Summary

2023/08/21 : 2.5r1 (1.0.0-288.814) - MEDIUM: server/ssl: pick another thread's session when we have none yet - MINOR: server/ssl: clear the shared good session index on failure - MINOR: server/ssl: maintain an index of the last known valid SSL session - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session - BUG/MINOR: ssl_sock: fix possible memory leak on OOM - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() - DOC: ssl: add some comments about the non-obvious session allocation stuff - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context 2023/08/18 : 2.5r1 (1.0.0-288.805) - BUG/MINOR: http: skip leading zeroes in content-length values - DOC: clarify the handling of URL fragments in requests - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h1: do not accept '#' as part of the URI component - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests - MINOR: h2: pass accept-invalid-http-request down the request parser - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: ist: add new function ist_find_range() to find a character range - BUG/MAJOR: http: reject any empty content-length header value - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() - BUG/MEDIUM: mworker: increase maxsock with each new worker 2023/06/09 : 2.5r1 (1.0.0-288.791) 2023/06/06 : 2.5r1 (1.0.0-286.791) - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - CONTRIB: Add vi file extensions to .gitignore - DOC: config: Fix bind/server/peer documentation in the peers section 2023/05/26 : 2.5r1 (1.0.0-286.788) - SCRIPTS: publish-release: update the umask to keep group write access - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt - DOC: add size format section to manual - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set - CI: github: don't warn on deprecated openssl functions on windows 2023/05/17 : 2.5r1 (1.0.0-286.781) - BUG/MINOR: checks: postpone the startup of health checks by the boot time - MINOR: clock: measure the total boot time - MINOR: checks: make sure spread-checks is used also at boot time - BUG/MINOR: log: fix memory error handling in parse_logsrv() - BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() - MINOR: proxy: add http_free_redirect_rule() function - BUG/MINOR: proxy: missing free in free_proxy for redirect rules - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup - MINOR: spoe: Don't stop disabled proxies - BUILD: mjson: Fix warning about unused variables - BUG/MINOR: debug: do not emit empty lines in thread dumps - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones - BUG/MINOR: fd: always remove late updates when freeing fd_updt[] - BUILD: proto_tcp: export the correct names for proto_tcpv[46] - BUILD: sock_inet: forward-declare struct receiver - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: server: don't use date when restoring last_change from state file - BUG/MINOR: server: don't miss server stats update on server state transitions - BUG/MINOR: server: don't miss proxy stats update on server state transitions - MINOR: server: explicitly commit state change in srv_update_status() - BUG/MINOR: server: incorrect report for tracking servers leaving drain 2023/04/21 : 2.5r1 (1.0.0-286.760) - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests - BUG/MEDIUM: Update read expiration date on synchronous send - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop - BUG/MEDIUM: hlua: prevent deadlocks with main lua lock - MINOR: hlua: simplify lua locking - BUG/MINOR: hlua: prevent function and table reference leaks on errors - BUG/MINOR: hlua: fix reference leak in hlua_post_init_state() - BUG/MINOR: hlua: fix reference leak in core.register_task() - MINOR: hlua: add simple hlua reference handling API - CLEANUP: Remove unused function hlua_get_top_error_string - MINOR: proto_ux: ability to dump ABNS names in error messages - MEDIUM: proto_ux: properly suspend named UNIX listeners - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume - MINOR: listener: pause_listener() becomes suspend_listener() - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() - BUG/MINOR: listener: fix resume_listener() resume return value handling - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling - MINOR: listener: make sure we don't pause/resume bypassed listeners - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping - MINOR: listener: add relax_listener() function - MINOR: listener/api: add lli hint to listener functions - BUG/MINOR: listener: null pointer dereference suspected by coverity - CLEANUP: listener: function comment typo in stop_listener() - MINOR: proto_uxst: add resume method - BUG/MINOR: cfgparse: make sure to include openssl-compat - CLEANUP: backend: Remove useless debug message in assign_server() - BUG/MEDIUM: log: Properly handle client aborts in syslog applet - REGTESTS: fix the race conditions in log_uri.vtc - CI: bump "actions/checkout" to v3 for cross zoo matrix - BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it. - BUG/MINOR: stick_table: alert when type len has incorrect characters - BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions - BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload - MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked - CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy() - BUG/MINOR: hlua: enforce proper running context for register_x functions - BUG/MINOR: log: free log forward proxies on deinit() - BUG/MINOR: sink: free forward_px on deinit() - BUG/MEDIUM: dns: Properly handle error when a response consumed - BUG/MEDIUM: channel: Improve reports for shut in co_getblk() - DOC: config: strict-sni allows to start without certificate - MINOR: proxy/pool: prevent unnecessary calls to pool_gc() - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path - Revert "BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached" - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list 2023/03/17 : 2.5r1 (1.0.0-286.713) - BUG/MAJOR: qpack: fix possible read out of bounds in static table - DEBUG: ssl-sock/show_fd: Display SSL error code - DEBUG: cli/show_fd: Display connection error code - BUG/MAJOR: fd/threads: close a race on closing connections after takeover - BUG/MAJOR: fd/thread: fix race between updates and closing FD - MEDIUM: fd: support broadcasting updates for foreign groups in updt_fd_polling - MAJOR: poller: only touch/inspect the update_mask under tgid protection - MEDIUM: fd: quit fd_update_events() when FD is closed - BUG/MINOR: fd: Properly init the fd state in fd_insert() - MEDIUM: fd: make fd_insert/fd_delete atomically update fd.tgid - MINOR: fd: make fd_clr_running() return the previous value instead - MAJOR: fd: grab the tgid before manipulating running - MINOR: fd: add fd_get_running() to atomically return the running mask - MINOR: fd: add functions to manipulate the FD's tgid - MINOR: cli/fd: show fd's tgid and refcount in "show fd" - MINOR: fd/cli: report the polling mask in "show fd" - MEDIUM: fd: add the tgid to the fd and pass it to fd_insert() - MINOR: fd: delete unused updates on close() - MAJOR: fd: remove pending updates upon real close - MEDIUM: poller: program the update in fd_update_events() for a migrated FD - MEDIUM: epoll: don't synchronously delete migrated FDs - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp() - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all() - BUG/MINOR: proto_ux: report correct error when bind_listener fails - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend - BUG/MEDIUM: listener: duplicate inherited FDs if needed - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it - BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches - BUG/MEDIUM: proxy: properly stop backends on soft-stop - DOC/CLEANUP: fix typos - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value - BUG/MINOR: init: make sure to always limit the total number of threads - BUG/MEDIUM: master: force the thread count earlier - BUG/MINOR: init: properly detect NUMA bindings on large systems - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section - DOC: config: Add the missing tune.fail-alloc option from global listing - DOC: config: Fix description of options about HTTP connection modes - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables - BUG/MINOR: ring: do not realign ring contents on resize - BUG/MINOR: cache: Check cache entry is complete in case of Vary - BUG/MINOR: cache: Cache response even if request has "no-cache" directive - REGTESTS: Fix ssl_errors.vtc script to wait for connections close - BUG/MINOR: mworker: prevent incorrect values in uptime - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send() 2023/02/21 : 2.5r1 (1.0.0-285.658) - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions - BUG/MINOR: mworker: stop doing strtok directly from the env - DEV: hpack: fix `trash` build regression 2023/02/13 : 2.5r1 (1.0.0-285.653) - BUG/CRITICAL: http: properly reject empty http header field names - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first - DOC: proxy-protocol: fix wrong byte in provided example - DOC: config: 'http-send-name-header' option may be used in default section - DOC: config: fix option spop-check proxy compatibility - BUG/MEDIUM: cache: use the correct time reference when comparing dates - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge - BUG/MINOR: ssl/crt-list: warn when a line is malformated - BUG/MEDIUM: ssl: wrong eviction from the session cache tree - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section - BUG/MINOR: sink: free the forwarding task on exit - BUG/MINOR: http-htx: Normalized absolute URIs with an empty port - REG-TESTS: http: Add more tests about authority/host matching - BUG/MINOR: h1: Replace authority validation to conform RFC3986 - MINOR: http: Considere empty ports as valid default ports - MINOR: h1: Consider empty port as invalid in authority for CONNECT - CI: github: change "ubuntu-latest" to "ubuntu-20.04" 2023/02/08 : 2.5r1 (1.0.0-284.636) 2023/01/21 : 2.5r1 (1.0.0-282.636) - BUG/MINOR: jwt: Wrong return value checked - BUILD: hpack: include global.h for the trash that is needed in debug mode - BUG/MINOR: mux-h2: add missing traces on failed headers decoding - BUG/MINOR: listener: close tiny race between resume_listener() and stopping - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) - DOC: config: fix "Address formats" chapter syntax - BUG/MINOR: mux-fcgi: Correctly set pathinfo - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" - DOC: config: fix wrong section number for "protocol