Summary

2024/11/05 : 2.6r1 (1.0.0-299.1557) - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry - MINOR: stream: Save last evaluated rule on invalid yield - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - BUG/MEDIUM: server: fix race on servers_list during server deletion - BUG/MINOR: server: fix dynamic server leak with check on failed init - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families - BUG/MINOR: mworker: fix mworker-max-reloads parser - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe - BUG/MEDIUM: server: server stuck in maintenance after FQDN change - BUG/MINOR: cfgparse-global: fix allowed args number for setenv - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn - BUG/MINOR: cfgparse-listen: fix option httpslog override warning message 2024/09/17 : 2.6r1 (1.0.0-299.1542) - BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past - BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends - MINOR: bwlim: Remove useless test on CF_READ_ERROR to detect the last packet - BUG/MEDIUM: promex: Wait to have the request before sending the response - BUG/MEDIUM: cache/stats: Wait to have the request before sending the response - BUG/MEDIUM: queue: implement a flag to check for the dequeuing - BUG/MINOR: polling: fix time reporting when using busy polling - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity - DOC: config: correct the table for option tcplog - BUG/MINOR: h3: properly reject too long header responses - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails - BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID - REGTESTS: mcli: test the pipelined commands on master CLI - BUG/MINOR: proto_tcp: keep error msg if listen() fails - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails - BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE - BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion - BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" - BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc - CLEANUP: trace: remove the QUIC-specific ifdefs - BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn - BUG/MINOR: fcgi-app: handle a possible strdup() failure - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams - BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready 2024/07/31 : 2.6r1 (1.0.0-299.1511) - MEDIUM: h1: allow to preserve keep-alive on T-E + C-L - DOC: config: improve the http-keep-alive section - DOC: configuration: issuers-chain-path not compatible with OCSP - DOC: configuration: update maxconn description - BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) - BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() - MINOR: queue: add a function to check for TOCTOU after queueing - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution - BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread - BUG/MEDIUM: h1: Reject empty Transfer-encoding header - BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value - BUG/MINOR: h1: Fail to parse empty transfer coding names - BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature - BUG/MINOR: jwt: fix variable initialisation - BUG/MINOR: jwt: don't try to load files with HMAC algorithm - BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) - MINOR: quic: Add a counter for reordered packets - MINOR: quic: Add packet loss and maximum cc window to "show quic" - REGTESTS: add a test to ensure map-ordering is preserved - MINOR: mux-h2/traces: explicitly show the error/refused stream states - MEDIUM: ssl: initialize the SSL stack explicitely 2024/07/03 : 2.6r1 (1.0.0-299.1487) - DOC: configuration: more details about the master-worker mode - BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid - BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() - BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure - BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure - SCRIPTS: git-show-backports: do not truncate git-show output - DOC: configuration: fix alphabetical order of bind options - DOC: management: rename show stats domain cli "dns" to "resolvers" - DOC/MINOR: management: add missed -dR and -dv options - BUG/MINOR: quic: fix computed length of emitted STREAM frames - BUG/MEDIUM: cli: fix cli_output_msg() regression - BUG/MINOR: haproxy: only tid 0 must not sleep if got signal 2024/06/10 : 2.6r1 (1.0.0-299.1474) - BUG/MEDIUM: quic: don't blindly rely on unaligned accesses - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe - BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1 - BUG/MAJOR: server: do not delete srv referenced by session - MINOR: session: rename private conns elements - BUG/MEDIUM: quic: fix connection freeze on post handshake - BUG/MEDIUM: server: fix dynamic servers initial settings - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path - BUG/MINOR: hlua: prevent LJMP in hlua_traceback() - MINOR: hlua: don't dump empty entries in hlua_traceback() - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP - CLEANUP: hlua: use hlua_pusherror() where relevant - BUG/MINOR: quic: prevent crash on qc_kill_conn() - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL - BUILD: fd: errno is also needed without poll() - CI: scripts: fix build of vtest regarding option -C - REGTESTS: acl_cli_spaces: avoid a warning caused by undefined logs - DOC: config: fix incorrect section reference about custom log format - DOC: quic: specify that connection migration is not supported - BUG/MINOR: server: Don't reset resolver options on a new default-server line - BUG/MINOR: http-htx: Support default path during scheme based normalization - BUG/MINOR: quic: adjust restriction for stateless reset emission - MEDIUM: config: prevent communication with privileged ports - BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream - BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305 - BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only) - BUG/MINOR: connection: parse PROXY TLV for LOCAL mode - CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf - BUG/MINOR: stats: Don't state the 303 redirect response is chunked - BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header - BUG/MEDIUM: fd: prevent memory waste in fdtab array - BUILD: stick-tables: better mark the stktable_data as 32-bit aligned - BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme - BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found - BUG/MEDIUM: stick-tables: properly mark stktable_data as packed - BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned - BUG/MINOR: qpack: fix error code reported on QPACK decoding failure - BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3 - BUG/MINOR: log: smp_rgs array issues with inherited global log directives - BUG/MINOR: log: keep the ref in dup_logger() - DOC: lua: fix filters.txt file location - MINOR: log: add dup_logsrv() helper function - BUILD: clock: improve check for pthread_getcpuclockid() - BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null - BUG/MINOR: h1: fix detection of upper bytes in the URI - BUG/MINOR: backend: use cum_sess counters instead of cum_conn - BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets - BUG/MINOR: sock: handle a weird condition with connect() - BUG/MINOR: stconn: Fix sc_mux_strm() return value - BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding 2024/05/03 : 2.6r1 (1.0.0-299.1416) 2024/04/19 : 2.6r1 (1.0.0-296.1416) - BUG/MINOR: server: fix slowstart behavior - BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached - BUG/MEDIUM: evports: do not clear returned events list on signal - BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered - BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses - MINOR: net_helper: Add support for floats/doubles. - CI: revert kernel addr randomization introduced in 3a0fc864 - BUG/MEDIUM: peers/trace: fix crash when listing event types - BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented - BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values - BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection - CLEANUP: log: lf_text_len() returns a pointer not an integer - BUG/MINOR: log: invalid snprintf() usage in sess_build_logline() - BUG/MINOR: tools/log: invalid encode_{chunk,string} usage - BUG/MINOR: log: fix lf_text_len() truncate inconsistency - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon - MINOR: server: allow cookie for dynamic servers - BUG/MINOR: ext-check: cannot use without preserve-env - MINOR: ext-check: add an option to preserve environment variables - BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf - BUG/MEDIUM: mux-quic: report early error on stream - BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules 2024/04/05 : 2.6r1 (1.0.0-296.1392) - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try) - MINOR: hlua: use accessors for stream hlua ctx - DEBUG: lua: precisely identify if stream is stuck inside lua or not - DOC: config: Remove httpclient.timeout.connect parameter - BUG/MINOR: backend: properly handle redispatch 0 - BUG/MINOR: server: ignore 'enabled' for dynamic servers - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block - BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet - BUG/MINOR: session: ensure conn owner is set after insert into session - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small - CI: temporarily adjust kernel entropy to work with ASAN/clang - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout - BUG/MINOR: listener: Don't schedule frontend without task in listener_release() - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release - BUG/MINOR: hlua: fix missing lock in hlua_filter_delete() - BUG/MINOR: hlua: missing lock in hlua_filter_new() - BUG/MINOR: hlua: segfault when loading the same filter from different contexts - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm() - DOC: configuration: clarify ciphersuites usage (V2) - BUG/MINOR: cfgparse: report proper location for log-format-sd errors - BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP() - BUG/MINOR: hlua: improper lock usage in hlua_filter_new() - BUG/MINOR: hlua: improper lock usage in hlua_filter_callback() - BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load - BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts - BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack - BUG/MINOR: tools: seed the statistical PRNG slightly better - MINOR: hlua: Be able to disable logging from lua - BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel - DOC: configuration: clarify ciphersuites usage - BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist - BUG/MINOR: ist: only store NUL byte on succeeded alloc - BUG/MAJOR: server: fix stream crash due to deleted server - BUG/MINOR: stats: drop srv refcount on early release - BUG/MINOR: ist: allocate nul byte on istdup - MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data - BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets - BUG/MEDIUM: applet: Immediately free appctx on early error - BUG/MINOR: qpack: reject invalid dynamic table capacity - BUG/MINOR: qpack: reject invalid increment count decoding - BUG/MINOR: quic: reject HANDSHAKE_DONE as server - BUG/MINOR: quic: reject unknown frame type - BUG/MAJOR: promex: fix crash on deleted server - DEV: makefile: fix POSIX compatibility for "range" target - DEV: makefile: add a new "range" target to iteratively build all commits - CI: Update to actions/cache@v4 - DOC: internal: update missing data types in peers-v2.0.txt - DOC: install: recommend pcre2 - DOC: httpclient: add dedicated httpclient section - DOC: configuration: clarify http-request wait-for-body - BUILD: address a few remaining calloc(size, n) cases - BUG/MINOR: diag: run the final diags before quitting when using -c - MINOR: quic: Dynamic packet reordering threshold - MINOR: quic: Update K CUBIC calculation (RFC 9438) - BUG/MEDIUM: quic: Wrong K CUBIC calculation. - MINOR: quic: Stop using 1024th of a second. - BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation - CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438) - BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit. - BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON - BUG/MEDIUM: qpack: allow 6xx..9xx status codes - BUG/MEDIUM: h3: do not crash on invalid response status code - MINOR: h3: add traces for stream sending function - MINOR: quic: extract qc_stream_buf free in a dedicated function - MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT) - CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro. - BUG/MINOR: h3: fix checking on NULL Tx buffer - REGTESTS: ssl: Fix empty line in cli command input - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions - BUG/MEDIUM: h1: always reject the NUL character in header values - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size - BUG/MINOR: h1: Don't support LF only at the end of chunks - BUG/MINOR: h1-htx: properly initialize the err_pos field - BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush() - BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs - BUG/MINOR: vars/cli: fix missing LF after "get var" output - BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI - MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT - MINOR: debug: make ABORT_NOW() store the caller's line number when using abort - MINOR: debug: make sure calls to ha_crash_now() are never merged - MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control - BUG/MEDIUM: h3: fix regression which completely prevents any send 2024/01/17 : 2.6r1 (1.0.0-295.1303) - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - BUG/MEDIUM: h3: fix incorrect snd_buf return value - CLEANUP: quic: Remaining useless code into server part - BUG/MINOR: h3: close connection on sending alloc errors - BUG/MINOR: h3: properly handle alloc failure on finalize - BUG/MINOR: h3: close connection on header list too big - MINOR: h3: check connection error during sending - BUG/MEDIUM: stats: unhandled switching rules with TCP frontend - MINOR: stats: store the parent proxy in stats ctx (http) - DOC: config: Update documentation about local haproxy response - BUG/MINOR: resolvers: default resolvers fails when network not configured - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - BUG/MINOR: mworker/cli: fix set severity-output support - DOC: configuration: typo req.ssl_hello_type - BUG/MEDIUM: proxy: always initialize the default settings after init - BUG/MEDIUM: mworker: set the master variable earlier - BUG/MEDIUM: connection: report connection errors even when no mux is installed 2023/12/14 : 2.6r1 (1.0.0-294.1285) - BUG/MINOR: quic: Possible leak of TX packets under heavy load - BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures - BUG/MINOR: quic: Possible memory leak from TX packets - BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range() - BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed - DOC: Clarify the differences between field() and word() - BUG/MINOR: sample: Make the `word` converter compatible with `-m found` - REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter - DOC: config: fix monitor-fail typo - DOC: config: add matrix entry for "max-session-srv-conns" - DOC: config: specify supported sections for "max-session-srv-conns" - BUG/MINOR: cfgparse-listen: fix warning being reported as an alert - BUG/MINOR: config: Stopped parsing upon unmatched environment variables - BUG/MINOR: quic_tp: fix preferred_address decoding - DOC: config: fix missing characters in set-spoe-group action - BUG/MINOR: h3: always reject PUSH_PROMISE - BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding - DOC: lua: fix Proxy.get_mode() output - DOC: lua: add sticktable class reference from Proxy.stktable - REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY - DOC: config: fix timeout check inheritance restrictions - DOC: 51d: updated 51Degrees repo URL for v3.2.10 - BUG/MINOR: server: do not leak default-server in defaults sections - BUG/MEDIUM: quic: Possible crash for connections to be killed - BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them - BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly - REGTESTS: http: add a test to validate chunked responses delivery - BUG/MINOR: proxy/stktable: missing frees on proxy cleanup - MINOR: stktable: add stktable_deinit function - BUG/MINOR: stream/cli: report correct stream age in "show sess" - BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() - BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure - BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure - MEDIUM: quic: count quic_conn for global sslconns - MEDIUM: quic: count quic_conn instance for maxconn - BUG/MINOR: sink: don't learn srv port from srv addr - BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets - BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree - BUG/MINOR: quic: idle timer task requeued in the past - MINOR: frontend: implement a dedicated actconn increment function - BUG/MINOR: ssl: use a thread-safe sslconns increment - BUG/MINOR: mux-quic: fix early close if unset client timeout - BUG/MINOR: quic: do not consider idle timeout on CLOSING state - BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer - BUG/MINOR: stconn: Fix streamer detection for HTX streams - MINOR: channel: Add functions to get info on buffers and deal with HTX streams - MINOR: htx: Use a macro for overhead induced by HTX - BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented - BUG/MINOR: http-client: Don't forget to commit changes on HTX message - REGTESTS: http: Improve script testing abortonclose option - BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only - MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads - MINOR: connection: Add a CTL flag to notify mux it should wait for reads again - BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up - DOC: quic: Wrong syntax for "quic-cc-algo" keyword. - BUG/MEDIUM: applet: Remove appctx from buffer wait list on release - DOC: config: use the word 'backend' instead of 'proxy' in 'track' description - DOC: management: -q is quiet all the time - BUG/MEDIUM: pool: fix releasable pool calculation when overloaded - BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts - BUG/MINOR: stick-table/cli: Check for invalid ipv4 key - CLEANUP: htx: Properly indent htx_reserve_max_data() function - BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure - BUG/MINOR: stktable: missing free in parse_stick_table() - BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure - BUG/MEDIUM: ssl: segfault when cipher is NULL - BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA - BUG/MEDIUM: server: "proto" not working for dynamic servers - MINOR: connection: add conn_pr_mode_to_proto_mode() helper func - BUG/MINOR: ssl: load correctly @system-ca when ca-base is define - DOC: internal: filters: fix reference to entities.pdf 2023/11/16 : 2.6r1 (1.0.0-294.1212) - BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period - BUG/MINOR: mux-h2: update tracked counters with req cnt/req err - BUG/MINOR: mux-h2: commit the current stream ID even on reject - BUG/MEDIUM: peers: Fix synchro for huge number of tables - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task - BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending - BUG/MINOR: mux-h2: make up other blocked streams upon removal from list - BUG/MINOR: mux-quic: fix free on qcs-new fail alloc - BUG/MINOR: h3: strengthen host/authority header parsing - BUG/MINOR: mux-quic: support initial 0 max-stream-data - BUG/MINOR: quic: reject packet with no frame - BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos - BUG/MINOR: hq-interop: simplify parser requirement - BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set - BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set - BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only - MINOR: hlua: Test the hlua struct first when the lua socket is connecting - MINOR: hlua: Save the lua socket's server in its context - MINOR: hlua: Save the lua socket's timeout in its context - MINOR: hlua: Don't preform operations on a not connected socket - MINOR: hlua: Set context's appctx when the lua socket is created 2023/10/17 : 2.6r1 (1.0.0-293.1190) - BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed 2023/10/16 : 2.6r1 (1.0.0-293.1189) - HAPEE: DOC: document the GPTSTR extensions in configuration.txt - HAPEE: Revert GPTSTR 2023/10/06 : 2.6r1 (1.0.0-292.1187) - BUG/MEDIUM: hapee/addons: fix incorrect gpt index being used in sc-set-gptstr() - HAPEE: addons: use GPT arrays to store regular strings - HAPEE: makefile: automatically build objects in addons/hapee_* - HAPEE: makefile: update the cleanup rule to also remove *.i from addons - MINOR: haproxy: permit to register features during boot - BUG/MEDIUM: actions: always apply a longest match on prefix lookup 2023/10/04 : 2.6r1 (1.0.0-292.1181) - BUILD: bug: make BUG_ON() void to avoid a rare warning - MINOR: hapee: Update list of backported commit - BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams - MINOR: pattern: fix pat_{parse,match}_ip() function comments - BUG/MINOR: server: add missing free for server->rdr_pfx - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API - BUG/MINOR: promex: fix backend_agg_check_status - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records - BUG/MINOR: hlua/init: coroutine may not resume itself - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() - CI: musl: drop shopt in workflow invocation - CI: musl: highlight section if there are coredumps - Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token" - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread - MINOR: hlua: add hlua_stream_ctx_prepare helper function - BUG/MINOR: quic: Wrong cluster secret initialization - BUG/MINOR: quic: Leak of frames to send. - BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches - MINOR: sample: Add common TLV types as constants for fc_pp_tlv - MINOR: sample: Refactor fc_pp_unique_id by wrapping the generic TLV fetch - MINOR: sample: Refactor fc_pp_authority by wrapping the generic TLV fetch - MEDIUM: sample: Add fetch for arbitrary TLVs - MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs - CLEANUP/MINOR: connection: Improve consistency of PPv2 related constants 2023/09/27 : 2.6r1 (1.0.0-292.1156) - MEDIUM: server/ssl: pick another thread's session when we have none yet - MINOR: server/ssl: clear the shared good session index on failure - MINOR: server/ssl: maintain an index of the last known valid SSL session - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() - DOC: ssl: add some comments about the non-obvious session allocation stuff - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context 2023/09/08 : 2.6r1 (1.0.0-292.1148) - MINOR: ssl: add support for 'curves' keyword on server lines 2023/09/07 : 2.6r1 (1.0.0-292.1147) - MINOR: hapee: Update list of backported commit - BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) - CI: Update to actions/checkout@v4 - BUG/MINOR: hlua/action: incorrect message on E_YIELD error - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout - BUG/MINOR: quic: Wrong RTT adjusments - DOC: configuration: update examples for req.ver - BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer - BUG/MAJOR: quic: Really ignore malformed ACK frames. - BUG/MINOR: quic: Possible skipped RTT sampling - BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown - BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate - BUG/MINOR: ssl_sock: fix possible memory leak on OOM - DOC: lua: fix core.register_action typo - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage - MINOR: atomic: make sure to always relax after a failed CAS - BUILD: Makefile: add the USE_QUIC option to make help - SCRIPTS: git-show-backports: automatic ref and base detection with -m - DOC: typo: fix sc-set-gpt references - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths - CI: get rid of travis-ci wrapper for Coverity scan - MINOR: ssl: allow to change the client-sigalgs on server lines - MINOR: ssl: allow to change the server signature algorithm on server lines - MINOR: ssl: allow to change the signature algorithm for client authentication - MINOR: ssl: allow to change the server signature algorithm 2023/08/11 : 2.6r1 (1.0.0-292.1120) - MINOR: peers: add peers keyword registration - BUG/MINOR: http: skip leading zeroes in content-length values - DOC: clarify the handling of URL fragments in requests - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - BUG/MINOR: h3: reject more chars from the :path pseudo header - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h1: do not accept '#' as part of the URI component - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests - MINOR: h2: pass accept-invalid-http-request down the request parser - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: ist: add new function ist_find_range() to find a character range - BUG/MAJOR: http: reject any empty content-length header value - BUG/MAJOR: h3: reject header values containing invalid chars - REORG: http: move has_forbidden_char() from h2.c to http.h - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - DOC: configuration: describe Td in Timing events - BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line - MINOR: quic: Useless call to SSL_CTX_set_quic_method() - MINOR: quic: Make ->set_encryption_secrets() be callable two times - BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary - BUG/MINOR: quic: Missing parentheses around PTO probe variable. - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses - BUG/MINOR: hlua: add check for lua_newstate - BUILD: quic: fix warning during compilation using gcc-6.5 - CI: explicitely highlight VTest result section if there's something - BUG/MINOR: http: Return the right reason for 302 - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters - DOC: config: Fix fc_src description to state the source address is returned - BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers - BUG/MEDIUM: quic: timestamp shared in token was using internal time clock - BUG/MEDIUM: quic: missing check of dcid for init pkt including a token - BUG/MINOR: quic: retry token remove one useless intermediate expand - BUG/MEDIUM: quic: token IV was not computed using a strong secret - BUG/MINOR: config: Remove final '\n' in error messages - BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() - BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() - BUG/MINOR: sink: invalid sft free in sink_deinit() - BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() - BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() - BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() - BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets - MINOR: sink/api: pass explicit maxlen parameter to sink_write() - BUG/MINOR: log: LF upsets maxlen for UDP targets - BUG/MINOR: ring: maxlen warning reported as alert - BUG/MINOR: ring: size warning incorrectly reported as fatal error - BUG/MINOR: sink: missing sft free in sink_deinit() - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() - BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage - BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT - CLEANUP: quic: Remove server specific about Initial packet number space - MINOR: quic: Reduce the maximum length of TLS secrets - MINOR: quic: Move packet number space related functions - MINOR: quic: Move QUIC encryption level structure definition - BUILD: debug: avoid a build warning related to epoll_wait() in debug code - MINOR: compression/slz: add support for a pure flush of pending bytes - IMPORT: slz: implement a synchronous flush() operation - BUG/MINOR: quic: Wrong endianess for version field in Retry token - BUG/MINOR: quic: Wrong Retry paquet version field endianess - BUG/MINOR: quic: Missing random bits in Retry packet header - BUG/MINOR: config: fix stick table duplicate name check - BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag - BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty - BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle timeout 2023/06/22 : 2.6r1 (1.0.0-292.1055) - BUG/MINOR: mworker: leak of a socketpair during startup failure - REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages - DOC: Add tune.h2.max-frame-size option to table of contents - BUG/MINOR: quic: ticks comparison without ticks API use - BUG/MEDIUM: mworker: increase maxsock with each new worker - BUG/MINOR: quic: Missing initialization (packet number space probing) - BUG/MINOR: namespace: missing free in netns_sig_stop() - BUG/MINOR: server: inherit from netns in srv_settings_cpy() - BUG/MINOR: quic: Wrong encryption level flags checking 2023/06/14 : 2.6r1 (1.0.0-292.1046) 2023/06/12 : 2.6r1 (1.0.0-291.1046) - BUILD: init: print rlim_cur as regular integer - MINOR: init: pre-allocate kernel data structures on init - BUG/MINOR: proxy: add missing interface bind free in free_proxy - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line - DOC: config: fix jwt_verify() example using var() 2023/06/06 : 2.6r1 (1.0.0-289.1041) - BUG/MINOR: quic: Possible crash when SSL session init fails - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - CONTRIB: Add vi file extensions to .gitignore - DOC: config: Fix bind/server/peer documentation in the peers section - BUG/MINOR: quic: Missing Retry token length on receipt - BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token()) - BUG/MEDIUM: mux-quic: fix EOI for request without payload - MINOR: mux-quic: uninline qc_attach_sc() - BUG/MINOR: mux-quic: handle properly Tx buf exhaustion - BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc - BUG/MINOR: quic: do not alloc buf count on alloc failure - BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure - BUG/MINOR: mux-quic: properly handle buf alloc failure 2023/05/26 : 2.6r1 (1.0.0-289.1028) - SCRIPTS: publish-release: update the umask to keep group write access - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt - DOC: add size format section to manual - REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules - REGTESTS: log: Reduce response inspect-delay for last_rule.vtc - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set 2023/05/17 : 2.6r1 (1.0.0-289.1020) - BUG/MINOR: clock: fix the boot time measurement method for 2.6 and older - BUG/MINOR: checks: postpone the startup of health checks by the boot time - MINOR: clock: measure the total boot time - MINOR: checks: make sure spread-checks is used also at boot time - MINOR: htx: add function to set EOM reliably - BUG/MINOR: log: fix memory error handling in parse_logsrv() - BUG/MINOR: errors: handle malloc failure in usermsgs_put() - BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() - MINOR: proxy: add http_free_redirect_rule() function - BUG/MINOR: proxy: missing free in free_proxy for redirect rules - BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more data - BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup - MINOR: spoe: Don't stop disabled proxies - BUILD: mjson: Fix warning about unused variables - BUG/MINOR: quic: Possible crash when dumping version information - DOC: configuration: add info about ssl-engine for 2.6 - BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 - BUG/MINOR: quic: Wrong key update cipher context initialization for encryption - BUG/MINOR: debug: do not emit empty lines in thread dumps - BUG/MINOR: mux-quic: prevent quic_conn error code to be overwritten - DEV: haring: update readme to suggest using the same build options for haring - DEV: haring: automatically disable DEBUG_STRICT - MINOR: quic: use real sending rate measurement - BUG/MINOR: resolvers: Use sc_need_room() to wait more room when dumping stats - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones - BUILD: ssl: switch LibreSSL to Fastly CDN - CI: switch to Fastly CDN to download LibreSSL - MINOR: ssl: ssl_sock_load_cert_chain() display error strings - BUG/MINOR: fd: always remove late updates when freeing fd_updt[] - MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame - MINOR: mux-quic: do not set buffer for empty STREAM frame - BUG/MINOR: quic: prevent buggy memcpy for empty STREAM - BUG/MINOR: quic: Useless probing retransmission in draining or killing state - MINOR: quic: Move traces at proto level - BUILD: proto_tcp: export the correct names for proto_tcpv[46] - BUILD: sock_inet: forward-declare struct receiver - BUG/MINOR: config: fix NUMA topology detection on FreeBSD - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: server: don't use date when restoring last_change from state file - BUG/MINOR: server: don't miss server stats update on server state transitions - BUG/MINOR: server: don't miss proxy stats update on server state transitions - MINOR: server: explicitly commit state change in srv_update_status() - BUG/MINOR: server: incorrect report for tracking servers leaving drain 2023/05/16 : 2.6r1 (1.0.0-289.976) - BUG/MEDIUM: freq-ctr: Don't compute overshoot value for empty counters 2023/04/21 : 2.6r1 (1.0.0-289.975) - BUG/MEDIUM: Update read expiration date on synchronous send - BUG/MINOR: mux-quic: properly handle STREAM frame alloc failure - MINOR: quic: Display the packet number space flags in traces - MINOR: quic: Add <pto_count> to the traces - BUG/MEDIUM: quic: Code sanitization about acknowledgements requirements - BUG/MINOR: quic: Possible crashes in qc_idle_timer_task() - MINOR: quic: Add trace to debug idle timer task issues - MINOR: quic: Add traces to qc_kill_conn() - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop - BUG/MEDIUM: hlua: prevent deadlocks with main lua lock - MINOR: hlua: simplify lua locking - BUG/MINOR: hlua: prevent function and table reference leaks on errors - BUG/MINOR: hlua: fix reference leak in hlua_post_init_state() - BUG/MINOR: hlua: fix reference leak in core.register_task() - MINOR: hlua: add simple hlua reference handling API - MINOR: proto_ux: ability to dump ABNS names in error messages - MEDIUM: proto_ux: properly suspend named UNIX listeners - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume - MINOR: listener: pause_listener() becomes suspend_listener() - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() - BUG/MINOR: listener: fix resume_listener() resume return value handling - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling - MINOR: listener: make sure we don't pause/resume bypassed listeners - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping - MINOR: listener: add relax_listener() function - MINOR: listener/api: add lli hint to listener functions - MINOR: proto_uxst: add resume method - BUG/MINOR: quic: Wrong Retry token generation timestamp computing - BUG/MINOR: quic: Unchecked buffer length when building the token - MINOR: quic: Do not allocate too much ack ranges - BUG/MINOR: quic: Stop removing ACK ranges when building packets - BUG/MINOR: cfgparse: make sure to include openssl-compat - CLEANUP: backend: Remove useless debug message in assign_server() - BUG/MINOR: quic: transform qc_set_timer() as a reentrant function - BUG/MINOR: task: allow to use tasklet_wakeup_after with tid -1 - BUG/MEDIUM: log: Properly handle client aborts in syslog applet - REGTESTS: fix the race conditions in log_uri.vtc - BUG/MINOR: stream: Fix test on SE_FL_ERROR on the wrong entity - CI: bump "actions/checkout" to v3 for cross zoo matrix - BUG/MINOR: quic: Wrong Application encryption level selection when probing - MINOR: quic: Remove a useless test about probing in qc_prep_pkts() - BUG/MINOR: quic: SIGFPE in quic_cubic_update() - BUG/MINOR: quic: Possible wrapped values used as ACK tree purging limit. - MINOR: quic: Add connection flags to traces - BUG/MINOR: quic: Ignored less than 1ms RTTs - BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it. - BUG/MINOR: stick_table: alert when type len has incorrect characters - MINOR: quic: Add a trace for packet with an ACK frame - MINOR: quic: Dump more information at proto level when building packets - MINOR: quic: Modify qc_try_rm_hp() traces - BUG/MINOR: quic: Wrong packet number space probing before confirmed handshake - MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status) - BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions - BUG/MINOR: resolvers: Wakeup DNS idle task on stopping - BUG/MEDIUM: dns: Kill idle DNS sessions during stopping stage - BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload - MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked - CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy() - BUG/MINOR: hlua: enforce proper running context for register_x functions - BUG/MINOR: log: free log forward proxies on deinit() - BUG/MINOR: sink: free forward_px on deinit() - BUG/MINOR: stats: properly handle server stats dumping resumption - BUG/MINOR: server/del: fix srv->next pointer consistency - MINOR: server: add SRV_F_DELETED flag - BUG/MEDIUM: dns: Properly handle error when a response consumed - BUG/MEDIUM: channel: Improve reports for shut in co_getblk() - BUG/MINOR: quic: Possible wrong PTO computing - DOC: config: strict-sni allows to start without certificate - BUG/MINOR: quic: Remove useless BUG_ON() in newreno and cubic algo implementation - BUG/MAJOR: quic: Congestion algorithms states shared between the connection - BUG/MINOR: quic: Remaining useless statements in cubic slow start callback - MINOR: quic: Add missing traces in cubic algorithm implementation - BUG/MINOR: quic: Cubic congestion control window may wrap - BUG/MINOR: quic: Wrong rtt variance computing - BUG/MINOR: quic: Missing max_idle_timeout initialization for the connection - BUG/MINOR: quic: Wrong use of now_ms timestamps (newreno algo) - BUG/MINOR: quic: Wrong use of now_ms timestamps (cubic algo) - BUG/MINOR: backend: make be_usable_srv() consistent when stopping - DOC/MINOR: reformat configuration.txt's "quoting and escaping" table - MINOR: proxy/pool: prevent unnecessary calls to pool_gc() - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. - Revert "BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached" - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list - BUG/MINOR: quic: Missing STREAM frame type updated - BUG/MINOR: applet/new: fix sedesc freeing logic - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription - DOC: config: set-var() dconv rendering issues - BUG/MEDIUM: stats: Consume the request except when parsing the POST payload - BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown - BUG/MINOR: h3: properly handle incomplete remote uni stream type - BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset - BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF - BUG/MINOR: quic: wake up MUX on probing only for 01RTT - BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation - BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s - BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure - BUG/MEDIUM: stconn: don't set the type before allocation succeeds - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path - BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd - BUG/MEDIUM: stream: do not try to free a failed stream-conn - OPTIM: mux-h1: limit first read size to avoid wrapping - BUG/MAJOR: poller: drop FD's tgid when masks don't match 2023/03/17 : 2.6r1 (1.0.0-289.873) - BUG/MAJOR: qpack: fix possible read out of bounds in static table - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp() - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all() - BUG/MINOR: proto_ux: report correct error when bind_listener fails - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend - BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header() - MEDIUM: mux-h2/trace: add tracing support for headers - MINOR: trace: add the long awaited TRACE_PRINTF() - MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback - MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active - MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers - BUG/MEDIUM: listener: duplicate inherited FDs if needed - BUG/MINOR: quic: Missing STREAM frame data pointer updates - BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data - BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested - MINOR: buffer: add br_single() to check if a buffer ring has more than one buf - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list - BUG/MINOR: quic: Missing STREAM frame length updates - BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches - DEBUG: ssl-sock/show_fd: Display SSL error code - DEBUG: cli/show_fd: Display connection error code - BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop - BUG/MEDIUM: proxy: properly stop backends on soft-stop 2023/03/13 : 2.6r1 (1.0.0-288.849) - MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm) 2023/03/10 : 2.6r1 (1.0.0-288.848) - DOC/CLEANUP: fix typos - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX - BUG/MINOR: quic: Missing detections of amplification limit reached - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock - BUG/MINOR: quic: Do not resend already acked frames - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets) - BUG/MEDIUM: quic: properly handle duplicated STREAM frames - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released - BUG/MINOR: quic: also send RESET_STREAM if MUX released - MINOR: quic: adjust request reject when MUX is already freed - BUG/MINOR: quic: Missing padding for short packets - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean - BUG/MINOR: quic: Do not probe with too little Initial packets - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm() - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer() - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set - BUG/MAJOR: fd/threads: close a race on closing connections after takeover - BUG/MAJOR: fd/thread: fix race between updates and closing FD - MEDIUM: fd: support broadcasting updates for foreign groups in updt_fd_polling - MAJOR: poller: only touch/inspect the update_mask under tgid protection - MEDIUM: fd: quit fd_update_events() when FD is closed - BUG/MINOR: fd: Properly init the fd state in fd_insert() - MEDIUM: fd: make fd_insert/fd_delete atomically update fd.tgid - MINOR: fd: make fd_clr_running() return the previous value instead - MAJOR: fd: grab the tgid before manipulating running - MINOR: fd: add fd_get_running() to atomically return the running mask - MINOR: fd: add functions to manipulate the FD's tgid - MINOR: cli/fd: show fd's tgid and refcount in "show fd" - MEDIUM: fd: add the tgid to the fd and pass it to fd_insert() - MINOR: fd: delete unused updates on close() - MAJOR: fd: remove pending updates upon real close - MEDIUM: poller: program the update in fd_update_events() for a migrated FD - MEDIUM: epoll: don't synchronously delete migrated FDs - BUG/MINOR: ring: release the backing store name on exit - BUG/MINOR: thread: report thread and group counts in the correct order - BUG/MINOR: init: make sure to always limit the total number of threads - BUG/MEDIUM: master: force the thread count earlier - BUG/MINOR: init: properly detect NUMA bindings on large systems - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords - MINOR: ssl: rename confusing ssl_bind_kws - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section - DOC: config: Add the missing tune.fail-alloc option from global listing - DOC: config: Fix description of options about HTTP connection modes - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables - BUG/MINOR: ring: do not realign ring contents on resize - BUG/MINOR: cache: Check cache entry is complete in case of Vary - BUG/MINOR: cache: Cache response even if request has "no-cache" directive - REGTESTS: Fix ssl_errors.vtc script to wait for connections close - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers() - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams - BUG/MINOR: mworker: prevent incorrect values in uptime - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached - MINOR: fd/cli: report the polling mask in "show fd" - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send() - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start 2023/02/21 : 2.6r1 (1.0.0-288.773) - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions - BUG/MINOR: mworker: stop doing strtok directly from the env 2023/02/13 : 2.6r1 (1.0.0-288.770) - BUG/CRITICAL: http: properly reject empty http header field names - DOC: proxy-protocol: fix wrong byte in provided example - BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first - BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server - MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function - DOC: config: 'http-send-name-header' option may be used in default section - DOC: config: fix option spop-check proxy compatibility - BUG/MEDIUM: cache: use the correct time reference when comparing dates - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge - BUG/MINOR: ssl/crt-list: warn when a line is malformated - BUG/MEDIUM: quic: do not split STREAM frames if no space - BUG/MINOR: quic: Unchecked source connection ID - MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks - BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session - MINOR: quic: When probing Handshake packet number space, also probe the Initial one - BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans() - BUG/MINOR: quic: Too big PTO during handshakes - BUG/MINOR: quic: Possible stream truncations under heavy loss - BUG/MINOR: stats: fix STAT_STARTED behavior with full htx - BUG/MINOR: stats: fix show stats field ctx for servers - BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer() - BUG/MEDIUM: stats: fix resolvers dump - BUG/MINOR: stats: fix source buffer size for http dump - BUG/MINOR: stats: use proper buffer size for http dump - BUG/MINOR: h3: fix crash due to h3 traces - BUG/MEDIUM: ssl: wrong eviction from the session cache tree - BUG/MEDIUM: h3: handle STOP_SENDING on control stream - MINOR: mux-quic/h3: define stream close callback - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section - DEV: hpack: fix `trash` build regression - BUG/MINOR: sink: free the forwarding task on exit - BUG/MINOR: log: release global log servers on exit - DEV: haring: add a new option "-r" to automatically repair broken files - BUG/MINOR: sink: make sure to always properly unmap a file-backed ring - BUG/MINOR: http-htx: Normalized absolute URIs with an empty port - REG-TESTS: http: Add more tests about authority/host matching - BUG/MINOR: h1: Replace authority validation to conform RFC3986 - MINOR: http: Considere empty ports as valid default ports - MINOR: h1: Consider empty port as invalid in authority for CONNECT - BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams - CI: github: split ssl lib selection based on git branch - CI: github: reintroduce openssl 1.1.1 2023/02/08 : 2.6r1 (1.0.0-287.727) 2023/01/24 : 2.6r1 (1.0.0-285.727) - BUILD: atomic: atomic.h may need compiler.h on ARMv8.2-a 2023/01/21 : 2.6r1 (1.0.0-285.726) - MINOR: hapee: Update the list of backported commits - MINOR: stick-table: implement the sc-add-gpc() action - MEDIUM: stick-table: set the track-sc limit at boottime via tune.stick-counters - MINOR: http-rules: Add missing actions in http-after-response ruleset - BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions - MEDIUM: bwlim: Support constants limit or period on set-bandwidth-limit actions - BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions - BUG/MINOR: jwt: Wrong return value checked - BUILD: hpack: include global.h for the trash that is needed in debug mode - BUG/MINOR: mux-h2: add missing traces on failed headers decoding - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests - BUG/MINOR: h3: properly handle connection headers - BUG/MINOR: listener: close tiny race between resume_listener() and stopping - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) - DOC: config: fix "Address formats" chapter syntax - BUG/MINOR: mux-fcgi: Correctly set pathinfo - DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" - DOC: config: fix wrong section number for "protocol prefixes" - BUG/MINOR: listeners: fix suspend/resume of inherited FDs - BUG/MINOR: http-ana: make set-status also update txn->status - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body - BUG/MINOR: promex: Don't forget to consume the request on error - BUG/MEDIUM: peers: make "show peers" more careful about partial initialization - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action - BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses - MINOR: mux-quic: add traces for flow-control limit reach - BUG/MINOR: mux-quic: fix transfer of empty HTTP response - DOC: management: add details about @system-ca in "show ssl ca-file" - DOC: management: add details on "Used" status - CLEANUP: htx: fix a typo in an error message of http_str_to_htx - BUG/MINOR: http: Memory leak of http redirect rules' format string - REGTEST: fix the race conditions in hmac.vtc - REGTEST: fix the race conditions in digest.vtc - REGTEST: fix the race conditions in add_item.vtc - REGTEST: fix the race conditions in json_query.vtc - BUG/MINOR: proxy: free orgto_hdr_name in free_proxy() - DOC: config: remove duplicated "http-response sc-set-gpt0" directive - DOC: config: fix alphabetical ordering of http-after-response rules - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set - BUG/MINOR: stick-table: report the correct action name in error message - BUILD: makefile: sort the features list - BUILD: makefile: build the features list dynamically - BUG/MINOR: mux-quic: ignore remote unidirectional stream close - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set - BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list - OPTIM: pool: split the read_mostly from read_write parts in pool_head - BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats - BUG/MEDIUM: tests: use tmpdir to create UNIX socket - REGTESTS: startup: disable automatic_maxconn.vtc - BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset - BUG/MINOR: stats: fix show stat json buffer limitation - MINOR: stats: introduce stats field ctx - MINOR: stats: provide ctx for dumping functions - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain - BUG/MINOR: h3: fix memleak on HEADERS parsing failure - BUG/MEDIUM: h3: fix cookie header parsing - LICENSE: wurfl: clarify the dummy library license. - BUG/MINOR: mux-quic: handle properly alloc error in qcs_new() - BUG/MINOR: mux-quic: remove qcs from opening-list on free - BUG/MINOR: quic: properly handle alloc failure in qc_new_conn() - CI: github: split matrix for development and stable branches - CI: github: remove redundant ASAN loop - BUG/MEDIUM: h3: parse content-length and reject invalid messages - MINOR: http: extract content-length parsing from H2 - BUG/MEDIUM: h3: reject request with invalid pseudo header - BUG/MEDIUM: h3: reject request with invalid header name - REGTESTS: startup: add alternatives values in automatic_maxconn.vtc - REGTESTS: startup: change the expected maxconn to 11000 - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout - REGTESTS: startup: activate automatic_maxconn.vtc - CI: github: set ulimit -n to a greater value - BUG/MINOR: startup: don't use internal proxies to compute the maxconn - REGTESTS: startup: check maxconn computation - REGTESTS: fix the race conditions in iff.vtc - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes - DOC: promex: Add missing backend metrics - MINOR: promex: introduce haproxy_backend_agg_check_status - BUG/MINOR: promex: create haproxy_backend_agg_server_status - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task - BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers - MINOR: mworker: display an alert upon a wait-mode exit - BUG/MINOR: ssl: Fix potential overflow - BUG/MEDIUM: ssl: Verify error codes can exceed 63 2022/12/27 : 2.6r1 (1.0.0-284.636) 2022/12/16 : 2.6r1 (1.0.0-283.636) - BUILD: peers: peers-t.h depends on stick-table-t.h - BUG/MINOR: hapee/modules: make sure generated includes and structs are sorted - MINOR: hapee/modules: check if we generate the API hash correctly 2022/12/15 : 2.6r1 (1.0.0-283.633) - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk 2022/12/06 : 2.6r1 (1.0.0-283.632) - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side - MINOR: mux-h1: add the expire task and its expiration date in "show fd" - MINOR: mux-h2: add the expire task and its expiration date in "show fd" - BUG/MINOR: quic: Endless loop during retransmissions - CLEANUP: ncbuf: use standard BUG_ON with DEBUG_STRICT - CLEANUP: ncbuf: inline small functions - CLEANUP: ncbuf: remove ncb_blk args by value - SCRIPTS: announce-release: add a link to the data plane API - DOC: config: clarify the -m dir and -m dom pattern matching methods - DOC: config: clarify the fact that "retries" is not just for connections - DOC: config: explain how default matching method for ACL works - DOC: config: mention that a single monitor-uri rule is supported - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios - DOC: config: refer to section about quoting in the "add_item" converter - DOC: config: provide some configuration hints for "http-reuse" - Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" 2022/11/29 : 2.6r1 (1.0.0-283.616) - BUG/MEDIUM: quic: fix datagram dropping on queueing failed - DOC: configuration.txt: fix typo in table_idle signature - BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out - BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk() - DOC: configuration.txt: add default_value for table_idle signature - BUILD: http-htx: Silent build error about a possible NULL start-line - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action - BUG/MINOR: log: fix parse_log_message rfc5424 size check - BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance - DOC: quic: add note on performance issue