Summary
2024/12/11 : 2.8r1 (1.0.0-321.901)
- BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks
- BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported
- BUG/MINOR: signal: register default handler for SIGINT in signal_init()
- BUG/MINOR: h1-htx: Use default reason if not set when formatting the response
- BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry
- BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided
2024/12/02 : 2.8r1 (1.0.0-321.895)
2024/11/27 : 2.8r1 (1.0.0-320.895)
- BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set
- BUG/MEDIUM: http-ana: Don't release too early the L7 buffer
- DEV: lags/show-sess-to-flags: Properly handle fd state on server side
- BUG/MAJOR: quic: fix wrong packet building due to already acked frames
- BUG/MINOR: quic: prevent freeze after early QCS closure
- BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM
- MINOR: quic: implement function to check if STREAM is fully acked
- MINOR: quic: convert qc_stream_desc release field to flags
- BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy()
- MINOR: activity/memprofile: offer a function to unregister stale info
- BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler()
- BUG/MEDIUM: h3: Increase max number of headers when sending headers
- BUG/MEDIUM: h3: Properly limit the number of headers received
- BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding
- BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames
- BUG/MINOR: http-ana: Adjust the server status before the L7 retries
- DOC: configuration: wrap long line for "strstr()" conditional expression
- DOC: configuration: explain quotes and spaces in conditional blocks
- DOC: lua: fix yield-dependent methods expected contexts
- DOC: config: Move wait_end in section about internal samples
- DOC: config: Slightly improve the %Tr documentation
- BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only
- BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration
- BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration
- BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration
- BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration
- BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state
- BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID
- BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list
- BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI
- BUG/MEDIUM: queue: make sure never to queue when there's no more served conns
- BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade
- BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server
- BUG/MEDIUM: stream: make stream_shutdown() async-safe
- MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG
- REGTESTS: shorten a bit the delay for the h1/h2 upgrade test
- REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades
- BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only
- MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state
- BUG/MINOR: h2: reject extended connect for h2c protocol
- BUG/MINOR: h1: do not forward h2c upgrade header token
- BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit
2024/11/22 : 2.8r1 (1.0.0-320.853)
- INOR: hapee: Update backports list
- MEDIUM: promex: Add support for filters on metric names
2024/11/07 : 2.8r1 (1.0.0-320.851)
- DEBUG: wdt: make the blocked traffic warning delay configurable
- DEBUG: cli: make it possible for "debug dev loop" to trigger warnings
- DEBUG: wdt: better detect apparently locked up threads and warn about them
- MINOR: debug: add a function to dump a stuck thread
- MINOR: wdt: move the local timers to a struct
- MINOR: debug: remove the redundant process.thread_info array from post_mortem
- MINOR: debug: also add fdtab and acitvity to struct post_mortem
- MINOR: debug: also add a pointer to struct global to post_mortem
- MINOR: debug: do not limit backtraces to stuck threads
- MINOR: stream: maintain a counter of the number of active streams.
- MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name
- MINOR: rawsock: set connection error codes when returning from recv/send/splice
- MINOR: connection: add more connection error codes to cover common errno
- DOC: config: document connection error 44 (reverse connect failure)
- MINOR: connection: define error for reverse connect
- MINOR: tcpcheck: Add support for an option host header value for httpchk option
- CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry
- MINOR: stream: Save last evaluated rule on invalid yield
- BUG/MINOR: http-ana: Report internal error if an action yields on a final eval
- BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly
2024/10/24 : 2.8r1 (1.0.0-320.831)
- MINOR: hapee: update backports list (thread-dump and post_mortem)
- MINOR: debug: store important pointers in post_mortem
- MINOR: debug: place the post_mortem struct in its own section.