prefixes" - BUG/MINOR: listeners: fix suspend/resume of inherited FDs - BUG/MINOR: http-ana: make set-status also update txn->status - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body - BUG/MINOR: promex: Don't forget to consume the request on error - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action - BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses - DOC: management: add details on "Used" status - CLEANUP: htx: fix a typo in an error message of http_str_to_htx - BUG/MINOR: http: Memory leak of http redirect rules' format string - REGTEST: fix the race conditions in hmac.vtc - REGTEST: fix the race conditions in digest.vtc - REGTEST: fix the race conditions in json_query.vtc - DOC: config: remove duplicated "http-response sc-set-gpt0" directive - DOC: config: fix alphabetical ordering of http-after-response rules - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set - BUG/MINOR: stick-table: report the correct action name in error message - BUILD: makefile: sort the features list - BUILD: makefile: build the features list dynamically - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set - REGTESTS: startup: disable automatic_maxconn.vtc - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain - LICENSE: wurfl: clarify the dummy library license. - REGTESTS: startup: add alternatives values in automatic_maxconn.vtc - REGTESTS: startup: change the expected maxconn to 11000 - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout - REGTESTS: startup: activate automatic_maxconn.vtc - CI: github: set ulimit -n to a greater value - BUG/MINOR: startup: don't use internal proxies to compute the maxconn - REGTESTS: startup: check maxconn computation - REGTESTS: fix the race conditions in iff.vtc - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes - DOC: promex: Add missing backend metrics - MINOR: promex: introduce haproxy_backend_agg_check_status - BUG/MINOR: promex: create haproxy_backend_agg_server_status - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers - MINOR: mworker: display an alert upon a wait-mode exit - BUG/MINOR: ssl: Fix potential overflow - BUG/MEDIUM: ssl: Verify error codes can exceed 63 2022/12/27 : 2.5r1 (1.0.0-281.583) 2022/12/16 : 2.5r1 (1.0.0-280.583) - BUILD: peers: peers-t.h depends on stick-table-t.h - BUG/MINOR: hapee/modules: make sure generated includes and structs are sorted - MINOR: hapee/modules: check if we generate the API hash correctly 2022/12/15 : 2.5r1 (1.0.0-280.580) - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk 2022/12/06 : 2.5r1 (1.0.0-280.579) - Revert "CI: determine actual OpenSSL version dynamically" - Revert "CI: enable QUIC for LibreSSL builds" - Revert "CI: switch to the "latest" LibreSSL" - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side - SCRIPTS: announce-release: add a link to the data plane API - DOC: config: clarify the -m dir and -m dom pattern matching methods - DOC: config: clarify the fact that "retries" is not just for connections - DOC: config: explain how default matching method for ACL works - DOC: config: mention that a single monitor-uri rule is supported - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios - DOC: config: provide some configuration hints for "http-reuse" - Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" 2022/11/29 : 2.5r1 (1.0.0-280.567) - BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out - BUILD: http-htx: Silent build error about a possible NULL start-line - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action - BUG/MINOR: log: fix parse_log_message rfc5424 size check - BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance - BUILD: listener: fix build warning on global_listener_rwlock without threads - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns - BUILD: peers: Remove unused variables - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored - BUG/MINOR: ssl: don't initialize the keylog callback when not required - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes - BUG/MEDIUM: ring: fix creation of server in uninitialized ring - DOC: config: fix alphabetical ordering of global section - REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses - BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers - BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once - BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy - BUG/MINOR: resolvers: Set port before IP address when processing SRV records - BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure - BUG/MINOR: http-htx: Fix error handling during parsing http replies - BUG/MEDIUM: wdt/clock: properly handle early task hangs - CI: emit the compiler's version in the build reports - CI: enable QUIC for LibreSSL builds - CI: switch to the "latest" LibreSSL - BUG/MINOR: ssl: ocsp structure not freed properly in case of error - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer - CI: add monthly gcc cross compile jobs - BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task 2022/10/26 : 2.5r1 (1.0.0-280.536) - BUG/MAJOR: stick-table: don't process store-response rules for applets - DOC: lua: add a note about compression w/ httpclient - DOC: management: add forgotten "show startup-logs" - CI: SSL: temporarily stick to LibreSSL=3.5.3 - CI: SSL: use proper version generating when "latest" semantic is used - BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers - BUG/MINOR: sink: Only use backend capability for the sink proxies - BUG/MEDIUM: compression: handle rewrite errors when updating response headers - BUILD: Makefile: add "USE_SHM_OPEN" on the linux-musl target - CI: github: dump the backtrace of coredumps in the alpine container - REGTESTS: httpclient/lua: test the lua task timeout with the httpclient - BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler - BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient - BUG/MINOR: ring: Properly parse connect timeout - BUG/MINOR: log: Preserve message facility when the log target is a ring buffer - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py - MINOR: httpclient/lua: Don't set req_payload callback if body is empty - BUG/MINOR: server: make sure "show servers state" hides private bits - BUG/MAJOR: stick-tables: do not try to index a server name for applets - DOC: configuration: missing 'if' in tcp-request content example - BUG/MEDIUM: config: count line arguments without dereferencing the output - BUG/MINOR: config: don't count trailing spaces as empty arg (v2) - BUG/MINOR: backend: only enforce turn-around state when not redispatching - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error - BUG/MINOR: hlua: hlua_channel_insert_data() behavior conflicts with documentation - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() - BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os - BUG/MEDIUM: lua: handle stick table implicit arguments right. - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure - DOC: config: Fix pgsql-check documentation to make user param mandatory - BUG/MINOR: checks: update pgsql regex on auth packet - BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns - BUG/MINOR: hlua: _hlua_http_msg_delete incorrect behavior when offset is used - BUG/MINOR: hlua: fixing hlua_http_msg_insert_data behavior - BUG/MINOR: hlua: fixing hlua_http_msg_del_data behavior - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies 2022/09/20 : 2.5r1 (1.0.0-280.495) - BUG/MINOR: log: improper behavior when escaping log data - SCRIPTS: announce-release: update some URLs to https - BUILD: fd: fix a build warning on the DWCAS - BUG/MEDIUM: captures: free() an error capture out of the proxy lock - BUG/MEDIUM: server: segv when adding server with hostname from CLI - DOC: fix TOC in starter guide for subsection 3.3.8. Statistics - REGTESTS: ssl/log: test the log-forward with SSL - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. - REGTESTS: log: test the log-forward feature - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message - BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' - MINOR: proxy/listener: support for additional PAUSED state - MINOR: listener: small API change - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: signals/poller: ensure wakeup from signals - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals - BUG/MINOR: task: always reset a new tasklet's call date - BUG/MINOR: h1: Support headers case adjustment for TCP proxies - BUILD: makefile: enable crypt(3) for NetBSD 2022/09/15 : 2.5r1 (1.0.0-280.475) - BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support - BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber - BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2 - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input - BUG/MINOR: ssl: revert two wrong fixes with ckhi_link - BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() 2022/08/30 : 2.5r1 (1.0.0-280.464) - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) - BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode - DOC: configuration: do-resolve doesn't work with a port in the string - REGTESTS: Fix prometheus script to perform HTTP health-checks - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() - BUG/MAJOR: mworker: fix infinite loop on master with no proxies. - BUG/MINOR: ssl/cli: error when the ca-file is empty - BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names 2022/08/17 : 2.5r1 (1.0.0-279.449) - MINOR: hapee: update backported file with pool-related stuff - MINOR: chunk: inline alloc_trash_chunk() - MINOR: pools/memprof: store and report the pool's name in each bin - MINOR: pool/memprof: report pool alloc/free in memory profiling - MINOR: memprof: export the minimum definitions for memory profiling - MINOR: pools: partially uninline pool_alloc() - MINOR: pools: partially uninline pool_free() 2022/08/12 : 2.5r1 (1.0.0-278.442) - BUILD: http: silence an uninitialized warning affecting gcc-5 - BUG/MEDIUM: ring: fix too lax 'size' parser - BUILD: debug: silence warning on gcc-5 - BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() - BUG/MEDIUM: poller: use fd_delete() to release the poller pipes - BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h - BUG/MINOR: sink: fix a race condition between the writer and the reader - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader - BUG/MEDIUM: proxy: Perform a custom copy for default server settings - REORG: server: Export srv_settings_cpy() function - MINOR: server: Constify source server to copy its settings - BUG/MEDIUM: dns: Properly