG/MEDIUM: threads: Ignore current thread to end its harmless period
- BUG/MINOR: checks: Set missing id to the dummy checks frontend
- MINOR: logs: Add support of checks as session origin to format lf strings
- BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections
- MINOR: connection: Make bc_http_major compatible with tcp-checks
- BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check
- BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded
- BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function
- BUG/MINOR: logs: Report the true number of retries if there was no connection
- BUG/MINOR: mux-h1: Release idle server H1 connection if data are received
- BUG/MINOR: server: free srv.lb_nodes in free_server
- BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers
- BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames
- BUG/MEDIUM: config: fix cpu-map notation with both process and threads
- BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases
- BUG/MINOR: mworker: don't use oldpids[] anymore for reload
- BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data
- BUG/MINOR: peers: remove useless table check if initial resync is finished
- BUG/MEDIUM: peers: re-work connection to new process during reload.
- BUG/MEDIUM: peers: re-work refcnt on table to protect against flush
2021/03/30 : 2.3.9
- BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent
- MEDIUM: backend: use a trylock to grab a connection on high FD counts as well
- BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv
- BUG/MINOR: stats: Apply proper styles in HTML status page.
- BUG/MEDIUM: time: make sure to always initialize the global tick
2021/03/25 : 2.3.8
- MINOR: time: export the global_now variable
- BUG/MINOR: freq_ctr/threads: make use of the last updated global time
- BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback
- MINOR: time: also provide a global, monotonic global_now_ms timer
- BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable
- BUG/MINOR: protocol: add missing support of dgram unix socket.
- MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket
- MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua
- BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable
- BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list"
- BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro
- MINOR: lua: Slightly improve function dumping the lua traceback
- BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback
- BUG/MEDIUM: lua: Always init the lua stack before referencing the context
- MINOR: fd: make fd_clr_running() return the remaining running mask
- MINOR: fd: remove the unneeded running bit from fd_insert()
- BUG/MEDIUM: fd: do not wait on FD removal in fd_delete()
- CLEANUP: fd: remove unused fd_set_running_excl()
- BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available.
- BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless
- MINOR: tools: make url2ipv4 return the exact number of bytes parsed
- BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters
2.3.7
- BUG/MINOR: backend: fix condition for reuse on mode HTTP
- BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring()
- BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode
- REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h
- BUG/MINOR: mt-list: always perform a cpu_relax call on failure
- MINOR: atomic: add armv8.1-a atomics variant for cas-dw
- MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs
- BUG/MEDIUM: session: NULL dereference possible when accessing the listener
- MINOR: tasks: refine the default run queue depth
- MINOR: listener: refine the default MAX_ACCEPT from 64 to 4
- OPTIM: server: switch the actconn list to an mt-list
- MINOR: server: move actconns to the per-thread structure
- MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock
- OPTIM: lb-first: do not take the server lock on take_conn/drop_conn
- OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn
- OPTIM: lb-leastconn: do not unlink the server if it did not change
- MINOR: dynbuf: make the buffer wait queue per thread
- MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait
- MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold
- MINOR: stream: add an "epoch" to figure which streams appeared when
- MINOR: cli/streams: make "show sess" dump all streams till the new epoch
- MINOR: streams: use one list per stream instead of a global one
- MEDIUM: streams: do not use the streams lock anymore
- MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS
- MINOR: pools: double the local pool cache size to 1 MB
- MEDIUM: backend: use a trylock when trying to grab an idle connection
- MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY
- MINOR: ssl: mark the SSL handshake tasklet as heavy
- BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake
- MINOR: task: add an application specific flag to the state: TASK_F_USR1
- MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1
- MINOR: xprt: add new xprt_set_idle and xprt_set_used methods
- MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks
- MEDIUM: task: remove the tasks_run_queue counter and have one per thread
- MINOR: task: give the scheduler a bit more flexibility in the runqueue size
- OPTIM: task: automatically adjust the default runqueue-depth to the threads
- BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc.
- BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw()
- BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached
- BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check
- BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters
- BUG/MINOR: session: Add some forgotten tests on session's listener
- BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check
- CLEANUP: tcp-rules: add missing actions in the tcp-request error message
- Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record"
- BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error
- BUG/MINOR: resolvers: Reset server address on DNS error only on status change
- BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution
- BUG/MEDIUM: resolvers: Don't set an address-less server as UP
- BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item
- MINOR: resolvers: new function find_srvrq_answer_record()
- BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item
- BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete
- MINOR: resolvers: Use a function to remove answers attached to a resolution
- MINOR: resolvers: Purge answer items when a SRV resolution triggers an error
- MINOR: resolvers: Add function to change the srv status based on SRV resolution
- MINOR: resolvers: Directly call srvrq_update_srv_state() when possible
- BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks
- BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set
- MINOR: resolvers: Use milliseconds for cached items in resolver responses
- MINOR: resolvers: Don't try to match immediatly renewed ADD items
- BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames
2.3.6
- MINOR: check: do not ignore a connection header for http-check send
- BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro
- BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro
- BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro
- BUG/MINOR: intops: fix mul32hi()'s off-by-one
- BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors
- BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state
- BUG/MINOR: server: re-align state file fields number
- BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints()
- BUG/MINOR: backend: hold correctly lock when killing idle conn
- BUG/MINOR: server: Fix server-state-file-name directive
- CLEANUP: deinit: release global and per-proxy server-state variables on deinit
- BUG/MEDIUM: config: don't pick unset values from last defaults section
- BUG/MINOR: stats: revert the change on ST_CONVDONE
- BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines
- BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL
- DOC: tune: explain the origin of block size for ssl.cachesize
- CLEANUP: channel: fix comment in ci_putblk.
- BUG/MINOR: server: Remove RMAINT from admin state when loading server state
- BUG/MINOR: session: atomically increment the tracked sessions counter
- BUG/MINOR: checks: properly handle wrapping time in __health_adjust()
- BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust()
- BUG/MINOR: sample: Always consider zero size string samples as unsafe
- BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions
- DOC: explain the relation between pool-low-conn and tune.idle-pool.shared
- BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ().
- BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer
- BUG/MINOR: http-rules: Always replace the response status on a return action
- BUG/MINOR: server: Init params before parsing a new server-state line
- BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line
- BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok
- BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert"
- MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes
- BUG/MINOR: sample: secure convs that accept base64 string and var name as args
- BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe
- BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop
- BUG/MEDIUM: cli/shutdown sessions: make it thread-safe
- BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal
- BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl()
- BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned
- BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record
- BUG/MINOR: resolvers: new callback to properly handle SRV record errors
- BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records
- BUG/MEDIUM: resolvers: Reset address for unresolved servers
- BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup()
- CLEANUP: muxes: Remove useless if condition in show_fd function
- BUG/MINOR: stats: fix compare of no-maint url suffix
- BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf()
- BUG/MINOR: http-ana: Only consider dst address to process originalto option
- BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule
- BUG/MINOR: connection: Use the client's dst family for adressless servers
- BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1
- DOC: spoe: Add a note about fragmentation support in HAProxy
- BUG/MINOR: mux-h2: Fix typo in scheme adjustment
- BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout
2.3.5
- BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
- MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities
- MINOR: server: Forbid server definitions in frontend sections
- BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.
- MINOR: peers: Add traces for peer control messages.
- BUG/MINOR: dns: SRV records ignores duplicated AR records (v2)
- BUILD: peers: fix build warning about unused variable
- BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
- BUG/MINOR: peers: Possible appctx pointer dereference.
- MINOR: build: discard echoing in help target
- BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
- BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper
- BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
- BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context
- BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
- BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
- DOC: Improve documentation of the various hdr() fetches
- BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown
- BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
- BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file()
- BUG/MEDIUM: session: only retrieve ready idle conn from session
- REORG: backend: simplify conn_backend_get
- BUG/MEDIUM: backend: never reuse a connection for tcp mode
- BUG/MINOR: backend: check available list allocation for reuse
- MINOR: contrib: Make the wireshark peers dissector compile for more distribs.
- CLEANUP: tools: make resolve_sym_name() take a const pointer
- CLEANUP: cli: make "show fd" use a const connection to access other fields
- MINOR: cli: make "show fd" also report the xprt and xprt_ctx
- MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps.
- MINOR: ssl: provide a "show fd" helper to report important SSL information
- MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them
- MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known
- MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known
- MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known
- MINOR: cli: give the show_fd helpers the ability to report a suspicious entry
- MINOR: cli/show_fd: report some easily detectable suspicious states
- MINOR: ssl/show_fd: report some FDs as suspicious when possible
- MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls
- MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls
- MINOR: h1: Raise the chunk size limit up to (2^52 - 1)
- DOC: management: fix "show resolvers" alphabetical ordering
- BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
- BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
- BUG/MEDIUM: ssl: check a connection's status before computing a handshake
- BUG/MINOR: mux_h2: fix incorrect stat titles
- BUG/MINOR: xxhash: make sure armv6 uses memcpy()
- BUG/MINOR: ssl: do not try to use early data if not configured
- BUILD: ssl: fix build breakage with last commit
- MINOR: cli/show_fd: report local and report ports when known
- BUILD: Makefile: move REGTESTST_TYPE default setting
- BUG/MEDIUM: mux-h2: handle remaining read0 cases
- BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED
- BUG/MINOR: sock: Unclosed fd in case of connection allocation failure
- MINOR: config: Deprecate and ignore tune.chksize global option
2.3.4
- MINOR: reg-tests: add a way to add service dependency
- BUG/MINOR: sample: check alloc_trash_chunk return value in concat()
- BUG/MINOR: reg-tests: fix service dependency script
- MINOR: reg-tests: add base prometheus test
- Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"
- BUG/MINOR: sample: Memory leak of sample_expr structure in case of error
- BUG/MINOR: check: Don't perform any check on servers defined in a frontend
- BUG/MINOR: init: enforce strict-limits when using master-worker
- MINOR: contrib/prometheus-exporter: avoid connection close header
- MINOR: contrib/prometheus-exporter: use fill_info for process dump
2.3.3
- MINOR: plock: use an ARMv8 instruction barrier for the pause instruction
- BUG/MEDIUM: lists: Lock the element while we check if it is in a list.
