Summary

2024/10/29 : 2.4r1 (1.0.0-294.1376) - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families - BUG/MINOR: mworker: fix mworker-max-reloads parser - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe - BUG/MEDIUM: server: server stuck in maintenance after FQDN change - BUG/MINOR: cfgparse-global: fix allowed args number for setenv - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn - DOC: config: improve the http-keep-alive section - DOC: configuration: issuers-chain-path not compatible with OCSP 2024/09/17 : 2.4r1 (1.0.0-294.1364) - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution - BUG/MINOR: polling: fix time reporting when using busy polling - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails - BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" - BUG/MINOR: fcgi-app: handle a possible strdup() failure - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread - MEDIUM: ssl: initialize the SSL stack explicitely 2024/07/03 : 2.4r1 (1.0.0-294.1346) - BUG/MAJOR: server: do not delete srv referenced by session - MINOR: session: rename private conns elements - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() - SCRIPTS: git-show-backports: do not truncate git-show output - DOC: configuration: fix alphabetical order of bind options - DOC: management: rename show stats domain cli "dns" to "resolvers" - DOC/MINOR: management: add missed -dR and -dv options - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning - BUG/MEDIUM: cli: fix cli_output_msg() regression - CI: scripts: fix build of vtest regarding option -C - CI: introduce scripts/build-vtest.sh for installing VTest - BUG/MINOR: haproxy: only tid 0 must not sleep if got signal - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe - BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1 - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() - BUG/MINOR: hlua: prevent LJMP in hlua_traceback() - MINOR: hlua: don't dump empty entries in hlua_traceback() - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP - CLEANUP: hlua: use hlua_pusherror() where relevant - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL - BUILD: fd: errno is also needed without poll() - BUG/MINOR: server: Don't reset resolver options on a new default-server line - BUG/MINOR: connection: parse PROXY TLV for LOCAL mode - CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf - BUG/MINOR: stats: Don't state the 303 redirect response is chunked - BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header - BUG/MEDIUM: fd: prevent memory waste in fdtab array - BUILD: stick-tables: better mark the stktable_data as 32-bit aligned - BUG/MEDIUM: stick-tables: properly mark stktable_data as packed - BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned - BUG/MINOR: h1: fix detection of upper bytes in the URI - BUG/MINOR: backend: use cum_sess counters instead of cum_conn - BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets - BUG/MINOR: sock: handle a weird condition with connect() - BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding - BUG/MEDIUM: evports: do not clear returned events list on signal - BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered - CI: revert kernel addr randomization introduced in 3a0fc864 - BUG/MEDIUM: peers/trace: fix crash when listing event types - BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection - BUG/MINOR: log: invalid snprintf() usage in sess_build_logline() - BUG/MINOR: tools/log: invalid encode_{chunk,string} usage - BUG/MINOR: log: fix lf_text_len() truncate inconsistency - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon - BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs - BUG/MEDIUM: thread/sched: set proper scheduling context upon ha_set_tid() - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules 2024/04/05 : 2.4r1 (1.0.0-292.1293) - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try) - MINOR: hlua: use accessors for stream hlua ctx - DEBUG: lua: precisely identify if stream is stuck inside lua or not - DOC: config: Remove httpclient.timeout.connect parameter - DOC: httpclient: add dedicated httpclient section - BUG/MINOR: ist: only store NUL byte on succeeded alloc - BUG/MINOR: backend: properly handle redispatch 0 - BUG/MINOR: server: ignore 'enabled' for dynamic servers - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block - BUG/MINOR: session: ensure conn owner is set after insert into session - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small - CI: temporarily adjust kernel entropy to work with ASAN/clang - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout - BUG/MINOR: listener: Don't schedule frontend without task in listener_release() - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm() - DOC: configuration: clarify ciphersuites usage (V2) - BUG/MINOR: cfgparse: report proper location for log-format-sd errors - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP() - BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts - BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack - BUG/MINOR: tools: seed the statistical PRNG slightly better - MINOR: hlua: Be able to disable logging from lua - BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel - DOC: configuration: clarify ciphersuites usage - BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist - BUG/MINOR: ist: allocate nul byte on istdup - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data - DEV: makefile: fix POSIX compatibility for "range" target - DEV: makefile: add a new "range" target to iteratively build all commits - CI: Update to actions/cache@v4 - DOC: internal: update missing data types in peers-v2.0.txt - DOC: install: recommend pcre2 - DOC: configuration: clarify http-request wait-for-body - BUILD: address a few remaining calloc(size, n) cases - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions - BUG/MEDIUM: h1: always reject the NUL character in header values - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size - BUG/MINOR: h1: Don't support LF only at the end of chunks - BUG/MINOR: h1-htx: properly initialize the err_pos field - BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush() - BUG/MINOR: vars/cli: fix missing LF after "get var" output - BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI 2024/01/17 : 2.4r1 (1.0.0-291.1246) - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - DOC: config: Update documentation about local haproxy response - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - DOC: configuration: typo req.ssl_hello_type - BUG/MEDIUM: connection: report connection errors even when no mux is installed - BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them 2023/12/14 : 2.4r1 (1.0.0-290.1239) - BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly - BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range() - BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed - DOC: Clarify the differences between field() and word() - BUG/MINOR: sample: Make the `word` converter compatible with `-m found` - REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter - DOC: config: add matrix entry for "max-session-srv-conns" - DOC: config: specify supported sections for "max-session-srv-conns" - BUG/MINOR: config: Stopped parsing upon unmatched environment variables - DOC: lua: fix Proxy.get_mode() output - DOC: lua: add sticktable class reference from Proxy.stktable - REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY - DOC: 51d: updated 51Degrees repo URL for v3.2.10 - BUG/MINOR: server: do not leak default-server in defaults sections - REGTESTS: http: add a test to validate chunked responses delivery - BUG/MINOR: proxy/stktable: missing frees on proxy cleanup - MINOR: stktable: add stktable_deinit function - BUG/MINOR: stream/cli: report correct stream age in "show sess" - BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() - BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer - BUG/MINOR: stconn: Fix streamer detection for HTX streams - MINOR: channel: Add functions to get info on buffers and deal with HTX streams - MINOR: htx: Use a macro for overhead induced by HTX - BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented - REGTESTS: http: Improve script testing abortonclose option - BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only - MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads - MINOR: connection: Add a CTL flag to notify mux it should wait for reads again - BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up - DOC: config: use the word 'backend' instead of 'proxy' in 'track' description - DOC: management: -q is quiet all the time - BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts - BUG/MINOR: stick-table/cli: Check for invalid ipv4 key - CLEANUP: htx: Properly