initialize new DNS session - BUG/MINOR: peers: Use right channel flag to consider the peer as connected - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer - BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions - MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups - BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once - DEBUG: fd: split the fd check 2022/07/29 : 2.5r1 (1.0.0-278.423) - Revert "BUG/MINOR: peers: set the proxy's name to the peers section name" - BUG/MINOR: sockpair: wrong return value for fd_send_uxst() - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible - BUILD: add detection for unsupported compiler models - BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload - BUG/MINOR: mworker/cli: relative pid prefix not validated anymore - BUG/MINOR: tools: fix statistical_prng_range()'s output range - BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) - BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX - BUG/MEDIUM: tools: avoid calling dlsym() in static builds - MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state - BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer - REGTEESTS: filters: Fix CONNECT request in random-forwarding script - BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream - MINOR: http-htx: Use new HTTP functions for the scheme based normalization - BUG/MEDIUM: h1: Improve authority validation for CONNCET request - MINOR: http: Add function to detect default port - MINOR: http: Add function to get port part of a host - BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo - BUG/MINOR: peers: fix possible NULL dereferences at config parsing - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule - BUG/MINOR: peers/config: always fill the bind_conf's argument - MINOR: fd: Add BUG_ON checks on fd_insert() - CI: re-enable gcc asan builds - BUILD: Makefile: Add Lua 5.4 autodetect - BUG/MEDIUM: ssl/fd: unexpected fd close using async engine - MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created - BUG/MINOR: ssl: Do not look for key in extra files if already in pem - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames - REGTESTS: ssl: add the same cert for client/server - BUG/MEDIUM: mworker: use default maxconn in wait mode - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list - BUG/MINOR: task: fix thread assignment in tasklet_kill() - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration - BUG/MINOR: cli/stats: add missing trailing LF after "show info json" - BUG/MINOR: server: do not enable DNS resolution on disabled proxies - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs - REGTESTS: healthcheckmail: Relax health-check failure condition - REGTESTS: healthcheckmail: Update the test to be functionnal again - BUG/MINOR: checks: Properly handle email alerts in trace messages - BUG/MINOR: trace: Test server existence for health-checks to get proxy - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert - BUILD: compiler: implement unreachable for older compilers too - REGTESTS: restrict_req_hdr_names: Extend supported versions - REGTESTS: http_abortonclose: Extend supported versions - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler - BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield - BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield - BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients - REGTESTS: abortonclose: Add a barrier to not mix up log messages - MEDIUM: httpclient: Don't close CLI applet at the end of a response - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs - BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases - BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry - BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails - DOC: intro: adjust the numbering of paragrams to keep the output ordered 2022/07/13 : 2.5r1 (1.0.0-277.350) 2022/06/10 : 2.5r1 (1.0.0-275.350) - DOC: gpc/gpt: add commments of gpc/gpt array definitions on stick tables. - DOC: peers: fix port number and addresses on new peers section format - DOC: peers: clarify when entry expiration date is renewed. - DOC: peers: indicate that some server settings are not usable - BUG/MINOR: peers: detect and warn on init_addr/resolvers/check/agent-check - BUG/MINOR: peers: set the proxy's name to the peers section name - SCRIPTS: make publish-release try to launch make-releases-json - SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) - BUG/MEDIUM: sample: Fix adjusting size in word converter - BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section - BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections - BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function - BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols - BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str - CI: determine actual OpenSSL version dynamically - BUILD/MINOR: cpuset fix build for FreeBSD 13.1 - BUG/MINOR: peers: fix error reporting of "bind" lines - BUG/MINOR: cfgparse: abort earlier in case of allocation error - BUG/MINOR: check: Reinit the buffer wait list at the end of a check - BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() - REGTESTS: abortonclose: Fix some race conditions - BUG/MINOR: ssl: Fix crash when no private key is found in