with listener contention - BUILD: listener: fix build warning on global_listener_rwlock without threads - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns - MINOR: global: generate random cluster.secret if not defined - MINOR: quic: report error if force-retry without cluster-secret - DOC: configuration: fix quic prefix typo - BUG/MAJOR: quic: Crash after discarding packet number spaces - BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets - MINOR: quic: complete traces/debug for handshake - BUG/MEDIUM: quic: fix memleak for out-of-order crypto data - BUG/MEDIUM: quic: fix unsuccessful handshakes on ncb_advance error - MINOR: ncbuf: complete doc for ncb_advance() - BUILD: peers: Remove unused variables - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored - BUG/MINOR: ssl: don't initialize the keylog callback when not required - BUG/MEDIUM: raw-sock: Don't report connection error if something was received - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes - BUILD: quic: fix dubious 0-byte overflow on qc_release_lost_pkts - BUG/MEDIUM: ring: fix creation of server in uninitialized ring - DOC: config: fix alphabetical ordering of global section - REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses - BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers - BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once - BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy - BUG/MINOR: resolvers: Set port before IP address when processing SRV records - BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure - BUG/MINOR: http-htx: Fix error handling during parsing http replies - BUG/MEDIUM: wdt/clock: properly handle early task hangs - CI: emit the compiler's version in the build reports - CI: enable QUIC for LibreSSL builds - CI: switch to the "latest" LibreSSL - BUG/MINOR: ssl: ocsp structure not freed properly in case of error - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer - BUG/MINOR: ssl: Memory leak of DH BIGNUM fields - CI: add monthly gcc cross compile jobs - BUG/MINOR: quic: fix race condition on datagram purging - BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting - BUG/MINOR: quic: fix subscribe operation - MINOR: quic: remove unnecessary quic_session_accept() - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task 2022/11/25 : 2.6r1 (1.0.0-283.565) - BUG/MINOR: ssl: shut the ca-file errors emitted during httpclient init - MINOR: ssl: forgotten newline in error messages on ca-file - MINOR: ssl: enhance ca-file error emitting 2022/11/04 : 2.6r1 (1.0.0-283.562) - BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file 2022/10/26 : 2.6r1 (1.0.0-282.561) - BUG/MAJOR: stick-table: don't process store-response rules for applets - DOC: lua: add a note about compression w/ httpclient - DOC: management: add forgotten "show startup-logs" - CI: SSL: temporarily stick to LibreSSL=3.5.3 - CI: SSL: use proper version generating when "latest" semantic is used - BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers - BUG/MINOR: sink: Only use backend capability for the sink proxies - MINOR: quic: display unknown error sendto counter on stat page - MINOR: quic: do not crash on unhandled sendto error - BUG/MEDIUM: compression: handle rewrite errors when updating response headers - BUG/MINOR: mux-quic: complete flow-control for uni streams - BUILD: Makefile: add "USE_SHM_OPEN" on the linux-musl target - CI: github: dump the backtrace of coredumps in the alpine container - REGTESTS: httpclient/lua: test the lua task timeout with the httpclient - BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler - BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient - BUG/MINOR: ring: Properly parse connect timeout - BUG/MINOR: log: Preserve message facility when the log target is a ring buffer - MINOR: quic: extend Retry token check function - MINOR: quic: refactor packet drop on reception - MINOR: quic: split and rename qc_lstnr_pkt_rcv() - MINOR: quic: extract connection retrieval - MINOR: quic: define first packet flag - MINOR: quic: extend pn_offset field from quic_rx_packet - MINOR: quic: add version field on quic_rx_packet - BUG/MINOR: quic: fix buffer overflow on retry token generation - BUILD: quic: Fix build for m68k cross-compilation - BUILD: ssl_sock: fix null dereference for QUIC build - BUG/MEDIUM: httpclient: segfault when the httpclient parser fails - BUILD: quic: QUIC mux build fix for 32-bit build - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py - MINOR: httpclient/lua: Don't set req_payload callback if body is empty - BUG/MEDIUM: httpclient: Don't set EOM flag on an empty HTX message - BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk() - MINOR: quic: implement datagram cleanup for quic_receiver_buf - CLEANUP: quic: improve naming for rxbuf/datagrams handling - CLEANUP: quic: remove unused rxbufs member in receiver - MINOR: quic: Split the secrets key allocation in two parts - BUG/MINOR: quic: Stalled 0RTT connections with big ClientHello TLS message - MINOR: quic: Use a non-contiguous buffer for RX CRYPTO data - MINOR: quic: Extract CRYPTO frame parsing from qc_parse_pkt_frms() - MINOR: quic: New quic_cstream object implementation - BUG/MINOR: server: make sure "show servers state" hides private bits - BUG/MAJOR: stick-tables: do not try to index a server name for applets - DOC: configuration: missing 'if' in tcp-request content example - BUG/MINOR: quic: set IP_PKTINFO socket option for QUIC receivers only - CLEANUP: quic/receiver: remove the now unused tx_qring list - MEDIUM: quic: retrieve frontend destination address - BUG/MEDIUM: config: count line arguments without dereferencing the output - BUG/MINOR: config: don't count trailing spaces as empty arg (v2) - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error - CLEANUP: quic: fix indentation - MINOR: mux-quic: check quic-conn return code on Tx - MINOR: quic: limit usage of ssl_sock_ctx in favor of quic_conn - BUG/MINOR: hlua: hlua_channel_insert_data() behavior conflicts with documentation - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() - MINOR: init: do not try to shrink existing RLIMIT_NOFIlE - MINOR: fd: add a new function to only raise RLIMIT_NOFILE - BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os - BUG/MEDIUM: lua: handle stick table implicit arguments right. - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure - BUG/MINOR: mux-quic: ignore STOP_SENDING for locally closed stream - CLEANUP: quic: create a dedicated quic_conn module - CLEANUP: quic: remove duplicated varint code from xprt_quic.h - CLEANUP: quic: remove unused function prototype - CLEANUP: quic: fix headers - BUG/MINOR: quic: adjust quic_tls prototypes - CLEANUP: quic: remove global var definition in quic_tls header - CLEANUP: mux-quic: remove usage of non-standard ull type - DOC: config: Fix pgsql-check documentation to make user param mandatory - BUG/MINOR: checks: update pgsql regex on auth packet - BUG/MINOR: backend: only enforce turn-around state when not redispatching - BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns - DOC: management: httpclient can resolve server names in URLs - BUG/MINOR: hlua: _hlua_http_msg_delete incorrect behavior when offset is used - BUG/MINOR: hlua: fixing hlua_http_msg_insert_data behavior - BUG/MINOR: hlua: fixing hlua_http_msg_del_data behavior - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree - BUG/MEDIUM: stconn: Reset SE descriptor when we fail to create a stream - BUG/MINOR: stream: Perform errors handling in right order in stream_new() - BUG/MINOR: hlua: Remove \n in Lua error message built with memprintf - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies - MINOR: quic: Add a trace to distinguish the datagram from the packets inside - BUG/MINOR: quic: Frames added to packets even if not built. - CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv() - CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet) - BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup) - BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets - MINOR: quic: Replace MT_LISTs by LISTs for RX packets. - BUG/MINOR: quic: Safer QUIC frame builders - BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() 2022/10/05 : 2.6r1 (1.0.0-281.466) - BUG/MINOR: log: improper behavior when escaping log data - REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N - BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset - MINOR: mux-quic: refactor snd_buf - REORG: mux-quic: export HTTP related function in a dedicated file - REORG: mux-quic: extract traces in a dedicated source file - BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers - BUG/MEDIUM: mux-quic: fix nb_hreq decrement - SCRIPTS: announce-release: update some URLs to https - BUILD: fd: fix a build warning on the DWCAS - BUG/MEDIUM: captures: free() an error capture out of the proxy lock - CLEANUP: quic,ssl: fix tiny typos in C comments - BUG/MEDIUM: server: segv when adding server with hostname from CLI - BUG/MINOR: mux-quic: do not remotely close stream too early - CLEANUP: mux-quic: remove stconn usage in h3/hq - BUG/MEDIUM: mux-quic: fix crash on early app-ops release - MEDIUM: quic: separate path for rx and tx with set_encryption_secrets - DOC: fix TOC in starter guide for subsection 3.3.8. Statistics - REGTESTS: ssl/log: test the log-forward with SSL - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. - REGTESTS: log: test the log-forward feature - BUG/MINOR: listener: null pointer dereference suspected by coverity - CLEANUP: listener: function comment typo in stop_listener() - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message - BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created - CLEANUP: pollers: remove dead code in the polling loop - BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' - MINOR: proxy/listener: support for additional PAUSED state - MINOR: listener: small API change - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK - DEV: flags: add missing CO_FL_FDLESS connection flag - DEV: flags: fix usage message to reflect available options - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: signals/poller: ensure wakeup from signals - MINOR: h3: Send the h3 settings with others streams (requests) - MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument - MINOR: h3: Add the quic_conn object to h3 traces - BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal" - BUG/MINOR: quic: Trace fix about packet number space information. - BUG/MINOR: quic: Speed up the handshake completion only one time - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals - BUG/MINOR: stream/sched: take into account CPU profiling for the last call - MINOR: sched: store the current profile entry in the thread context - BUG/MINOR: sched: properly account for the