indent htx_reserve_max_data() function - BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure - BUG/MINOR: stktable: missing free in parse_stick_table() - BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure - BUG/MEDIUM: ssl: segfault when cipher is NULL - BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA - BUG/MINOR: mux-h2: update tracked counters with req cnt/req err - BUG/MINOR: mux-h2: commit the current stream ID even on reject - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending - BUG/MINOR: mux-h2: make up other blocked streams upon removal from list - BUG/MEDIUM: actions: always apply a longest match on prefix lookup - BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 - BUG/MINOR: debug: enter ha_panic() only once - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume (2nd try) 2023/10/10 : 2.4r1 (1.0.0-289.1189) 2023/10/04 : 2.4r1 (1.0.0-288.1189) - MINOR: hapee: Update list of backported commit - MINOR: pattern: fix pat_{parse,match}_ip() function comments - BUG/MINOR: server: add missing free for server->rdr_pfx - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API - BUG/MINOR: promex: fix backend_agg_check_status - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records - BUG/MINOR: hlua/init: coroutine may not resume itself - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread - MINOR: hlua: add hlua_stream_ctx_prepare helper function - CI: Update to actions/checkout@v4 - BUG/MINOR: hlua/action: incorrect message on E_YIELD error - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown - DOC: lua: fix core.register_action typo - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage - BUILD: Makefile: add the USE_QUIC option to make help - SCRIPTS: git-show-backports: automatic ref and base detection with -m - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths - BUG/MEDIUM: dns: Be sure to unlock DSS when existing dns_session_io_handler() 2023/09/27 : 2.4r1 (1.0.0-288.1167) - MEDIUM: server/ssl: pick another thread's session when we have none yet - MINOR: server/ssl: clear the shared good session index on failure - MINOR: server/ssl: maintain an index of the last known valid SSL session - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session - BUG/MINOR: ssl_sock: fix possible memory leak on OOM - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() - DOC: ssl: add some comments about the non-obvious session allocation stuff - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context 2023/08/16 : 2.4r1 (1.0.0-288.1158) - BUG/MINOR: http: skip leading zeroes in content-length values - DOC: clarify the handling of URL fragments in requests - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h1: do not accept '#' as part of the URI component - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests - MINOR: h2: pass accept-invalid-http-request down the request parser - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: ist: add new function ist_find_range() to find a character range - BUG/MAJOR: http: reject any empty content-length header value - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - DOC: configuration: describe Td in Timing events - BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses - BUG/MINOR: hlua: add check for lua_newstate - CI: explicitely highlight VTest result section if there's something - BUG/MINOR: http: Return the right reason for 302 - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters - BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers - BUG/MINOR: config: Remove final '\n' in error messages - BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() - BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() - BUG/MINOR: sink: invalid sft free in sink_deinit() - BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() - BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() - BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() - BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets - MINOR: sink/api: pass explicit maxlen parameter to sink_write() - BUG/MINOR: log: LF upsets maxlen for UDP targets - BUG/MINOR: ring: maxlen warning reported as alert - BUG/MINOR: ring: size warning incorrectly reported as fatal error - BUG/MINOR: sink: missing sft free in sink_deinit() - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() - BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage - BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT - BUILD: debug: avoid a build warning related to epoll_wait() in debug code - DOC: Add tune.h2.max-frame-size option to table of contents - BUG/MEDIUM: mworker: increase maxsock with each new worker - BUG/MINOR: namespace: missing free in netns_sig_stop() - BUG/MINOR: server: inherit from netns in srv_settings_cpy() - BUG/MEDIUM: hlua: prevent deadlocks with main lua lock - MINOR: hlua: simplify lua locking - BUG/MINOR: hlua: fix reference leak in hlua_post_init_state() - BUG/MINOR: hlua: fix reference leak in core.register_task() - MINOR: hlua: add simple hlua reference handling API - CLEANUP: Remove unused function hlua_get_top_error_string - MINOR: lua: Add a function to get a reference on a table in the stack - MINOR: proto_ux: ability to dump ABNS names in error messages - MEDIUM: proto_ux: properly suspend named UNIX listeners - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume - MINOR: listener: pause_listener() becomes suspend_listener() - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() - BUG/MINOR: listener: fix resume_listener() resume return value handling - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling - MINOR: listener: make sure we don't pause/resume bypassed listeners - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping - MINOR: listener: add relax_listener() function - MINOR: listener/api: add lli hint to listener functions - BUG/MINOR: listener: null pointer dereference suspected by coverity - CLEANUP: listener: function comment typo in stop_listener() - MINOR: proto_uxst: add resume method - BUG/MINOR: proxy: add missing interface bind free in free_proxy - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line 2023/06/09 : 2.4r1 (1.0.0-288.1094) 2023/06/06 : 2.4r1 (1.0.0-286.1094) - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - CONTRIB: Add vi file extensions to .gitignore - DOC: config: Fix bind/server/peer documentation in the peers section - BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() - MINOR: proxy: add http_free_redirect_rule() function 2023/05/26 : 2.4r1 (1.0.0-286.1089) - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: server: don't use date when restoring last_change from state file - BUG/MINOR: server: don't miss server stats update on server state transitions - BUG/MINOR: server: don't miss proxy stats update on server state transitions - MINOR: server: explicitly commit state change in srv_update_status() - BUG/MINOR: server: incorrect report for tracking servers leaving drain - BUILD: ssl: switch LibreSSL to Fastly CDN - CI: switch to Fastly CDN to download LibreSSL - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones - BUG/MINOR: debug: do not emit empty lines in thread dumps - BUILD: mjson: Fix warning about unused variables - MINOR: spoe: Don't stop disabled proxies - BUG/MINOR: proxy: missing free in free_proxy for redirect rules - BUG/MINOR: log: fix memory error handling in parse_logsrv() - SCRIPTS: publish-release: update the umask to keep group write access - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt - DOC: add size format section to manual - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set 2023/05/17 : 2.4r1 (1.0.0-286.1068) - BUG/MINOR: clock: fix the boot time measurement method for 2.6 and older - BUG/MINOR: checks: postpone the startup of health checks by the boot time - MINOR: clock: measure the total boot time - MINOR: checks: make sure spread-checks is used also at boot time 2023/04/24 : 2.4r1 (1.0.0-286.1064) - MINOR: happe: update backported and dropped files - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests - BUG/MEDIUM: Update read expiration date on synchronous send - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop - BUG/MINOR: cfgparse: make sure to include openssl-compat - CLEANUP: backend: Remove useless debug message in assign_server() - BUG/MEDIUM: log: Properly handle client aborts in syslog applet - REGTESTS: fix the race conditions in log_uri.vtc - CI: bump "actions/checkout" to v3 for cross zoo matrix - BUG/MINOR: stick_table: alert when type len has incorrect characters - BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions - CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy() - BUG/MINOR: hlua: enforce proper running context for register_x functions - BUG/MINOR: log: free log forward proxies on deinit() - BUG/MINOR: sink: free forward_px on deinit() - BUG/MEDIUM: dns: Properly handle error when a response consumed - BUG/MEDIUM: channel: Improve reports for shut in co_getblk() - DOC: config: strict-sni allows to start without certificate - MINOR: proxy/pool: prevent unnecessary calls to pool_gc() - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp() - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all() - BUG/MINOR: proto_ux: report correct error when bind_listener fails - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend - BUG/MEDIUM: listener: duplicate inherited FDs if needed - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it - DOC/CLEANUP: fix typos - BUG/MINOR: init: make sure to always limit the total number of threads - BUG/MINOR: init: properly detect NUMA bindings on large systems - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section - DOC: config: Add the missing tune.fail-alloc option from global listing - DOC: config: Fix description of options about HTTP connection modes - BUG/MINOR: ring: do not realign ring contents on resize - BUG/MINOR: cache: Check cache entry is complete in case of Vary - BUG/MINOR: cache: Cache response even if request has "no-cache" directive - BUG/MINOR: mworker: prevent incorrect values in uptime - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong - BUG/MINOR: mworker: stop doing strtok directly from the env - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list - DEV: hpack: fix `trash` build regression - CI: github: don't warn on deprecated openssl functions on windows - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send() 2023/02/13 : 2.4r1 (1.0.0-285.1010) - BUG/CRITICAL: http: properly reject empty http header field names - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first - DOC: proxy-protocol: fix wrong byte in provided example - DOC: config: 'http-send-name-header' option may be used in default section - DOC: config: fix option spop-check proxy compatibility - BUG/MEDIUM: cache: use the correct time reference when comparing dates - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge - BUG/MINOR: ssl/crt-list: warn when a line is malformated - BUG/MEDIUM: ssl: wrong eviction from the session cache tree - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section - BUG/MINOR: sink: free the forwarding task on exit 2023/02/08 : 2.4r1 (1.0.0-284.999) 2023/01/23 : 2.4r1 (1.0.0-282.999) - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) 2023/01/21 : 2.4r1 (1.0.0-282.998) - MINOR: hapee: update backported file - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task - BUG/MINOR: jwt: Wrong return value checked - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) - BUILD: hpack: include global.h for the trash that is needed in debug mode - BUG/MINOR: mux-h2: add missing traces on failed headers decoding - BUG/MINOR: listener: close tiny race between resume_listener() and stopping - DOC: config: fix "Address formats" chapter syntax - BUG/MINOR: mux-fcgi: Correctly set pathinfo - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" - DOC: config: fix wrong section number for "protocol prefixes" - BUG/MINOR: listeners: fix suspend/resume of inherited FDs - BUG/MINOR: http-ana: make set-status also update txn->status - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body - BUG/MINOR: promex: Don't forget to consume the request on error - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses - CLEANUP: htx: fix a typo in an error message of http_str_to_htx - BUG/MINOR: http: Memory leak of http redirect rules' format string - REGTEST: fix the race conditions in hmac.vtc - REGTEST: fix the race conditions in digest.vtc - REGTEST: fix the race conditions in json_query.vtc - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set - BUILD: makefile: sort the features list - BUILD: makefile: build the features list dynamically - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain - LICENSE: wurfl: clarify the dummy library license. - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout - REGTESTS: startup: check maxconn computation - REGTESTS: fix the race conditions in iff.vtc - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes - DOC: promex: Add missing backend metrics - MINOR: promex: introduce haproxy_backend_agg_check_status - BUG/MINOR: promex: create haproxy_backend_agg_server_status - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers - BUG/MINOR: ssl: Fix potential overflow - BUG/MEDIUM: ssl: Verify error codes can exceed 63 - BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure 2022/12/27 : 2.4r1 (1.0.0-280.956) 2022/12/16 : 2.4r1 (1.0.0-279.956) - BUILD: peers: peers-t.h depends on stick-table-t.h - BUG/MINOR: hapee/modules: make sure generated includes and structs are sorted - MINOR: hapee/modules: check if we generate the API hash correctly 2022/12/15 : 2.4r1 (1.0.0-279.953) - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk 2022/12/09 : 2.4r1 (1.0.0-279.952) - CI: github: change "ubuntu-latest" to "ubuntu-20.04" - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side - Revert "CI: determine actual OpenSSL version dynamically" - Revert "CI: switch to the "latest" LibreSSL" - SCRIPTS: announce-release: add a link to the data plane API - DOC: config: clarify the -m dir and -m dom pattern matching methods - DOC: config: clarify the fact that "retries" is not just for connections - DOC: config: explain how default matching method for ACL works - DOC: config: mention that a single monitor-uri rule is supported - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios - DOC: config: provide some configuration hints for "http-reuse" - Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" 2022/11/29 : 2.4r1 (1.0.0-279.940) - BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out - BUILD: http-htx: Silent build error about a possible NULL start-line - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action - BUG/MINOR: log: fix parse_log_message rfc5424 size check - BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance - BUILD: listener: fix build warning on global_listener_rwlock without threads - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns - BUILD: peers: Remove unused variables - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored - BUG/MINOR: ssl: don't initialize the keylog callback when not required - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes - BUG/MEDIUM: ring: fix creation of server in uninitialized ring - DOC: config: fix alphabetical ordering of global section - REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses - BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers - BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once - BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy - BUG/MINOR: resolvers: Set port before IP address when processing SRV records - BUG/MINOR: http-htx: Fix error handling during parsing http replies - BUG/MEDIUM: wdt/clock: properly handle early task hangs - CI: emit the compiler's version in the build reports - CI: switch to the "latest" LibreSSL - BUG/MINOR: ssl: ocsp structure not freed properly in case of error - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer - CI: add monthly gcc cross compile jobs - BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task 2022/10/26 : 2.4r1 (1.0.0-279.911) - MINOR: hapee: update backported file - DOC: lua: add a note about compression w/ httpclient - REGTESTS: httpclient/lua: test the lua task timeout with the httpclient - BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler - BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient - MINOR: httpclient/lua: Don't set req_payload callback if body is empty - BUG/MAJOR: stick-table: don't process store-response rules for applets - DOC: management: add forgotten "show startup-logs" - BUG/MINOR: stick-table: Use server_id instead of std_t_sint in process_store_rules() - CI: SSL: temporarily stick to LibreSSL=3.5.3 - CI: SSL: use proper version generating when "latest" semantic is used - BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers - BUG/MINOR: sink: Only use backend capability for the sink proxies - BUG/MEDIUM: compression: handle rewrite errors when updating response headers - BUG/MINOR: ring: Properly parse connect timeout - BUG/MINOR: log: Preserve message facility when the log target is a ring buffer - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py - BUG/MINOR: server: make sure "show servers state" hides private bits - BUG/MAJOR: stick-tables: do not try to index a server name for applets - DOC: configuration: missing 'if' in tcp-request content example - BUG/MINOR: backend: only enforce turn-around state when not redispatching - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() - BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os - BUG/MEDIUM: lua: handle stick table implicit arguments right. - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure - DOC: config: Fix pgsql-check documentation to make user param mandatory - BUG/MINOR: checks: update pgsql regex on auth packet - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies 2022/09/20 : 2.4r1 (1.0.0-279.877) - BUG/MINOR: log: improper behavior when escaping log data - SCRIPTS: announce-release: update some URLs to https - BUILD: fd: fix a build warning on the DWCAS - BUG/MEDIUM: captures: free() an error capture out of the proxy lock - DOC: fix TOC in starter guide for subsection 3.3.8. Statistics - REGTESTS: ssl/log: test the log-forward with SSL - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. - REGTESTS: log: test the log-forward feature - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message - BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' - MINOR: listener: small API change - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: signals/poller: ensure wakeup from signals - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals - BUG/MINOR: task: always reset a new tasklet's call date - BUG/MINOR: h1: Support headers case adjustment for TCP proxies - BUILD: makefile: enable crypt(3) for NetBSD 2022/09/15 : 2.4r1 (1.0.0-279.859) - BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support - BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber - BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input 2022/08/30 : 2.4r1 (1.0.0-279.852) - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) - BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode - DOC: configuration: do-resolve doesn't work with a port in the string - REGTESTS: Fix prometheus script to perform HTTP health-checks - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() - BUG/MAJOR: mworker: fix infinite loop on master with no proxies. - BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names 2022/08/17 : 2.4r1 (1.0.0-278.838) - MINOR: hapee: update backported file with pool-related stuff - MINOR: chunk: inline alloc_trash_chunk() - MINOR: pools/memprof: store and report the pool's name in each bin - MINOR: pool/memprof: report pool alloc/free in memory profiling - MINOR: memprof: export the minimum definitions for memory profiling - MINOR: pools: partially uninline pool_alloc() - MINOR: pools: partially uninline pool_free() 2022/08/12 : 2.4r1 (1.0.0-277.831) - BUILD: http: silence an uninitialized warning affecting gcc-5 - BUG/MEDIUM: ring: fix too lax 'size' parser - BUILD: debug: silence warning on gcc-5 - BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() - BUG/MEDIUM: poller: use fd_delete() to release the poller pipes - BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h - BUG/MINOR: sink: fix a race condition between the writer and the reader - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader - BUG/MEDIUM: proxy: Perform a custom copy for default server settings - REORG: server: Export srv_settings_cpy() function - MINOR: server: Constify source server to copy its settings - BUG/MEDIUM: dns: Properly initialize new DNS session - BUG/MINOR: peers: Use right channel flag to consider the peer as connected - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer - BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions - MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups 2022/07/29 : 2.4r1 (1.0.0-277.814) - MINOR: http-htx: Use new HTTP functions for the scheme based normalization - BUG/MEDIUM: h1: Improve authority validation for CONNCET request - MINOR: http: Add function to detect default port - MINOR: http: Add function to get port part of a host - HAPEE: update backported HAPEE patches - MEDIUM: httpclient: Don't close CLI applet at the end of a response - BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases - BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them - BUG/MEDIUM: mworker: use default maxconn in wait mode - BUG/MINOR: sockpair: wrong return value for fd_send_uxst() - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible - BUILD: add detection for unsupported compiler models - BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload - REGTESTS: Fix some scripts to be compatible with 2.4 and prior - BUG/MINOR: tools: fix statistical_prng_range()'s output range - BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) - BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX - BUG/MEDIUM: tools: avoid calling dlsym() in static builds - MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state - BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer - REGTEESTS: filters: Fix CONNECT request in random-forwarding script - BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream - BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo - BUG/MINOR: peers: fix possible NULL dereferences at config parsing - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule - BUG/MINOR: peers/config: always fill the bind_conf's argument - MINOR: fd: Add BUG_ON checks on fd_insert() - CI: re-enable gcc asan builds - BUILD: Makefile: Add Lua 5.4 autodetect - BUG/MEDIUM: ssl/fd: unexpected fd close using async engine - MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created - BUG/MINOR: ssl: Do not look for key in extra files if already in pem - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration - BUG/MINOR: cli/stats: add missing trailing LF after "show info json" - BUG/MINOR: server: do not enable DNS resolution on disabled proxies - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs - REGTESTS: healthcheckmail: Relax health-check failure condition - REGTESTS: healthcheckmail: Update the test to be functionnal again - BUG/MINOR: checks: Properly handle email alerts in trace messages - BUG/MINOR: trace: Test server existence for health-checks to get proxy - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert - BUILD: compiler: implement unreachable for older compilers too - REGTESTS: restrict_req_hdr_names: Extend supported versions - REGTESTS: http_abortonclose: Extend supported versions - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients - REGTESTS: abortonclose: Add a barrier to not mix up log messages - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails - DOC: intro: adjust the numbering of paragrams to keep the output ordered 2022/07/13 : 2.4r1 (1.0.0-276.752) 2022/06/10 : 2.4r1 (1.0.0-274.752) - DOC: peers: fix port number and addresses on new peers section format - DOC: peers: clarify when entry expiration date is renewed. - DOC: peers: indicate that some server settings are not usable - SCRIPTS: make publish-release try to launch make-releases-json - SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) - BUG/MEDIUM: sample: Fix adjusting size in word converter - BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section - BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections - BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function - BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols - BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str - CI: determine actual OpenSSL version dynamically - BUILD/MINOR: cpuset fix build for FreeBSD 13.1 - BUG/MINOR: peers: fix error reporting of "bind" lines - BUG/MINOR: cfgparse: abort earlier in case of allocation error - BUG/MINOR: check: Reinit the buffer wait list at the end of a check - BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() - REGTESTS: abortonclose: Fix some race conditions - BUG/MINOR: ssl: Fix crash when no private key is found in pem - MINOR: tools: add get_exec_path implementation for solaris based systems. - BUILD: fix build warning on solaris based systems with __maybe_unused. - MEDIUM: http-ana: Add a proxy option to restrict chars in request header names - CI: determine actual LibreSSL version dynamically 2022/05/13 : 2.4r1 (1.0.0-272.728) - CLEANUP: mux-h1: Fix comments and error messages for global options - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). - DOC: install: update gcc version requirements - BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( - BUILD: listener: shut report of possible null-deref in listener_accept() - BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings - BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation - CI: dynamically determine actual version of h2spec - DOC: fix typo "ant" for "and" in INSTALL - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init - BUG/MINOR: map/cli: protect the backref list during "show map" errors - BUG/MEDIUM: cli: make "show cli sockets" really yield - BUG/MEDIUM: resolvers: make "show resolvers" properly yield - BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] - DOC: config: Update doc for PR/PH