Summary

2019/09/18 : 1.8r1 (1.0.0-193.716) 2019/08/26 : 1.8r1 (1.0.0-192.716) - BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener() - BUG/MINOR: mworker: disable SIGPROF on re-exec - DOC: fixed typo in management.txt - MINOR: doc: Document allow-0rtt on the server line. - BUG/MINOR: logs/threads: properly split the log area upon startup - BUG/MEDIUM: checks: make sure the warmup task takes the server lock - BUG/MEDIUM: ssl: Use the early_data API the right way. - MINOR: connection: add new function conn_is_back() - BUG/MINOR: haproxy: fix rule->file memory leak - BUILD/MINOR: stream: avoid a build warning with threads disabled - BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout - MINOR: ssl: ssl_fc_has_early should work for BoringSSL - BUG/MINOR: ssl: fix 0-RTT for BoringSSL - MINOR: build: Disable -Wstringop-overflow. - BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame - BUG/MINOR: mux-h2: always send stream window update before connection's - BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition - BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() - BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one - BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). - BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes - BUG/MINOR: stream-int: also update analysers timeouts on activity - BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased 2019/07/30 : 1.8r1 (1.0.0-192.693) - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() - BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready - MINOR: hlua: Add a flag on the lua txn to know in which context it can be used - MINOR: hlua: Don't set request analyzers on response channel for lua actions - BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class - BUG/MINOR: lua: Set right direction and flags on new HTTP objects - DOC: improve the wording in CONTRIBUTING about how to document a bug fix - BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased - BUG/MINOR: proxy: always lock stop_proxy() - BUG/MEDIUM: protocols: properly initialize the proto_lock in 1.8 - BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff - BUILD: threads: add the definition of PROTO_LOCK - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream - BUG/MEDIUM: http/htx: unbreak option http_proxy - BUG/MEDIUM: tcp-check: unbreak multiple connect rules again - BUG/MAJOR: listener: fix thread safety in resume_listener() - MINOR: task: introduce work lists - BUG/MEDIUM: da: cast the chunk to string. - BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock - BUILD: makefile: do not rely on shell substitutions to determine git version - BUILD: makefile: use :space: instead of digits to count commits 2019/06/06 : 1.8r1 (1.0.0-192.672) - BUG/MEDIUM: spoe: Be sure the sample is found before setting its context 2019/05/27 : 1.8r1 (1.0.0-192.671) - BUG/MAJOR: lb/threads: make sure the avoided server is not full on second pass - BUILD: ssl: fix latest LibreSSL reg-test error - BUG/MINOR: ssl_sock: Fix memory leak when disabling compression - DOC: fix typos - BUG/MEDIUM: spoe: Don't use the SPOE applet after releasing it - BUG/MEDIUM: dns: make the port numbers unsigned - BUG/MINOR: http_fetch: Rely on the smp direction for "cookie()" and "hdr()" - BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages - BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream - BUG/MEDIUM: port_range: Make the ring buffer lock-free. - MINOR: threads: Implement HA_ATOMIC_LOAD(). - MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API. - MINOR: config: Test validity of tune.maxaccept during the config parsing - BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI - BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it - DOC: contrib/modsecurity: Typos and fix the reject example - MINOR: spoe: Use the sample context to pass frag_ctx info during encoding - BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed - BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request - BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler - BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules - BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR - BUG/MEDIUM: maps: only try to parse the default value when it's present - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used - BUILD/MINOR: listener: Silent a few signedness warnings. - BUG/MEDIUM: listener: make sure the listener never accepts too many conns - BUG/MEDIUM: listener: use a self-locked list for the dequeue lists - MAJOR: listener: do not hold the listener lock in listener_accept() - BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED() - BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED - BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element - MINOR: list: make the delete and pop operations idempotent - BUG/MEDIUM: list: add missing store barriers when updating elements and head - BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer - BUG/MEDIUM: list: fix the rollback on addq in the locked liss - BUG/MEDIUM: lists: Properly handle the case we're removing the first elt. - MINOR: lists: Implement locked variations. - BUG/MINOR: threads: fix the process range of thread masks - BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity - BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release. - BUG/MINOR: cli: correctly handle abns in 'show cli sockets' - BUG/MAJOR: checks: segfault during tcpcheck_main - DOC: The option httplog is no longer valid in a backend. - BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier is used. - BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites - BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts - BUG/MAJOR: stats: Fix how huge POST data are read from the channel - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields - BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes 2019/03/19 : 1.8r1 (1.0.0-192.619) 2019/03/12 : 1.8r1 (1.0.0-190.619) - BUG/MINOR: threads: move declaration of capabilities to config.h 2019/03/11 : 1.8r1 (1.0.0-190.618) - BUG/MINOR: config: Reinforce validity check when a process number is parsed - BUG/MAJOR: stream: avoid double free on unique_id - BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck - BUG/MEDIUM: server: initialize the idle conns list after parsing the config - BUG/MEDIUM: spoe: initialization depending on nbthread must be done last - BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets - BUG/MINOR: spoe: do not assume agent->rt is valid on exit - DOC: ssl: Stop documenting ciphers example to use - DOC: ssl: Clarify when pre TLSv1.3 cipher can be used - DOC: mention the effect of nf_conntrack_tcp_loose on src/dst - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages - BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk() - BUG/MINOR: server: don't always trust srv_check_health when loading a server state - BUG/MINOR: stick_table: Prevent conn_cur from underflowing - BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit - BUG/MINOR: backend: balance uri specific options were lost across defaults - BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file - DOC: Be a bit more explicit about allow-0rtt security implications. - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT. - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key - DOC: http-request cache-use / http-response cache-store expects cache name - BUG/MINOR: ssl: fix warning about ssl-min/max-ver support - BUG/MEDIUM: logs: Only attempt to free startup_logs once. - BUG/MINOR: listener: keep accept rate counters accurate under saturation - BUG/MAJOR: listener: Make sure the listener exist before using it. - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded 2019/02/06 : 1.8r1 (1.0.0-190.591) - BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules - BUILD/MINOR: compiler: fix offsetof() on older compilers - MINOR: compiler: introduce offsetoff(). - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present - BUG/MINOR: config: fix bind line thread mask validation - BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). - BUG/MEDIUM: mux-h2: do not close the connection on aborted streams - MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection - MINOR: stream-int: add a new flag to mention that we want the connection to be killed - MINOR: stream-int: expand the flags to 32-bit - BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection - BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams - BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions - BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update - MINOR: xref: Add missing barriers. - BUG/MINOR: stream: don't close the front connection when facing a backend error - SCRIPTS: add the issue tracker URL to the announce script - SCRIPTS: add the slack channel URL to the announce script - BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit - BUG/MINOR: spoe: corrected fragmentation string size - DOC: nbthread is no longer experimental. - BUG/MINOR: hpack: return a compression error on invalid table size updates - BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream - BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error - BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY - MINOR: h2: declare new sets of frame types - MINOR: h2: add a bit-based frame type representation 2019/01/08 : 1.8r1 (1.0.0-190.563) - BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used - BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred - BUG/MINOR: lua: bad args are returned for Lua actions - BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything - BUG/MEDIUM: cli: make "show sess" really thread-safe - MINOR: stream/cli: report more info about the HTTP messages on "show sess all" - MINOR: stream/cli: fix the location of the waiting flag in "show sess all" - MINOR: lb: allow redispatch when using consistent hash - BUG/MEDIUM: server: Also copy "check-sni" for server templates. - BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max - MINOR: mux-h2: only increase the connection window with the first update - BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify() - BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error - BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response() - BUG/MINOR: logs: leave startup-logs global and not per-thread 2018/12/12 : 1.8r1 (1.0.0-189.548) - DOC: fix a few typos in the documentation - DOC: Fix typos in different subsections of the documentation - DOC: Fix typos in README and CONTRIBUTING - DOC: restore note about "independant" typo - DOC: Update configuration doc about the maximum number of stick counters. - BUG: dns: Fix off-by-one write in dns_validate_dns_response() - BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() - BUG: dns: Prevent out-of-bounds read in dns_read_name() - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name - DOC: refer to check-sni in the documentation of sni - DOC: clarify that check-sni needs an argument. - MINOR: servers: Free [idle|safe|priv]_conns on exit. - BUILD: threads: fix minor build warnings