CPU time of dying tasks - BUG/MINOR: task: Fix detection of tasks profiling in tasklet_wakeup_after() - CLEANUP: task: rename ->call_date to ->wake_date - MINOR: task: permanently enable latency measurement on tasklets - BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet - BUG/MINOR: task: always reset a new tasklet's call date - BUG/MINOR: quic: Wrong connection ID to thread ID association - MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid() - MINOR: quic: Add traces about sent or resent TX frames - MINOR: quic: add QUIC support when no client_hello_cb - BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx() - BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx - BUILD: quic: enable early data only with >= openssl 1.1.1 - BUILD: quic: temporarly ignore chacha20_poly1305 for libressl - BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb - BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl - BUG/MINOR: quic: Possible crash when verifying certificates - BUG/MINOR: h1: Support headers case adjustment for TCP proxies - BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines - BUG/MINOR: quic: Retransmitted frames marked as acknowledged - BUILD: makefile: enable crypt(3) for NetBSD - MINOR: Revert part of clarifying samples support per os commit - MEDIUM: peers: limit the number of updates sent at once - MINOR: httpclient: enabled the use of SNI presets - CLEANUP: httpclient: deleted unused variables - MINOR: httpclient: export httpclient_create_proxy() - MEDIUM: httpclient: allow to use another proxy - MEDIUM: httpclient: httpclient_create_proxy() creates a proxy for httpclient - MEDIUM: httpclient: enable ALPN support on outgoing https connections - BUG/MINOR: http-act: initialize http fmt head earlier - MINOR: debug: report applet pointer and handler in crashes when known - DEBUG: stream: minor rearrangement of a few fields in struct stream. - BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: httpclient: keep-alive was accidentely disabled - BUG/MEDIUM: httpclient: always detach the caller before self-killing - BUG/MINOR: h2: properly set the direction flag on HTX response - BUG/MINOR: quic: Frames leak during retransmissions - MINOR: quic: Trace typo fix in qc_release_frm() - MINOR: quic: Add TX frames addresses to traces to several trace events - BUG/MINOR: quic: Do not ack when probing - MINOR: backend: always satisfy the first req reuse rule with l7 retries - BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages - BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support - BUILD: debug: make sure debug macros are never empty - CLEANUP: exclude haring with .gitignore - DEV: haring: support remapping LF in contents with CR VT - DEV: haring: add a simple utility to read file-backed rings - MINOR: sink/ring: rotate non-empty file-backed contents only - MINOR: ring: archive a previous file-backed ring on startup - BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value - MINOR: ring: add support for a backing-file - MINOR: ring: support creating a ring from a linear area - BUILD: ring: forward-declare struct appctx to avoid a build warning - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2 - BUG/MINOR: quic: TX frames memleak - MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event - BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2) - BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace - Revert "MINOR: quic: Remove useless traces about references to TX packets" - MINOR: quic: Remove useless traces about references to TX packets - Revert "BUG/MINOR: quix: Memleak for non in flight TX packets" - BUG/MINOR: quix: Memleak for non in flight TX packets - BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data - MINOR: quic: Add reusable cipher contexts for header protection - MINOR: quic: Trace fix in qc_release_frm() - MINOR: quic: Add the QUIC connection to mux traces - BUG/MINOR: quic: Wrong splitted duplicated frames handling - MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces - BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member - MEDIUM: h3: concatenate multiple cookie headers - REGTESTS: add test for HTTP/2 cookies concatenation - REORG: h2: extract cookies concat function in http_htx - BUG/MEDIUM: quic: fix crash on MUX send notification - BUG/MINOR: quic: Missing initializations for ducplicated frames. - BUG/MINOR: quic: do not notify MUX on frame retransmit - MINOR: quic: refactor application send - MINOR: mux-quic: add missing args on some traces - MINOR: mux-quic: adjust traces on stream init - BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control - MINOR: qpack: report error on enc/dec stream close - MINOR: h3: report error on control stream close - MINOR: quic: adjust quic_frame flag manipulation - BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt() - BUG/MINOR: quic: MIssing check when building TX packets - BUG/MINOR: mux-quic: fix crash with traces in qc_detach() - BUG/MEDIUM: quic: Wrong use of <token_odcid> in qc_lsntr_pkt_rcv() - BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init() - BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg - MINOR: mux-quic: define new traces - CLEANUP: mux-quic: adjust traces level - MINOR: mux-quic: define protocol error traces - MINOR: mux-quic: adjust enter/leave traces - CLEANUP: quic: Remove trailing spaces - MINOR: quic: Remove useless lock for RX packets - MEDIUM: quic: xprt traces rework - BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level - BUG/MINOR: mux-quic: open stream on STOP_SENDING - MINOR: quic: skip sending if no frame to send in io-cb - MINOR: quic: refactor datagram commit in Tx buffer - MINOR: quic: release Tx buffer on each send - MINOR: quic: replace custom buf on Tx by default struct buffer - MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams - BUG/MINOR: quic: adjust errno handling on sendto - MINOR: quic: Add two new stats counters for sendto() errors - MEDIUM: mux-quic: implement http-request timeout - MINOR: mux-quic: refactor refresh timeout function - MINOR: mux-quic: refresh timeout on frame decoding - MINOR: h3: support HTTP request framing state - MEDIUM: mux-quic: implement http-keep-alive timeout - MINOR: mux-quic: count in-progress requests - MEDIUM: mux-quic: adjust timeout refresh - MINOR: mux-quic: use timeout server for backend conns - MINOR: mux-quic: save proxy instance into qcc - MINOR: h3: implement graceful shutdown with GOAWAY - MINOR: h3: store control stream in h3c - MINOR: mux-quic: send one last time before release - CLEANUP: mux-quic: move qc_release() - MEDIUM: quic: send CONNECTION_CLOSE on released MUX - MINOR: mux-quic/h3: prepare CONNECTION_CLOSE on release - MINOR: mux-quic: support app graceful shutdown - MINOR: quic: define a generic QUIC error type - CLEANUP: quic: clean up include on quic_frame-t.h - MEDIUM: mux-quic: implement STOP_SENDING handling - MEDIUM: mux-quic: implement RESET_STREAM emission - MINOR: mux-quic: use stream states to mark as detached - MINOR: mux-quic: define basic stream states - MINOR: mux-quic: support stream opening via MAX_STREAM_DATA - MINOR: mux-quic: do not ack STREAM frames on unrecoverable error - MINOR: mux-quic: filter send/receive-only streams on frame parsing - MINOR: mux-quic: implement qcs_alert() - MINOR: mux-quic: add traces on frame parsing functions - MINOR: mux-quic: rename stream purge function - REORG: mux-quic: rename stream initialization function - MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size - MINOR: mux-quic: rename qcs flag FIN_RECV to SIZE_KNOWN - MEDIUM: mux-quic: refactor streams opening - MINOR: mux-quic: implement accessor for sedesc - REORG: mux-quic: reorganize flow-control fields - CLEANUP: mux-quic: do not export qc_get_ncbuf - CLEANUP: mux-quic: adjust comment on qcs_consume() - BUG/MINOR: qpack: abort on dynamic index field line decoding - BUG/MINOR: qpack: fix build with QPACK_DEBUG - CLEANUP: pool/quic: remove suffix "_pool" from certain pool names - MINOR: quic: Dump version_information transport parameter - BUG/MINOR: qpack: abort on dynamic index field line decoding - BUILD: quic: Wrong HKDF label constant variable initializations - CLEANUP: quic: Remove any reference to boringssl - MEDIUM: quic: Compatible version negotiation implementation (draft-08) - MINOR: quic: Released QUIC TLS extension for QUIC v2 draft - MEDIUM: quic: Add QUIC v2 draft support - CLEANUP: quid: QUIC draft-28 no more supported - MINOR: quic: Parse long packet version from qc_parse_hd_form() - MINOR: quic: Add several nonce and key definitions for Retry tag - MINOR: qpack: improve decoding function - MINOR: qpack: add ABORT_NOW on unimplemented decoding - MINOR: qpack: reduce dependencies on other modules - CLEANUP: quic: use task_new_on() for single-threaded tasks - MINOR: mux-quic: complete BUG_ON on TX flow-control enforcing - BUG/MEDIUM: h3: fix SETTINGS parsing - BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing - BUG/MINOR: h3: fix return value on decode_qcs on error - MINOR: mux-quic/h3: adjust demuxing function return values - MINOR: mux-quic: simplify decode_qcs API - CLEANUP: Re-apply xalloc_size.cocci (2) - MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch - BUG/MINOR: dev/udp: properly preset the rx address size - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input - BUG/MINOR: ssl: revert two wrong fixes with ckhi_link - MINOR: quic: Revert recent QUIC commits - BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() - BUG/MINOR: ssl: fix deinit of the ca-file tree - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) - MINOR: quic: Add a trace to distinguish the datagram from the packets inside - BUG/MINOR: applet: make the call_rate only count the no-progress calls - BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler - MINOR: quic: Replace MT_LISTs by LISTs for RX packets. - BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode - BUG/MINOR: quic: Frames added to packets even if not built. - DOC: configuration.txt: do-resolve must use host_only to remove its port. - BUG/MINOR: httpclient: fix resolution with port - MINOR: sample: add the host_only and port_only converters - DOC: configuration: do-resolve doesn't work with a port in the string - CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv() - CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet) - BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup) - BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets - MINOR: resolvers: shut the warning when "default" resolvers is implicit - REGTESTS: Fix prometheus script to perform HTTP health-checks - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect - BUG/MINOR: mworker: does not create the "default" resolvers in wait mode - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() - BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD - BUG/MINOR: quic: Safer QUIC frame builders - BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() - BUG/MAJOR: mworker: fix infinite loop on master with no proxies. - BUG/MINOR: ssl/cli: error when the ca-file is empty - BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured - BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle - BUG/MEDIUM: cli: always reset the service context between commands - MINOR: applet: add a function to reset the svcctx of an applet - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names - MINOR: stick-table: Add table_expire() and table_idle() new converters - MINOR: hapee: update backported file with pool-related stuff - MINOR: chunk: inline alloc_trash_chunk() - MINOR: pools/memprof: store and report the pool's name in each bin - MINOR: pool/memprof: report pool alloc/free in memory profiling - MINOR: memprof: export the minimum definitions for memory profiling - BUG/MINOR: quic: memleak on wrong datagram receipt - BUG/MEDIUM: ring: fix too lax 'size' parser - BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames() - BUILD: debug: silence warning on gcc-5 - BUILD: stconn: fix build warning at -O3 about possible null sc - BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() - BUG/MEDIUM: poller: use fd_delete() to release the poller pipes - BUG/MEDIUM: quic: always remove the connection from the accept list on close - CLEANUP: mux-quic: remove loop on sending frames - BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection - MINOR: quic: Too much useless traces in qc_build_frms() - BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp() - BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h - CLEANUP: assorted typo fixes in the code and comments - BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr - MINOR: quic: explicitely ignore sendto error - BUG/MINOR: quic: Missing Initial packet dropping case - BUG/MINOR: quic: do not reject datagrams matching minimum permitted size - BUG/MINOR: sink: fix a race condition between the writer and the reader - BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader - BUG/MINOR: quic: Avoid sending truncated datagrams - BUILD: http: silence an uninitialized warning affecting gcc-5 - BUG/MEDIUM: quic: Floating point exception in cubic_root() - BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement - MINOR: peers: Add a warning about incompatible SSL config for the local peer - BUG/MEDIUM: proxy: Perform a custom copy for default server settings - REORG: server: Export srv_settings_cpy() function - MINOR: server: Constify source server to copy its settings - BUG/MINOR: backend: Don't increment conn_retries counter too early - BUG/MEDIUM: dns: Properly initialize new DNS session - BUG/MINOR: peers: Use right channel flag to consider the peer as connected - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer - BUG/MINOR: mux-quic: do not free conn if attached streams - CLEANUP: mux-quic: remove useless app_ops is_active callback - BUG/MINOR: mux-quic: prevent crash if conn released during IO callback - BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions - MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups - BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once - MINOR: quic: Send packets as much as possible from qc_send_app_pkts() - BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts() - MINOR: quic: Stop looking for packet loss asap - BUG/MINOR: quic: loss time limit variable computed but not used - MINOR: quic: New "quic-cc-algo" bind keyword - MEDIUM: quic: Cubic congestion control algorithm implementation - MINOR: quic: Congestion control architecture refactoring - BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks - BUG/MINOR: mworker: PROC_O_LEAVING used but not updated - MEDIUM: resolvers: continue startup if network is unavailable - DEBUG: fd: split the fd check - MINOR: hapee: add a .hapee directory to list backporting notes - CLEANUP: bwlim: Set pointers to NULL when memory is released - MEDIUM: bwlim: Add support of bandwith limitation at the stream level - MINOR: freq_ctr: Add a function to get events excess over the current period - Revert "BUG/MINOR: peers: set the proxy's name to the peers section name" - BUG/MINOR: sockpair: wrong return value for fd_send_uxst() - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible - BUILD: quic: fix anonymous union for gcc-4.4 - BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side - BUILD: add detection for unsupported compiler models - BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload - BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap - BUG/MINOR: mworker/cli: relative pid prefix not validated anymore - BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake - BUG/MINOR: tools: fix statistical_prng_range()'s output range - BUG/MINOR: ssl: allow duplicate certificates in ca-file directories - BUG/MINOR: resolvers: shut off the warning for the default resolvers - MINOR: resolvers: resolvers_destroy() deinit and free a resolver - BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) - BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX - BUG/MEDIUM: tools: avoid calling dlsym() in static builds - BUG/MINOR: debug: enter ha_panic() only once - BUG/MEDIUM: cli/threads: make "show threads" more robust on applets - BUG/MINOR: quic: fix closing state on NO_ERROR code sent - BUG/MEDIUM: mux-quic: fix server chunked encoding response - CLEANUP: h2: Typo fix in h2_unsubcribe() traces - MINOR: qpack: properly handle invalid dynamic table references - MINOR: h3: handle errors on HEADERS parsing/QPACK decoding - MINOR: h3: add h3c pointer into h3s instance - BUG/MINOR: mux-quic: do not signal FIN if gap in buffer - MINOR: ncbuf: implement ncb_is_fragmented() - MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb) - MINOR: quic: Improvements for the datagrams receipt - MINOR: task: Add tasklet_wakeup_after() - MINOR: quic: Duplicated QUIC_RX_BUFSZ definition - MINOR: quic: Add new stats counter to diagnose RX buffer overrun - BUG/MINOR: quic: Dropped packets not counted (with RX buffers full) - BUILD: quic+h3: 32-bit compilation errors fixes - BUG/MAJOR: quic: Big RX dgrams leak with POST requests - BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer - BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer - BUG/MINOR: quic: Missing acknowledgments for trailing packets - MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state - BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer - REGTEESTS: filters: Fix CONNECT request in random-forwarding script - BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream - MINOR: http-htx: Use new HTTP functions for the scheme based normalization - BUG/MEDIUM: h1: Improve authority validation for CONNCET request - MINOR: http: Add function to detect default port - MINOR: http: Add function to get port part of a host - BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo - BUG/MINOR: peers: fix possible NULL dereferences at config parsing - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule - BUG/MINOR: peers/config: always fill the bind_conf's argument - MINOR: fd: Add BUG_ON checks on fd_insert() - CI: re-enable gcc asan builds - BUILD: Makefile: Add Lua 5.4 autodetect - BUG/MEDIUM: ssl/fd: unexpected fd close using async engine - MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created - BUG/MINOR: ssl: Do not look for key in extra files if already in pem - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames - REGTESTS: ssl: add the same cert for client/server - BUG/MEDIUM: mworker: use default maxconn in wait mode - BUG/MINOR: quic: Acknowledgement must be forced during handshake - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list - BUG/MINOR: quic: free rejected Rx packets - BUG/MINOR: quic: purge conn Rx packet list on release - BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name - BUG/MINOR: quic: Unexpected half open connection counter wrapping - BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option - MINOR: stream: Rely on stconn flags to abort stream destructive upgrade - BUG/MEDIUM: stream: Properly handle destructive client connection upgrades - BUG/MINOR: task: fix thread assignment in tasklet_kill() - BUG/MINOR: quic: Wrong PTO calculation - BUG/MINOR: quic: Stop hardcoding Retry packet Version field - BUG/BUILD: h3: fix wrong label name - BUG/MINOR: h3/qpack: deal with too many headers - MINOR: qpack: add comments and remove a useless trace - BUG/MINOR: qpack: support header litteral name decoding - BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup - BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing - BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration - BUG/MINOR: mux-quic: fix memleak on frames rejected by transport - BUG/MEDIUM: mux-quic: fix flow control connection Tx level - BUG/MINOR: cli/stats: add missing trailing LF after "show info json" - BUG/MINOR: server: do not enable DNS resolution on disabled proxies - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs - BUG/MINOR: h3: fix frame type definition - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode." - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - REGTESTS: healthcheckmail: Relax health-check failure condition - REGTESTS: healthcheckmail: Update the test to be functionnal again - BUG/MINOR: checks: Properly handle email alerts in trace messages - BUG/MINOR: trace: Test server existence for health-checks to get proxy - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert - BUILD: compiler: implement unreachable for older compilers too - REGTESTS: restrict_req_hdr_names: Extend supported versions - REGTESTS: http_abortonclose: Extend supported versions - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler - BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield - BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield - BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield - BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients - REGTESTS: abortonclose: Add a barrier to not mix up log messages - MEDIUM: httpclient: Don't close CLI applet at the end of a response - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs - BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases - BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry - BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails - BUG/MINOR: hapee/modules: initialize the module head list - BUILD: hapee/modules: select either md5 or md5sum - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR/WiP: hapee: change URLs and EOL date for 2.6r1 - BUILD: hapee/modules: update HAPEE version macro to 2.6r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support