- MINOR: task: remove __tasklet_remove_from_tasklet_list()
- BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
- BUG/MEDIUM: local log format regression.
- BUG/MINOR: mux-h2/stats: make stream/connection proto errors more accurate
- BUG/MINOR: mux-h2/stats: not all GOAWAY frames are errors
- BUG/MINOR: lua: missing "\n" in error message
- BUG/MINOR: lua: lua-load doesn't check its parameters
- BUG/MINOR: lua: Post init register function are not executed beyond the first one
- BUG/MINOR: lua: Some lua init operation are processed unsafe
- MINOR: actions: Export actions lookup functions
- MINOR: actions: add a function returning a service pointer from its name
- MINOR: cli: add a function to look up a CLI service description
- BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times
- BUG/MAJOR: ring: tcp forward on ring can break the reader counter.
- BUILD/MINOR: haproxy DragonFlyBSD affinity build update.
- DOC/MINOR: Fix formatting in Management Guide
- BUG/MINOR: listener: use sockaddr_in6 for IPv6
- BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections
- MINOR: protocol: add a ->set_port() helper to address families
- MINOR: listener: automatically set the port when creating listeners
- MINOR: listener: now use a generic add_listener() function
- MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1
- BUG/MAJOR: spoa/python: Fixing return None
- DOC: spoa/python: Fixing typo in IP related error messages
- DOC: spoa/python: Rephrasing memory related error messages
- DOC: spoa/python: Fixing typos in comments
- BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations
- BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails
- BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments
- BUG/MEDIUM: spoa/python: Fixing references to None
- DOC: email change of the DeviceAtlas maintainer
- BUG/MINOR: http-check: Use right condition to consider HTX message as full
- BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read
- MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules
- BUG/MINOR: tools: make parse_time_err() more strict on the timer validity
- BUG/MINOR: tools: Reject size format not starting by a digit
- BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
- BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert"
- REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
- BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call
- BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
- BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
- BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
- BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request
- CONTRIB: halog: fix build issue caused by %L printf format
- CONTRIB: halog: mark the has_zero* functions unused
- CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
- CONTRIB: debug: address "poll" utility build on non-linux platforms
- BUILD: plock: remove dead code that causes a warning in gcc 11
- BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call
- BUG/MINOR: dns: SRV records ignores duplicated AR records
- DOC: fix "smp_size" vs "sample_size" in "log" directive arguments
- BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
- BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
- MINOR: atomic: don't use ; to separate instruction on aarch64.
- BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails
- BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails
- BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule
- DOC: Improve the message printed when running `make` w/o `TARGET`
- BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread local
- SCRIPTS: improve announce-release to support different tag and versions
- SCRIPTS: make announce release support preparing announces before tag exists
- BUG/MINOR: srv: do not init address if backend is disabled
- BUG/MINOR: srv: do not cleanup idle conns if pool max is null
- MINOR: converter: adding support for url_enc
- BUILD: Makefile: exclude broken tests by default
- CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error
- MINOR: contrib/prometheus-exporter: export build_info
- DOC: fix some spelling issues over multiple files
- SCRIPTS: announce-release: fix typo in help message
- DOC: Add maintainers for the Prometheus exporter
- BUG/MINOR: sample: fix concat() converter's corruption with non-string variables
2.3.2
- BUILD: http-htx: fix build warning regarding long type in printf
- CLEANUP: cfgparse: remove duplicate registration for transparent build options
- BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering
- BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests
- DOC: add missing 3.10 in the summary
- BUG/MINOR: ssl: segv on startup when AKID but no keyid
- BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages
- BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list
- BUG/MEDIUM: ssl: error when no certificate are found
- BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated
- BUG/MEDIUM: ssl/crt-list: fix error when no file found
- BUILD: makefile: enable crypt(3) for OpenBSD
- DOC: clarify how to create a fallback crt
- CLEANUP: connection: do not use conn->owner when the session is known
- BUG/MAJOR: connection: reset conn->owner when detaching from session list
- BUG/MINOR: http_htx: Fix searching headers by substring
- DOC: better describes how to configure a fallback crt
- BUG/MAJOR: filters: Always keep all offsets up to date during data filtering
- MEDIUM: cache: Change caching conditions
- DOC: cache: Add new caching limitation information
- REGTESTS: Add sample_fetches/cook.vtc
- REGTESTS: converter: add url_dec test
- MINOR: http_act: Add -m flag for del-header name matching method
- BUILD: Make DEBUG part of .build_opts
- BUILD: Show the value of DEBUG= in haproxy -vv
- BUG/MEDIUM: http_act: Restore init of log-format list
- BUG/MAJOR: peers: fix partial message decoding
- DOC: better document the config file format and escaping/quoting rules
- DOC: Clarify %HP description in log-format
- BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check
- MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main
- BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool
- DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section
- BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check
2.3.1
- BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher
- MINOR: http-htx: Add understandable errors for the errorfiles parsing
- DOC: config: Fix a typo on ssl_c_chain_der
- BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded
- BUG/MINOR: pattern: a sample marked as const could be written
- BUG/MINOR: lua: set buffer size during map lookups
- BUG/MINOR: stats: free dynamically stats fields/lines on shutdown
- BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries.
- BUG/MINOR: peers: Missing TX cache entries reset.
- BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages
- BUG/MINOR: http-fetch: Extract cookie value even when no cookie name
- BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches
- BUG/MEDIUM: check: reuse srv proto only if using same mode
- MINOR: check: report error on incompatible proto
- MINOR: check: report error on incompatible connect proto
- BUG/MINOR: http-htx: Handle warnings when parsing http-error and http-errors
- BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet
- MINOR: spoe: Don't close connection in sync mode on processing timeout
- BUG/MINOR: tcpcheck: Don't warn on unused rules if check option is after
- MINOR: init: Fix the prototype for per-thread free callbacks
- MINOR: config/mux-h2: Return ERR_ flags from init_h2() instead of a status
- MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error.
- REGTEST: ssl: test wildcard and multi-type + exclusions
- REGTEST: ssl: mark reg-tests/ssl/ssl_crt-list_filters.vtc as broken
- MINOR: peers: Add traces to peer_treat_updatemsg().
- REGTEST: make ssl_client_samples and ssl_server_samples require to 2.2
2.3.0
- CLEANUP: pattern: remove unused entry "tree" in pattern.val
- BUILD: ssl: use SSL_CTRL_GET_RAW_CIPHERLIST instead of OpenSSL versions
- BUG/MEDIUM: filters: Don't try to init filters for disabled proxies
- BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies
- BUG/MINOR: checks: Report a socket error before any connection attempt
- BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup
- MINOR: server: Copy configuration file and line for server templates
- BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade
- BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions
- MINOR: debug: don't count free(NULL) in memstats
- BUG/MINOR: filters: Skip disabled proxies during startup only
- MINOR: mux_h2: capitalize frame type in stats
- MINOR: mux_h2: add stat for total count of connections/streams
- MINOR: stats: do not display empty stat module title on html
- BUG/MEDIUM: stick-table: limit the time spent purging old entries
- BUG/MEDIUM: listener: only enable a listening listener if needed
- BUG/MEDIUM: listener: never suspend inherited sockets
- BUG/MEDIUM: listener: make the master also keep workers' inherited FDs
- MINOR: fd: add fd_want_recv_safe()
- MEDIUM: listeners: make use of fd_want_recv_safe() to enable early receivers
- REGTESTS: mark abns_socket as working now
- CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream
- MINOR: sock: add a check against cross worker<->master socket activities
- CI: github actions: limit OpenSSL no-deprecated builds to "default,bug,devel" reg-tests
- BUG/MEDIUM: server: make it possible to kill last idle connections
- MINOR: mworker/cli: the master CLI use its own applet
- MINOR: ssl: define SSL_CTX_set1_curves_list to itself on BoringSSL
- BUILD: ssl: use feature macros for detecting ec curves manipulation support
- DOC: Add dns as an available domain to show stat
- BUILD: makefile: usual reorder of objects for faster builds
- DOC: update INSTALL to mention that TCC is supported
- DOC: mention in INSTALL that haproxy 2.3 is a stable version
- MINOR: version: mention that it's stable now
2.2.4
- BUILD: threads: better workaround for late loading of libgcc_s
- BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned
- BUG/MINOR: Fix type passed of sizeof() for calloc()
- BUG/MINOR: ssl: verifyhost is case sensitive
- BUG/MINOR: server: report correct error message for invalid port on "socks4"
- BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly.