when threads are disabled - BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM - BUG/MINOR: mux-h2: advertise a larger connection window size - BUG/MINOR: mux-h2: refrain from muxing during the preface - BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation - BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. - BUG/MINOR: lb-map: fix unprotected update to server's score - BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed - BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name - BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id - BUG/MINOR: cli: don't stop cli_gen_usage_msg() when kw->usage == NULL 2018/11/29 : 1.8r1 (1.0.0-189.524) - BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field - BUG/MINOR: config: Copy default error messages when parsing of a backend starts - BUG/MEDIUM: Make sure stksess is properly aligned. - BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn - BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer - BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic - BUG/MINOR: only mark connections private if NTLM is detected - DOC: cache: Missing information about "total-max-size" - BUG/MINOR: ssl: Wrong usage of shctx_init(). - BUG/MINOR: cache: Wrong usage of shctx_init(). - BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). - BUILD: Makefile: add the new ERR variable to force -Werror - BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent. - BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF. - BUILD: compiler: rename __unreachable() to my_unreachable() - DOC: fix reference to map files in MAINTAINERS - MINOR: peers: use defines instead of enums to appease clang. - MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. - MINOR: server: Use memcpy() instead of strncpy(). - BUILD: Makefile: silence an option conflict warning with clang - BUILD: Makefile: speed up compiler options detection - CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause - BUILD: lua: silence some compiler warnings after WILL_LJMP - BUILD: lua: silence some compiler warnings about potential null derefs (#2) - MINOR: lua: all functions calling lua_yieldk() may return - BUILD: compiler: add a new statement "__unreachable()" - BUILD: peers: check allocation error during peers_init_sync() - BUILD: stick-table: make sure not to fail on task_new() during initialization - BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk() - BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch - BUG/MINOR: cli: make sure the "getsock" command is only called on connections - BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4 - BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile - BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point - DOC: Fix a few typos - BUG/MEDIUM: stream: don't crash on out-of-memory - BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. - BUG/MINOR: checks: queues null-deref - BUG/MEDIUM: Cur/CumSslConns counters not threadsafe. - MEDIUM: ssl: add support for ciphersuites option for TLSv1.3 - BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2. - BUG/MINOR: backend: check that the mux installed properly - BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 - DOC: clarify force-private-cache is an option - MINOR: threads: Make sure threads_sync_pipe is initialized before using it. 2018/10/11 : 1.8r1 (1.0.0-189.478) - MEDIUM: lua: Add stick table support for Lua. 2018/09/20 : 1.8r1 (1.0.0-189.477) - BUG/CRITICAL: hpack: fix improper sign check on the header index value - MINOR: Add srv_conn_free sample fetch - MINOR: add be_conn_free sample fetch - BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list - DOC: Fix typos in lua documentation - BUG/MINOR: server: Crash when setting FQDN via CLI. - BUG/MAJOR: kqueue: Don't reset the changes number by accident. - BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors - BUG/MINOR: http/threads: atomically increment the error snapshot ID - BUG/MINOR: dns: check and link servers' resolvers right after config parsing - BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames - BUG/MEDIUM: session: fix reporting of handshake processing time in the logs - BUG/MINOR: stream: use atomic increments for the request counter - MINOR: thread: implement HA_ATOMIC_XADD() - BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 - BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file - BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. - BUG/MAJOR: thread: lua: Wrong SSL context initialization. - BUG/MEDIUM: hlua: Make sure we drain the output buffer when done. - BUG/MEDIUM: lua: reset lua transaction between http requests 2018/08/24 : 1.8r1 (1.0.0-188.457) - MINOR: fd cache: And the thread_mask with all_threads_mask. - BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake() - BUG/MINOR: lua: Bad HTTP client request duration. - BUG/MEDIUM: unix: provide a ->drain() function - DOC: Fix spelling error in configuration doc - BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations - BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates - BUG/MEDIUM: lua: socket timeouts are not applied - DOC: ssl: Use consistent naming for TLS protocols - DOC: dns: explain set server ... fqdn requires resolver - BUG/MINOR: map: fix map_regm with backref - BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error. - BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle. - BUG/MINOR: ssl: empty connections reported as errors. - BUG/MEDIUM: cli: make "show fd" thread-safe - MEDIUM: hathreads: implement a more flexible rendez-vous point - BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point - MINOR: threads: add more consistency between certain variables in no-thread case - BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers - MINOR: dns: new DNS options to allow/prevent IP address duplication - MINOR: dns: fix wrong score computation in dns_get_ip_from_response - BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections - BUG/MEDIUM: servers: check the queues once enabling a server - BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete(). - SCRIPTS: git-show-backports: add missing quotes to "echo" - MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed - BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number - MINOR: threads: move "nbthread" parsing to hathreads.c - BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS - BUG/MINOR: threads: Handle nbthread == MAX_THREADS. - BUG/MINOR: config: stick-table is not supported in defaults section - BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever - BUG/MEDIUM: threads/sync: use sched_yield when available - BUG/MINOR: servers: Don't make "server" in a frontend fatal. - BUG/MEDIUM: stats: don't ask for more data as long as we're responding - BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full - MINOR: h2: add the error code and the max/last stream IDs to "show fd" - BUG/MINOR: http: Set brackets for the unlikely macro at the right place 2018/07/20 : 1.8r1 (1.0.0-186.419) - BUG/MEDIUM: threads: Fix the exit condition of the thread barrier - MINOR: debug: Add checks for conn_stream flags - MINOR: debug: Add check for CO_FL_WILL_UPDATE - BUILD: Generate sha256 checksums in publish-release - BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload. - BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout - BUG/MEDIUM: h2: never leave pending data in the output buffer on close - BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess - MINOR: h2: add the mux and demux buffer lengths on "show fd" - MINOR: h2: keep a count of the number of conn_streams attached to the mux - BUG/MINOR: h2: remove accidental debug code introduced with show_fd function - MINOR: h2: implement a basic "show_fd" function - MINOR: mux: add a "show_fd" function to dump debugging information for "show fd" - BUG/MINOR: ssl: properly ref-count the tls_keys entries - MINOR: systemd: consider exit status 143 as successful 2018/06/27 : 1.8r1 (1.0.0-186.404) - MINOR: stick-tables: make stktable_release() do nothing on NULL - BUG/MAJOR: stick_table: Complete incomplete SEGV fix - BUG/BUILD: threads: unbreak build without threads - BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table - MINOR: threads: Be sure to remove threads from all_threads_mask on exit - BUG/MEDIUM: threads: Use the sync point to check active jobs and exit - BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot - BUG/MAJOR: ssl: Random crash with cipherlist capture - BUG/MINOR: lua: Segfaults with wrong usage of types. - BUG/MINOR: signals: ha_sigmask macro for multithreading - BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing - BUG/MEDIUM: threads: handle signal queue only in thread 0 - MINOR: lua: Increase debug information - BUG/MAJOR: map: fix a segfault when using http-request set-map - MAJOR: hapee/spoe: Reintroduce the support of SPOP 1.0 - DOC: contrib/modsecurity: few typo fixes - DOC: SPOE.txt: fix a typo - BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame - BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame - BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect - BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect - BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect - MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0 - BUG/MEDIUM: lua/socket: Buffer error, may segfault - BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock - BUG/MEDIUM: lua/socket: Notification error - BUG/MAJOR: lua: Dead lock with sockets - BUG/MEDIUM: lua/socket: wrong scheduling for sockets - MINOR: task/notification: Is notifications registered ? - BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode - BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters - BUG/MEDIUM: lua/socket: Length required read doesn't work - BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file - BUG/BUILD: threads: unbreak build without threads - BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure. - BUG/MEDIUM: cache: don't cache when an Authorization header is present - BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation - BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags - BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags - BUG/MEDIUM: spoe: Flags are not encoded in network order - BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments. 