session states to warn about rewrite failures - HAPEE: update backported HAPEE patches - BUG/MINOR: http: http_auth_bearer fetch does not work on custom header name - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls - BUG/MINOR: jwt: Missing pkey free during cleanup - BUG/MINOR: jwt: Double free in deinit function - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query - BUG/MINOR: jwt: Fix jwt_parse_alg incorrectly returning JWS_ALG_NONE - MINOR: jwt: Make invalid static JWT algorithms an error in `jwt_verify` converter - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_rsa_ecdsa() - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_hmac() - MINOR: jwt: Do not rely on enum order anymore - MINOR: jwt: jwt_verify returns negative values in case of error - MINOR: jwt: Empty the certificate tree during deinit - BUG/MEDIUM: sample/jwt: fix another instance of base64 error detection - DOC: jwt: fix a typo in the jwt_verify() keyword description - BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs - BUG/MEDIUM: jwt: fix base64 decoding error detection - BUILD: jwt: fix declaration of EVP_KEY in jwt-h.h - REGTESTS: jwt: Add tests for the jwt_verify converter - MEDIUM: jwt: Add jwt_verify converter to verify JWT integrity - MINOR: jwt: jwt_header_query and jwt_payload_query converters - MINOR: jwt: Insert public certificates into dedicated JWT tree - MINOR: jwt: JWT tokenizing helper function - MINOR: jwt: Parse JWT alg field - MINOR: http: Add http_auth_bearer sample fetch 2022/05/12 : 2.4r1 (1.0.0-272.686) - MINOR: mux-h2: report a trace event when failing to create a new stream - BUG/MINOR: mux-h2: mark the stream as open before processing it not after - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket 2022/05/05 : 2.4r1 (1.0.0-272.683) - HAPEE: update backported HAPEE patches - BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel - BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified - BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message - SCRIPTS: announce-release: add URL of dev packages - CI: github actions: update LibreSSL to 3.5.2 2022/05/02 : 2.4r1 (1.0.0-271.677) - HAPEE: update backported HAPEE patches - MINOR: connection: Add way to disable active connection closing during soft-stop - BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time' - MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window 2022/04/29 : 2.4r1 (1.0.0-271.673) - BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option - BUG/MINOR: httpclient: end callback in applet release - BUILD: opentracing: Fix OT build due to misuse of var_clear() - BUILD: proto_uxst: do not set unused flag - BUILD: sockpair: do not set unused flag - BUILD: fd: remove unused variable totlen in fd_write_frag_line() - CLEANUP: acl: Remove unused variable when releasing an acl expression - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() - BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() - BUILD: compiler: properly distinguish weak and global symbols - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc - MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks - MINOR: task: add a new task_instant_wakeup() function - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments - DOC: remove my name from the config doc - BUG/MAJOR: connection: Never remove connection from idle lists outside the lock - BUG/MINOR: cache: Disable cache if applet creation fails - SCRIPTS: announce-release: add shortened links to pending issues - DOC: lua: update a few doc URLs - SCRIPTS: announce-release: update the doc's URL - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added - BUG/MEDIUM: stream: do not abort connection setup too early - BUILD: compiler: use a more portable set of asm(".weak") statements - BUILD: sched: workaround crazy and dangerous warning in Clang 14 - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side - BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak - BUG/MINOR: cache: do not display expired entries in "show cache" - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent - CI: cirrus: switch to FreeBSD-13.0 - CI: Update to actions/cache@v3 - CI: Update to actions/checkout@v3 - DEBUG: opentracing: show return values of all functions in the debug output - CLEANUP: opentracing: added variable to store variable length - CLEANUP: opentracing: added flt_ot_smp_init() function - CLEANUP: opentracing: removed unused function flt_ot_var_get() - CLEANUP: opentracing: removed unused function flt_ot_var_unset() - DOC: opentracing: corrected comments in function descriptions - EXAMPLES: opentracing: refined shell scripts for testing filter performance - BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples - BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached - BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message - BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet - BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests - CI: github actions: update OpenSSL to 3.0.2 - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads - BUG/MINOR: samples: add missing context names for sample fetch functions - DOC: reflect H2 timeout changes - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts - MEDIUM: mux-h2: slightly relax timeout management rules - BUG/MEDIUM: stream-int: do not rely on the connection error once established 2022/03/29 : 2.4r1 (1.0.0-270.616) - HAPEE: update backported HAPEE patches - BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty() - BUG/MINOR: httpclient: process the response when received before the end of the request - BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA - BUILD: httpclient: fix build without SSL - BUG/MINOR: httpclient: send the SNI using the host header - MINOR: server: export server_parse_sni_expr() function - BUG/MINOR: httpclient/lua: stuck when closing without data - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing - BUG/MINOR: tools: url2sa reads too far when no port nor path - DOC: config: Explictly add supported MQTT versions - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf - CI: github actions: switch to LibreSSL-3.5.1 - BUG/MINOR: server/ssl: free the SNI sample expression 2022/03/25 : 2.4r1 (1.0.0-269.599) - BUG/MINOR: tools: fix url2sa return value with IPv4 - BUILD: tree-wide: mark a few numeric constants as explicitly long long - BUG/MINOR: stream: make the call_rate only count the no-progress calls 2022/03/17 : 2.4r1 (1.0.0-269.596) 2022/03/14 : 2.4r1 (1.0.0-268.596) - HAPEE: update backported HAPEE patches - BUG/MEDIUM: httpclient: must manipulate head, not first - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers - BUG/MINOR: httpclient: consume partly the blocks when necessary - CLEANUP: htx: remove unused co_htx_remove_blk() - BUG/MEDIUM: httpclient: don't consume data before it was analyzed - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST - DOC: Fix usage/examples of deprecated ACLs - BUG/MEDIUM: httpclient: limit transfers to the maximum available room - CLEANUP: httpclient/cli: fix indentation alignment of the help message - BUG/MINOR: httpclient: reinit flags in httpclient_start() - MINOR: httpclient: Don't limit data transfer to 1024 bytes - BUG/MINOR: httpclient/cli: display junk characters in vsn - BUG/MEDIUM: httpclient: Xfer the request when the stream is created - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers - BUG/MINOR: httpclient: set default Accept and User-Agent headers - BUG/MINOR: httpclient: don't send an empty body - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - DEBUG: stream: Fix stream trace message to print response buffer state - DEBUG: stream: Add the missing descriptions for stream trace events - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cli: shows correct mode in "show sess" - BUG/MINOR: add missing modes in proxy_mode_str() 2022/03/08 : 2.4r1 (1.0.0-268.564) - BUILD: pools: fix backport of no-memory-trimming on non-linux OS - MINOR: pools: add a new global option "no-memory-trimming" - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed - BUG/MINOR: pool: always align pool_heads to 64 bytes 2022/03/01 : 2.4r1 (1.0.0-268.560) - REGTESTS: fix the race conditions in secure_memcmp.vtc - REGTESTS: fix the race conditions in normalize_uri.vtc - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() - CI: github actions: use cache for SSL libs - CI: github actions: use cache for OpenTracing - CI: github actions: add OpenTracing builds - CI: github actions: add the output of $CC -dM -E- 2022/02/25 : 2.4r1 (1.0.0-268.553) - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails - CI: github: enable pool debugging by default - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message - BUG/MINOR: tools: url2sa reads ipv4 too far - BUG/MINOR: mailers: negotiate SMTP, not ESMTP - CI: github actions: update OpenSSL to 3.0.1 - CI: github: switch to OpenSSL 3.0.0 - CI: github actions: relax OpenSSL-3.0.0 version comparision - CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 - CI: github actions: add OpenSSL-3.0.0 builds - BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 - BUILD: fix compilation for OpenSSL-3.0.0-alpha17 - CI: ssl: keep the old method for ancient OpenSSL versions - CI: ssl: do not needlessly build the OpenSSL docs - CI: ssl: enable parallel builds for OpenSSL on Linux - BUG/MAJOR: compiler: relax alignment constraints on certain structures - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names - BUG/MINOR: sink: Use the right field in appctx context in release callback - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change - REGTESTS: peers: leave a bit more time to peers to synchronize - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies - BUG/MEDIUM: listener: read-lock the listener during accept() - MINOR: listener: replace the listener's spinlock with an rwlock - BUG/MINOR: mworker: does not erase the pidfile upon reload - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks - DEBUG: pools: replace the link pointer with the caller's address on pool_free() - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool - DEBUG: pools: add extra sanity checks when picking objects from a local cache - BUG/MINOR: pools: always flush pools about to be destroyed - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY - BUILD: debug/cli: condition test of O_ASYNC to its existence - DEBUG: cli: add a new "debug dev fd" expert command - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them - BUG/MEDIUM: mcli: do not try to parse empty buffers - BUG/MEDIUM: cli: Never wait for more data on client shutdown - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands - MINOR: channel: add new function co_getdelim() to support multiple delimiters - MEDIUM: cli: yield between each pipelined command - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl - BUILD/MINOR: fix solaris build with clang. - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer - BUG/MEDIUM: connection: properly leave stopping list on error 2022/01/13 : 2.4r1 (1.0.0-268.499) - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data - BUG/MEDIUM: mworker: don't use _getsocks in wait mode - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry - BUG/MINOR: cli: fix _getsocks with musl libc - BUILD/MINOR: tools: solaris build fix on dladdr. - BUILD/MINOR: cpuset FreeBSD 14 build fix. - BUG/MEDIUM: ssl: free the ckch instance linked to a server - BUG/MINOR: ssl: free the fields in srv->ssl_ctx - MINOR: debug: add support for -dL to dump library names at boot - MINOR: debug: add ability to dump loaded shared libraries - MINOR: compat: detect support for dl_iterate_phdr() - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - MINOR: proxy: add option idle-close-on-response - REGTESTS: ssl: fix ssl_default_server.vtc - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server - DOC: fix misspelled keyword "resolve_retries" in resolvers - BUILD: ssl: unbreak the build with newer libressl - BUILD: cli: clear a maybe-unused warning on some older compilers - BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode - CI: Github Actions: temporarily disable BoringSSL builds 2021/12/24 : 2.4r1 (1.0.0-268.477) - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch - BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose - BUG/MINOR: backend: do not set sni on connection reuse - MINOR: pools: work around possibly slow malloc_trim() during gc - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode - DOC: config: retry-on list is space-delimited - DOC: config: Specify %Ta is only available in HTTP mode - DOC: spoe: Clarify use of the event directive in spoe-message section - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types - MINOR: cli: "show version" displays the current process version - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH 2021/12/02 : 2.4r1 (1.0.0-268.464) - MINOR: mux-h1: Improve H1 traces by adding info about http parsers - BUG/MAJOR: segfault using multiple log forward sections. - BUG/MEDIUM: resolvers: Detach query item on response error - BUG/MINOR: server: Don't rely on last default-server to init server SSL context - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time 2021/11/25 : 2.4r1 (1.0.0-268.459) - BUILD/MINOR: server: fix compilation without SSL - HAPEE: Update backported and hapee patches - BUG/MINOR: cache: Fix loop on cache entries in "show cache" - MINOR: promex: backend aggregated server check status - MINOR: server: add ws keyword - MEDIUM: server/backend: implement websocket protocol selection - MINOR: connection: add alternative mux_ops param for conn_install_mux_be - MINOR: connection: implement function to update ALPN - MINOR: stream/mux: implement websocket stream flag - BUG/MINOR: ssl: make SSL counters atomic - MINOR: shctx: add a few BUG_ON() for consistency checks - BUG/MINOR: shctx: do not look for available blocks when the first one is enough - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found - BUG/MEDIUM: cache/cli: make "show cache" thread-safe - BUG/MEDIUM: mux-h2: always process a pending shut read - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found - CLEANUP: ssl: fix wrong #else commentary - BUG/MINOR: ssl: free correctly the sni in the backend SSL cache - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 - BUILD: makefile: simplify detection of libatomic - BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value - BUG/MINOR: mworker: doesn't launch the program postparser - BUG/MEDIUM: conn-stream: Don't reset CS flags on close - MINOR: mux-h1: Slightly Improve H1 traces - DOC: lua: Be explicit with the Reply object limits - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules - DOC: config: Fix typo in ssl_fc_unique_id description - BUG/MINOR: cache: properly ignore unparsable max-age in quotes - BUG/MINOR: resolvers: throw log message if trash not large enough for query - BUG/MINOR: resolvers: fix sent messages were counted twice - BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support - MINOR: mux-h2: add trace on extended connect usage - MINOR: mux-h2: perform a full cycle shutdown+drain on close - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close - SCRIPTS: git-show-backports: re-enable file-based filtering - DOC/peers: some grammar fixes for peers 2.1 spec - MINOR: stream: Improve dump of bogus streams - BUILD/MINOR: cpuset freebsd build fix - DOC: config: Fix alphabetical order of fc_* samples - BUG/MINOR: sample: fix backend direction flags consecutive to last fix - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration - MINOR: halog: Add support for extracting captures using -hdr - BUG/MINOR: halog: Add missing newlines in die() messages - CLEANUP: halog: Use consistent indentation in help() - MINOR: halog: Rename -qry to -query - DOC: halog: Move the `-qry` parameter into the correct section in help text - MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink - MEDIUM: resolvers: remove the last occurrences of the "safe" argument - MEDIUM: resolvers: use a kill list to preserve the list consistency - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters - CLEANUP: always initialize the answer_list - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed - BUILD: atomic: fix build on mac/arm64 - BUG/MINOR: backend: fix improper insert in avail tree for always reuse - BUILD: fix compilation on NetBSD - MINOR: memprof: add one pointer size to the size of allocations - MINOR: memprof: report the delta between alloc and free on realloc() - BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame - BUG/MINOR: task: do not set TASK_F_USR1 for no reason - BUG/MAJOR: buf: fix varint API post- vs pre- increment - BUG/MEDIUM: resolvers: always check a valid item in query_list - BUILD: resolvers: avoid a possible warning on null-deref - BUG/MAJOR: resolvers: add other missing references during resolution removal - MINOR: resolvers: merge address and target into a union "data" - BUG/MEDIUM: resolvers: use correct storage for the target address - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records - BUG/MEDIUM: resolver: make sure to always use the correct hostname length - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero - BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier - BUG/MAJOR: dns: tcp session can remain attached to a list after a free - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors 2021/11/24 : 2.4r1 (1.0.0-268.373) - BUG/MINOR: lua: don't expose internal proxies - BUG/MINOR: httpclient: allow to replace the host header - DOC: lua: documentation