- BUG/MINOR: ssl/crt-list: crt-list could end without a \n
- BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK
- BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch
- BUG/MINOR: config: Fix memory leak on config parse listen
- BUG/MEDIUM: h2: report frame bits only for handled types
- BUG/MINOR: Fix memory leaks cfg_parse_peers
- MINOR: h2/trace: also display the remaining frame length in traces
- MINOR: backend: make the "whole" option of balance uri take only one bit
- MINOR: backend: add a new "path-only" option to "balance uri"
- REGTESTS: add a few load balancing tests
- BUG/MEDIUM: listeners: do not pause foreign listeners
- BUILD: trace: include tools.h
- REGTESTS: use "command" instead of "which" for better POSIX compatibility
- DOC: agent-check: fix typo in "fail" word expected reply
- BUG/MINOR: ssl/crt-list: exit on warning out of crtlist_parse_line()
- REGTEST: fix host part in balance-uri-path-only.vtc
- REGTEST: make agent-check.vtc require 1.8
- REGTEST: make abns_socket.vtc require 1.8
- REGTEST: make map_regm_with_backref require 1.7
2.2.3
- SCRIPTS: git-show-backports: make -m most only show the left branch
- SCRIPTS: git-show-backports: emit the shell command to backport a commit
- BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send
- CLEANUP: dns: typo in reported error message
- BUG/MAJOR: dns: disabled servers through SRV records never recover
- BUG/MINOR: spoa-server: fix size_t format printing
- DOC: spoa-server: fix false friends `actually`
- BUG/MINOR: ssl: fix memory leak at OCSP loading
- BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free()
- BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime
- MINOR: arg: Add an argument type to keep a reference on opaque data
- BUG/MINOR: converters: Store the sink in an arg pointer for debug() converter
- BUG/MINOR: lua: Duplicate map name to load it when a new Map object is created
- BUG/MINOR: arg: Fix leaks during arguments validation for fetches/converters
- BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation
- BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation
- MINOR: hlua: Don't needlessly copy lua strings in trash during args validation
- BUG/MINOR: lua: Duplicate lua strings in sample fetches/converters arg array
- MEDIUM: lua: Don't filter exported fetches and converters
- BUG/MINOR: snapshots: leak of snapshots on deinit()
- BUG/MEDIUM: ssl: fix the ssl-skip-self-issued-ca option
- BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2
- BUG/MINOR: stats: use strncmp() instead of memcmp() on health states
- BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction
- BUG/MEDIUM: ssl: never generates the chain from the verify store
- BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards
- BUG/MINOR: reload: do not fail when no socket is sent
- BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers
- MINOR: http-htx: Add an option to eval query-string when the path is replaced
- BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action
- BUG/MEDIUM: ssl: crt-list negative filters don't work
- DOC: cache: Use '<name>' instead of '<id>' in error message
- MINOR: cache: Reject duplicate cache names
- BUILD: tools: include auxv a bit later
- BUILD: task: work around a bogus warning in gcc 4.7/4.8 at -O1
- BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak
- BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed
- BUG/MINOR: contrib/spoa-server: Do not free reference to NULL
- BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure
- BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address
- BUG/MINOR: startup: haproxy -s cause 100% cpu
- Revert "BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action"
- BUG/MEDIUM: doc: Fix replace-path action description
- MINOR: http-rules: Add set-pathq and replace-pathq actions
- MINOR: http-fetch: Add pathq sample fetch
- REGTEST: Add a test for request path manipulations, with and without the QS
- BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp()
- MINOR: arg: Use chunk_destroy() to release string arguments
- BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate
- BUG/MINOR: threads: work around a libgcc_s issue with chrooting
- BUILD: thread: limit the libgcc_s workaround to glibc only
- MINOR: Commit .gitattributes
- CLEANUP: Update .gitignore
- CLEANUP: dns: remove 45 "return" statements from dns_validate_dns_response()
- BUG/MEDIUM: dns: Don't store additional records in a linked-list
- BUG/MEDIUM: dns: Be sure to renew IP address for already known servers
- MINOR: server: Improve log message sent when server address is updated
- DOC: ssl-load-extra-files only applies to certificates on bind lines
- BUG/MINOR: auth: report valid crypto(3) support depending on build options
- BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections
2.2.2
- BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore
- BUILD: tools: fix build with static only toolchains
- BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
- BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
- BUG/MAJOR: dns: don't treat Authority records as an error
- MEDIUM: lua: Add support for the Lua 5.4
- BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
- BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation
- BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort
- BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
- BUG/MEDIUM: connection: Be sure to always install a mux for sync connect
- MINOR: connection: Preinstall the mux for non-ssl connect
- MINOR: stream-int: Be sure to have a mux to do sends and receives
- SCRIPTS: announce-release: add the link to the wiki in the announce messages
- BUG/MEDIUM: backend: always attach the transport before installing the mux
- BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux
2.2.1
- BUG/MINOR: sample: Free str.area in smp_check_const_bool
- BUG/MINOR: sample: Free str.area in smp_check_const_meth
- BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD()
- BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ
- CONTRIB: da: fix memory leak in dummy function da_atlas_open()
- BUG/MEDIUM: mux-h2: Don't add private connections in available connection list
- BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list
- BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
- BUG/MINOR: mux-fcgi: Handle empty STDERR record
- BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding
- BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT
- BUG/MEDIUM: log: issue mixing sampled to not sampled log servers.
- BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers
- BUG/MEDIUM: server: resolve state file handle leak on reload
- BUG/MEDIUM: server: fix possibly uninitialized state file on close
- BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
- BUILD: config: address build warning on raspbian+rpi4
- BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed
- BUILD: config: fix again bugs gcc warnings on calloc
- DOC: ssl: req_ssl_sni needs implicit TLS
- BUG/MEDIUM: arg: empty args list must be dropped
- BUG/MEDIUM: resolve: fix init resolving for ring and peers section.
- BUG/MAJOR: tasks: don't requeue global tasks into the local queue
- BUG/MAJOR: dns: Make the do-resolve action thread-safe
- BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
- MEDIUM: htx: Add a flag on a HTX message when no more data are expected
- BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one
- BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected
- BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering
HAProxy 2.2.0 was released on 2020/07/07. It added 24 new commits
after version 2.2-dev12.
There were very few last-minute changes since dev12, just as I hoped,
that's pretty fine.
We're late by about 1 month compared to the initial planning, which is
not terrible and should be seen instead as an investment on the debugging
cycle since almost only bug fixes were merged during that period. In the
end you get a better version later.
While I was initially worried that this version didn't seem to contain
any outstanding changes, looking back in the mirror tells be it's another
awesome one instead:
- dynamic content emission:
- "http-request return" directive to build dynamic responses ;
- rewrite of headers (including our own) after the response ;
- dynamic error files (errorfiles can be used as templates to
deliver personalized pages)
- further improvements to TLS runtime certificates management:
- insertion of new certificates
- split of key and cert
- manipulation and creation of crt-lists
- even directories can be handled
And by the way now TLSv1.2 is set as the default minimum version.
- significant reduction of server-side resources by sharing idle
connection pools between all threads ; till 2.1 if you had 64 threads,
each of them had its own connections, so the reuse rate was lower, and
the idle connection count was very high. This is not the case anymore.
- health-checks were rewritten to all rely on tcp-check rules behind the
curtains. This allowed to get rid of all the dirt we had accumulate over
18 years and to write extensible checks. New ones are much easier to add.
In addition we now have http-checks which support header and body
addition, and which pass through muxes (HTTP/1 and HTTP/2).
- ring buffer creation with ability to forward any event to any log server
including over TCP. This means that it's now possible to log over a TCP
syslog server, and that adding new protocols should be fairly easy.
- further refined and improved debugging (symbols in panic dumps, malloc
debugging, more activity counters)
- the default security was improved. For example fork() is forbidden by
default, which will block against any potential code execution (and
will also block external checks by default unless explicitly unblocked).
- new performance improvements in the scheduler and I/O layers, reducing
the cost of I/O processing and overall latency. I've known from private
discussions that some noticed tremendous gains there.
I'm pretty sure there are many other things but I don't remember, I'm
looking at my notes. I'm aware that HaproxyTech will soon post an in-depth
review on the haproxy.com blog so just have a look there for all the details.
(edit: it's already there: https://www.haproxy.com/blog/announcing-haproxy-2-2/
).
There are three things I noted during the development of this version.
The first one is that with the myriad of new tools we're using to help
users and improve our code quality (discourse, travis, cirrus, oss-fuzz,
mailing-list etc), some people really found their role in the project and
are becoming more autonomous. This definitely scales much better and helps
me spend less time on things that are not directly connected to my code
activities, so thank you very much for this (Lukas, Tim, Ilya, Cyril).
The second one is that this is the first version that has been tortured
in production long before the release. And when I'm saying "tortured", I
really mean it, because several of us were suffering as well. But it
allowed to address very serious issues that would have been a nightmare
to debug and fix post-release. For this I really want to publicly thank
William Dauchy for all his work and involvement on this, and for all the
very detailed reports he's sent us. For me this is the proof that running
code early on very limited traffic is enough to catch unacceptable bugs
that will not hit you later. And this pays off because he will be able to
deploy 2.2 soon without sweating. Others might face bugs that were not in
the perimeter he tested, hehe :-) I really encourage anyone who can to do
this. I know it's not easy and can be risky, but with some organization
and good prod automation it's possible and is great. What's nice with
reporting bugs during development is that you have a safe version to roll
back to and it can take the time it takes to fix the bug, it's not a
problem! Please think about it and what it would imply for you to adopt
such a model, it's a real time saver and risk saver for your production.
The last one is that we started to use the -next branch to queue some
pending work (that was already merged) and that the principle of finishing
one version while we're starting to queue some work for the next one is
well accepted and will help really us. I'd like this to continue and grow
in importance.
Enough talking, now's time to download and update, and for me to leave to
have dinner :-)
2.1.6
- Revert "BUG/MEDIUM: connections: force connections cleanup on server changes"
- SCRIPTS: publish-release: pass -n to gzip to remove timestamp
- BUG/MINOR: peers: fix internal/network key type mapping.
- BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action
- BUG/MEDIUM: http-htx: Duplicate error messages as raw data instead of string
- BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations
- BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics
- BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
- BUG/MINOR: init: -x can have a parameter starting with a dash
- BUG/MINOR: init: -S can have a parameter starting with a dash
- BUG/MEDIUM: mworker: fix the reload with an -- option
- BUG/MINOR: ssl: fix a trash buffer leak in some error cases
- BUG/MINOR: mworker: fix a memleak when execvp() failed
2.1.5
- BUG/MINOR: protocol_buffer: Wrong maximum shifting.
- MINOR: ssl: improve the errors when a crt can't be open
- BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
- BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
- BUG/MINOR: connection: always send address-less LOCAL PROXY connections
- BUG/MINOR: peers: Incomplete peers sections should be validated.