pem - MINOR: tools: add get_exec_path implementation for solaris based systems. - BUILD: fix build warning on solaris based systems with __maybe_unused. - MEDIUM: http-ana: Add a proxy option to restrict chars in request header names - CI: determine actual LibreSSL version dynamically - BUILD: hapee/modules: select either md5 or md5sum 2022/05/13 : 2.5r1 (1.0.0-273.322) - CLEANUP: mux-h1: Fix comments and error messages for global options - MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized - CLEANUP: applet: make appctx_new() initialize the whole appctx - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path - DOC/MINOR: fix typos in the lua-api document - BUG/MEDIUM: lua: fix argument handling in data removal functions - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). - DOC: install: update gcc version requirements - BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( - BUILD: listener: shut report of possible null-deref in listener_accept() - BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings - BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation - BUG/MINOR: ssl: Fix typos in crl-file related CLI commands - CI: dynamically determine actual version of h2spec - DOC: fix typo "ant" for "and" in INSTALL - BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts - BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts - BUG/MINOR: ssl/cli: fix "show ssl ca-file <name>" not to mix cli+ssl contexts - BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts - BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init - BUG/MINOR: map/cli: protect the backref list during "show map" errors - BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend" - BUG/MEDIUM: cli: make "show cli sockets" really yield - BUG/MEDIUM: resolvers: make "show resolvers" properly yield - BUG/MINOR: startup: usage() when no -cc arguments - BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] - DOC: config: Update doc for PR/PH session states to warn about rewrite failures 2022/05/12 : 2.5r1 (1.0.0-273.293) - MINOR: mux-h2: report a trace event when failing to create a new stream - BUG/MINOR: mux-h2: mark the stream as open before processing it not after - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket 2022/05/05 : 2.5r1 (1.0.0-273.290) - BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified - BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message - SCRIPTS: announce-release: add URL of dev packages - CI: github actions: update LibreSSL to 3.5.2 2022/04/29 : 2.5r1 (1.0.0-272.286) - BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel - MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() 2022/04/27 : 2.5r1 (1.0.0-272.283) - BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() - BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option - MINOR: connection: Add way to disable active connection closing during soft-stop 2022/04/26 : 2.5r1 (1.0.0-272.280) - BUILD: compiler: properly distinguish weak and global symbols - MINOR: hapee: add a .hapee directory to list backporting notes - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc - BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time' - BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args - Revert "CI: github actions: disable -Wno-deprecated" - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments - BUG/MEDIUM: rules: Be able to use captures defined in defaults section - BUG/MINOR: rules: Forbid captures in defaults section if used by a backend - DOC: remove my name from the config doc - MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks - MINOR: task: add a new task_instant_wakeup() function - BUG/MAJOR: connection: Never remove connection from idle lists outside the lock - BUG/MINOR: cache: Disable cache if applet creation fails - BUILD: calltrace: fix wrong include when building with TRACE=1 - SCRIPTS: announce-release: add shortened links to pending issues - DOC: lua: update a few doc URLs - SCRIPTS: announce-release: update the doc's URL - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added - BUG/MEDIUM: stream: do not abort connection setup too early - BUILD: compiler: use a more portable set of asm(".weak") statements - BUILD: sched: workaround crazy and dangerous warning in Clang 14 - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side - BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak - BUG/MINOR: cache: do not display expired entries in "show cache" - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent - CI: cirrus: switch to FreeBSD-13.0 - CI: github actions: disable -Wno-deprecated - BUG/MINOR: stats: define the description' background color in dark color scheme - CI: Update to actions/cache@v3 - CI: Update to actions/checkout@v3 - MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window - Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time" - MAJOR: opentracing: reenable usage of vars to transmit opentracing context - DEBUG: opentracing: display the contents of the err variable after setting - CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum - DEBUG: opentracing: show return values of all functions in the debug output - MINOR: opentracing: improved normalization of context variable names - CLEANUP: opentracing: added variable to store variable length - CLEANUP: opentracing: added flt_ot_smp_init() function - MINOR: opentracing: only takes the variables lock on shared entries - Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'" - CLEANUP: opentracing: removed unused function flt_ot_var_get() - CLEANUP: opentracing: removed unused function flt_ot_var_unset() - DOC: opentracing: corrected comments in function descriptions - EXAMPLES: opentracing: refined shell scripts for testing filter performance - BUG/BUILD: opentracing: fixed OT_DEFINE variable setting - BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples - BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached - BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message - BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet - BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests - BUG/MINOR: httpclient: end callback in applet release - BUG/MINOR: ssl/cli: Remove empty lines from CLI output - CI: github actions: update OpenSSL to 3.0.2 - DOC: remove double blanks in configuration.txt - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads - BUG/MINOR: samples: add missing context names for sample fetch functions 2022/03/29 : 2.5r1 (1.0.0-271.215) - REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing - DOC: reflect H2 timeout changes - BUG/MINOR: tools: url2sa reads too far when no port nor path - DOC: config: Explictly add supported MQTT versions - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 - BUG/MINOR: rules: Initialize the list element when allocating a new rule - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts - MEDIUM: mux-h2: slightly relax timeout management rules - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner - BUG/MEDIUM: stream-int: do not rely on the connection error once established - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf - CI: github actions: switch to LibreSSL-3.5.1 - BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty() - BUG/MINOR: httpclient: process the response when received before the end of the request - BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA - BUG/MINOR: server/ssl: free the SNI sample expression - BUILD: httpclient: fix build without SSL - BUG/MINOR: httpclient: send the SNI using the host header - MINOR: server: export server_parse_sni_expr() function - BUG/MINOR: httpclient/lua: stuck when closing without data 2022/03/25 : 2.5r1 (1.0.0-270.193) - BUG/MINOR: tools: fix url2sa return value with IPv4 - REGTESTS: fix the race conditions in be2hex.vtc 2022/03/17 : 2.5r1 (1.0.0-270.191) 2022/03/14 : 2.5r1 (1.0.0-269.191) - BUG/MEDIUM: httpclient: must manipulate head, not first - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers - BUG/MINOR: httpclient: consume partly the blocks when necessary - CLEANUP: htx: remove unused co_htx_remove_blk() - BUG/MEDIUM: httpclient: don't consume data before it was analyzed - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - DEBUG: stream: Fix stream trace message to print response buffer state - DEBUG: stream: Add the missing descriptions for stream trace events - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cli: shows correct mode in "show sess" - BUG/MINOR: add missing modes in proxy_mode_str() 2022/03/08 : 2.5r1 (1.0.0-269.172) - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix - BUILD: pools: fix backport of no-memory-trimming on non-linux OS - MINOR: stats: Add dark mode support for socket rows - MINOR: pools: add a new global option "no-memory-trimming" - BUILD: fix kFreeBSD build. - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed - BUG/MINOR: pool: always align pool_heads to 64 bytes - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST 2022/03/01 : 2.5r1 (1.0.0-268.164) - REGTESTS: fix the race conditions in secure_memcmp.vtc - REGTESTS: fix the race conditions in normalize_uri.vtc - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks - BUILD: tree-wide: mark a few numeric constants as explicitly long long - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers - CI: Consistently use actions/checkout@v2 - CI: github actions: use cache for SSL libs - CI: refactor OpenTracing build script - CI: github actions: use cache for OpenTracing - CI: github actions: add the output of $CC -dM -E- - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails - CI: github: enable pool debugging by default - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() - DOC: Fix usage/examples of deprecated ACLs - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected - BUG/MEDIUM: httpclient: limit transfers to the maximum available room - BUG/MINOR: tools: url2sa reads ipv4 too far - CLEANUP: httpclient/cli: fix indentation alignment of the help message - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print - BUG/MINOR: mailers: negotiate SMTP, not ESMTP - BUG/MINOR: httpclient: reinit flags in httpclient_start() - MINOR: httpclient: Don't limit data transfer to 1024 bytes - BUG/MAJOR: compiler: relax alignment constraints on certain structures - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names - BUG/MINOR: sink: Use the right field in appctx context in release callback - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change - REGTESTS: peers: leave