about the httpclient API - REGTESTS: httpclient/lua: add greater body values - BUG/MEDIUM: httpclient/cli: free of unallocated hc->req.uri - BUG/MEDIUM: httpclient: channel_add_input() must use htx->data - BUG/MINOR: httpclient/lua: rcv freeze when no request payload - BUG/MINOR: httpclient: use a placeholder value for Host header - BUG/MINOR: httpclient/lua: misplaced luaL_buffinit() - REGTESTS: lua: test httpclient with body streaming - MINOR: httpclient/lua: handle the streaming into the lua applet - MINOR: httpclient: request streaming with a callback - MINOR: httpclient/lua: return an error when it can't generate the request - MINOR: httpclient/lua: support more HTTP methods - MINOR: httpclient: support payload within a buffer - DOC: management: doc about the CLI httpclient - MINOR: httpclient/cli: access should be only done from expert mode 2021/11/08 : 2.4r1 (1.0.0-268.356) 2021/10/20 : 2.4r1 (1.0.0-264.356) - Revert "CLEANUP: server: always include the storage for SSL settings" - BUG/MEDIUM: sample: properly verify that variables cast to sample - MINOR: sample: provide a generic var-to-sample conversion function - CLEANUP: sample: uninline sample_conv_var2smp_str() - CLEANUP: sample: rename sample_conv_var2smp() to *_sint - CLEANUP: server: always include the storage for SSL settings - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error - BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD - BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back - MINOR: initcall: Rename __GLOBL and __GLOBL1. - DOC: configuration: add clarification on escaping in keyword arguments - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames 2021/10/14 : 2.4r1 (1.0.0-263.343) - BUILD: hapee/modules: select either md5 or md5sum 2021/10/08 : 2.4r1 (1.0.0-259.342) - MINOR: hapee: update backported and hapee patches - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing - MINOR: arg: Be able to forbid unresolved args when building an argument list - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - BUG/MEDIUM: lua: fix wakeup condition from sleep() - MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options - DOC: peers: fix doc "enable" statement on "peers" sections - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" - MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary - MINOR: htx: Add a function to know if the free space wraps - MINOR: htx: Add an HTX flag to know when a message is fragmented - MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv() - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer - BUG/MINOR: stats: use refcount to protect dynamic server on dump - MINOR: server: return the next srv instance on free_server - BUG/MINOR: server: do not use refcount in free_server in stopping mode - MINOR: global: define MODE_STOPPING - MINOR: server: implement a refcount for dynamic servers - BUG/MINOR: http-ana: increment internal_errors counter on response error - BUG/MINOR: h1-htx: Fix a typo when request parser is reset - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero - BUG/MINOR: server: allow 'enable health' only if check configured - BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl - BUILD: halog: fix a -Wundef warning on non-glibc systems - BUILD: compiler: fixed a missing test on defined(__GNUC__) - BUILD: fix dragonfly build again on __read_mostly - BUILD: tools: properly guard __GLIBC__ with defined() - BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL - BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER - BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef - IMPORT: slz: silence a build warning with -Wundef - BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef - BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef - BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING - MINOR: proc: setting the process to produce a core dump on FreeBSD. - MINOR: tools: add FreeBSD support to get_exec_path() - BUILD: tools: get the absolute path of the current binary on NetBSD. - BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set - BUG/MINOR: cli/payload: do not search for args inside payload - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc - BUG/MINOR: connection: prevent null deref on mux cleanup task allocation - DOC: management: certificate files must be sanitized before injection - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check - BUG/MAJOR: mux-h1: Don't eval input data if an error was reported - BUILD: httpclient: include missing ssl_sock-t - MINOR: httpclient/lua: supports headers via named arguments - BUG/MINOR: httpclient/lua: does not process headers when failed - MINOR: httpclient: destroy checks if a client was started but not stopped - BUG/MEDIUM: httpclient/lua: crash because of b_xfer and get_trash_chunk() - MINOR: buf: Add b_force_xfer() function - MINOR: httpclient/lua: implement garbage collection - MINOR: httpclient: test if started during stop_and_destroy() - MINOR: httpclient: stop_and_destroy() ask the applet to autokill - MINOR: httpclient: set HTTPCLIENT_F_ENDED only in release - MINOR: httpclient: destroy() must free the headers and the ists - BUG/MEDIUM: httpclient: replace ist0 by istptr - REGTESTS: lua: test the httpclient:get() feature - BUG/MINOR: httpclient/lua: return an error on argument check - MINOR: httpclient/lua: implement the headers in the response object - MINOR: httpclient/lua: httpclient:get() API in lua - MINOR: httpclient: httpclient_ended() returns 1 if the client ended - MINOR: httpclient: httpclient_data() returns the available data - MINOR: httpclient: add the EOH when no headers where provided - BUILD: httpclient: fix build without OpenSSL 2021/10/04 : 2.4r1 (1.0.0-254.271) 2021/10/01 : 2.4r1 (1.0.0-253.271) - HAPEE: update backports and notes - REGTESTS: re-enable the "ssl_default_server" regtest on 2.4 - REGTESTS: re-enable the "vars" regtest on 2.4 - MINOR: http-rules: add a new "ignore-empty" option to redirects. - CLEANUP: vars: name the temporary proxy "CFG" instead of "CLI" for global vars - MINOR: log: make log-format expressions completely usable outside of req/resp - MINOR: vars: make the vars() sample fetch function support a default value - BUILD: ot: add argument for default value to vars_get_by_name() - MINOR: vars: make vars_get_by_* support an optional default value - CLEANUP: vars: factor out common code from vars_get_by_{desc,name} - MEDIUM: vars: also support format strings in CLI's "set var" command - MINOR: vars: add a "set-var-fmt" directive to the global section - BUG/MINOR: vars: do not talk about global section in CLI errors for set-var - BUG/MINOR: vars: truncate the variable name in error reports about scope. - BUG/MEDIUM: vars: run over the correct list in release_store_rules() - MEDIUM: vars: add a new "set-var-fmt" action - BUG/MINOR: vars: properly set the argument parsing context in the expression - BUG/MINOR: vars: improve accuracy of the rules used to check expression validity - MINOR: sample: add missing ARGC_ entries - BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD. - CLEANUP: tcp-act: Sort action lists - BUILD: tcp-act: avoid warning when set-mark / set-tos are not supported - MINOR: http-act/tcp-act: Add "set-mark" and "set-tos" for tcp content rules - MINOR: http-act/tcp-act: Add "set-nice" for tcp content rules - MINOR: http-act/tcp-act: Add "set-log-level" for tcp content rules - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - BUG/MEDIUM: cfgparse: do not allocate IDs to automatic internal proxies - BUG/MINOR: proxy: don't dump servers of internal proxies - MINOR: pools: use mallinfo2() when available instead of mallinfo() - MINOR: pools: automatically disable malloc_trim() with external allocators - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() - BUG/MINOR: compat: make sure __WORDSIZE is always defined - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached - CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload - MINOR: htx: Skip headers with no value when adding a header list to a message - BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload - BUG/MINOR: systemd: ExecStartPre must use -Ws - BUG/MINOR: filters: Set right FLT_END analyser depending on channel - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered - BUG/MINOR: lua: Don't yield in channel.append() and channel.set() - BUG/MINOR: lua: Yield in channel functions only if lua context can yield - MINOR: lua: Add a flag on lua context to know the yield capability at run time - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - DOC: configuration: remove wrong tcp-request examples in tcp-response - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser - CLEANUP: Add missing include guard to signal.h - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - MINOR: time: add report_idle() to report process-wide idle time - BUG/MINOR: time: fix idle time computation for long sleeps - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MINOR: base64: base64urldec() ignores padding in output size check - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions - MINOR: hlua: take the global Lua lock inside a global function - REGTESTS: abortonclose: after retries, 503 is expected, not close - REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 - BUG/MINOR: httpclient: fix Host header - MINOR: httpclient: add the server to the proxy - MINOR: httpclient: set verify none on the https server - BUG/MINOR: httpclient: remove deinit of the httpclient - MINOR: proxy: disable warnings for internal proxies - MINOR: cli: delare the CLI frontend as an internal proxy - MINOR: proxy: check if p is NULL in free_proxy() - MINOR: httpclient/cli: change the User-Agent to "HAProxy" - MINOR: httpclient: cleanup the include files - BUG/MINOR: httpclient: check if hdr_num is not 0 - BUG/MINOR: httpclient/cli: change the appctx test in the callbacks - MINOR: httpclient/cli: implement a simple client over the CLI - BUG/MINOR: httpclient: fix uninitialized sl variable - BUG/MINOR: http_client: make sure to preset the proxy's default settings - MINOR: channel: remove an htx block from a channel - MINOR: httpclient: implement a simple HTTP Client API - MINOR: httpclient: initialize the proxy - MINOR: stats: shows proxy in a stopped state - MINOR: proxy: disabled takes a stopping and a disabled state - MINOR: stats: don't output internal proxies (PR_CAP_INT) - MINOR: mworker: the mworker CLI proxy is internal - MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT - MEDIUM: stats: include disabled proxies that hold active sessions to stats - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path - REGTESTS: add a test to prevent h2 desync attacks - BUG/MEDIUM: h2: give :authority precedence over Host - BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax - MINOR: http: add a new function http_validate_scheme() to validate a scheme - DOC/MINOR: fix typo in management document - CLEANUP: assorted typo fixes in the code and comments - BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - DOC: config: Fix 'http-response send-spoe-group' documentation - DOC: Improve the lua documentation - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer - BUG/MINOR: buffer: fix buffer_dump() formatting - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - ADMIN: dyncookie: implement a simple dynamic cookie calculator - MINOR: server: unmark deprecated on enable health/agent cli - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: server: remove srv from px list on CLI 'add server' error - BUILD: opentracing: fixed build when using pkg-config utility - DOC: internals: document the FD takeover process - BUG/MINOR: fd: protect fd state harder against a concurrent takeover - BUG/MINOR: pollers: always program an update for migrated FDs - BUG/MINOR: poll: fix abnormally high skip_fd counter - BUG/MINOR: select: fix excess number of dead/skip reported - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before - BUG/MEDIUM: connection: close a rare race between idle conn close and takeover - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: mux-h1: Obey dontlognull option for empty requests - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree - BUG/MINOR: check: fix the condition to validate a port-less server - BUG/MINOR: stats: Add missing agent stats on servers - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request - BUILD/MINOR: memprof fix macOs build. - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUILD: lua: silence a build warning with TCC - BUILD: add detection of missing important CFLAGS - BUG/MINOR: ssl: Default-server configuration ignored by server - MINOR: mux_h2: define config to disable h2 websocket support - BUILD: http_htx: fix ci compilation error with isdigit for Windows - REGTESTS: add http scheme-based normalization test - MEDIUM: h2: apply scheme-based normalization on h2 requests - MEDIUM: h1-htx: apply scheme-based normalization on h1 requests - MEDIUM: http: implement scheme-based normalization - MINOR: http: implement http_get_scheme - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - BUG/MINOR: cli: fix server name output in "show fd" - BUG/MEDIUM: sock: make sure to never miss early connection failures - DOC: stick-table: add missing documentation about gpt0 stored type - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - DOC: config: use CREATE USER for mysql-check - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution - BUG/MINOR: mqtt: Support empty client ID in CONNECT message - BUG/MINOR: mqtt: Fix parser for string with more than 127 characters - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules - BUILD: Makefile: fix linkage for Haiku. - BUG/MINOR: checks: return correct error code for srv_parse_agent_check - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - BUG/MINOR: resolvers: Always attach server on matching record on resolution - CLEANUP: dns: Remove a forgotten debug message - DOC: config: Add missing actions in "tcp-request session" documentation - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - REGTESTS: fix maxconn update with agent-check - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check - BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MINOR: server-state: load SRV resolution only if params match the config - BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces - BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MINOR: stats: make "show stat typed desc" work again - CLEANUP: mux-h2/traces: better align user messages - MINOR: mux-h2/trace: report a few connection-level info during h2_init() - MINOR: connection: add helper conn_append_debug_info() - MINOR: hapee: add a .hapee directory to list backporting notes - BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers - BUG/MINOR: mux-h1: do not skip the error response on bad requests - MINOR: backend: only skip LB when there are actual connections - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - CLEANUP: global: remove unused definition of stopping_task[] - BUG/MINOR: mworker: fix typo in chroot error message - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node - BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree - BUG/MEDIUM: server: do not forget to generate the dynamic servers ids - BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees - BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - DOC: lua: Add a warning about buffers modification in HTTP - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item - BUG/MINOR: resolvers: answser item list was randomly purged or errors - CLEANUP: l7-retries: do not test the buffer before calling b_alloc() - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded - CLEANUP: pools: remove now unused seq and pool_free_list - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - MEDIUM: pools: use a single pool_gc() function for locked and lockless - MINOR: pools: call malloc_trim() under thread isolation - MINOR: pools: do not maintain the lock during pool_flush() - BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - BUG/MEDIUM: compression: Properly get the next block to iterate on payload - BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block - BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode - Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - BUILD: make tune.ssl.keylog available again - DOC: use the req.ssl_sni in examples - MINOR: errors: allow empty va_args for diag variadic macro - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry - DOC/MINOR: move uuid in the configuration to the right alphabetical order - BUG/MINOR: vars: Be sure to have a session to get checks variables - CLEANUP: http-ana: Remove useless if statement about L7 retries - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - DOC: intro: Fix typo in starter guide - MINOR: cfgparse: Fail when encountering extra arguments in macro - MINOR: http-ana: Perform L7 retries because of status codes in response analyser - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry - Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUILD/MINOR: opentracing: fixed build when using clang - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUILD: hapee/modules: clean(up) the copts-hash file not copts_hash - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MINOR: hapee/modules: register function called after the main config check - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs and EOL date for 2.4r1 - BUILD: hapee/modules: update HAPEE version macro to 2.4r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support