- DOC: hashing: update link to hashing functions
- MINOR: version: Show uname output in display_version()
- DOC: Improve documentation on http-request set-src
- BUG/MINOR: ssl: default settings for ssl server options are not used
- BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
- BUG/MINOR: tools: fix the i386 version of the div64_32 function
- BUG/MINOR: http: make url_decode() optionally convert '+' to SP
- DOC: option logasap does not depend on mode
- MEDIUM: memory: make pool_gc() run under thread isolation
- MINOR: contrib: make the peers wireshark dissector a plugin
- BUG/MINOR: check: Update server address and port to execute an external check
- MINOR: checks: Add a way to send custom headers and payload during http chekcs
- BUG/MINOR: checks: Respect the no-check-ssl option
- BUG/MEDIUM: server/checks: Init server check during config validity check
- BUG/MINOR: checks: chained expect will not properly wait for enough data
- BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
- BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
- BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
- BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
- BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
- BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
- BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
- BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
- MINOR: threads: export the POSIX thread ID in panic dumps
- BUG/MINOR: debug: properly use long long instead of long for the thread ID
- BUG/MEDIUM: shctx: really check the lock's value while waiting
- BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
- MINOR: stream: report the list of active filters on stream crashes
- MINOR: haproxy: export run_poll_loop
- MINOR: tools: add new function dump_addr_and_bytes()
- MINOR: tools: add resolve_sym_name() to resolve function pointers
- MINOR: debug: use resolve_sym_name() to dump task handlers
- MINOR: cli: make "show fd" rely on resolve_sym_name()
- MEDIUM: debug: add support for dumping backtraces of stuck threads
- MINOR: debug: call backtrace() once upon startup
- BUILD: Makefile: include librt before libpthread
- MINOR: wdt: do not depend on USE_THREAD
- MINOR: debug: report the number of entries in the backtrace
- MINOR: debug: improve backtrace() on aarch64 and possibly other systems
- MINOR: debug: use our own backtrace function on clang+x86_64
- MINOR: debug: dump the whole trace if we can't spot the starting point
- BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms
- BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr()
- BUILD: Makefile: add linux-musl to TARGET
- REGTEST: ssl: test the client certificate authentication
- REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script
- Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections"
- Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections"
- BUG/MINOR: checks/server: use_ssl member must be signed
- BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks
- BUG/MINOR: checks: Remove a warning about http health checks
- BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release()
- BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
- BUG/MEDIUM: connections: force connections cleanup on server changes
- BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed
- BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
- CLEANUP: connections: align function declaration
- BUG/MINOR: sample: Set the correct type when a binary is converted to a string
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
- BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
- BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
- BUG/MINOR: http-ana: fix NTLM response parsing again
- BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
- BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
- BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
- BUG/MINOR: pollers: remove uneeded free in global init
- BUG/MINOR: soft-stop: always wake up waiting threads on stopping
- BUILD: select: only declare existing local labels to appease clang
- BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
- BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
- BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
- BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason
- BUG/MEDIUM: ring: write-lock the ring while attaching/detaching
- BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
- BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
- DOC: retry-on can only be used with mode http
- DOC/MINOR: halog: Add long help info for ic flag
- DOC: SPOE is no longer experimental
- BUG/MINOR: logs: prevent double line returns in some events.
- REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used
- BUG/MEDIUM: logs: fix trailing zeros on log message.
- BUG/MINOR: lua: Add missing string length for lua sticktable lookup
- BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
2.1.4
- SCRIPTS: make announce-release executable again
- BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
- BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
- BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
- MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex
- SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
- MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
- MINOR: filters: Forward data only if the last filter forwards something
- BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
- BUG/MINOR: http-htx: Don't return error if authority is updated without changes
- BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
- MINOR: http-ana: Match on the path if the monitor-uri starts by a /
- BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
- MINOR: ist: add an iststop() function
- BUG/MINOR: http: http-request replace-path duplicates the query string
- BUG/MEDIUM: shctx: make sure to keep all blocks aligned
- MINOR: compiler: move CPU capabilities definition from config.h and complete them
- BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
- BUILD: fix recent build failure on unaligned archs
- CLEANUP: cfgparse: Fix type of second calloc() parameter
- BUG/MINOR: sample: fix the json converter's endian-sensitivity
- BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
- BUG/MINOR: connection: make sure to correctly tag local PROXY connections
- MINOR: compiler: add new alignment macros
- BUILD: ebtree: improve architecture-specific alignment
- BUG/MINOR: h2: reject again empty :path pseudo-headers
- BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
- BUG/MINOR: dns: ignore trailing dot
- BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
- MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
- MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
- BUG/MEDIUM: random: initialize the random pool a bit better
- MINOR: tools: add 64-bit rotate operators
- BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
- MINOR: backend: use a single call to ha_random32() for the random LB algo
- BUG/MINOR: checks/threads: use ha_random() and not rand()
- BUG/MAJOR: list: fix invalid element address calculation
- MINOR: debug: report the task handler's pointer relative to main
- BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
- MINOR: haproxy: export main to ease access from debugger
- BUILD: tools: remove obsolete and conflicting trace() from standard.c
- BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
- DOC: fix incorrect indentation of http_auth_*
- OPTIM: startup: fast unique_id allocation for acl.
- BUG/MINOR: pattern: Do not pass len = 0 to calloc()
- DOC: configuration.txt: fix various typos
- DOC: assorted typo fixes in the documentation and Makefile
- BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
- BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
- REGTEST: make the PROXY TLV validation depend on version 2.2
- BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
- BUG/MINOR: filters: Forward everything if no data filters are called
- MINOR: htx: Add a function to return a block at a specific offset
- BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
- BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
- BUG/MINOR: http-ana: Reset request analysers on a response side error
- BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
- BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
- BUG/MINOR: http-rules: Fix a typo in the reject action function
- BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
- BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
- DOC: fix typo about no-tls-tickets
- DOC: improve description of no-tls-tickets
- DOC: assorted typo fixes in the documentation
- DOC: ssl: clarify security implications of TLS tickets
- BUILD: wdt: only test for SI_TKILL when compiled with thread support
- BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
- MINOR: mt_lists: Appease gcc.
- BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
- BUG/MEDIUM: pools: Always update free_list in pool_gc().
- BUG/MINOR: haproxy: always initialize sleeping_thread_mask
- BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
- BUG/MINOR: haproxy/threads: try to make all threads leave together
- DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
- DOC: correct typo in alert message about rspirep
- BUILD: on ARM, must be linked to libatomic.
- BUILD: makefile: fix regex syntax in ARM platform detection
- BUILD: makefile: fix expression again to detect ARM platform
- BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
- DOC: assorted typo fixes in the documentation
- MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
- BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
- MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
- BUG/MINOR: connections: Make sure we free the connection on failure.
- REGTESTS: use "command -v" instead of "which"
- REGTEST: increase timeouts on the seamless-reload test
- BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
- BUG/MINOR: peers: Use after free of "peers" section.
- MINOR: listener: add so_name sample fetch
- BUILD: ssl: only pass unsigned chars to isspace()
- BUG/MINOR: stats: Fix color of draining servers on stats page
- DOC: internals: Fix spelling errors in filters.txt
- MINOR: http-rules: Add a flag on redirect rules to know the rule direction
- BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
- MINOR: http-rules: Handle the rule direction when a redirect is evaluated
- BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
- BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
These lines have been accidentally removed on 2016-03-04 when haproxy was
updated to 1.6.4 and the distinfo file had been generated without the
option "deviceatlas".
Apparently nobody missed this package option in the last 4 years though,
at least there is no problem report about this.
Detected by an experimental pkglint check that is not yet reliable enough
to be put into production.
2.1.3
- BUG/MINOR: checks: refine which errno values are really errors.
- BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready.
- BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection.
- MINOR: config: disable busy polling on old processes
- MINOR: ssl: Remove unused variable "need_out".
- BUG/MINOR: h1: Report the right error position when a header value is invalid
- BUG/MINOR: proxy: Fix input data copy when an error is captured
- BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied
- BUG/MINOR: channel: inject output data at the end of output
- BUG/MEDIUM: session: do not report a failure when rejecting a session
- BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached
- BUG/MEDIUM: tasks: Use the MT macros in tasklet_free().
- BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send()
- BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch
- BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary
- BUG/MINOR: cli/mworker: can't start haproxy with 2 programs
- REGTEST: mcli/mcli_start_progs: start 2 programs
- BUG/MEDIUM: mworker: remain in mworker mode during reload
- BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed().
- BUG/MAJOR: hashes: fix the signedness of the hash inputs
- REGTEST: add sample_fetches/hashes.vtc to validate hashes
- BUG/MEDIUM: cli: _getsocks must send the peers sockets
- BUG/MINOR: stream: don't mistake match rules for store-request rules
- BUG/MEDIUM: connection: add a mux flag to indicate splice usability
- BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
- BUG/MINOR: cache: Fix leak of cache name in error path
- BUG/MINOR: dns: Make dns_query_id_seed unsigned
- BUG/MINOR: 51d: Fix bug when HTX is enabled
- BUILD: pattern: include errno.h
- BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters
- BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
- BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
- BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing
- BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak
- BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak
- BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak
- MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive
- BUG/MINOR: http_act: don't check capture id in backend
- BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst.
- BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
- BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded
- CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2
- BUG/MINOR: ssl: increment issuer refcount if in chain
- BUG/MINOR: ssl: memory leak w/ the ocsp_issuer
- BUG/MINOR: ssl: typo in previous patch
- BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert"
- BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
- BUG/MINOR: stktable: report the current proxy name in error messages
- BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers"
- BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines
- MINOR: lua: Add hlua_prepend_path function
- MINOR: lua: Add lua-prepend-path configuration option
- MINOR: lua: Add HLUA_PREPEND_C?PATH build option
- BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.
- BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack
- BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
- BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.
- BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
- BUG/MEDIUM: connections: Don't forget to unlock when killing a connection.
- BUG/MEDIUM: memory_pool: Update the seq number in pool_flush().
- MINOR: memory: Only init the pool spinlock once.
- BUG/MEDIUM: memory: Add a rwlock before freeing memory.
- BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty.
- BUG/MINOR: ssl: we may only ignore the first 64 errors
- BUG/MINOR: ssl: clear the SSL errors on DH loading failure
- CONTRIB: debug: add missing flags SF_HTX and SF_MUX
- CONTRIB: debug: add the possibility to decode the value as certain types only
- CONTRIB: debug: support reporting multiple values at once
- MINOR: acl: Warn when an ACL is named 'or'
- CONTRIB: debug: also support reading values from stdin
- SCRIPTS: announce-release: place the send command in the mail's header
- SCRIPTS: announce-release: allow the user to force to overwrite old files
- BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init
- DOC: schematic of the SSL certificates architecture
- BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
- BUG/MINOR: dns: allow 63 char in hostname
- BUG/MEDIUM: listener: only consider running threads when resuming listeners
- BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
- BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
- MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs
- DOC: word converter ignores delimiters at the start or end of input string
- MINOR: htx: Add a function to append an HTX message to another one
- MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer
- BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported
- BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect
- BUG/MINOR: tcp: don't try to set defaultmss when value is negative
2.1.2:
* BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
* BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
* BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
* BUG/MEDIUM: ssl: Revamp the way early data are handled.
* BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the
same fd
* BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
* MINOR: sample: Validate the number of bits for the sha2 converter
* DOC: clarify the fact that replace-uri works on a full URI
* BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
* BUG/MINOR: sample: always check converters' arguments
* MINOR: debug: support logging to various sinks
* MINOR: http: add a new "replace-path" action
* MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
* BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
* MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
* BUG/MEDIUM: state-file: do not allocate a full buffer for each server
* BUG/MINOR: state-file: do not store duplicates in the global tree
* BUG/MINOR: state-file: do not leak memory on parse errors
2.0.12
- DOC: Improve documentation of http-re(quest|sponse) replace-(header|value|uri)
- DOC: clarify the fact that replace-uri works on a full URI
- BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
- BUG/MINOR: sample: always check converters' arguments
- BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
- MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
- BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
- BUG/MEDIUM: ssl: Revamp the way early data are handled.
- MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
- BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
- BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
- BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
- BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
2.0.11
- BUG/MINOR: stream: init variables when the list is empty
- BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones
- BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only
- BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty
- DOC: Clarify behavior of server maxconn in HTTP mode
- DOC: clarify matching strings on binary fetches
- DOC: move the "group" keyword at the right place
- BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
- BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
- BUG/MEDIUM: listener/thread: fix a race when pausing a listener
- BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
- BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
- BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
- BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
- BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity().
- BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting.
- BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added
- BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
- BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
- BUG/MINOR: listener: also clear the error flag on a paused listener
- BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept()
- DOC: document the listener state transitions
- BUG/MAJOR: dns: add minimalist error processing on the Rx path
- BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
- BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
- DOC: listeners: add a few missing transitions
- BUG/MINOR: tasks: only requeue a task if it was already in the queue
- DOC: proxies: HAProxy only supports 3 connection modes
- BUILD/MINOR: ssl: shut up a build warning about format truncation
- BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset()
- BUILD: do not disable -Wformat-truncation anymore
- DOC: remove references to the outdated architecture.txt
- BUG/MINOR: log: fix minor resource leaks on logformat error path
- BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
- BUG/MINOR: listener: do not immediately resume on transient error
- BUG/MINOR: server: make "agent-addr" work on default-server line
- BUG/MINOR: listener: fix off-by-one in state name check
- BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy()
Changes:
2019/11/25 : 2.0.10
- BUG/MINOR: init: fix set-dumpable when using uid/gid
- MINOR: peers: Alway show the table info for disconnected peers.
- MINOR: peers: Add TX/RX heartbeat counters.
- MINOR: peers: Add debugging information to "show peers".
- BUG/MINOR: peers: Wrong null "server_name" data field handling.
- BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
- BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec
- BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
- BUILD/MINOR: ssl: fix compiler warning about useless statement
- BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
- BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
- BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
- BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
- MINOR: freq_ctr: Make the sliding window sums thread-safe
- MINOR: stream: Remove the lock on the proxy to update time stats
- MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
- MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
- BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
- MINOR: contrib/prometheus-exporter: report the number of idle conns per server
- MINOR: contrib/prometheus-exporter: filter exported metrics by scope
- MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
- BUG/MINOR: stream-int: Fix si_cs_recv() return value
- MINOR: stats: Report max times in addition of the averages for sessions
- REGTEST: vtest can now enable mcli with its own flag
- MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
- BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
- BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
- DOC: Add missing stats fields in the management manual
- DOC: Add documentation about the use-service action
- BUG/MINOR: cli: fix out of bounds in -S parser
- BUG/MINOR: ssl: fix curve setup with LibreSSL
- MINOR: ist: add ist_find_ctl()
- BUG/MAJOR: h2: reject header values containing invalid chars
- BUG/MAJOR: h2: make header field name filtering stronger
- BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
- SCRIPTS: create-release: show the correct origin name in suggested commands
- SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
2019/11/15 : 2.0.9
- MINOR: config: warn on presence of "\n" in header values/replacements
- BUG/MINOR: mux-h2: do not emit logs on backend connections
- MINOR: tcp: avoid confusion in time parsing init
- BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed
- BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent
- BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached
- BUG/MINOR: spoe: fix off-by-one length in UUID format string
- MINOR: mux: Add a new method to get informations about a mux.
- BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready.
- BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready.
- BUG/MINOR: config: Update cookie domain warn to RFC6265
- BUG/MEDIUM: mux-h2: report no available stream on a connection having errors
- BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list
- BUG/MEDIUM: mux-h2: immediately report connection errors on streams
- BUG/MEDIUM: mux-h1: Disable splicing for chunked messages
- BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it
- MINOR: doc: http-reuse connection pool fix
- BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams
- BUG/MINOR: action: do-resolve now use cached response
- BUG: dns: timeout resolve not applied for valid resolutions
- DOC: management: document reuse and connect counters in the CSV format
- DOC: management: document cache_hits and cache_lookups in the CSV format
- DOC: management: fix typo on "cache_lookups" stats output
- BUG/MINOR: queue/threads: make the queue unlinking atomic
- BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition
- BUG/MEDIUM: Make sure we leave the session list in session_free().
- CLEANUP: session: slightly simplify idle connection cleanup logic
- MINOR: memory: also poison the area on freeing
- BUILD: contrib/da: remove an "unused" warning
- BUG/MINOR: log: limit the size of the startup-logs
- BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams
- BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe
HAProxy 2.0.8 was released on 2019/10/23. It added 47 new commits
after version 2.0.7.
There is one bug tagged major but also a significant number of medium bugs
which arguably have more chances to impact more people so I preferred not
to wait too long before a release.
The main fix is a risk of random crash when running with connection pools
on more than 32 threads, due to a mask calculation error causing the idle
connections cleanup task to be scheduled on wrong threads for threads 32
and above.
Other issues concern the risk of seeing an applet being killed when running
too fast, as was reported a few times with the peers applet on reloads. The
redirects were broken when HTX is disabled, a 503 could be returned. The
cache could cache absolute URIs still using the Host header as a key, which
is not a good idea as the authority in the URI has precedence. Some crashes
have been fixed in connection aborts in TCP and legacy mode. Some H2
connections would occasionally not time out if a stream was still waiting
on flow control. On some rare occasions in HTX mode the last CRLF after a
chunked encoded transfer could fail to be copied if only the CR could fit
into the buffer, resulting in a transfer error for the client. Looking up
stick-table keys from Lua could segfault. The pattern LRU cache was
inappropriately shared between threads, creating a bottleneck around its
lock. The dh-param setting was ignored on openssl 1.1.1 and above, often
resulting in slower transfers or even handshake failures when connecting to
servers supporting smaller keys.
2019/09/27 : 2.0.7
- BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument
- BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe
- BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame
- BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1
- BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send()
- BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends
- BUG/MEDIUM: checks: make sure the connection is ready before trying to recv
- BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready
- BUG/MEDIUM: namespace: close open namespaces during soft shutdown
- BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams
- BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream
- BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames
- BUG/MINOR: mux-h1: Do h2 upgrade only on the first request
- BUG/MEDIUM: spoe: Use a different engine-id per process
- MINOR: spoe: Improve generation of the engine-id
- MINOR: spoe: Support the async mode with several threads
- MINOR: stats: Add the support of float fields in stats
- BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds
- DOC: Fix documentation about the cli command to get resolver stats
- BUG/MEDIUM: namespace: fix fd leak in master-worker mode
2019/09/13 : 2.0.6
- MINOR: debug: indicate the applet name when the task is task_run_applet()
- MINOR: tools: add append_prefixed_str()
- MINOR: lua: export applet and task handlers
- MEDIUM: debug: make the thread dump code show Lua backtraces
- BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary
- BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full
- DOC: fixed typo in management.txt
- BUG/MINOR: mworker: disable SIGPROF on re-exec
- BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()
- BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
- BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data
- BUG/MEDIUM: peers: local peer socket not bound.
- BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled
- BUG/MINOR: h1: Properly reset h1m when parsing is restarted
- BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing
- BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached
- BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers
- BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks
- BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big
- BUG/MINOR: checks: stop polling for write when we have nothing left to send
- BUG/MINOR: checks: start sending the request right after connect()
- BUG/MINOR: checks: make __event_chk_srv_r() report success before closing
- BUG/MINOR: checks: do not uselessly poll for reads before the connection is up
- MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers
- BUG/MINOR: lb/leastconn: ignore the server weights for empty servers
- BUG/MAJOR: ssl: ssl_sock was not fully initialized.