- MINOR: debug: place a magic pattern at the beginning of post_mortem
- MEDIUM: debug: on panic, make the target thread automatically allocate its buf
- MINOR: debug: replace ha_thread_dump() with its two components
- MINOR: debug: make ha_thread_dump_done() take the pointer to be used
- BUILD: debug: silence a build warning with threads disabled
- MINOR: debug: slightly change the thread_dump_pointer signification
- MINOR: debug: split ha_thread_dump() in two parts
- MINOR: chunk: drop the global thread_dump_buffer
- MINOR: debug: make mark_tainted() return the previous value
- DEBUG: add a tainted flag when ha_panic() is called
- MINOR: debug: add the ability to enter components in the post_mortem struct
- MINOR: debug: dump the mapping of the libs into post_mortem
- MINOR: debug: copy the thread info into the post_mortem struct
- MINOR: debug: collect some boot-time info related to the process
- MINOR: debug: add OS/hardware info to the post_mortem struct
- MINOR: debug: start to create a new struct post_mortem
- DEBUG: tinfo: store the pthread ID and the stack pointer in tinfo
- MINOR: cli: remove non-printable characters from 'debug dev fd'
- MINOR: pools: export the pools variable
- BUG/MEDIUM: server: fix race on servers_list during server deletion
- BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error
- BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding
- BUG/MINOR: server: fix dynamic server leak with check on failed init
- BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent
- MINOR: hapee: update backports list (per-DSO memprofile stats)
- MINOR: activity/memprofile: show per-DSO stats
- MINOR: activity: report profiling duration and age in "show profiling"
- MINOR: activity/memprofile: always return "other" bin on NULL return address
- BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families
- BUG/MINOR: mworker: fix mworker-max-reloads parser
- DOC: config: fix rfc7239 forwarded typo in desc
- REGTESTS: Never reuse server connection in http-messaging/truncated.vtc
- BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid
- BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new()
- BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests
- BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}()
- BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
- BUG/MINOR: cfgparse-global: fix allowed args number for setenv
- BUG/MEDIUM: cli: Deadlock when setting frontend maxconn
- BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown
- DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options
- MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option
- BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
- BUG/MAJOR: ocsp: Separate refcount per instance and per store
- BUG/MINOR: cfgparse-listen: fix option httpslog override warning message
2024/10/21 : 2.8r1 (1.0.0-320.783)
- BUG/MEDIUM: server: server stuck in maintenance after FQDN change
- BUG/MINOR: server: make sure the HMAINT state is part of MAINT
2024/10/07 : 2.8r1 (1.0.0-320.781)
- BUG/MINOR: proxy: fix "option tcplog clf" invalid free
2024/10/03 : 2.8r1 (1.0.0-320.780)
- MINOR: hapee/da: enabling the use of DeviceAtlas C API v2
- BUG/MINOR: hapee/da: enabling use of precompiled json database in 'deviceatlas-json-file'
- BUG/MINOR: hapee/da: fixed bug when using binary version of database
- BUG/BUILD: hapee/da: added preprocessed source code generation for *.cpp files
- BUILD: deviceatlas: fix empty "-I" left on CFLAGS
- BUILD: deviceatlas: remove unneeded depenency on libcurl / libzip
- BUILD/MEDIUM: deviceatlas: updating the addon part.
- DOC: deviceatlas: update to be in line with the v3 api.
- BUILD/MEDIUM: deviceatlas: addon build rework.