a bit more time to peers to synchronize - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies - BUG/MINOR: httpclient/cli: display junk characters in vsn - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls - BUG/MINOR: jwt: Missing pkey free during cleanup - BUG/MINOR: jwt: Double free in deinit function - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output - BUG/MEDIUM: httpclient: Xfer the request when the stream is created - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation - BUG/MEDIUM: listener: read-lock the listener during accept() - MINOR: listener: replace the listener's spinlock with an rwlock - DEBUG: fd: make sure we never try to insert/delete an impossible FD number 2022/02/15 : 2.5r1 (1.0.0-268.112) - BUG/MINOR: mworker: does not erase the pidfile upon reload - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks - DEBUG: pools: replace the link pointer with the caller's address on pool_free() - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool - DEBUG: pools: add extra sanity checks when picking objects from a local cache - BUG/MINOR: pools: always flush pools about to be destroyed - BUG/MINOR: mworker: does not add the -sf in wait mode - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY - BUILD: debug/cli: condition test of O_ASYNC to its existence - DEBUG: cli: add a new "debug dev fd" expert command - BUG/MINOR: stream: make the call_rate only count the no-progress calls - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them - BUG/MEDIUM: mcli: do not try to parse empty buffers - BUG/MEDIUM: cli: Never wait for more data on client shutdown - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands - MINOR: channel: add new function co_getdelim() to support multiple delimiters - MEDIUM: cli: yield between each pipelined command - DOC: management: mark "set server ssl" as deprecated - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl - BUILD/MINOR: fix solaris build with clang. - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers - BUG/MINOR: httpclient: set default Accept and User-Agent headers - BUG/MINOR: httpclient: don't send an empty body - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer - BUG/MEDIUM: connection: properly leave stopping list on error - CI: github actions: clean default step conditions - BUILD: cpuset: fix build issue on macos introduced by previous change - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error - BUG/MEDIUM: mworker: don't use _getsocks in wait mode - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry - BUG/MINOR: cli: fix _getsocks with musl libc - BUILD/MINOR: tools: solaris build fix on dladdr. - CI: github actions: update OpenSSL to 3.0.1 - BUILD/MINOR: cpuset FreeBSD 14 build fix. - REGTESTS: ssl: update of a crt with server deletion - BUG/MEDIUM: ssl: free the ckch instance linked to a server - BUG/MINOR: ssl: free the fields in srv->ssl_ctx - CI: Github Actions: do not show VTest failures if build failed - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above. - MINOR: proxy: add option idle-close-on-response - MINOR: debug: add support for -dL to dump library names at boot - MINOR: debug: add ability to dump loaded shared libraries - MINOR: compat: detect support for dl_iterate_phdr() - REGTESTS: ssl: fix ssl_default_server.vtc - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time - DEBUG: ssl: make sure we never change a servername on established connections - DOC: fix misspelled keyword "resolve_retries" in resolvers - BUILD: ssl: unbreak the build with newer libressl - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch - MINOR: pools: work around possibly slow malloc_trim() during gc - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode - DOC: config: fix error-log-format example - DOC: config: retry-on list is space-delimited - DOC: config: Specify %Ta is only available in HTTP mode - DOC: spoe: Clarify use of the event directive in spoe-message section - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id - MINOR: http-rules: Add capture action to http-after-response ruleset - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types - MINOR: cli: "show version" displays the current process version - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH - MINOR: mux-h1: Improve H1 traces by adding info about http parsers - BUG/MINOR: mworker: deinit of thread poller was called when not initialized - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted - BUG/MAJOR: segfault using multiple log forward sections. - BUG/MEDIUM: resolvers: Detach query item on response error - BUG/MINOR: server: Don't rely on last default-server to init server SSL context - BUG/MINOR: vars: Fix the set-var and unset-var converters - BUILD: evports: remove a leftover from the dead_fd cleanup - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time - BUG/MINOR: lua: remove loop initial declarations - BUG/MINOR: lua: don't expose internal proxies - BUG/MINOR: httpclient: allow to replace the host header - BUG/MINOR: cache: Fix loop on cache entries in "show cache" - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs and EOL date for 2.4r1 - BUILD: hapee/modules: update HAPEE version macro to 2.5r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support