- BUG/MEDIUM: connection: don't keep more idle connections than ever needed
- MINOR: stats: report the number of idle connections for each server
- BUG/MINOR: listener: Fix a possible null pointer dereference
- BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context
- BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding
- BUG/MINOR: filters: Properly set the HTTP status code on analysis error
- BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
- BUG/MINOR: backend: Fix a possible null pointer dereference
- BUG/MINOR: Missing stat_field_names (since f21d17bb)
- MINOR: sample: Add UUID-fetch
2.0.5
- BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
- BUG/MINOR: ssl: fix 0-RTT for BoringSSL
- MINOR: ssl: ssl_fc_has_early should work for BoringSSL
- BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it
- BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX.
- BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream.
- BUG/MINOR: lua: fix setting netfilter mark
- BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers
- BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected.
- BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout
- BUG/MINOR: stats: Wait the body before processing POST requests
- MINOR: fd: make sure to mark the thread as not stuck in fd_update_events()
- BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
2.0.4
- BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
- BUG/MINOR: proxy: always lock stop_proxy()
- BUILD: threads: add the definition of PROTO_LOCK
- BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
- BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
- BUG/MINOR: log: make sure writev() is not interrupted on a file output
- DOC: improve the wording in CONTRIBUTING about how to document a bug fix
- BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
- BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
- MINOR: hlua: Don't set request analyzers on response channel for lua actions
- MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
- BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
- BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
- BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
- BUG/MINOR: debug: fix a small race in the thread dumping code
- MINOR: wdt: also consider that waiting in the thread dumper is normal
- BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
- BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
- BUG/MINOR: stream-int: also update analysers timeouts on activity
- BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
- BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
- BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2
- BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete().
- BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one
- BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data()
- BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads
- BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition
- BUG/MINOR: mux-h2: always send stream window update before connection's
- BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame
- BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak
1.8.20
- BUG/MAJOR: listener: Make sure the listener exist before using it.
- BUG/MINOR: listener: keep accept rate counters accurate under saturation
- BUG/MEDIUM: logs: Only attempt to free startup_logs once.
- BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
- BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
- MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
- BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
- BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
- BUG/MAJOR: stats: Fix how huge POST data are read from the channel
- BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
- BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
- DOC: The option httplog is no longer valid in a backend.
- BUG/MAJOR: checks: segfault during tcpcheck_main
- BUILD: makefile: work around an old bug in GNU make-3.80
- MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
- BUILD: makefile: fix build of IPv6 header on aix51
- BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
- BUILD: Makefile: disable shared cache on AIX 5.1
- BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
- MINOR: cli: start addresses by a prefix in 'show cli sockets'
- BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.
- BUILD: use inttypes.h instead of stdint.h
- BUILD: connection: fix naming of ip_v field
- BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
- BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
- BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
- BUG/MINOR: threads: fix the process range of thread masks
- MINOR: lists: Implement locked variations.
- BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
- BUG/MEDIUM: list: fix the rollback on addq in the locked liss
- BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
- BUG/MEDIUM: list: add missing store barriers when updating elements and head
- MINOR: list: make the delete and pop operations idempotent
- BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
- BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
- BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
- MAJOR: listener: do not hold the listener lock in listener_accept()
- BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
- BUG/MEDIUM: listener: make sure the listener never accepts too many conns
- BUILD/MINOR: listener: Silent a few signedness warnings.
- MINOR: skip get_gmtime where tm is unused
- BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
- BUG/MEDIUM: maps: only try to parse the default value when it's present
- BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
- BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
- BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
- BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
- BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
1.8.19
- DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
- DOC: ssl: Stop documenting ciphers example to use
- BUG/MINOR: spoe: do not assume agent->rt is valid on exit
- BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
- BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
- BUG/MEDIUM: server: initialize the idle conns list after parsing the config
- BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
- BUG/MAJOR: stream: avoid double free on unique_id
- BUG/MINOR: config: Reinforce validity check when a process number is parsed
1.8.18
- DOC: http-request cache-use / http-response cache-store expects cache name
- BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
- BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT.
- DOC: Be a bit more explicit about allow-0rtt security implications.
- BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
- BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
- BUG/MINOR: backend: balance uri specific options were lost across defaults
- BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
- BUG/MINOR: stick_table: Prevent conn_cur from underflowing
- BUG/MINOR: server: don't always trust srv_check_health when loading a server state
- BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk()
- BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
- DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
- MINOR: h2: add a bit-based frame type representation
- MINOR: h2: declare new sets of frame types
- BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
- BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
- BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream
- BUG/MINOR: hpack: return a compression error on invalid table size updates
- DOC: nbthread is no longer experimental.
- BUG/MINOR: spoe: corrected fragmentation string size
- BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
- SCRIPTS: add the slack channel URL to the announce script
- SCRIPTS: add the issue tracker URL to the announce script
- BUG/MINOR: stream: don't close the front connection when facing a backend error
- MINOR: xref: Add missing barriers.
- BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
- BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
- BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
- BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
- MINOR: stream-int: expand the flags to 32-bit
- MINOR: stream-int: add a new flag to mention that we want the connection to be killed
- MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
- BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
- BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
- BUG/MINOR: config: fix bind line thread mask validation
- BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
- BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
- BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
Changelog:
2019/01/08 : 1.8.17
- BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
- MINOR: mux-h2: only increase the connection window with the first update
- BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
- BUG/MEDIUM: server: Also copy "check-sni" for server templates.
- MINOR: lb: allow redispatch when using consistent hash
- MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
- MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
- BUG/MEDIUM: cli: make "show sess" really thread-safe
- BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
- BUG/MINOR: lua: bad args are returned for Lua actions
- BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
- BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
2018/12/21 : 1.8.16
- BUG/MINOR: logs: leave startup-logs global and not per-thread
- BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
- BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
2018/12/13 : 1.8.15
- MINOR: threads: Make sure threads_sync_pipe is initialized before using it.
- DOC: clarify force-private-cache is an option
- BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
- BUG/MINOR: backend: check that the mux installed properly
- BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2.
- MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
- BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
- BUG/MINOR: checks: queues null-deref
- BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
- BUG/MEDIUM: stream: don't crash on out-of-memory
- BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
- BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk()
- BUILD: stick-table: make sure not to fail on task_new() during initialization
- BUILD: peers: check allocation error during peers_init_sync()
- DOC: Fix a few typos
- BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
- BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile
- BUILD: compiler: add a new statement "__unreachable()"
- MINOR: lua: all functions calling lua_yieldk() may return
- BUILD: lua: silence some compiler warnings about potential null derefs (#2)
- BUILD: lua: silence some compiler warnings after WILL_LJMP
- CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
- BUILD: Makefile: add a "make opts" target to simply show the build options
- BUILD: Makefile: speed up compiler options detection
- BUILD: Makefile: silence an option conflict warning with clang
- MINOR: server: Use memcpy() instead of strncpy().
- MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
- MINOR: peers: use defines instead of enums to appease clang.
- DOC: fix reference to map files in MAINTAINERS
- BUILD: compiler: rename __unreachable() to my_unreachable()
- BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
- BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
- BUILD: Makefile: add the new ERR variable to force -Werror
- BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
- BUG/MINOR: cache: Wrong usage of shctx_init().
- BUG/MINOR: ssl: Wrong usage of shctx_init().
- DOC: cache: Missing information about "total-max-size"
- BUG/MINOR: only mark connections private if NTLM is detected
- BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
- BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
- BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
- BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
- BUG/MEDIUM: Make sure stksess is properly aligned.
- BUG/MINOR: config: Copy default error messages when parsing of a backend starts
- BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
- BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
- BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
- BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
- BUG/MINOR: lb-map: fix unprotected update to server's score
- BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
- BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
- BUG/MINOR: mux-h2: refrain from muxing during the preface
- BUG/MINOR: mux-h2: advertise a larger connection window size
- BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM
- BUILD: threads: fix minor build warnings when threads are disabled
- MINOR: stats: report the number of active jobs and listeners in "show info"
- MINOR: servers: Free [idle|safe|priv]_conns on exit.
- DOC: clarify that check-sni needs an argument.
- DOC: refer to check-sni in the documentation of sni
- BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
- BUG: dns: Prevent out-of-bounds read in dns_read_name()
- BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
- BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
- BUG: dns: Fix off-by-one write in dns_validate_dns_response()
- DOC: Update configuration doc about the maximum number of stick counters.
- DOC: restore note about "independant" typo
- DOC: Fix typos in README and CONTRIBUTING
- DOC: Fix typos in different subsections of the documentation
- DOC: fix a few typos in the documentation
ChangeLog:
Released version 1.8.13 with the following main changes :
- MINOR: systemd: consider exit status 143 as successful
- BUG/MINOR: ssl: properly ref-count the tls_keys entries
- MINOR: mux: add a "show_fd" function to dump debugging information for "show fd"
- MINOR: h2: implement a basic "show_fd" function
- BUG/MINOR: h2: remove accidental debug code introduced with show_fd function
- MINOR: h2: keep a count of the number of conn_streams attached to the mux
- MINOR: h2: add the mux and demux buffer lengths on "show fd"
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
- BUG/MINOR: http: Set brackets for the unlikely macro at the right place
- BUILD: Generate sha256 checksums in publish-release
- MINOR: debug: Add check for CO_FL_WILL_UPDATE
- MINOR: debug: Add checks for conn_stream flags
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- MINOR: h2: add the error code and the max/last stream IDs to "show fd"
- BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MINOR: servers: Don't make "server" in a frontend fatal.
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
- BUG/MINOR: config: stick-table is not supported in defaults section
- BUG/MINOR: threads: Handle nbthread == MAX_THREADS.
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- MINOR: threads: move "nbthread" parsing to hathreads.c
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
- MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
- SCRIPTS: git-show-backports: add missing quotes to "echo"
Released version 1.8.14 with the following main changes :
- BUG/MEDIUM: servers: check the queues once enabling a server
- BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections
- MINOR: dns: fix wrong score computation in dns_get_ip_from_response
- MINOR: dns: new DNS options to allow/prevent IP address duplication
- BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
- MINOR: threads: Introduce double-width CAS on x86_64 and arm.
- BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
- MINOR: threads: add more consistency between certain variables in no-thread case
- BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point
- MEDIUM: hathreads: implement a more flexible rendez-vous point
- BUG/MEDIUM: cli: make "show fd" thread-safe
- BUG/MINOR: ssl: empty connections reported as errors.
- BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
- BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
- BUG/MINOR: map: fix map_regm with backref
- DOC: dns: explain set server ... fqdn requires resolver
- DOC: ssl: Use consistent naming for TLS protocols
- BUG/MEDIUM: lua: socket timeouts are not applied
- BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates
- BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations
- DOC: Fix spelling error in configuration doc
- BUG/MEDIUM: unix: provide a ->drain() function
- BUG/MINOR: lua: Bad HTTP client request duration.
- BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake()
- BUG/MEDIUM: lua: reset lua transaction between http requests
- BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
- BUG/MAJOR: thread: lua: Wrong SSL context initialization.
- BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
- BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file
- BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
- MINOR: thread: implement HA_ATOMIC_XADD()
- BUG/MINOR: stream: use atomic increments for the request counter
- BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
- BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames
- BUG/MINOR: dns: check and link servers' resolvers right after config parsing
- BUG/MINOR: http/threads: atomically increment the error snapshot ID
- BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors
- BUG/MAJOR: kqueue: Don't reset the changes number by accident.
- BUG/MINOR: server: Crash when setting FQDN via CLI.
- DOC: Fix typos in lua documentation
- BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
- BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
- BUG/MINOR: cli: make sure the "getsock" command is only called on connections
- BUG/CRITICAL: hpack: fix improper sign check on the header index value
ChangeLog:
2018/06/27 : 1.8.12
- BUG/MAJOR: stick_table: Complete incomplete SEGV fix
- MINOR: stick-tables: make stktable_release() do nothing on NULL
2018/06/26 : 1.8.11
- BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table
- BUG/BUILD: threads: unbreak build without threads
2018/06/22 : 1.8.10
- BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments.
- BUG/MEDIUM: spoe: Flags are not encoded in network order
- BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
- BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
- BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation
- BUG/MEDIUM: cache: don't cache when an Authorization header is present
- BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
- BUG/BUILD: threads: unbreak build without threads
- BUG/BUILD: fd: fix typo causing a warning when threads are disabled
- BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
- BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
- BUG/MEDIUM: lua/socket: Length required read doesn't work
- BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
- BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
- MINOR: task/notification: Is notifications registered ?
- BUG/MEDIUM: lua/socket: wrong scheduling for sockets
- BUG/MAJOR: lua: Dead lock with sockets
- BUG/MEDIUM: lua/socket: Notification error
- BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
- BUG/MEDIUM: lua/socket: Buffer error, may segfault
- MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
- BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect
- BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect
- BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect
- BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame
- BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame
- DOC: SPOE.txt: fix a typo
- DOC: contrib/modsecurity: few typo fixes
- BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload.
- BUG/MEDIUM: threads: handle signal queue only in thread 0
- BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing
- BUG/MINOR: signals: ha_sigmask macro for multithreading
- MINOR: lua: Increase debug information
- BUG/MAJOR: map: fix a segfault when using http-request set-map
- BUG/MINOR: lua: Segfaults with wrong usage of types.
- BUG/MAJOR: ssl: Random crash with cipherlist capture
- BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
- BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
- BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
- MINOR: threads: Be sure to remove threads from all_threads_mask on exit
2018/05/18 : 1.8.9
- BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()
- BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
- BUG/MINOR: log: t_idle (%Ti) is not set for some requests
- BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
- MINOR: h2: detect presence of CONNECT and/or content-length
- BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
- BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
- BUG/MINOR: config: disable http-reuse on TCP proxies
- BUG/MINOR: checks: Fix check->health computation for flapping servers
- BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
- BUG/MINOR: lua: Put tasks to sleep when waiting for data
- DOC/MINOR: clean up LUA documentation re: servers & array/table.
- BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
- BUG/MEDIUM: task: Don't free a task that is about to be run.
- BUG/MINOR: lua: schedule socket task upon lua connect()
- BUG/MINOR: lua: ensure large proxy IDs can be represented
- BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
- BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
- BUG/MEDIUM: ssl: properly protect SSL cert generation
- BUG/MINOR: spoe: Mistake in error message about SPOE configuration
2018/04/19 : 1.8.8
- BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
- BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
- BUG/MINOR: http: Return an error in proxy mode when url2sa fails
- BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
- BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
- MINOR: cli: Ensure the CLI always outputs an error when it should
- DOC: lua: update the links to the config and Lua API
- BUG/CRITICAL: h2: fix incorrect frame length check
1.8.7:
- BUG/MAJOR: cache: always initialize newly created objects
- MINOR: servers: Support alphanumeric characters for the server templates names
1.8.6:
- BUG/MINOR: lua: the function returns anything
- BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
- BUILD/MINOR: fix build when USE_THREAD is not defined
- MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
- MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
- BUILD/MINOR: cli: fix a build warning introduced by last commit
- BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
- CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
- MINOR: h2: provide and use h2s_detach() and h2s_free()
- BUG/MAJOR: h2: remove orphaned streams from the send list before closing
- MINOR: h2: always call h2s_detach() in h2_detach()
- MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
- BUG/MEDIUM: h2/threads: never release the task outside of the task handler
- BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
- BUILD/MINOR: threads: always export thread_sync_io_handler()
- BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
- BUG/MINOR: checks: check the conn_stream's readiness and not the connection
- BUG/MINOR: email-alert: Set the mailer port during alert initialization
- BUG/MINOR: cache: fix "show cache" output
- BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
- BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
- BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
- BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk
1.8.5:
- BUG/MINOR: threads: fix missing thread lock labels for 1.8
- BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
- BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
- BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
- BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
- BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
- BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
- DOC: lua: new prototype for function "register_action()"
- DOC: cfgparse: Warn on option (tcp|http)log in backend
- BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
- MINOR: debug/pools: make DEBUG_UAF also detect underflows
- BUG/MINOR: h2: Set the target of dbuf_wait to h2c
- MINOR: stats: display the number of threads in the statistics.
- BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
- BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
- BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
- Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')"
- MINOR: systemd: Add section for SystemD sandboxing to unit file
- MINOR: systemd: Add SystemD's Protect*= options to the unit file
- MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
- MINOR/BUILD: fix Lua build on Mac OS X
- BUILD/MINOR: fix Lua build on Mac OS X (again)
- BUG/MINOR: session: Fix tcp-request session failure if handshake.
- CLEANUP: .gitignore: Ignore binaries from the contrib directory
- BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
- BUG/MEDIUM: h2: also arm the h2 timeout when sending
- BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
- CLEANUP: ssl: Remove a duplicated #include
- CLEANUP: cli: Remove a leftover debug message
- BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
- BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
- BUG/MINOR: force-persist and ignore-persist only apply to backends
- BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
- BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
- BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
- BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
- BUG/MINOR: seemless reload: Fix crash when an interface is specified.
- BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
- BUILD: ssl: Fix build with OpenSSL without NPN capability
- BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
- BUG/MINOR: lua: return bad error messages
- BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
- BUG/MINOR: tcp-check: use the server's service port as a fallback
- BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
- MINOR: log: stop emitting alerts when it's not possible to write on the socket
- BUILD/BUG: enable -fno-strict-overflow by default
- DOC: log: more than 2 log servers are allowed
- DOC: don't suggest using http-server-close
- BUG/MEDIUM: h2: properly account for DATA padding in flow control
- BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
- BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected
This package explicitly avoids C99-isms and fails to build in C99 mode with
older compilers, even though it works fine with newer compilers that default
to C99 mode. So, we need to explicitly request XPG4_2 if and only if the
compiler does not default to C99, and must not require C99.
1.8.4
- BUG/MEDIUM: h2: properly handle the END_STREAM flag on empty DATA frames
- BUILD: ssl: silence a warning when building without NPN nor ALPN support
- BUG/MEDIUM: ssl: cache doesn't release shctx blocks
- BUG/MINOR: lua: Fix default value for pattern in Socket.receive
- DOC: lua: Fix typos in comments of hlua_socket_receive
- BUG/MEDIUM: lua: Fix IPv6 with separate port support for Socket.connect
- BUG/MINOR: lua: Fix return value of Socket.settimeout
- MINOR: dns: Handle SRV record weight correctly.
- BUG/MEDIUM: mworker: execvp failure depending on argv[0]
- MINOR: hathreads: add support for gcc < 4.7
- BUILD/MINOR: ancient gcc versions atomic fix
- BUG/MEDIUM: stream: properly handle client aborts during redispatch
- DOC: clarify the scope of ssl_fc_is_resumed
- CONTRIB: debug: fix a few flags definitions
- BUG/MINOR: poll: too large size allocation for FD events
- BUG/MEDIUM: peers: fix expire date wasn't updated if entry is modified remotely.
- MINOR: servers: Don't report duplicate dyncookies for disabled servers.
- MINOR: global/threads: move cpu_map at the end of the global struct
- MINOR: threads: add a MAX_THREADS define instead of LONGBITS
- MINOR: global: add some global activity counters to help debugging
- MINOR: threads/fd: Use a bitfield to know if there are FDs for a thread in the FD cache
- BUG/MEDIUM: threads/polling: Use fd_cache_mask instead of fd_cache_num
- BUG/MEDIUM: fd: maintain a per-thread update mask
- MINOR: fd: add a bitmask to indicate that an FD is known by the poller
- BUG/MEDIUM: epoll/threads: use one epoll_fd per thread
- BUG/MEDIUM: kqueue/threads: use one kqueue_fd per thread
- BUG/MEDIUM: threads/mworker: fix a race on startup
- BUG/MINOR: mworker: only write to pidfile if it exists
- MINOR: threads: Fix build when we're not compiling with threads.