2018/05/18 : 1.8r1 (1.0.0-186.363) - BUG/MINOR: spoe: Mistake in error message about SPOE configuration - BUG/MEDIUM: ssl: properly protect SSL cert generation - BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR - BUG/MEDIUM: pollers: Use a global list for fd shared between threads. - MINOR: fd: Make the lockless fd list work with multiple lists. - BUG/MINOR: lua: ensure large proxy IDs can be represented - BUG/MINOR: lua: schedule socket task upon lua connect() - BUG/MEDIUM: task: Don't free a task that is about to be run. - BUG/MINOR: map: correctly track reference to the last ref_elt being dumped - DOC/MINOR: clean up LUA documentation re: servers & array/table. - BUG/MINOR: lua: Put tasks to sleep when waiting for data - BUG/MEDIUM: threads: Fix the sync point for more than 32 threads - BUG/MINOR: checks: Fix check->health computation for flapping servers - BUG/MINOR: spoe: Fix parsing of dontlog-normal option - BUG/MINOR: spoe: Fix counters update when processing is interrupted - BUG/MINOR: config: disable http-reuse on TCP proxies - BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread - BUG/MEDIUM: h2: implement missing support for chunked encoded uploads - MINOR: h2: detect presence of CONNECT and/or content-length - BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits - BUG/MINOR: log: t_idle (%Ti) is not set for some requests - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket - BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid() 2018/04/19 : 1.8r1 (1.0.0-186.340) - BUG/CRITICAL: h2: fix incorrect frame length check - DOC: lua: update the links to the config and Lua API - BUILD: sample: avoid build warning in sample.c - MEDIUM: sample: Extend functionality for field/word converters - MINOR: proxy: Add fe_defbe fetcher - BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors. - MINOR: cli: Ensure the CLI always outputs an error when it should - BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE - BUG/MINOR: http: Return an error in proxy mode when url2sa fails - BUG/MEDIUM: connection: Make sure we have a mux before calling detach(). - BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes 2018/04/06 : 1.8r1 (1.0.0-186.329) - MINOR: servers: Support alphanumeric characters for the server templates names - BUG/MAJOR: cache: always initialize newly created objects - MINOR: spoe: Add counters to log info about SPOE agents - MINOR: spoe: use agent's logger to log SPOE messages - MINOR: spoe: Add support for option dontlog-normal in the SPOE agent section - MINOR: spoe: Add loggers dedicated to the SPOE agent - MINOR: spoe: Add options to store processing times in variables - MINOR: spoe: Add metrics in to know time spent in the SPOE - BUG/MINOR: spoe: Don't forget to decrement fpa when a processing is interrupted - BUG/MINOR: spoe: Register the variable to set when an error occurred - BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk - BUG/MINOR: spoe: Initialize variables used during conf parsing before any check - CLEANUP: spoe: Remove unused label retry - MINOR: log: Keep the ref when a log server is copied to avoid duplicate entries - MINOR: log: move 'log' keyword parsing in dedicated function - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks - BUG/MINOR: fd: Don't clear the update_mask in fd_insert. - BUG/MINOR: cache: fix "show cache" output - BUG/MINOR: email-alert: Set the mailer port during alert initialization - BUG/MINOR: checks: check the conn_stream's readiness and not the connection - BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked - BUILD/MINOR: threads: always export thread_sync_io_handler() - BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error - BUG/MEDIUM: h2/threads: never release the task outside of the task handler - MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy() - MINOR: h2: always call h2s_detach() in h2_detach() - BUG/MAJOR: h2: remove orphaned streams from the send list before closing - MINOR: h2: provide and use h2s_detach() and h2s_free() - CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close() - BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert - BUILD/MINOR: cli: fix a build warning introduced by last commit - MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available - MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown" - BUILD/MINOR: fix build when USE_THREAD is not defined - BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values - BUG/MINOR: lua: the function returns anything - BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected - BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM - BUG/MEDIUM: h2: properly account for DATA padding in flow control 2018/03/21 : 1.8r1 (1.0.0-186.290) - BUG/MINOR: cli: Ensure all command outputs end with a LF - BUG/MINOR: pools/threads: don't ignore DEBUG_UAF on double-word CAS capable archs - DOC: don't suggest using http-server-close - BUG/MEDIUM: fd/threads: ensure the fdcache_mask always reflects the cache contents - DOC: log: more than 2 log servers are allowed - BUILD/BUG: enable -fno-strict-overflow by default - MINOR: log: stop emitting alerts when it's not possible to write on the socket - BUG/MEDIUM: threads/queue: wake up other threads upon dequeue 2018/03/19 : 1.8r1 (1.0.0-186.282) - BUG/MINOR: tcp-check: use the server's service port as a fallback - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers - BUG/MINOR: lua: return bad error messages - BUG/MINOR: spoa-example: unexpected behavior for more than 127 args - BUILD: ssl: Fix build with OpenSSL without NPN capability - BUG/MINOR: cli: Fix a crash when sending a command with too many arguments - BUG/MINOR: seemless reload: Fix crash when an interface is specified. - BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically - BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management - BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled - BUG/MINOR: force-persist and ignore-persist only apply to backends - BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc - BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage - CLEANUP: cli: Remove a leftover debug message - CLEANUP: ssl: Remove a duplicated #include - BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd" - BUG/MEDIUM: h2: also arm the h2 timeout when sending - BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list. - CLEANUP: .gitignore: Ignore binaries from the contrib directory - BUG/MINOR: session: Fix tcp-request session failure if handshake. - BUILD/MINOR: fix Lua build on Mac OS X (again) - MINOR/BUILD: fix Lua build on Mac OS X - MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file - MINOR: systemd: Add SystemD's Protect*= options to the unit file - MINOR: systemd: Add section for SystemD sandboxing to unit file - Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')" - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk - BUG/MEDIUM: h2: always consume any trailing data after end of output buffers - MINOR: stats: display the number of threads in the statistics. - MINOR: modules: add a new label MODULES_LOCK to the lock_label enum 2018/03/12 : 1.8r1 (1.0.0-186.251) - BUG/MINOR: h2: Set the target of dbuf_wait to h2c - MINOR: debug/pools: make DEBUG_UAF also detect underflows - BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF - DOC: cfgparse: Warn on option (tcp|http)log in backend - DOC: lua: new prototype for function "register_action()" - BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken. - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible - BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe - BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable. - BUG/MINOR: threads: fix missing thread lock labels for 1.8 - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping - BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st - BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7 - BUG/MINOR: fd/threads: properly lock the FD before adding it to the fd cache. - BUILD: fd/threads: fix breakage build breakage without threads - MINOR: fd: reorder fd_add_to_fd_list() - MINOR: fd: remove the unneeded last CAS when adding an fd to the list - BUG/MINOR: fd/threads: properly dereference fdcache as volatile - MINOR: fd: move the fd_{add_to,rm_from}_fdlist functions to fd.c - MEDIUM: poller: use atomic ops to update the fdtab mask - MEDIUM: fd: make updt_fd_polling() use atomics - CLEANUP: fd: remove the now unused fd_compute_new_polled_status() function - MINOR: select: get rid of the now useless fd_compute_new_polled_status() - MINOR: poll: get rid of the now useless fd_compute_new_polled_status() - MINOR: kqueue: get rid of the now useless fd_compute_new_polled_status() - MINOR: epoll: get rid of the now useless fd_compute_new_polled_status() - MAJOR: fd: compute the new fd polling state out of the fd lock - MEDIUM: fd/threads: Make sure we don't miss a fd cache entry. - MAJOR: fd/threads: Make the fdcache mostly lockless. - MINOR: pools/threads: Implement lockless memory pools. - MINOR: threads: add test and set/reset operations - MINOR: threads: Introduce double-width CAS on x86_64 and arm. - MINOR: fd: pass the iocb and owner to fd_insert() - MEDIUM: poll: don't use the old FD state anymore - MEDIUM: select: don't use the old FD state anymore - MEDIUM: fd: use atomic ops for hap_fd_{clr,set} and remove poll_lock - MEDIUM: select: make use of hap_fd_* functions - MINOR: fd: move the hap_fd_{clr,set,isset} functions to fd.h - CLEANUP: fd: remove the unused "new" field - MINOR: poll: more accurately compute the new maxfd in the loop - CLEANUP: fd/threads: remove the now unused fdtab_lock - MEDIUM: polling: start to move maxfd computation to the pollers - MINOR: fd: don't report maxfd in alert messages - MINOR: polling: make epoll and kqueue not depend on maxfd anymore - MINOR: ssl/sample: adds ssl_bc_is_resumed fetch keyword. - MINOR: sample: add a new "concat" converter - MINOR: config: Add support for ARGT_MSK6 - MINOR: standard: Add str2mask6 function - CLEANUP: standard: Use len2mask4 in str2mask - MINOR: config: Enable tracking of up to MAX_SESS_STKCTR stick counters. - MINOR: stick-tables: Adds support for new "gpc1" and "gpc1_rate" counters. - MEDIUM: sample: Add IPv6 support to the ipmask converter - MINOR: sample: add date_us sample - MINOR: sample: rename the "len" converter to "length" - MINOR: sample: add len converter - MINOR: spoe: Add max-waiting-frames directive in spoe-agent configuration - MEDIUM: spoe: Use an ebtree to manage idle applets - MINOR: spoe: Count the number of frames waiting for an ack for each applet - MINOR: spoe: Replace sending_rate by a frequency counter - MINOR: spoe: Always link a SPOE context with the applet processing it - MINOR: spoe: Remove check on min_applets number when a SPOE context is queued - MINOR: spoe: Don't queue a SPOE context if nothing is sent - MINOR: spoe: add register-var-names directive in spoe-agent configuration - MINOR: spoe: add force-set-var option in spoe-agent configuration - MEDIUM: 51d: use fiftyoneDegreesProvider to access the pool and dataset - MINOR: config: report when "monitor fail" rules are misplaced - BUILD: modules: update HAPEE version macro to 1.8r1 - MINOR: modules: Add the ability to register variable and functions. - MINOR: modules: report more precise errors about module API mismatch - MINOR: modules: Remove Gcc warnings about unused variables - BUILD: modules: Remove modules-config.h from DEP variable to generate .i file - BUILD: modules: Add macors to compute numerical value of a HAPEE version - BUILD: modules: Only define the all target if MODULES isn't defined. - MEDIUM: modules: 'modules list' on the cli shows currently loaded modules - BUILD: modules: strip the MODULE_COPTS before hashing them - BUILD: modules: add make module-copts to show module options - BUILD: modules: take pkg-config out of install-inc - MINOR: modules: fix incorrect API HASH generation with certain awk versions - MODULES: BUILD: modules: Add version of the module in the defines - BUILD: modules: use gawk insteads of awk - BUILD: modules: make modules support optional - MINOR: modules: Don't use constructor/destructor anymore... - MINOR: modules: Terminate properly loaded modules if possible - MINOR: modules: Keep a list of loaded modules to unload them when HAProxy is stopped - MINOR: modules: Register function called after the main config check - MEDIUM: modules: modules: Add memory reservation support for the modules - MEDIUM: modules: modules: Add modules support - BUG/MINOR: config: don't emit a warning when global stats is incompletely configured - DOC: Mention -Ws in the list of available options - DOC: Describe routing impact of using interface keyword on bind lines - MINOR: init: emit warning when -sf/-sd cannot parse argument - BUG/MEDIUM: standard: Fix memory leak in str2ip2() - BUG/MINOR: time/threads: ensure the adjusted time is always correct - BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side - BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns - BUG/MINOR: epoll/threads: only call epoll_ctl(DEL) on polled FDs - BUG/MINOR: threads: Update labels array because of changes in lock_label enum - BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs - CLEANUP: Fix typo in ARGT_MSK6 comment - BUG/MINOR: sample: Fix output type of c_ipv62ip - CLEANUP: sample: Fix outdated comment about sample casts functions - CLEANUP: sample: Fix comment encoding of sample.c - BUILD: kqueue/threads: Add test on MAX_THREADS to avoid warnings when complied without threads - BUILD: epoll/threads: Add test on MAX_THREADS to avoid warnings when complied without threads - MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif - BUG/MINOR: kqueue/threads: Don't forget to close kqueue_fd[tid] on each thread - BUG/MEDIUM: checks: Don't try to release undefined conn_stream when a check is freed - BUG/MEDIUM: threads/server: Fix deadlock in srv_set_stopping/srv_set_admin_flag - BUG/MINOR: threads: always set an owner to the thread_sync pipe - MINOR: threads: Fix build when we're not compiling with threads. - BUG/MINOR: mworker: only write to pidfile if it exists - BUG/MEDIUM: threads/mworker: fix a race on startup - BUG/MEDIUM: kqueue/threads: use one kqueue_fd per thread - BUG/MEDIUM: epoll/threads: use one epoll_fd per thread - MINOR: fd: add a bitmask to indicate that an FD is known by the poller - BUG/MEDIUM: fd: maintain a per-thread update mask - BUG/MEDIUM: threads/polling: Use fd_cache_mask instead of fd_cache_num - MINOR: threads/fd: Use a bitfield to know if there are FDs for a thread in the FD cache - MINOR: global: add some global activity counters to help debugging - MINOR: threads: add a MAX_THREADS define instead of LONGBITS - MINOR: global/threads: move cpu_map at the end of the global struct - MINOR: servers: Don't report duplicate dyncookies for disabled servers. - BUG/MEDIUM: peers: fix expire date wasn't updated if entry is modified remotely. - BUG/MINOR: poll: too large size allocation for FD events - CONTRIB: debug: fix a few flags definitions - DOC: clarify the scope of ssl_fc_is_resumed - BUG/MEDIUM: stream: properly handle client aborts during redispatch - BUILD/MINOR: ancient gcc versions atomic fix - MINOR: hathreads: add support for gcc < 4.7 - BUG/MEDIUM: mworker: execvp failure depending on argv[0] - MINOR: dns: Handle SRV record weight correctly. - BUG/MINOR: lua: Fix return value of Socket.settimeout - BUG/MEDIUM: lua: Fix IPv6 with separate port support for Socket.connect - DOC: lua: Fix typos in comments of hlua_socket_receive - BUG/MINOR: lua: Fix default value for pattern in Socket.receive - BUG/MEDIUM: ssl: cache doesn't release shctx blocks - BUILD: ssl: silence a warning when building without NPN nor ALPN support - BUG/MEDIUM: h2: properly handle the END_STREAM flag on empty DATA frames - MEDIUM: h2: prepare a graceful shutdown when the frontend is stopped - BUG/MAJOR: hpack: don't return direct references to the dynamic headers table - BUG/MEDIUM: http: don't automatically forward request close - MINOR: don't close stdio anymore - BUG/MEDIUM: mworker: don't close stdio several time - BUG/MEDIUM: h2: ensure we always know the stream before sending a reset - DOC/MINOR: configuration: typo, formatting fixes - BUG/MEDIUM: h2: improve handling of frames received on closed streams - BUG/MEDIUM: h2: properly handle and report some stream errors - BUG/MEDIUM: checks: properly set servers to stopping state on 404 - BUG/MAJOR: connection: refine the situations where we don't send shutw() - BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie" - BUG/MEDIUM: cache: respect the request cache-control header - BUG/MEDIUM: cache: replace old object on store - BUG/MEDIUM: cache: do not try to retrieve host-less requests from the cache - MINOR: http: add a function to check request's cache-control header field - BUG/MINOR: cache: do not force the TX_CACHEABLE flag before checking cacheability - BUG/MINOR: http: properly detect max-age=0 and s-maxage=0 in responses - BUG/MINOR: http: do not ignore cache-control: public - MINOR: http: start to compute the transaction's cacheability from the request - MINOR: http: update the list of cacheable status codes as per RFC7231 - MINOR: http: adjust the list of supposedly cacheable methods - BUG/MEDIUM: lua: fix crash when using bogus mode in register_service() - BUG/MEDIUM: checks: a server passed in maint state was not forced down. - MEDIUM: netscaler: add