- BUILD: makefile: also define cmd_CXX to pretty-print C++ build commands
2024/09/17 : 2.8r1 (1.0.0-320.770)
- BUG/MEDIUM: cfgparse-listen: fix "option tcplog" regression
- BUG/MINOR: fix missing "'option httpslog' overrides previous 'option tcplog clf'..." detection
- BUG/MINOR: fix missing "log-format overrides previous 'option tcplog clf'..." detection
- BUG/MEDIUM: promex: Wait to have the request before sending the response
- BUG/MEDIUM: cache/stats: Wait to have the request before sending the response
- BUG/MEDIUM: queue: implement a flag to check for the dequeuing
- BUG/MINOR: clock: validate that now_offset still applies to the current date
- BUG/MINOR: clock: make time jump corrections a bit more accurate
- BUG/MINOR: polling: fix time reporting when using busy polling
2024/09/10 : 2.8r1 (1.0.0-320.761)
- MINOR: config: Created env variables for http and tcp clf formats
- MINOR: Implements new log format of option tcplog clf
- BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state
- BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
- BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg()
- BUG/MEDIUM: clock: detect and cover jumps during execution
- REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
- DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line
- BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
- BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
- BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
2024/09/05 : 2.8r1 (1.0.0-320.750)
- BUG/MINOR: stconn: Request to send something to be woken up when the pipe is full
- BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path
- BUG/MEDIUM: clock: also update the date offset on time jumps
- DOC: config: correct the table for option tcplog
- BUG/MINOR: h3: properly reject too long header responses
- BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
- BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
- REGTESTS: mcli: test the pipelined commands on master CLI
- BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI
- MINOR: channel: implement ci_insert() function
- BUG/MINOR: proto_tcp: keep error msg if listen() fails
- BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
- BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE
- BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion
- BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
- BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()
- BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc
- BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn
- BUG/MINOR: fcgi-app: handle a possible strdup() failure
- BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream
- BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
- BUG/MEDIUM: http-ana: Report error on write error waiting for the response
- BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content
- BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set
- BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered
- BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli
- BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready
2024/07/29 : 2.8r1 (1.0.0-319.723)
- MEDIUM: h1: allow to preserve keep-alive on T-E + C-L
- BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn
- MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2)
- BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue()
- MINOR: queue: add a function to check for TOCTOU after queueing
- BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature
- BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
- BUG/MINOR: cli: Atomically inc the global request counter between CLI commands
- BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution
- BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
- DOC: config: improve the http-keep-alive section
- DOC: configuration: issuers-chain-path not compatible with OCSP
- BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
- BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
- BUG/MINOR: session: Eval L4/L5 rules defined in the default section
- BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past
- BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread
- BUG/MEDIUM: h1: Reject empty Transfer-encoding header
- BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
- BUG/MINOR: h1: Fail to parse empty transfer coding names
- BUG/MINOR: jwt: fix variable initialisation
- DOC: configuration: update maxconn description
- BUG/MINOR: jwt: don't try to load files with HMAC algorithm
- MEDIUM: ssl: initialize the SSL stack explicitely
2024/07/03 : 2.8r1 (1.0.0-319.699)
- DEBUG: pool: store the memprof bin on alloc() and update it on free()
- DOC: configuration: more details about the master-worker mode
- BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking
- BUG/MINOR: quic: fix race-condition on trace for CID retrieval
- BUG/MINOR: quic: fix race condition in qc_check_dcid()
- BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid()
- BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
- BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
- MINOR: activity: make the memory profiling hash size configurable at build time
- BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct()
- BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
- BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
- BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission
- DOC: api/event_hdl: small updates, fix an example and add some precisions
- SCRIPTS: git-show-backports: do not truncate git-show output
- DOC: configuration: fix alphabetical order of bind options
- DOC: management: rename show stats domain cli "dns" to "resolvers"
- DOC/MINOR: management: add missed -dR and -dv options
- BUG/MINOR: proxy: fix header_unique_id leak on deinit()
- BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit()
- BUG/MINOR: proxy: fix dyncookie_key leak on deinit()
- BUG/MINOR: proxy: fix check_{command,path} leak on deinit()
- BUG/MINOR: proxy: fix log_tag leak on deinit()
- BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit()
- BUG/MINOR: quic: fix computed length of emitted STREAM frames
2024/06/10 : 2.8r1 (1.0.0-318.674)
- BUG/MEDIUM: quic: don't blindly rely on unaligned accesses
- BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe
- BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
- BUG/MAJOR: server: do not delete srv referenced by session
- MINOR: session: rename private conns elements
- BUG/MEDIUM: quic: fix connection freeze on post handshake
- BUG/MEDIUM: server: fix dynamic servers initial settings
- BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
- CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume()
- BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path
- BUG/MINOR: hlua: prevent LJMP in hlua_traceback()
- BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage
- BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP
- CLEANUP: hlua: use hlua_pusherror() where relevant
- BUG/MINOR: quic: prevent crash on qc_kill_conn()
- BUG/MINOR: hlua: use CertCache.set() from various hlua contexts
- BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory
- BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser
- BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning
- BUG/MINOR: activity: fix Delta_calls and Delta_bytes count
- BUG/MINOR: ssl/ocsp: init callback func ptr as NULL
- CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp
- BUILD: fd: errno is also needed without poll()
- CI: scripts: fix build of vtest regarding option -C
- REGTESTS: acl_cli_spaces: avoid a warning caused by undefined logs
- DOC: config: fix incorrect section reference about custom log format
- DOC: quic: specify that connection migration is not supported
- BUG/MINOR: server: Don't reset resolver options on a new default-server line
- BUG/MINOR: http-htx: Support default path during scheme based normalization
- BUG/MINOR: quic: adjust restriction for stateless reset emission
- MEDIUM: config: prevent communication with privileged ports
- BUILD: quic: fix unused variable warning when threads are disabled
- BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream
- BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305
- BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only)
- BUG/MINOR: connection: parse PROXY TLV for LOCAL mode
- DOC: configuration: update the crt-list documentation
- CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf
- BUG/MINOR: stats: Don't state the 303 redirect response is chunked
- BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header
- BUG/MEDIUM: fd: prevent memory waste in fdtab array
- BUILD: stick-tables: better mark the stktable_data as 32-bit aligned
- BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme
- BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found
- BUG/MEDIUM: stick-tables: properly mark stktable_data as packed
- BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned
- BUG/MINOR: qpack: fix error code reported on QPACK decoding failure
- BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3
- BUG/MINOR: log: smp_rgs array issues with inherited global log directives
- BUG/MINOR: log: keep the ref in dup_logger()
- MINOR: log: add dup_logsrv() helper function
- DOC: lua: fix filters.txt file location
- BUG/MINOR: haproxy: only tid 0 must not sleep if got signal
- BUILD: clock: improve check for pthread_getcpuclockid()
- BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null
- BUG/MINOR: h1: fix detection of upper bytes in the URI
- BUG/MINOR: backend: use cum_sess counters instead of cum_conn
- BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets
- BUG/MINOR: sock: handle a weird condition with connect()
- BUG/MINOR: stconn: Fix sc_mux_strm() return value
- BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding
2024/05/03 : 2.8r1 (1.0.0-317.613)
2024/04/19 : 2.8r1 (1.0.0-312.613)
- BUG/MINOR: server: fix slowstart behavior
- BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached
- BUG/MEDIUM: spoe: Always retry when an applet fails to send a frame
- BUG/MEDIUM: applet: Fix applet API to put input data in a buffer
- BUG/MEDIUM: evports: do not clear returned events list on signal
- BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered
- BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses
- MINOR: net_helper: Add support for floats/doubles.
