HAProxy 2.4.7

2021/10/04 : 2.4.7
- BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule

HAProxy 2.4.4

2021/09/07 : 2.4.4
- BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
- REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
- REGTESTS: abortonclose: after retries, 503 is expected, not close
- MINOR: hlua: take the global Lua lock inside a global function
- BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
- BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
- BUG/MINOR: base64: base64urldec() ignores padding in output size check
- MINOR: compiler: implement an ONLY_ONCE() macro
- BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
- BUG/MINOR: time: fix idle time computation for long sleeps
- MINOR: time: add report_idle() to report process-wide idle time
- BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
- BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
- BUG/MINOR: tools: Fix loop condition in dump_text()
- CLEANUP: Add missing include guard to signal.h
- BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
- DOC: configuration: remove wrong tcp-request examples in tcp-response
- BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
- CLEANUP: htx: remove comments about "must be < 256 MB"
- BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
- Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive"

HAProxy 2.4.3

2021/08/17 : 2.4.3
- BUILD: http_htx: fix ci compilation error with isdigit for Windows
- MINOR: mux_h2: define config to disable h2 websocket support
- BUG/MINOR: ssl: Default-server configuration ignored by server
- BUILD: add detection of missing important CFLAGS
- BUILD: lua: silence a build warning with TCC
- BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
- BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs
- BUILD/MINOR: memprof fix macOs build.
- BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request
- BUG/MINOR: stats: Add missing agent stats on servers
- BUG/MINOR: check: fix the condition to validate a port-less server
- BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree
- BUG/MINOR: systemd: must check the configuration using -Ws
- BUG/MINOR: mux-h1: Obey dontlognull option for empty requests
- BUG/MINOR: mux-h2: Obey dontlognull option during the preface
- BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called
- BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames
- BUG/MINOR: connection: Add missing error labels to conn_err_code_str
- BUG/MEDIUM: connection: close a rare race between idle conn close and takeover
- BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before
- BUG/MINOR: select: fix excess number of dead/skip reported
- BUG/MINOR: poll: fix abnormally high skip_fd counter
- BUG/MINOR: pollers: always program an update for migrated FDs
- BUG/MINOR: fd: protect fd state harder against a concurrent takeover
- DOC: internals: document the FD takeover process
- BUILD: opentracing: fixed build when using pkg-config utility
- BUG/MINOR: server: remove srv from px list on CLI 'add server' error
- BUG/MINOR: server: update last_change on maint->ready transitions too
- MINOR: server: unmark deprecated on enable health/agent cli
- ADMIN: dyncookie: implement a simple dynamic cookie calculator
- MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure
- BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released
- BUG/MINOR: buffer: fix buffer_dump() formatting
- BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer
- DOC: Improve the lua documentation
- DOC: config: Fix 'http-response send-spoe-group' documentation
- BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued
- BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check
- CLEANUP: assorted typo fixes in the code and comments
- DOC/MINOR: fix typo in management document
- MINOR: http: add a new function http_validate_scheme() to validate a scheme
- BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax
- BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it
- BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header
- BUG/MEDIUM: h2: give :authority precedence over Host
- REGTESTS: add a test to prevent h2 desync attacks

HAProxy 2.4.2

Changelog:

2021/07/07 : 2.4.2
- BUG/MINOR: server-state: load SRV resolution only if params match the config
- BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled
- BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
- MINOR: resolvers: Clean server in a dedicated function when removing a SRV item
- MINOR: resolvers: Remove server from named_servers tree when removing a SRV item
- BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status
- BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
- BUG/MINOR: server/cli: Fix locking in function processing "set server" command
- BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header
- BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
- REGTESTS: fix maxconn update with agent-check
- MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
- DOC: config: Add missing actions in "tcp-request session" documentation
- CLEANUP: dns: Remove a forgotten debug message
- BUG/MINOR: resolvers: Always attach server on matching record on resolution
- BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
- MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response()
- BUG/MINOR: checks: return correct error code for srv_parse_agent_check
- BUILD: Makefile: fix linkage for Haiku.
- BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
- BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
- BUG/MINOR: mqtt: Support empty client ID in CONNECT message
- BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution
- DOC: config: use CREATE USER for mysql-check
- BUG/MINOR: stick-table: fix several printf sign errors dumping tables
- BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
- DOC: stick-table: add missing documentation about gpt0 stored type
- BUG/MEDIUM: sock: make sure to never miss early connection failures
- BUG/MINOR: cli: fix server name output in "show fd"
- Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules"
- MINOR: http: implement http_get_scheme
- MEDIUM: http: implement scheme-based normalization
- MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
- MEDIUM: h2: apply scheme-based normalization on h2 requests
- REGTESTS: add http scheme-based normalization test