- BUG/MINOR: threads: always set an owner to the thread_sync pipe
- BUG/MEDIUM: threads/server: Fix deadlock in srv_set_stopping/srv_set_admin_flag
- BUG/MEDIUM: checks: Don't try to release undefined conn_stream when a check is freed
- BUG/MINOR: kqueue/threads: Don't forget to close kqueue_fd[tid] on each thread
- MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif
- BUILD: epoll/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
- BUILD: kqueue/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
- CLEANUP: sample: Fix comment encoding of sample.c
- CLEANUP: sample: Fix outdated comment about sample casts functions
- BUG/MINOR: sample: Fix output type of c_ipv62ip
- CLEANUP: Fix typo in ARGT_MSK6 comment
- BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs
- BUG/MINOR: threads: Update labels array because of changes in lock_label enum
- BUG/MINOR: epoll/threads: only call epoll_ctl(DEL) on polled FDs
- BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns
- BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side
- BUG/MINOR: time/threads: ensure the adjusted time is always correct
- BUG/MEDIUM: standard: Fix memory leak in str2ip2()
- MINOR: init: emit warning when -sf/-sd cannot parse argument
- DOC: Describe routing impact of using interface keyword on bind lines
- DOC: Mention -Ws in the list of available options
- BUG/MINOR: config: don't emit a warning when global stats is incompletely configured
1.8.3:
- BUG/MEDIUM: h2: properly handle and report some stream errors
- BUG/MEDIUM: h2: improve handling of frames received on closed streams
- DOC/MINOR: configuration: typo, formatting fixes
- BUG/MEDIUM: h2: ensure we always know the stream before sending a reset
- BUG/MEDIUM: mworker: don't close stdio several time
- MINOR: don't close stdio anymore
- BUG/MEDIUM: http: don't automatically forward request close
- BUG/MAJOR: hpack: don't return direct references to the dynamic headers table
- MEDIUM: h2: prepare a graceful shutdown when the frontend is stopped
1.8.2:
- BUG/MINOR: action: Don't check http capture rules when no id is defined
- BUG/MAJOR: hpack: don't pretend large headers fit in empty table
- BUG/MINOR: ssl: support tune.ssl.cachesize 0 again
- BUG/MEDIUM: mworker: also close peers sockets in the master
- BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically.
- BUG/MEDIUM: checks: a down server going to maint remains definitely stucked on down state.
- BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface
- BUG/MEDIUM: h2: fix handling of end of stream again
- MINOR: mworker: Update messages referencing exit-on-failure
- MINOR: mworker: Improve wording in `void mworker_wait()`
- CONTRIB: halog: Add help text for -s switch in halog program
- BUG/MEDIUM: email-alert: don't set server check status from a email-alert task
- BUG/MEDIUM: threads/vars: Fix deadlock in register_name
- MINOR: systemd: remove comment about HAPROXY_STATS_SOCKET
- DOC: notifications: add precisions about thread usage
- BUG/MEDIUM: lua/notification: memory leak
- MINOR: conn_stream: add new flag CS_FL_RCV_MORE to indicate pending data
- BUG/MEDIUM: stream-int: always set SI_FL_WAIT_ROOM on CS_FL_RCV_MORE
- BUG/MEDIUM: h2: automatically set CS_FL_RCV_MORE when the output buffer is full
- BUG/MEDIUM: h2: enable recv polling whenever demuxing is possible
- BUG/MEDIUM: h2: work around a connection API limitation
- BUG/MEDIUM: h2: debug incoming traffic in h2_wake()
- MINOR: h2: store the demux padding length in the h2c struct
- BUG/MEDIUM: h2: support uploading partial DATA frames
- MINOR: h2: don't demand that a DATA frame is complete before processing it
- BUG/MEDIUM: h2: don't switch the state to HREM before end of DATA frame
- BUG/MEDIUM: h2: don't close after the first DATA frame on tunnelled responses
- BUG/MEDIUM: http: don't disable lingering on requests with tunnelled responses
- BUG/MEDIUM: h2: fix stream limit enforcement
- BUG/MINOR: stream-int: don't try to receive again after receiving an EOS
- BUG: MAJOR: lb_map: server map calculation broken
- BUG: MINOR: http: don't check http-request capture id when len is provided
- BUILD/MINOR: Makefile : enabling USE_CPU_AFFINITY
- BUG/MEDIUM: mworker: Set FD_CLOEXEC flag on log fd
- DOC/MINOR: intro: typo, wording, formatting fixes
- MINOR: netscaler: respect syntax
- MINOR: netscaler: remove the use of cip_magic only used once
- MINOR: netscaler: rename cip_len to clarify its uage
- BUG/MEDIUM: netscaler: use the appropriate IPv6 header size
- BUG/MAJOR: netscaler: address truncated CIP header detection
- CONTRIB: iprange: Fix compiler warning in iprange.c
- CONTRIB: halog: Fix compiler warnings in halog.c
- BUG/MINOR: h2: properly report a stream error on RST_STREAM
- MINOR: mux: add flags to describe a mux's capabilities
- MINOR: stream-int: set flag SI_FL_CLEAN_ABRT when mux supports clean aborts
- BUG/MEDIUM: stream: don't consider abortonclose on muxes which close cleanly
- MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header
- MEDIUM: netscaler: do not analyze original IP packet size
- MEDIUM: netscaler: add support for standard NetScaler CIP protocol
- BUG/MEDIUM: checks: a server passed in maint state was not forced down.
- BUG/MEDIUM: lua: fix crash when using bogus mode in register_service()
- MINOR: http: adjust the list of supposedly cacheable methods
- MINOR: http: update the list of cacheable status codes as per RFC7231
- MINOR: http: start to compute the transaction's cacheability from the request
- BUG/MINOR: http: do not ignore cache-control: public
- BUG/MINOR: http: properly detect max-age=0 and s-maxage=0 in responses
- BUG/MINOR: cache: do not force the TX_CACHEABLE flag before checking cacheability
- MINOR: http: add a function to check request's cache-control header field
- BUG/MEDIUM: cache: do not try to retrieve host-less requests from the cache
- BUG/MEDIUM: cache: replace old object on store
- BUG/MEDIUM: cache: respect the request cache-control header
- BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie"
- BUG/MAJOR: connection: refine the situations where we don't send shutw()
- BUG/MEDIUM: checks: properly set servers to stopping state on 404
Major new features in 1.8:
- JSON stats
- server templates
- dynamic cookies
- per-certificate "bind" configuration
- pipelined and asynchronous SPOE
- seamless reloads
- PCRE2 support
- hard-stop-after
- support for OpenSSL asynchronous crypto engines
- replacement of the systemd-wrapper with a new master-worker model
- DNS autonomous resolver
- DNS SRV records
- configurable severity output on the CLI
- TLS 1.3 with support for Early-Data (AKA 0-RTT) on both sides
- multi-thread support
- HTTP/2 support
- small objects cache
For full changelog in 1.8, see:
http://www.haproxy.org/download/1.8/src/CHANGELOG
ChangeLog:
- BUG/MINOR: peers: peer synchronization issue (with several peers sections).
- BUG/MINOR: lua: In error case, the safe mode is not removed
- BUG/MINOR: lua: executes the function destroying the Lua session in safe mode
- BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted
- BUG/MEDIUM: lua: bad memory access
- DOC: update CONTRIBUTING regarding optional parts and message format
- DOC: update the list of OpenSSL versions in the README
- MINOR: tools: add a portable timegm() alternative
- BUILD: lua: replace timegm() with my_timegm() to fix build on Solaris 10
- DOC: Updated 51Degrees git URL to point to a stable version.
- BUG/MINOR: http: Set the response error state in http_sync_res_state
- MINOR: http: Reorder/rewrite checks in http_resync_states
- MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags
- BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined
- BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state
- BUG/MINOR: lua: Fix Server.get_addr() port values
- BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()
- BUG/MINOR: lua: always detach the tcp/http tasks before freeing them
- BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions.
1.7.7. It fixes some major issues, a memory leak in the compression code, a
segfault when you dump a map on the CLI while trying to remove an entry and a
bug introduced by a fix in 1.7.5 that causes haproxy to ignore "timeout
http-keep-alive".
- BUG/MINOR: Wrong peer task expiration handling during synchronization processing.
- BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed
- BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767
- DOC: fix references to the section about the unix socket
- BUG/MINOR: haproxy/cli : fix for solaris/illumos distros for CMSG* macros
- BUG/MINOR: log: pin the front connection when front ip/ports are logged
1.7.6:
- DOC: changed "block"(deprecated) examples to http-request deny
- DOC: add few comments to examples.
- DOC: update sample code for PROXY protocol
- DOC: mention lighttpd 1.4.46 implements PROXY
- DOC: stick-table is available in frontend sections
- BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
- BUG/MINOR: config: missing goto out after parsing an incorrect ACL character
- BUG/MINOR: arg: don't try to add an argument on failed memory allocation
- BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error
- BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
- MINOR: lua: ensure the memory allocator is used all the time
- CLEANUP: logs: typo: simgle => single
- BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
- BUG/MAJOR: Use -fwrapv.
- BUG/MINOR: server: don't use "proxy" when px is really meant.
- BUG/MINOR: server: missing default server 'resolvers' setting duplication.
- DOC: add layer 4 links/cross reference to "block" keyword.
- DOC: errloc/errorloc302/errorloc303 missing status codes.
- BUG/MEDIUM: lua: memory leak
- MEDIUM: config: don't check config validity when there are fatal errors
- BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
- MINOR/DOC: lua: just precise one thing
- BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
- DOC: update RFC references
- BUG/MINOR: checks: don't send proxy protocol with agent checks
- BUG/MAJOR: dns: Broken kqueue events handling (BSD systems).
- BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything
- BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04
- BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer
- BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
- BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map
- BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING
- BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
- BUG/MAJOR: server: Segfault after parsing server state file.
- BUG/MEDIUM: unix: never unlink a unix socket from the file system
- scripts: create-release pass -n to tail
- SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity
ChangeLog:
2017/04/03 : 1.7.5
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
2017/03/27 : 1.7.4
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
adam
wiz
nia
jperkin
otis
rillig
morr
maya
tnn
fhajny