- CI: revert kernel addr randomization introduced in 3a0fc864
- BUG/MEDIUM: peers/trace: fix crash when listing event types
- BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented
- BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values
- BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection
- CLEANUP: log: lf_text_len() returns a pointer not an integer
- BUG/MINOR: log: invalid snprintf() usage in sess_build_logline()
- BUG/MINOR: tools/log: invalid encode_{chunk,string} usage
- BUG/MINOR: log: fix lf_text_len() truncate inconsistency
- BUG/MINOR: listener: always assign distinct IDs to shards
- BUG/MINOR: cli: Report an error to user if command or payload is too big
- BUILD: proxy: Replace free_logformat_list() to manually release log-format
- BUG/MINOR: proxy: fix logformat expression leak in use_backend rules
2024/04/04 : 2.8r1 (1.0.0-312.592)
- BUG/MINOR: backend: properly handle redispatch 0
- BUG/MINOR: server: ignore 'enabled' for dynamic servers
- BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
- MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
- MINOR: server: allow cookie for dynamic servers
- BUG/MINOR: server: fix persistence cookie for dynamic servers
- BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities
- BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
- BUG/MINOR: server: 'source' interface ignored from 'default-server' directive
- OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
- BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block
- BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet
- BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
- BUG/MINOR: session: ensure conn owner is set after insert into session
- BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
- CI: temporarily adjust kernel entropy to work with ASAN/clang
- BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop
- BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout
- BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
- BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release
- BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
- MINOR: hlua: use accessors for stream hlua ctx
- DEBUG: lua: precisely identify if stream is stuck inside lua or not
- BUG/MINOR: hlua: fix missing lock in hlua_filter_delete()
- BUG/MINOR: hlua: missing lock in hlua_filter_new()
- BUG/MINOR: hlua: segfault when loading the same filter from different contexts
- BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()
- DOC: configuration: clarify ciphersuites usage (V2)
- BUILD: solaris: fix compilation errors
- BUG/MINOR: cfgparse: report proper location for log-format-sd errors
- BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description
- CI: skip scheduled builds on forks
- BUG/MINOR: sink: fix a race condition in the TCP log forwarding code
- BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe()
- BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume()
- BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()
- BUG/MINOR: hlua: improper lock usage in hlua_filter_new()
- BUG/MINOR: hlua: improper lock usage in hlua_filter_callback()
- BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load
- BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts
- BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack
- BUG/MINOR: tools: seed the statistical PRNG slightly better
- MINOR: hlua: Be able to disable logging from lua
- BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel
- BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener
- DOC: configuration: clarify ciphersuites usage
- LICENSE: http_ext: fix GPL license version
- LICENSE: event_hdl: fix GPL license version
- BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
- BUG/MINOR: ist: only store NUL byte on succeeded alloc
- BUG/MINOR: quic: fix output of show quic
- BUG/MAJOR: server: fix stream crash due to deleted server
- BUG/MINOR: stats: drop srv refcount on early release
- BUG/MINOR: ist: allocate nul byte on istdup
- MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support
- DOC: quic: fix recommandation for bind on multiple address
- BUG/MEDIUM: quic: fix transient send error with listener socket
- BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data
- BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets
- BUG/MEDIUM: applet: Immediately free appctx on early error
- DOC: quic: Missing tuning setting in "Global parameters"
- BUG/MINOR: qpack: reject invalid dynamic table capacity
- BUG/MINOR: qpack: reject invalid increment count decoding
- BUG/MINOR: quic: reject HANDSHAKE_DONE as server
- BUG/MINOR: quic: reject unknown frame type
- BUG/MAJOR: promex: fix crash on deleted server
- MINOR: connection: add sample fetches to report per-connection glitches
- MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
- MINOR: connection: add a new mux_ctl to report number of connection glitches
- MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection
- MINOR: mux-h2: always use h2c_report_glitch()
- MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch
- MINOR: mux-h2: count excess of CONTINUATION frames as a glitch
- BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control
- MINOR: mux-h2: add a counter of "glitches" on a connection
- BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
- DEV: makefile: fix POSIX compatibility for "range" target
- DEV: makefile: add a new "range" target to iteratively build all commits
- CI: Update to actions/cache@v4
- DOC: internal: update missing data types in peers-v2.0.txt
- DOC: install: recommend pcre2
- DOC: httpclient: add dedicated httpclient section
- DOC: configuration: clarify http-request wait-for-body
- BUILD: address a few remaining calloc(size, n) cases
- BUG/MINOR: ext-check: cannot use without preserve-env
- MINOR: ext-check: add an option to preserve environment variables
- BUG/MINOR: diag: run the final diags before quitting when using -c
- BUG/MINOR: diag: always show the version before dumping a diag warning
- MINOR: errors: ha_alert() and ha_warning() uses warn_exec_path()
- MINOR: quic: Add a counter for reordered packets
- MINOR: quic: Dynamic packet reordering threshold
- MINOR: quic: Update K CUBIC calculation (RFC 9438)
- BUG/MEDIUM: quic: Wrong K CUBIC calculation.