HAProxy 2.3.10

Changelog:

2021/04/23 : 2.3.10
- BUILD: backend: fix build breakage in idle conn locking fix
- BUG/MINOR: tcp: fix silent-drop workaround for IPv6
- BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
- BUG/MINOR: ssl: Fix update of default certificate
- BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one
- BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
- BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free
- REGTESTS: ssl: "set ssl cert" and multi-certificates bundle
- DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options
- REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken
- CONTRIB: halog: fix issue with array of type char
- BUG/MINOR: tools: fix parsing "us" unit for timers
- DOC: clarify that compression works for HTTP/2
- MINOR: No longer rely on deprecated sample fetches for predefined ACLs
- BUG/MEDIUM: sample: Fix adjusting size in field converter
- DOC: ssl: Certificate hot update only works on fronted certificates
- BUG/MEDIUM: threads: Ignore current thread to end its harmless period
- BUG/MINOR: checks: Set missing id to the dummy checks frontend
- MINOR: logs: Add support of checks as session origin to format lf strings
- BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections
- MINOR: connection: Make bc_http_major compatible with tcp-checks
- BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check
- BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded
- BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function
- BUG/MINOR: logs: Report the true number of retries if there was no connection
- BUG/MINOR: mux-h1: Release idle server H1 connection if data are received
- BUG/MINOR: server: free srv.lb_nodes in free_server
- BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers
- BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames
- BUG/MEDIUM: config: fix cpu-map notation with both process and threads
- BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases
- BUG/MINOR: mworker: don't use oldpids[] anymore for reload
- BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data
- BUG/MINOR: peers: remove useless table check if initial resync is finished
- BUG/MEDIUM: peers: re-work connection to new process during reload.
- BUG/MEDIUM: peers: re-work refcnt on table to protect against flush

HAProxy 2.3.9

Changelog:

2021/03/30 : 2.3.9
- BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent
- MEDIUM: backend: use a trylock to grab a connection on high FD counts as well
- BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv
- BUG/MINOR: stats: Apply proper styles in HTML status page.
- BUG/MEDIUM: time: make sure to always initialize the global tick

HAProxy 2.3.7

Released version 2.3.7 with the following main changes :