support for standard NetScaler CIP protocol - MEDIUM: netscaler: do not analyze original IP packet size - MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header - BUG/MEDIUM: stream: don't consider abortonclose on muxes which close cleanly - MINOR: stream-int: set flag SI_FL_CLEAN_ABRT when mux supports clean aborts - MINOR: mux: add flags to describe a mux's capabilities - BUG/MINOR: h2: properly report a stream error on RST_STREAM - CONTRIB: halog: Fix compiler warnings in halog.c - CONTRIB: iprange: Fix compiler warning in iprange.c - BUG/MAJOR: netscaler: address truncated CIP header detection - BUG/MEDIUM: netscaler: use the appropriate IPv6 header size - MINOR: netscaler: rename cip_len to clarify its uage - MINOR: netscaler: remove the use of cip_magic only used once - MINOR: netscaler: respect syntax - DOC/MINOR: intro: typo, wording, formatting fixes - BUG/MEDIUM: mworker: Set FD_CLOEXEC flag on log fd - BUILD/MINOR: Makefile : enabling USE_CPU_AFFINITY - BUG: MINOR: http: don't check http-request capture id when len is provided - BUG: MAJOR: lb_map: server map calculation broken - BUG/MINOR: stream-int: don't try to receive again after receiving an EOS - BUG/MEDIUM: h2: fix stream limit enforcement - BUG/MEDIUM: http: don't disable lingering on requests with tunnelled responses - BUG/MEDIUM: h2: don't close after the first DATA frame on tunnelled responses - BUG/MEDIUM: h2: don't switch the state to HREM before end of DATA frame - MINOR: h2: don't demand that a DATA frame is complete before processing it - BUG/MEDIUM: h2: support uploading partial DATA frames - MINOR: h2: store the demux padding length in the h2c struct - BUG/MEDIUM: h2: debug incoming traffic in h2_wake() - BUG/MEDIUM: h2: work around a connection API limitation - BUG/MEDIUM: h2: enable recv polling whenever demuxing is possible - BUG/MEDIUM: h2: automatically set CS_FL_RCV_MORE when the output buffer is full - BUG/MEDIUM: stream-int: always set SI_FL_WAIT_ROOM on CS_FL_RCV_MORE - MINOR: conn_stream: add new flag CS_FL_RCV_MORE to indicate pending data - BUG/MEDIUM: lua/notification: memory leak - DOC: notifications: add precisions about thread usage - MINOR: systemd: remove comment about HAPROXY_STATS_SOCKET - BUG/MEDIUM: threads/vars: Fix deadlock in register_name - BUG/MEDIUM: email-alert: don't set server check status from a email-alert task - CONTRIB: halog: Add help text for -s switch in halog program - MINOR: mworker: Improve wording in `void mworker_wait()` - MINOR: mworker: Update messages referencing exit-on-failure - BUG/MEDIUM: h2: fix handling of end of stream again - BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface - BUG/MEDIUM: checks: a down server going to maint remains definitely stucked on down state. - BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically. - BUG/MEDIUM: mworker: also close peers sockets in the master - BUG/MINOR: ssl: support tune.ssl.cachesize 0 again - BUG/MAJOR: hpack: don't pretend large headers fit in empty table - BUG/MINOR: action: Don't check http capture rules when no id is defined - BUG/MINOR: h2: use the H2_F_DATA_* macros for DATA frames - BUG/MEDIUM: h2: do not accept upper case letters in request header names - BUG/MEDIUM: h2: remove connection-specific headers from request - BUG/MINOR: h2: reject response pseudo-headers from requests - BUG/MINOR: h2: properly check PRIORITY frames - BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame - BUG/MINOR: h2: do not accept SETTINGS_ENABLE_PUSH other than 0 or 1 - BUG/MEDIUM: h2: enforce the per-connection stream limit - BUG/MINOR: h2: the TE header if present may only contain trailers - BUG/MINOR: h2: fix a typo causing PING/ACK to be responded to - BUG/MINOR: h2: ":path" must not be empty - BUG/MINOR: h2: try to abort closed streams as soon as possible - BUG/MINOR: h2: immediately close if receiving GOAWAY after the last stream - BUG/MAJOR: h2: correctly check the request length when building an H1 request - BUG/MINOR: hpack: dynamic table size updates are only allowed before headers - BUG/MINOR: hpack: reject invalid header index - BUG/MINOR: hpack: must reject huffman literals padded with more than 7 bits - BUG/MINOR: hpack: fix debugging output of pseudo header names - BUG/MEDIUM: checks: Be sure we have a mux if we created a cs. - BUILD: Fix LDFLAGS vs. LIBS re linking order in various makefiles - BUG/MAJOR: thread: Be sure to request a sync between threads only once at a time - MINOR: threads: Fix pthread_setaffinity_np on FreeBSD. - BUG/MINOR: mworker: detach from tty when in daemon mode - BUG/MINOR: mworker: fix validity check for the pipe FDs - BUILD/MINOR: haproxy: compiling config cpu parsing handling when needed - BUG/MAJOR: thread/peers: fix deadlock on peers sync. - BUG/MEDIUM: peers: fix some track counter rules dont register entries for sync. - BUG/MEDIUM: h2: don't report an error after parsing a 100-continue response - BUG/MEDIUM: threads/peers: decrement, not increment jobs on quitting - BUG/MINOR: ssl: CO_FL_EARLY_DATA removal is managed by stream - BUILD/MINOR: haproxy : FreeBSD/cpu affinity needs pthread_np header - BUG/MEDIUM: stream: fix session leak on applet-initiated connections - BUILD: checks: don't include server.h - BUG/MEDIUM: cache: bad computation of the remaining size - BUG/MEDIUM: ssl: don't allocate shctx several time - BUG/MEDIUM: tcp-check: Don't lock the server in tcpcheck_main - BUILD/MINOR: deviceatlas: enable thread support - DOC: cache: update sections and fix some typos - BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork.