Summary

2024/01/17 : 2.7r1 (1.0.0-306.1077) - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - BUG/MEDIUM: h3: fix incorrect snd_buf return value - CLEANUP: quic: Remaining useless code into server part - BUG/MINOR: h3: close connection on sending alloc errors - BUG/MINOR: h3: properly handle alloc failure on finalize - BUG/MINOR: h3: close connection on header list too big - MINOR: h3: check connection error during sending - BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission - BUG/MEDIUM: stats: unhandled switching rules with TCP frontend - MINOR: stats: store the parent proxy in stats ctx (http) - DOC: config: Update documentation about local haproxy response - BUG/MINOR: resolvers: default resolvers fails when network not configured - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - BUG/MEDIUM: quic: QUIC CID removed from tree without locking - BUG/MINOR: mworker/cli: fix set severity-output support - DOC: configuration: typo req.ssl_hello_type 2023/12/14 : 2.7r1 (1.0.0-305.1059) - BUG/MEDIUM: proxy: always initialize the default settings after init - BUG/MINOR: quic: Possible leak of TX packets under heavy load - BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load - BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed - DOC: Clarify the differences between field() and word() - BUG/MINOR: sample: Make the `word` converter compatible with `-m found` - REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter - DOC: config: fix monitor-fail typo - DOC: config: add matrix entry for "max-session-srv-conns" - DOC: config: specify supported sections for "max-session-srv-conns" - BUG/MINOR: cfgparse-listen: fix warning being reported as an alert - BUG/MINOR: config: Stopped parsing upon unmatched environment variables - BUG/MINOR: quic_tp: fix preferred_address decoding - DOC: config: fix missing characters in set-spoe-group action - BUG/MINOR: h3: always reject PUSH_PROMISE - BUG/MINOR: h3: fix TRAILERS encoding - BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding - DOC: lua: fix Proxy.get_mode() output - DOC: lua: add sticktable class reference from Proxy.stktable - REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY - DOC: config: fix timeout check inheritance restrictions - DOC: 51d: updated 51Degrees repo URL for v3.2.10 - BUG/MINOR: server: do not leak default-server in defaults sections - BUG/MINOR: quic: Possible RX packet memory leak under heavy load - BUG/MEDIUM: quic: Possible crash for connections to be killed - BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them - BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly - REGTESTS: http: add a test to validate chunked responses delivery - BUG/MINOR: proxy/stktable: missing frees on proxy cleanup - MINOR: stktable: add stktable_deinit function - BUG/MINOR: stream/cli: report correct stream age in "show sess" - BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() - BUG/MAJOR: quic: complete thread migration before tcp-rules - BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer - BUG/MINOR: stconn: Fix streamer detection for HTX streams - MINOR: channel: Add functions to get info on buffers and deal with HTX streams - MINOR: htx: Use a macro for overhead induced by HTX 2023/11/16 : 2.7r1 (1.0.0-305.1020) - BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure - BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure - MEDIUM: quic: count quic_conn for global sslconns - MEDIUM: quic: count quic_conn instance for maxconn - BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented - BUG/MEDIUM: mworker: set the master variable earlier - BUG/MINOR: http-client: Don't forget to commit changes on HTX message - REGTESTS: http: Improve script testing abortonclose option - BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only - MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads - MINOR: connection: Add a CTL flag to notify mux it should wait for reads again - BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up - BUG/MEDIUM: connection: report connection errors even when no mux is installed - DOC: quic: Wrong syntax for "quic-cc-algo" keyword. - BUG/MINOR: sink: don't learn srv port from srv addr - BUG/MEDIUM: applet: Remove appctx from buffer wait list on release - DOC: config: use the word 'backend' instead of 'proxy' in 'track' description - BUG/MINOR: quic: fix retry token check inconsistency - DOC: management: -q is quiet all the time - BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures - BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets - BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree - BUG/MINOR: quic: idle timer task requeued in the past - BUG/MEDIUM: pool: fix releasable pool calculation when overloaded - BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period - BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts - BUG/MINOR: stick-table/cli: Check for invalid ipv4 key - CLEANUP: htx: Properly indent htx_reserve_max_data() function - BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range() - BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure - BUG/MINOR: stktable: missing free in parse_stick_table() - BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure - BUG/MEDIUM: ssl: segfault when cipher is NULL - BUG/MINOR: mux-quic: fix early close if unset client timeout - BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA - MINOR: frontend: implement a dedicated actconn increment function - BUG/MINOR: ssl: use a thread-safe sslconns increment - BUG/MINOR: quic: do not consider idle timeout on CLOSING state - BUG/MEDIUM: server: "proto" not working for dynamic servers - MINOR: connection: add conn_pr_mode_to_proto_mode() helper func - DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder - BUG/MINOR: ssl: load correctly @system-ca when ca-base is define - DOC: internal: filters: fix reference to entities.pdf - BUG/MINOR: mux-h2: update tracked counters with req cnt/req err - BUG/MINOR: mux-h2: commit the current stream ID even on reject - BUG/MEDIUM: peers: Fix synchro for huge number of tables - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task - BUG/MINOR: trace: fix trace parser error reporting - BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending - BUG/MINOR: mux-h2: make up other blocked streams upon removal from list - BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request - BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash - BUG/MINOR: mux-quic: fix free on qcs-new fail alloc - BUG/MINOR: h3: strengthen host/authority header parsing - BUG/MINOR: mux-quic: support initial 0 max-stream-data - BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream - BUG/MINOR: quic: reject packet with no frame - BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos - BUG/MINOR: hq-interop: simplify parser requirement - BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set - BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set - BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried - BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only - MINOR: hlua: Test the hlua struct first when the lua socket is connecting - MINOR: hlua: Save the lua socket's server in its context - MINOR: hlua: Save the lua socket's timeout in its context - MINOR: hlua: Don't preform operations on a not connected socket - MINOR: hlua: Set context's appctx when the lua socket is created - BUG/MEDIUM: http-ana: Try to handle response before handling server abort 2023/11/13 : 2.7r1 (1.0.0-305.950) 2023/10/24 : 2.7r1 (1.0.0-303.950) - BUG/MINOR: stream: further protect stream_dump() against incomplete sessions - BUG/MINOR: stream: protect stream_dump() against incomplete streams 2023/10/17 : 2.7r1 (1.0.0-303.948) - BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed 2023/10/16 : 2.7r1 (1.0.0-303.947) - HAPEE: DOC: document the GPTSTR extensions in configuration.txt - HAPEE: Revert GPTSTR 2023/10/06 : 2.7r1 (1.0.0-302.945) - BUG/MEDIUM: hapee/addons: fix incorrect gpt index being used in sc-set-gptstr() - HAPEE: addons: use GPT arrays to store regular strings - HAPEE: makefile: automatically build objects in addons/hapee_* - HAPEE: makefile: update the cleanup rule to also remove *.i from addons - MINOR: haproxy: permit to register features during boot - BUG/MEDIUM: actions: always apply a longest match on prefix lookup 2023/10/04 : 2.7r1 (1.0.0-302.939) - MINOR: hapee: update list of backports - BUG/MINOR: mux-quic: remove full demux flag on ncbuf release - BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams - MINOR: pattern: fix pat_{parse,match}_ip() function comments - BUG/MINOR: server: add missing free for server->rdr_pfx - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API - BUG/MINOR: promex: fix backend_agg_check_status - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records - BUG/MINOR: hlua/init: coroutine may not resume itself - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() - CI: musl: drop shopt in workflow invocation - CI: musl: highlight section if there are coredumps - BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches - MINOR: sample: Add common TLV types as constants for fc_pp_tlv - MINOR: sample: Refactor fc_pp_unique_id by wrapping the generic TLV fetch - MINOR: sample: Refactor fc_pp_authority by wrapping the generic TLV fetch - MEDIUM: sample: Add fetch for arbitrary TLVs - MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs - CLEANUP/MINOR: connection: Improve consistency of PPv2 related constants 2023/09/29 : 2.7r1 (1.0.0-302.919) - Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token" - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread - MINOR: hlua: add hlua_stream_ctx_prepare helper function - BUG/MINOR: quic: Wrong cluster secret initialization - BUG/MINOR: quic: Leak of frames to send. - BUILD: bug: make BUG_ON() void to avoid a rare warning - MINOR: hapee: update list of backports - MEDIUM: server/ssl: pick another thread's session when we have none yet - MINOR: server/ssl: clear the shared good session index on failure - MINOR: server/ssl: maintain an index of the last known valid SSL session - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() - DOC: ssl: add some comments about the non-obvious session allocation stuff - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context 2023/09/08 : 2.7r1 (1.0.0-301.904) - MINOR: ssl: add support for 'curves' keyword on server lines 2023/09/07 : 2.7r1 (1.0.0-301.903) - MINOR: hapee: Update list of backported commit - CI: Update to actions/checkout@v4 - BUG/MINOR: hlua/action: incorrect message on E_YIELD error - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout - BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) - BUG/MINOR: quic: Wrong RTT adjusments - MINOR: httpclient: allow to configure the timeout.connect - MINOR: httpclient: allow to configure the retries - DOC: configuration: update examples for req.ver - BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer - BUG/MAJOR: quic: Really ignore malformed ACK frames. - BUG/MINOR: quic: Possible skipped RTT sampling - BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown - BUG/MINOR: checks: do not queue/wake a bounced check - BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate - BUILD: import: guard plock.h against multiple inclusion - BUG/MINOR: ssl_sock: fix possible memory leak on OOM - DOC: lua: fix core.register_action typo - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage - IMPORT: xxhash: update xxHash to version 0.8.2 - MINOR: atomic: make sure to always relax after a failed CAS - MINOR: threads: inline the wait function for pthread_rwlock emulation - IMPORT: plock: also support inlining the int code - BUILD: Makefile: add the USE_QUIC option to make help - SCRIPTS: git-show-backports: automatic ref and base detection with -m - DOC: typo: fix sc-set-gpt references - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection - DEV: flags/show-sess-to-flags: properly decode fd.state - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths - BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing - CI: get rid of travis-ci wrapper for Coverity scan - MINOR: ssl: allow to change the client-sigalgs on server lines - MINOR: ssl: allow to change the server signature algorithm on server lines - MINOR: ssl: allow to change the signature algorithm for client authentication - MINOR: ssl: allow to change the server signature algorithm 2023/08/17 : 2.7r1 (1.0.0-301.867) 2023/08/11 : 2.7r1 (1.0.0-300.867) - MINOR: peers: add peers keyword registration - BUG/MINOR: http: skip leading zeroes in content-length values - DOC: clarify the handling of URL fragments in requests - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - BUG/MINOR: h3: reject more chars from the :path pseudo header - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h1: do not accept '#' as part of the URI component - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests - MINOR: h2: pass accept-invalid-http-request down the request parser - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: ist: add new function ist_find_range() to find a character range - BUG/MAJOR: http: reject any empty content-length header value - BUG/MAJOR: h3: reject header values containing invalid chars - REORG: http: move has_forbidden_char() from h2.c to http.h - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - BUILD: quic: fix wrong potential NULL dereference - BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error - BUG/MEDIUM: quic: consume contig space on requeue datagram - BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends - BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - DOC: configuration: describe Td in Timing events - BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line - MINOR: quic: Useless call to SSL_CTX_set_quic_method() - MINOR: quic: Make ->set_encryption_secrets() be callable two times - BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct - BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured - MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found - BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary - BUG/MINOR: quic: Missing parentheses around PTO probe variable. - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses - BUG/MINOR: hlua: add check for lua_newstate - BUILD: quic: fix warning during compilation using gcc-6.5 - CI: explicitely highlight VTest result section if there's something - CI: add naming convention documentation - BUG/MINOR: http: Return the right reason for 302 - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters - DOC: config: Fix fc_src description to state the source address is returned - BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers - CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt - BUG/MEDIUM: quic: timestamp shared in token was using internal time clock - BUG/MEDIUM: quic: missing check of dcid for init pkt including a token - BUG/MINOR: quic: retry token remove one useless intermediate expand - BUG/MEDIUM: quic: token IV was not computed using a strong secret - BUG/MINOR: config: Remove final '\n' in error messages - BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() - BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() - BUG/MINOR: sink: invalid sft free in sink_deinit() - BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() - BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() - BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() - BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets - MINOR: sink/api: pass explicit maxlen parameter to sink_write() - BUG/MINOR: log: LF upsets maxlen for UDP targets - BUG/MINOR: ring: maxlen warning reported as alert - BUG/MINOR: ring: size warning incorrectly reported as fatal error - BUG/MINOR: sink: missing sft free in sink_deinit() - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() - BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage - BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT - CLEANUP: quic: Remove server specific about Initial packet number space - MINOR: quic: Reduce the maximum length of TLS secrets - MINOR: quic: Move packet number space related functions - MINOR: quic: Move QUIC encryption level structure definition - BUILD: debug: avoid a build warning related to epoll_wait() in debug code - MINOR: compression/slz: add support for a pure flush of pending bytes - IMPORT: slz: implement a synchronous flush() operation - BUG/MINOR: quic: Wrong endianess for version field in Retry token - BUG/MINOR: quic: Wrong Retry paquet version field endianess - BUG/MINOR: quic: Missing random bits in Retry packet header - BUG/MINOR: config: fix stick table duplicate name check - BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag - BUG/MINOR: quic: Prevent deadlock with CID tree lock 2023/06/22 : 2.7r1 (1.0.0-300.794) - BUG/MINOR: mworker: leak of a socketpair during startup failure - REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages - DOC: Add tune.h2.max-frame-size option to table of contents - BUG/MINOR: quic: ticks comparison without ticks API use - BUG/MEDIUM: mworker: increase maxsock with each new worker - BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr() - BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update() - BUG/MINOR: quic: Missing initialization (packet number space probing) - BUG/MINOR: namespace: missing free in netns_sig_stop() - BUG/MINOR: server: inherit from netns in srv_settings_cpy() - BUG/MINOR: quic: Address inversion in "show quic full" - BUG/MINOR: quic: Wrong encryption level flags checking 2023/06/14 : 2.7r1 (1.0.0-300.782) 2023/06/12 : 2.7r1 (1.0.0-299.782) - BUG/MINOR: proxy: add missing interface bind free in free_proxy - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line - DOC: config: fix jwt_verify() example using var() - DOC: quic: fix misspelled tune.quic.socket-owner - BUILD: init: print rlim_cur as regular integer - MINOR: init: pre-allocate kernel data structures on init 2023/06/06 : 2.7r1 (1.0.0-298.776) - MINOR: hapee: Update list of backported commit - MINOR: compression: Improve the way Vary header is added - MINOR: http_htx: add http_append_header() to append value to header - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - CONTRIB: Add vi file extensions to .gitignore - BUG/MINOR: quic: Possible crash when SSL session init fails - MINOR: quic/cli: clarify the "show quic" help message - MINOR: quic: Add QUIC connection statistical counters values to "show quic" - DOC: config: Fix bind/server/peer documentation in the peers section - BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty - CLEANUP: mux-quic: rename internal functions - CLEANUP: mux-quic: rename functions for mux_ops - BUG/MEDIUM: threads: fix a tiny race in thread_isolate() - BUG/MEDIUM: mux-quic: only set EOI on FIN - MINOR: quic: fix stats naming for flow control BLOCKED frames - MINOR: mux-quic: remove nb_streams from qcc - CLEANUP: mux-quic: remove unneeded fields in qcc 2023/05/31 : 2.7r1 (1.0.0-298.759) 2023/05/26 : 2.7r1 (1.0.0-297.759) - SCRIPTS: publish-release: update the umask to keep group write access - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage - MINOR: quic: Add a counter for sent packets - MINOR: quic: Add some counters at QUIC connection level - CLEANUP: quic: Useless tests in qc_rx_pkt_handle() - CLEANUP: quic: Indentation fix quic_rx_pkt_retrieve_conn() - MINOR: quic: Align "show quic" command help information - BUG/MINOR: quic: Missing Retry token length on receipt - BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token()) - MINOR: quic: Add low level traces (addresses, DCID) - BUG/MEDIUM: mux-h2: Propagate termination flags when frontend SC is created - MINOR: mux-h2: Add a function to propagate termination flags from h2s to SE - MINOR: mux-h2: Set H2_SF_ES_RCVD flag when decoding the HEADERS frame - MINOR: mux-quic: report error on stream-endpoint earlier - MINOR: mux-quic: only set EOS on RESET_STREAM recv - MINOR: mux-quic: set both EOI EOS for stream fin - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt - MINOR: quic: fix alignment of oneline show quic - BUG/MINOR: quic: handle Tx packet allocation failure properly - MINOR: quic: use WARN_ON for encrypt failures - MINOR: quic: remove return val of quic_aead_iv_build() - CLEANUP: mux-quic/h3: complete BUG_ON with comments - DOC: add size format section to manual - CI: drop Fedora m32 pipeline in favour of cross matrix 2023/05/17 : 2.7r1 (1.0.0-297.735) - DEV: flags/show-sess-to-flags: add support for color output - DEV: flags/show-sess-to-flags: only retrieve hex digits from hex fields - DEV: flags: add missing stream flags to show-sess-to-flags - DEV: flags: add a script to decode most flags in the "show sess all" output - MINOR: checks: make sure spread-checks is used also at boot time - REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc - BUG/MINOR: checks: postpone the startup of health checks by the boot time - MINOR: clock: measure the total boot time - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules - REGTESTS: log: Reduce response inspect-delay for last_rule.vtc - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set - BUG/MEDIUM: mux-quic: fix EOI for request without payload - MINOR: mux-quic: uninline qc_attach_sc() - MINOR: mux-quic: properly report end-of-stream on recv - MINOR: mux-quic: add trace to stream rcv_buf operation - BUG/MINOR: h3: missing goto on buf alloc failure - BUG/MINOR: mux-quic: handle properly Tx buf exhaustion - BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle timeout - BUG/MINOR: mux-quic: free task on qc_init() app ops failure - BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc - BUG/MINOR: quic: do not alloc buf count on alloc failure - BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure - BUG/MINOR: mux-quic: properly handle buf alloc failure - MINOR: mux-quic: remove dedicated function to handle standalone FIN - MINOR: htx: add function to set EOM reliably - BUG/MINOR: quic: Wrong redispatch for external data on connection socket - BUG/MINOR: log: fix memory error handling in parse_logsrv() - BUG/MINOR: errors: handle malloc failure in usermsgs_put() - BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() - MINOR: proxy: add http_free_redirect_rule() function - BUG/MINOR: proxy: missing free in free_proxy for redirect rules - BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more data - MEDIUM: mux-quic: adjust transport layer error handling - MEDIUM: quic: streamline error notification - MINOR: mux-quic: simplify return path of qc_send() - MINOR: mux-quic: factorize send subscribing - MINOR: mux-quic: do not send STREAM frames if already subscribe - MINOR: mux-quic: add traces for stream wake - BUG/MINOR: mux-quic: no need to subscribe for detach streams - BUG/MINOR: mux-quic: do not free frame already released by quic-conn - BUG/MINOR: mux-quic: do not prevent shutw on error - BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup - MINOR: spoe: Don't stop disabled proxies - BUILD: mjson: Fix warning about unused variables - BUG/MINOR: quic: Possible crash when dumping version information - BUG/MEDIUM: mux-quic: wakeup tasklet to close on error - BUG/MINOR: mux-quic: fix transport VS app CONNECTION_CLOSE - DOC: configuration: add info about ssl-engine for 2.6 - BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 - BUG/MINOR: quic: Wrong key update cipher context initialization for encryption - CLEANUP: quic: Typo fix for quic_connection_id pool - CLEANUP: quic: Rename several <buf> variables in quic_frame.(c|h) - CLEANUP: quic: No more used q_buf structure - BUILD: thread: implement thread_harmless_end_sig() for threadless builds - BUILD: quic: fix build warning when threads are disabled - BUILD: debug: do not check the isolated_thread variable in non-threaded builds - MINOR: quic: implement oneline format for "show quic" - MINOR: quic: add format argument for "show quic" - BUG/MINOR: debug: do not emit empty lines in thread dumps - MINOR: mux-quic: close connection asap on local error - MINOR: mux-quic: report local error on stream endpoint asap - MINOR: mux-quic: adjust local error API - MINOR: mux-quic: wake up after recv only if avail data - MINOR: mux-quic: add trace event for local error - BUG/MINOR: mux-quic: prevent quic_conn error code to be overwritten - BUG/MINOR: debug: fix incorrect profiling status reporting in show threads - DEV: haring: update readme to suggest using the same build options for haring - DEV: haring: automatically disable DEBUG_STRICT - BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found - MINOR: quic: use real sending rate measurement - BUG/MINOR: resolvers: Use sc_need_room() to wait more room when dumping stats - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones - BUILD: ssl: switch LibreSSL to Fastly CDN - CI: switch to Fastly CDN to download LibreSSL - MINOR: listener: remove the now useless LI_F_QUIC_LISTENER flag - BUG/MINOR: tools: check libssl and libcrypto separately - MINOR: pools: report a replaced memory allocator instead of just malloc_trim() - BUG/MINOR: pools: restore detection of built-in allocator - MEDIUM: tools: further relax dlopen() checks too consider grouped symbols - MINOR: tools: relax dlopen() on malloc/free checks - MINOR: pattern: use trim_all_pools() instead of a conditional malloc_trim() - MINOR: pools: export trim_all_pools() - MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim() - MINOR: pools: intercept malloc_trim() instead of trying to plug holes - MINOR: pools: make sure 'no-memory-trimming' is always used - BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used - BUG/MINOR: quic: fix race on quic_conns list during affinity rebind - MINOR: quic: finalize affinity change as soon as possible - MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame - MINOR: mux-quic: do not set buffer for empty STREAM frame - BUG/MINOR: quic: prevent buggy memcpy for empty STREAM - BUG/MEDIUM: mux-quic: improve streams fairness to prevent early timeout - BUG/MEDIUM: mux-quic: do not emit RESET_STREAM for unknown length - CLEANUP: quic: Rename several <buf> variables into quic_sock.c - CLEANUP: quic: Rename <buf> variable into qc_parse_hd_form() - CLEANUP: quic: Rename <buf> variable into quic_packet_read_long_header() - CLEANUP: quic: Rename several <buf> variables at low level - CLEANUP: quic: Rename quic_get_dgram_dcid() <buf> variable - CLEANUP: quic: Make qc_build_pkt() be more readable - CLEANUP: quic: Rename <buf> variable for several low level functions - CLEANUP: quic: Rename <buf> variable into quic_rx_pkt_parse() - CLEANUP: quic: Rename <buf> variable into quic_padding_check() - CLEANUP: quic: Rename <buf> variable to <token> in quic_generate_retry_token() - CLEANUP: quic: Remove useless parameters passes to qc_purge_tx_buf() - CLEANUP: quic: rename frame variables - CLEANUP: quic: rename frame types with an explicit prefix - BUG/MINOR: quic: Useless I/O handler task wakeups (draining, killing state) - BUG/MINOR: quic: Useless probing retransmission in draining or killing state - BUG/MINOR: quic: Possible leak during probing retransmissions - BUG/MINOR: quic: Possible memory leak from TX packets - MINOR: quic: Move traces at proto level - BUILD: proto_tcp: export the correct names for proto_tcpv[46] - BUILD: sock_inet: forward-declare struct receiver - BUG/MINOR: config: fix NUMA topology detection on FreeBSD - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: cli: clarify error message about stats bind-process - MINOR: listener: remove unneeded local accept flag - MAJOR: quic: support thread balancing on accept - MINOR: quic: properly finalize thread rebinding - MEDIUM: quic: implement thread affinity rebinding - MINOR: fd: implement fd_migrate_on() to migrate on a non-local thread - MINOR: fd: add a lock bit with the tgid - MINOR: fd: optimize fd_claim_tgid() for use in fd_insert() - MINOR: quic: delay post handshake frames after accept - MINOR: protocol: define new callback set_affinity - MINOR: quic: do not proceed to accept for closing conn - MEDIUM: quic: handle conn bootstrap/handshake on a random thread - MINOR: quic: remove TID encoding in CID - MEDIUM: quic: use a global CID trees list - BUG/MINOR: server: don't use date when restoring last_change from state file - BUG/MINOR: server: don't miss server stats update on server state transitions - BUG/MINOR: server: don't miss proxy stats update on server state transitions - MINOR: server: explicitly commit state change in srv_update_status() - BUG/MINOR: server: incorrect report for tracking servers leaving drain 2023/04/21 : 2.7r1 (1.0.0-297.600) - MINOR: hapee: Update list of backported commit - MINOR: server/event_hdl: prepare for server event data wrapper - MINOR: event_hdl: provide event->when for advanced handlers - MINOR: event_hdl: dynamically allocated event data members - CLEANUP: event_hdl: fix comment typo about _sync assertion - CLEANUP: event_hdl: updating obsolete comment for EVENT_HDL_CB_DATA - BUG/MINOR: event_hdl: don't waste 1 event subtype slot - MINOR: server/event_hdl: prepare for upcoming refactors - MINOR: server/event_hdl: add proxy_uuid to event_hdl_cb_data_server - MINOR: proxy: add findserver_unique_id() and findserver_unique_name() - MINOR: event_hdl: pause/resume for subscriptions - MINOR: event_hdl: add event_hdl_async_equeue_size() function - MINOR: event_hdl: add event_hdl_async_equeue_isempty() function - MINOR: event_hdl: normal tasks support for advanced async mode - BUG/MEDIUM: event_hdl: fix async data refcount issue - BUG/MEDIUM: event_hdl: clean soft-stop handling - MINOR: event_hdl: global sublist management clarification - BUG/MINOR: event_hdl: make event_hdl_subscribe thread-safe - BUG/MINOR: event_hdl: fix rid storage type - BUG/MEDIUM: Update read expiration date on synchronous send - BUG/MINOR: quic: consume Rx datagram even on error - BUG/MINOR: quic: prevent crash on qc_new_conn() failure - BUG/MINOR: h3: fix crash on h3s alloc failure - BUG/MINOR: mux-quic: properly handle STREAM frame alloc failure - BUG/MINOR: mux-quic: fix crash with app ops install failure - BUG/MINOR: quic: Wrong Retry token generation timestamp computing - BUG/MINOR: quic: Unchecked buffer length when building the token - MINOR: quic: Do not allocate too much ack ranges - BUG/MINOR: quic: Stop removing ACK ranges when building packets - BUG/MINOR: cfgparse: make sure to include openssl-compat - BUG/MEDIUM: quic: prevent crash on Retry sending - CLEANUP: backend: Remove useless debug message in assign_server() - BUG/MINOR: quic: transform qc_set_timer() as a reentrant function - MINOR: quic: remove TID ref from quic_conn - MINOR: quic: adjust quic CID derive API - MINOR: quic: adjust Rx packet type parsing - MINOR: quic: remove uneeded tasklet_wakeup after accept - CLEANUP: quic: rename quic_connection_id vars - CLEANUP: quic: remove unused qc param on stateless reset token - CLEANUP: quic: remove unused scid_node - CLEANUP: quic: remove unused QUIC_LOCK label - BUG/MINOR: task: allow to use tasklet_wakeup_after