• BUG/MINOR: backend: fix condition for reuse on mode HTTP
• BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring()
• BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode
• REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h
• BUG/MINOR: mt-list: always perform a cpu_relax call on failure
• MINOR: atomic: add armv8.1-a atomics variant for cas-dw
• MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs
• BUG/MEDIUM: session: NULL dereference possible when accessing the listener
• MINOR: tasks: refine the default run queue depth
• MINOR: listener: refine the default MAX_ACCEPT from 64 to 4
• OPTIM: server: switch the actconn list to an mt-list
• MINOR: server: move actconns to the per-thread structure
• MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock
• OPTIM: lb-first: do not take the server lock on take_conn/drop_conn
• OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn
• OPTIM: lb-leastconn: do not unlink the server if it did not change
• MINOR: dynbuf: make the buffer wait queue per thread
• MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait
• MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold
• MINOR: stream: add an "epoch" to figure which streams appeared when
• MINOR: cli/streams: make "show sess" dump all streams till the new epoch
• MINOR: streams: use one list per stream instead of a global one
• MEDIUM: streams: do not use the streams lock anymore
• MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS
• MINOR: pools: double the local pool cache size to 1 MB
• MEDIUM: backend: use a trylock when trying to grab an idle connection
• MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY
• MINOR: ssl: mark the SSL handshake tasklet as heavy
• BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake
• MINOR: task: add an application specific flag to the state: TASK_F_USR1
• MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1
• MINOR: xprt: add new xprt_set_idle and xprt_set_used methods
• MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks
• MEDIUM: task: remove the tasks_run_queue counter and have one per thread
• MINOR: task: give the scheduler a bit more flexibility in the runqueue size
• OPTIM: task: automatically adjust the default runqueue-depth to the threads
• BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc.
• BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw()
• BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached
• BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check
• BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters
• BUG/MINOR: session: Add some forgotten tests on session's listener
• BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check
• CLEANUP: tcp-rules: add missing actions in the tcp-request error message
• Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record"
• BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error
• BUG/MINOR: resolvers: Reset server address on DNS error only on status change
• BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution
• BUG/MEDIUM: resolvers: Don't set an address-less server as UP
• BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item
• MINOR: resolvers: new function find_srvrq_answer_record()
• BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item
• BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete
• MINOR: resolvers: Use a function to remove answers attached to a resolution
• MINOR: resolvers: Purge answer items when a SRV resolution triggers an error
• MINOR: resolvers: Add function to change the srv status based on SRV resolution
• MINOR: resolvers: Directly call srvrq_update_srv_state() when possible
• BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks
• BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set
• MINOR: resolvers: Use milliseconds for cached items in resolver responses
• MINOR: resolvers: Don't try to match immediatly renewed ADD items
• BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames

HAProxy 2.3.5

Released version 2.3.5 with the following main changes :

• BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
• MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities
• MINOR: server: Forbid server definitions in frontend sections
• BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.
• MINOR: peers: Add traces for peer control messages.
• BUG/MINOR: dns: SRV records ignores duplicated AR records (v2)
• BUILD: peers: fix build warning about unused variable
• BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
• BUG/MINOR: peers: Possible appctx pointer dereference.
• MINOR: build: discard echoing in help target
• BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
• BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper
• BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
• BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context
• BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
• BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
• DOC: Improve documentation of the various hdr() fetches
• BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown
• BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
• BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file()
• BUG/MEDIUM: session: only retrieve ready idle conn from session
• REORG: backend: simplify conn_backend_get
• BUG/MEDIUM: backend: never reuse a connection for tcp mode
• BUG/MINOR: backend: check available list allocation for reuse
• MINOR: contrib: Make the wireshark peers dissector compile for more distribs.
• CLEANUP: tools: make resolve_sym_name() take a const pointer
• CLEANUP: cli: make "show fd" use a const connection to access other fields
• MINOR: cli: make "show fd" also report the xprt and xprt_ctx
• MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps.
• MINOR: ssl: provide a "show fd" helper to report important SSL information
• MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them
• MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known
• MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known
• MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known
• MINOR: cli: give the show_fd helpers the ability to report a suspicious entry
• MINOR: cli/show_fd: report some easily detectable suspicious states
• MINOR: ssl/show_fd: report some FDs as suspicious when possible
• MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls
• MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls
• MINOR: h1: Raise the chunk size limit up to (2^52 - 1)
• DOC: management: fix "show resolvers" alphabetical ordering
• BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
• BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
• BUG/MEDIUM: ssl: check a connection's status before computing a handshake
• BUG/MINOR: mux_h2: fix incorrect stat titles
• BUG/MINOR: xxhash: make sure armv6 uses memcpy()
• BUG/MINOR: ssl: do not try to use early data if not configured
• BUILD: ssl: fix build breakage with last commit
• MINOR: cli/show_fd: report local and report ports when known
• BUILD: Makefile: move REGTESTST_TYPE default setting
• BUG/MEDIUM: mux-h2: handle remaining read0 cases
• BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED
• BUG/MINOR: sock: Unclosed fd in case of connection allocation failure
• MINOR: config: Deprecate and ignore tune.chksize global option