with tid -1 - BUG/MEDIUM: log: Properly handle client aborts in syslog applet - MINOR: ssl: remove OpenSSL 1.0.2 mention into certificate loading error - BUG/MINOR: quic: Do not use ack delay during the handshakes - REGTESTS: fix the race conditions in log_uri.vtc - BUG/MINOR: stream: Fix test on SE_FL_ERROR on the wrong entity - CI: bump "actions/checkout" to v3 for cross zoo matrix - BUG/MINOR: quic: Wrong Application encryption level selection when probing - MINOR: quic: Remove a useless test about probing in qc_prep_pkts() - MINOR: quic: Display the packet number space flags in traces - BUG/MINOR: quic: SIGFPE in quic_cubic_update() - BUG/MINOR: quic: Possible wrapped values used as ACK tree purging limit. - BUG/MEDIUM: quic: Code sanitization about acknowledgements requirements - MINOR: quic: Add connection flags to traces - BUG/MINOR: quic: Ignored less than 1ms RTTs - MINOR: quic: Add packet loss and maximum cc window to "show quic" - BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it. - BUG/MINOR: stick_table: alert when type len has incorrect characters - MINOR: activity: add a line reporting the average CPU usage to "show activity" - MINOR: quic: Add a trace for packet with an ACK frame - MINOR: quic: Dump more information at proto level when building packets - MINOR: quic: Modify qc_try_rm_hp() traces - BUG/MINOR: quic: Wrong packet number space probing before confirmed handshake - MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status) - BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions - BUG/MINOR: resolvers: Wakeup DNS idle task on stopping - BUG/MEDIUM: dns: Kill idle DNS sessions during stopping stage - BUILD: compiler: fix __equals_1() on older compilers - BUG/MINOR: errors: invalid use of memprintf in startup_logs_init() - BUG/MINOR: mworker: unset more internal variables from program section - MINOR: quic: remove address concatenation to ODCID - MINOR: quic: remove ODCID dedicated tree - MINOR: quic: derive first DCID from client ODCID - BUG/MINOR: quic: Possible crashes in qc_idle_timer_task() - BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload - MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked - BUG/MEDIUM: hlua: prevent deadlocks with main lua lock - MINOR: hlua: simplify lua locking - BUG/MINOR: hlua: prevent function and table reference leaks on errors - BUG/MINOR: hlua: fix reference leak in hlua_post_init_state() - BUG/MINOR: hlua: fix reference leak in core.register_task() - MINOR: hlua: add simple hlua reference handling API - CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy() - BUG/MINOR: hlua: enforce proper running context for register_x functions - BUG/MINOR: hlua: hook yield does not behave as expected - BUG/MINOR: log: free log forward proxies on deinit() - BUG/MINOR: sink: free forward_px on deinit() - BUG/MINOR: stats: properly handle server stats dumping resumption - BUG/MINOR: server/del: fix srv->next pointer consistency - MINOR: server: add SRV_F_DELETED flag - BUG/MEDIUM: dns: Properly handle error when a response consumed - BUG/MEDIUM: channel: Improve reports for shut in co_getblk() - BUG/MINOR: quic: Possible wrong PTO computing - BUILD: quic: 32bits compilation issue in cli_io_handler_dump_quic() - BUG/MINOR: quic: Wrong idle timer expiration (during 20s) - BUG/MINOR: quic: Unexpected connection closures upon idle timer task execution - MINOR: quic: Add trace to debug idle timer task issues - DOC: config: strict-sni allows to start without certificate - MINOR: http-act: emit a warning when a header field name contains forbidden chars - BUG/MINOR: quic: Remove useless BUG_ON() in newreno and cubic algo implementation - BUG/MAJOR: quic: Congestion algorithms states shared between the connection - MINOR: quic: Add missing traces in cubic algorithm implementation - BUG/MINOR: quic: Cubic congestion control window may wrap - BUG/MINOR: quic: Remaining useless statements in cubic slow start callback - BUG/MINOR: quic: Wrong rtt variance computing - MEDIUM: quic: Ack delay implementation - MINOR: quic: Traces adjustments at proto level. - MINOR: quic: Adjustments for generic control congestion traces - MINOR: quic: Implement cubic state trace callback - BUG/MINOR: quic: Missing max_idle_timeout initialization for the connection - BUG/MINOR: quic: Wrong use of now_ms timestamps (newreno algo) - MINOR: quic: Add recovery related information to "show quic" - BUG/MINOR: quic: Wrong use of now_ms timestamps (cubic algo) - BUG/MINOR: backend: make be_usable_srv() consistent when stopping - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop - DOC/MINOR: reformat configuration.txt's "quoting and escaping" table - MINOR: proxy/pool: prevent unnecessary calls to pool_gc() - BUG/MINOR: quic: Missing padding in very short probe packets - BUG/MEDIUM: mux-h2: Be able to detect connection error during handshake - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. - Revert "BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached" - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list - BUG/MINOR: quic: Missing STREAM frame type updated - BUG/MINOR: applet/new: fix sedesc freeing logic - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription - DOC: config: set-var() dconv rendering issues - BUG/MEDIUM: stats: Consume the request except when parsing the POST payload - MINOR: mux-quic: close on frame alloc failure - MINOR: mux-quic: close on qcs allocation failure - MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn - MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled - BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown - BUG/MINOR: h3: properly handle incomplete remote uni stream type - MINOR: mux-quic: add flow-control info to minimal trace level - MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv - MINOR: mux-quic: complete traces for qcs emission - BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset - BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF - BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup - BUG/MINOR: quic: wake up MUX on probing only for 01RTT - BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation - BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s - BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure - BUG/MEDIUM: stconn: don't set the type before allocation succeeds - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path - BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd - BUG/MEDIUM: stream: do not try to free a failed stream-conn - BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing - MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames) - MINOR: proto_ux: ability to dump ABNS names in error messages - MEDIUM: proto_ux: properly suspend named UNIX listeners - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume - MINOR: listener: pause_listener() becomes suspend_listener() - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() - BUG/MINOR: listener: fix resume_listener() resume return value handling - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling - MINOR: listener: make sure we don't pause/resume bypassed listeners - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping - MINOR: listener: add relax_listener() function - MINOR: listener/api: add lli hint to listener functions - MINOR: proto_uxst: add resume method 2023/03/17 : 2.7r1 (1.0.0-296.438) - MINOR: hapee: update list of backported patches - MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack - MINOR: mux-h2: set CO_SFL_MSG_MORE when sending multiple buffers - MINOR: buffer: add br_count() to return the number of allocated bufs - OPTIM: mux-h1: limit first read size to avoid wrapping - BUG/MAJOR: qpack: fix possible read out of bounds in static table - MINOR: doc: missing entries for sc-add-gpc() - MINOR: stick-table: add sc-add-gpc() to http-after-response - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp() - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all() - BUG/MINOR: proto_ux: report correct error when bind_listener fails - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend - BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header() - MEDIUM: mux-h2/trace: add tracing support for headers - MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers - BUG/MEDIUM: listener: duplicate inherited FDs if needed - BUG/MINOR: quic: Missing STREAM frame data pointer updates - BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data - BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested - MINOR: buffer: add br_single() to check if a buffer ring has more than one buf - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list - BUG/MINOR: quic: Missing STREAM frame length updates - BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches - BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C - DEBUG: ssl-sock/show_fd: Display SSL error code - DEBUG: cli/show_fd: Display connection error code - BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop - BUG/MEDIUM: proxy: properly stop backends on soft-stop - BUG/MINOR: mux-h1: Don't report an H1C error on client timeout 2023/03/13 : 2.7r1 (1.0.0-293.408) - MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm) - BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received - MINOR: hapee: Backport an improvement about the bwlim filter - MEDIUM: bwlim: Support constants limit or period on set-bandwidth-limit actions 2023/03/10 : 2.7r1 (1.0.0-293.404) - DOC/CLEANUP: fix typos - MINOR: quic_sock: un-statify quic_conn_sock_fd_iocb() - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value - BUG/MAJOR: fd/threads: close a race on closing connections after takeover - BUG/MINOR: thread: report thread and group counts in the correct order - BUG/MINOR: init: properly detect NUMA bindings on large systems - MINOR: quic: Do not stress the peer during retransmissions of lost packets - MINOR: fd/cli: report the polling mask in "show fd" - BUG/MINOR: quic: Wrong RETIRE_CONNECTION_ID sequence number check - MEDIUM: quic: release closing connections on stopping - MINOR: quic: handle new closing list in show quic - MINOR: quic: create a global list dedicated for closing QUIC conns - MINOR: h3: add traces on h3_init_uni_stream() error paths - MINOR: quic: Add transport parameters to "show quic" - MINOR: quic: Add spin bit support - MINOR: quic: Useless TLS context allocations in qc_do_rm_hp() - MINOR: quic: RETIRE_CONNECTION_ID frame handling (RX) - MINOR: quic: Typo fix for ACK_ECN frame - MINOR: quic: Store the next connection IDs sequence number in the connection - MINOR: quic: Do not accept wrong active_connection_id_limit values - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated 2023/03/07 : 2.7r1 (1.0.0-293.382) - BUG/MAJOR: fd/thread: fix race between updates and closing FD 2023/03/06 : 2.7r1 (1.0.0-293.381) - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX - MINOR: quic: Send PING frames when probing Initial packet number space - BUG/MINOR: quic: Missing detections of amplification limit reached - BUG/MINOR: quic: Do not resend already acked frames - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets - MINOR: quic: Add traces about QUIC TLS key update - BUG/MINOR: quic: v2 Initial packets decryption failed - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted - MINOR: quic: Add a BUG_ON_HOT() call for too small datagrams - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets) - BUG/MINOR: cli: fix CLI handler "set anon global-key" call - BUG/MEDIUM: quic: properly handle duplicated STREAM frames - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords - MINOR: ssl: rename confusing ssl_bind_kws - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback - BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry - MINOR: quic: notify on send ready - MEDIUM: quic: implement poller subscribe on sendto error - MINOR: quic: purge txbuf before preparing new packets - MINOR: quic: implement qc_notify_send() - MINOR: quic: simplify return path in send functions - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body - BUG/MINOR: mux-h1: Don't report an error on an early response close - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list - MINOR: quic: consider EBADF as critical on send() - MEDIUM: quic: improve fatal error handling on send - CLEANUP: listener: only store conn counts for local threads - BUG/MEDIUM: fd: make fd_delete() support being called from a different group - BUG/MINOR: fd: used the update list from the fd's group instead of tgid - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing - BUG/MEDIUM: fd: avoid infinite loops in fd_add_to_fd_list and fd_rm_from_fd_list - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables - BUG/MINOR: ring: do not realign ring contents on resize - BUILD: quic: 32-bits compilation issue with %zu in quic_rx_pkts_del() - BUG/MINOR: cache: Check cache entry is complete in case of Vary - BUG/MINOR: cache: Cache response even if request has "no-cache" directive - REGTESTS: Fix ssl_errors.vtc script to wait for connections close - DOC: config: Add the missing tune.fail-alloc option from global listing - DOC: config: Fix description of options about HTTP connection modes - BUG/MEDIUM: quic: Missing TX buffer draining from qc_send_ppkts() - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers() - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams - MEDIUM: quic: trigger fast connection closing on process stopping - MINOR: quic: mark quic-conn as jobs on socket allocation - MEDIUM: mux-quic: properly implement soft-stop - MINOR: mux-quic: implement client-fin timeout - MINOR: mux-quic: define qc_process() - MINOR: mux-quic: define qc_shutdown() - MEDIUM: h3: enforce GOAWAY by resetting higher unhandled stream - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released - BUG/MINOR: quic: also send RESET_STREAM if MUX released - MINOR: quic: adjust request reject when MUX is already freed - BUG/MINOR: quic: Missing padding for short packets - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean - BUG/MINOR: quic: Do not probe with too little Initial packets - MINOR: quic: Add <pto_count> to the traces - MINOR: quic: Add a trace to identify connections which sent Initial packet. - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm() - MINOR: quic: Make qc_dgrams_retransmit() return a status. - MINOR: quic: Add traces to qc_kill_conn() - MINOR: quic: Kill the connections on ICMP (port unreachable) packet receipt - MINOR: quic: Simplication for qc_set_timer() - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer() - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock - MINOR: quic: Add new traces about by connection RX buffer handling - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors - MINOR: h3: add traces on decode_qcs callback - BUG/MINOR: mworker: prevent incorrect values in uptime - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue - BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send() - MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules 2023/03/02 : 2.7r1 (1.0.0-293.297) 2023/02/25 : 2.7r1 (1.0.0-292.297) - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions - BUG/MINOR: mworker: stop doing strtok directly from the env - BUG/MINOR: quic: Wrong datagram dispatch because of qc_check_dcid() - BUG/CRITICAL: http: properly reject empty http header field names - DOC: proxy-protocol: fix wrong byte in provided example - BUG/MEDIUM: quic: Buffer overflow when looking through QUIC CLI keyword list - BUG/MINOR: clock/stats: also use start_time not start_date in HTML info - BUG/MINOR: mworker: fix uptime for master process - BUG/MINOR: quic: fix type bug on "show quic" for 32-bits arch - BUG/MINOR: quic: fix filtering of closing connections on "show quic" - MINOR: quic: filter closing conn on "show quic" - MINOR: quic: display Tx stream info on "show quic" - MINOR: quic: display infos about various encryption level on "show quic" - MINOR: quic: display socket info on "show quic" - MINOR: quic: display CIDs and state in "show quic" - MINOR: quic: implement a basic "show quic" CLI handler - BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first - BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server - MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function - BUG/MINOR: h3: fix crash due to h3 traces - DOC: config: 'http-send-name-header' option may be used in default section - DOC: config: fix option spop-check proxy compatibility - BUG/MEDIUM: cache: use the correct time reference when comparing dates - BUG/MINOR: clock: do not mix wall-clock and monotonic time in uptime calculation - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge - BUG/MINOR: ssl/crt-list: warn when a line is malformated - MINOR: quic: Update version_information transport parameter to draft-14 - BUG/MEDIUM: quic: do not split STREAM frames if no space - BUG/MINOR: quic: Unchecked source connection ID - MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks - BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session - MINOR: quic: When probing Handshake packet number space, also probe the Initial one - BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans() - MINOR: quic: Add a trace about variable states in qc_prep_fast_retrans() - BUG/MINOR: quic: Too big PTO during handshakes - BUG/MINOR: quic: Possible stream truncations under heavy loss - CLEANUP: quic: no need for atomics on packet refcnt - MINOR: quic: add config for retransmit limit - MEDIUM: quic: implement a retransmit limit per frame - MINOR: quic: refactor frame deallocation - MINOR: quic: define new functions for frame alloc - MINOR: quic: ensure offset is properly set for STREAM frames - MINOR: quic: remove fin from quic_stream frame type - BUG/MINOR: stats: Prevent HTTP "other sessions" counter underflows - MINOR: stats: add by HTTP version cumulated number of sessions and requests - BUG/MINOR: stats: fix STAT_STARTED behavior with full htx - BUG/MINOR: stats: fix show stats field ctx for servers - BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer() - BUG/MEDIUM: stats: fix resolvers dump - BUG/MINOR: stats: fix source buffer size for http dump - BUG/MINOR: stats: use proper buffer size for http dump - BUG/MINOR: h3: fix crash due to h3 traces - BUG/MEDIUM: ssl: wrong eviction from the session cache tree - MINOR: h3: add missing traces on closure - BUG/MINOR: h3: reject RESET_STREAM received for control stream - BUG/MEDIUM: h3: handle STOP_SENDING on control stream - MINOR: mux-quic/h3: define stream close callback - OPTIM: h3: skip buf realign if no trailer to encode - BUG/MEDIUM: h3: do not crash if no buf space for trailers - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section - MINOR: trace: add the long awaited TRACE_PRINTF() - MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback - MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active - DEV: hpack: fix `trash` build regression - BUG/MINOR: sink: free the forwarding task on exit - BUG/MINOR: ring: release the backing store name on exit - BUG/MINOR: log: release global log servers on exit - BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars - BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission - BUG/MINOR: h3: fix GOAWAY emission - MINOR: mux-quic/h3: send SETTINGS as soon as transport is ready - MINOR: connection: add a BUG_ON() to detect destroying connection in idle list - DEV: haring: add a new option "-r" to automatically repair broken files - BUG/MINOR: sink: make sure to always properly unmap a file-backed ring - MEDIUM: quic-sock: fix udp source address for send on listener socket - BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams - MINOR: hapee: add a .hapee directory to list backporting notes - MINOR: stick-table: implement the sc-add-gpc() action - MEDIUM: stick-table: set the track-sc limit at boottime via tune.stick-counters - MINOR: http-rules: Add missing actions in http-after-response ruleset - MINOR: server/event_hdl: add support for SERVER_UP and SERVER_DOWN events - MINOR: server/event_hdl: add support for SERVER_ADD and SERVER_DEL events - MINOR: stats: add server revision id support - MINOR: server: add srv->rid (revision id) value - DOC/MINOR: api: add documentation for event_hdl feature - MINOR: event_hdl: add event handler base api - BUG/MINOR: jwt: Wrong return value checked - BUILD: hpack: include global.h for the trash that is needed in debug mode - BUG/MINOR: mux-h2: add missing traces on failed headers decoding - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests - MINOR: h3: implement TRAILERS decoding - MINOR: h3: implement TRAILERS encoding - MINOR: h3: extend function for QUIC varint encoding - BUG/MINOR: h3: properly handle connection headers - BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions - BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions - BUG/MEDIUM: debug/thread: make the debug handler not wait for !rdv_requests - MINOR: threads: add a thread_harmless_end() version that doesn't wait - BUG/MINOR: thread: always reload threads_enabled in loops - BUG/MEDIUM: fd/threads: fix again incorrect thread selection in wakeup broadcast - BUG/MINOR: listener: close tiny race between resume_listener() and stopping - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) - DOC: config: fix "Address formats" chapter syntax - BUG/MINOR: mux-fcgi: Correctly set pathinfo - MINOR: quic: Replace v2 draft definitions by those of the final 2 version - MINOR: sample: Add "quic_enabled" sample fetch - MINOR: quic: Add "no-quic" global option - MINOR: quic: Disable the active connection migrations - MINOR: quic: Useless test about datagram destination addresses - BUG/MEDIUM: stconn: also consider SE_FL_EOI to switch to SE_FL_ERROR - CLEANUP: stconn: always use se_fl_set_error() to set the pending error - MINOR: listener: also support "quic+" as an address prefix - DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" - DOC: config: fix wrong section number for "protocol prefixes" - BUG/MINOR: listeners: fix suspend/resume of inherited FDs - BUG/MINOR: http-ana: make set-status also update txn->status - BUG/MEDIUM: mux-h2: Don't send CANCEL on shutw when response length is unkown - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body - BUG/MINOR: promex: Don't forget to consume the request on error - BUG/MEDIUM: peers: make "show peers" more careful about partial initialization - DEV: tcploop: add minimal support for unix sockets - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action - BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses - MINOR: mux-quic: use send-list for immediate sending retry - MINOR: mux-quic: use send-list for STOP_SENDING/RESET_STREAM emission - MEDIUM: h3: send SETTINGS before STREAM frames - MAJOR: mux-quic: rework stream sending priorization - MINOR: mux-quic: add traces for flow-control limit reach - BUG/MINOR: mux-quic: fix transfer of empty HTTP response - DOC: management: add details about @system-ca in "show ssl ca-file" - DOC: management: add details on "Used" status - DOC: config: added optional rst-ttl argument to silent-drop in action lists - CLEANUP: htx: fix a typo in an error message of http_str_to_htx - BUG/MINOR: http: Memory leak of http redirect rules' format string - BUG/MINOR: fd: avoid bad tgid assertion in fd_delete() from deinit() - REGTEST: fix the race conditions in hmac.vtc - REGTEST: fix the race conditions in digest.vtc - REGTEST: fix the race conditions in add_item.vtc - REGTEST: fix the race conditions in json_query.vtc - BUG/MINOR: proxy: free orgto_hdr_name in free_proxy() - DOC: config: remove duplicated "http-response sc-set-gpt0" directive - DOC: config: fix alphabetical ordering of http-after-response rules - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set - MINOR: config: add environment variables for default log format - CI: Reformat `matrix.py` using `black` - CI: Explicitly check environment variable against `None` in matrix.py - CI: Unify the `GITHUB_TOKEN` name across matrix.py and vtest.yml - CI: Use proper `if` blocks instead of conditional expressions in matrix.py - CI: Add in-memory cache for the latest OpenSSL/LibreSSL - CI: Improve headline in matrix.py - BUG/MINOR: stick-table: report the correct action name in error message - MINOR: cfgparse-ssl: avoid a possible crash on OOM in ssl_bind_parse_npn() - BUG/MINOR: debug: don't mask the TH_FL_STUCK flag before dumping threads - BUILD: makefile: make sure to also ignore SSL_INC when using wolfssl - BUILD: makefile: clean the wolfssl include and lib generation rules - BUILD: makefile: sort the features list - BUILD: makefile: build the features list dynamically - CI: github: use the GITHUB_TOKEN instead of a manually generated token - BUG/MINOR: mux-quic: ignore remote unidirectional stream close - CI: github: enable github api authentication for OpenSSL tags read - MINOR: h3: use stream error when needed instead of connection - MEDIUM: mux-quic: implement STOP_SENDING emission - MINOR: mux-quic: handle RESET_STREAM reception - MINOR: mux-quic: do not count stream flow-control if already closed - MEDIUM: mux-quic: implement shutw - MINOR: httpclient: don't add body when istlen is empty - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set - BUG/MINOR: quic: do not allocate more rxbufs than necessary - BUG/MEDIUM: quic: properly take shards into account on bind lines - BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list - REGTESTS: ssl: enable the ssl_reuse.vtc test for WolfSSL - OPTIM: pool: split the read_mostly from read_write parts in pool_head - BUG/MINOR: httpclient/log: free of invalid ptr with httpclient_log_format - MEDIUM: httpclient: change the default log format to skip duplicate proxy data - BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats - BUG/MINOR:: mux-h1: Never handle error at mux level for running connection - BUG/MINOR: mux-h1: Report EOS on parsing/internal error for not running stream - BUG/MEDIUM: tests: use tmpdir to create UNIX socket - REGTESTS: startup: disable automatic_maxconn.vtc - BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset - BUG/MINOR: stats: fix show stat json buffer limitation - MINOR: stats: introduce stats field ctx - MINOR: stats: provide ctx for dumping functions - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain - MINOR: h3: check return values of htx_add_* on headers parsing - BUG/MINOR: h3: fix memleak on HEADERS parsing failure - BUG/MEDIUM: h3: fix cookie header parsing - BUG/MINOR: mux-h1: Fix test instead a BUG_ON() in h1_send_error() - BUG/MEDIUM: mux-h1: Don't release H1 stream upgraded from TCP on error - LICENSE: wurfl: clarify the dummy library license. - BUG/MINOR: mux-quic: handle properly alloc error in qcs_new() - BUG/MINOR: mux-quic: remove qcs from opening-list on free - CLEANUP: mux-quic: remove unused attribute on qcs_is_close_remote() - BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket - BUG/MINOR: quic: properly handle alloc failure in qc_new_conn() - BUG/MINOR: quic: fix fd leak on startup check quic-conn owned socket - MINOR: quic: reconnect quic-conn socket on address migration - MEDIUM: quic: requeue datagrams received on wrong socket - MINOR: mux-quic: rename duplicate function names - MEDIUM: quic: move receive out of FD handler to quic-conn io-cb - MEDIUM: quic: use quic-conn socket for reception - MINOR: quic: use connection socket for emission - MINOR: quic: allocate a socket per quic-conn - MINOR: quic: define config option for socket per conn - MINOR: quic: test IP_PKTINFO support for quic-conn owned socket - MINOR: quic: startup detect for quic-conn owned socket support - MINOR: quic: ignore address migration during handshake - MINOR: quic: detect connection migration - MINOR: tools: add port for ipcmp as optional criteria - MINOR: quic: extract datagram parsing code - MINOR: quic: complete traces in qc_rx_pkt_handle() - MINOR: quic: remove qc from quic_rx_packet - CI: github: split matrix for development and stable branches - CI: github: remove redundant ASAN loop - MINOR: debug: add a balance of alloc - free at the end of the memstats dump - MINOR: debug: support pool filtering on "debug dev memstats" - BUG/MEDIUM: h3: parse content-length and reject invalid messages - MINOR: http: extract content-length parsing from H2 - BUG/MEDIUM: h3: reject request with invalid pseudo header - BUG/MEDIUM: h3: reject request with invalid header name - REGTESTS: startup: add alternatives values in automatic_maxconn.vtc - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout - BUG/MEDIUM: freq-ctr: Don't compute overshoot value for empty counters - CLEANUP: ssl: remove check on srv->proxy - REGTESTS: startup: activate automatic_maxconn.vtc - CI: github: set ulimit -n to a greater value - REGTESTS: startup: change the expected maxconn to 11000 - BUG/MINOR: startup: don't use internal proxies to compute the maxconn - REGTESTS: startup: check maxconn computation - REGTESTS: fix the race conditions in iff.vtc - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes - DOC: promex: Add missing backend metrics - MINOR: promex: introduce haproxy_backend_agg_check_status - BUG/MINOR: promex: create haproxy_backend_agg_server_status - MINOR: pools: make DEBUG_UAF a runtime setting - DEBUG: pool: show a few examples in -dMhelp - CLEANUP: pools: get rid of CONFIG_HAP_POOLS - REORG: pool: move all the OS specific code to pool-os.h - CLEANUP: pool: only include pool-os from pool.c not pool.h - CLEANUP: pools: move the write before free to the uaf-only function - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task - BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir - BUILD: atomic: atomic.h may need compiler.h on ARMv8.2-a - BUG/MINOR: init/threads: continue to limit default thread count to max per group - BUG/MINOR: checks: restore legacy on-error fastinter behavior - BUG/MEDIUM: mworker: create the mcli_reload socketpairs in case of upgrade - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers - MINOR: mworker: display an alert upon a wait-mode exit - BUG/MINOR: checks: make sure fastinter is used even on forced transitions - BUG/MEDIUM: checks: do not reschedule a possibly running task on state change - CI: github: split ssl lib selection based on git branch - CI: github: reintroduce openssl 1.1.1 - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side - BUG/MINOR: ssl: initialize WolfSSL before parsing - BUG/MINOR: ssl: initialize SSL error before parsing - BUILD: peers: peers-t.h depends on stick-table-t.h - BUG/MINOR: hapee/modules: make sure generated includes and structs are sorted - MINOR: hapee/modules: check if we generate the API hash correctly - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode." - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - BUG/MINOR: hapee/modules: initialize the module head list - BUILD: hapee/modules: select either md5 or md5sum - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs for 2.7r1 - BUILD: hapee/modules: update HAPEE version macro to 2.7r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support