- MINOR: quic: Stop using 1024th of a second.
- BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
- CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
- BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
- BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
- BUG/MEDIUM: qpack: allow 6xx..9xx status codes
- BUG/MEDIUM: h3: do not crash on invalid response status code
- MINOR: h3: add traces for stream sending function
- BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
- MINOR: quic: extract qc_stream_buf free in a dedicated function
- MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
- CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
- BUG/MEDIUM: mux-quic: report early error on stream
- BUG/MINOR: h3: fix checking on NULL Tx buffer
- BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
- REGTESTS: ssl: Add OCSP related tests
- REGTESTS: ssl: Fix empty line in cli command input
- BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
- BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
- BUG/MEDIUM: ocsp: Separate refcount per instance and per store
- MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
- BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
- BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
- BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
- BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
- BUG/MEDIUM: h1: always reject the NUL character in header values
- BUG/MINOR: h1-htx: properly initialize the err_pos field
- BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
- BUG/MINOR: h1: Don't support LF only at the end of chunks
- BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
- BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
- BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
- BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
- BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
- BUG/MINOR: vars/cli: fix missing LF after "get var" output
- BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
- REGTESTS: add a test to ensure map-ordering is preserved
- MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
- BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
- MINOR: mux-h2/traces: clarify the "rejected H2 request" event
- MINOR: mux-h2/traces: explicitly show the error/refused stream states
- MINOR: mux-h2/traces: also suggest invalid header upon parsing error
- MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
- MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
- MINOR: debug: make sure calls to ha_crash_now() are never merged
- MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
2024/02/13 : 2.8r1 (1.0.0-311.453)
- HAPEE: DOC: fix missing quotes in the GPTSTR examples in configuration.txt
2024/01/22 : 2.8r1 (1.0.0-311.452)
- MEDIUM: stktable/peers: "write-to" local table on peer updates
- MINOR: stktable: check if a type should be used as-is
- MINOR: stktable: stktable_init() sets err_msg on error
2024/01/17 : 2.8r1 (1.0.0-311.449)
- BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
- BUG/MINOR: mux-h2: also count streams for refused ones
- BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
- DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
- MINOR: mux-h2: support limiting the total number of H2 streams per connection
- BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
- BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable
- BUG/MEDIUM: h3: fix incorrect snd_buf return value
- CLEANUP: quic: Remaining useless code into server part
- BUG/MINOR: h3: close connection on sending alloc errors
- BUG/MINOR: h3: properly handle alloc failure on finalize
- BUG/MINOR: h3: close connection on header list too big
- MINOR: h3: check connection error during sending
- BUG/MINOR: quic: Missing call to TLS message callbacks
- BUG/MINOR: quic: Wrong keylog callback setting.
- BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
- BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
- MINOR: stats: store the parent proxy in stats ctx (http)
- DOC: config: Update documentation about local haproxy response
- BUG/MINOR: resolvers: default resolvers fails when network not configured
- BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
- BUG/MEDIUM: quic: QUIC CID removed from tree without locking
- BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
- BUG/MINOR: mworker/cli: fix set severity-output support
- DOC: configuration: typo req.ssl_hello_type
2024/01/12 : 2.8r1 (1.0.0-310.424)
- MEDIUM: udp: allow to retrieve the frontend destination address
- Revert "MEDIUM: udp: allow to retrieve the frontend destination address"
2024/01/11 : 2.8r1 (1.0.0-310.422)
- HAPEE: udp: update structs and functions required for the UDP module
- MEDIUM: udp: allow to retrieve the frontend destination address
- MINOR: tcpcheck: export proxy_parse_tcpcheck()
- MINOR: backend: export get_server_*() functions
2023/12/14 : 2.8r1 (1.0.0-310.418)
- MINOR: hapee: Update backports list and hapee commit list
- BUG/MEDIUM: proxy: always initialize the default settings after init
- BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
- BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
- MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
- BUG/MINOR: ssl: Double free of OCSP Certificate ID
- BUG/MINOR: quic: Packet number spaces too lately initialized
- BUG/MINOR: quic: Missing QUIC connection path member initialization
- BUG/MINOR: quic: Possible leak of TX packets under heavy load
- BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load
- BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed
- BUG/MEDIUM: peers: fix partial message decoding
- DOC: Clarify the differences between field() and word()
- BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
- REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter
- DOC: config: fix monitor-fail typo
- DOC: config: add matrix entry for "max-session-srv-conns"
- DOC: config: specify supported sections for "max-session-srv-conns"
- BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
- BUG/MINOR: config: Stopped parsing upon unmatched environment variables
- BUG/MINOR: quic_tp: fix preferred_address decoding
- DOC: config: fix missing characters in set-spoe-group action
- BUG/MINOR: h3: always reject PUSH_PROMISE
- BUG/MINOR: h3: fix TRAILERS encoding
- BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1
- BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request()
- BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding
- DOC: lua: fix Proxy.get_mode() output
- DOC: lua: add sticktable class reference from Proxy.stktable
- REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY
- DOC: config: fix timeout check inheritance restrictions
- DOC: 51d: updated 51Degrees repo URL for v3.2.10
- BUG/MINOR: server: do not leak default-server in defaults sections
- BUG/MINOR: quic: Possible RX packet memory leak under heavy load
- BUG/MEDIUM: quic: Possible crash for connections to be killed
- BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them
- BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly
- REGTESTS: http: add a test to validate chunked responses delivery
- BUG/MINOR: proxy/stktable: missing frees on proxy cleanup
- MINOR: stktable: add stktable_deinit function
- BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover()
- BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover()
- BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover()
- BUG/MINOR: stream/cli: report correct stream age in "show sess"
2023/11/21 : 2.8r1 (1.0.0-310.374)
- BUG/MAJOR: quic: complete thread migration before tcp-rules
2023/11/17 : 2.8r1 (1.0.0-310.373)
- BUG/MINOR: stconn: Report read activity on non-indep streams for partial sends
- BUG/MINOR: stconn/applet: Report send activity only if there was output data
- BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer
- BUG/MINOR: stconn: Fix streamer detection for HTX streams
- MINOR: channel: Add functions to get info on buffers and deal with HTX streams
- MINOR: htx: Use a macro for overhead induced by HTX
- BUG/MEDIUM: stconn: Update fsb date on partial sends
- BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented
- BUG/MEDIUM: mworker: set the master variable earlier
2023/11/14 : 2.8r1 (1.0.0-310.364)
- BUG/MEDIUM: applet: Report a send activity everytime data were sent
- BUG/MEDIUM: stconn: Report a send activity everytime data were sent
- REGTESTS: http: Improve script testing abortonclose option
- BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only
- MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
- MINOR: connection: Add a CTL flag to notify mux it should wait for reads again
- BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up
- BUG/MEDIUM: connection: report connection errors even when no mux is installed
- DOC: quic: Wrong syntax for "quic-cc-algo" keyword.
- BUG/MINOR: sink: don't learn srv port from srv addr
- BUG/MEDIUM: applet: Remove appctx from buffer wait list on release
- DOC: config: use the word 'backend' instead of 'proxy' in 'track' description
- BUG/MINOR: quic: fix retry token check inconsistency
- DOC: management: -q is quiet all the time
2023/11/13 : 2.8r1 (1.0.0-310.350)
- BUG/MEDIUM: stconn: Don't update stream expiration date if already expired
- BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures
- BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets
- BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree
- BUG/MINOR: quic: idle timer task requeued in the past
- BUG/MEDIUM: pool: fix releasable pool calculation when overloaded
- BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period
- BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts
- BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
- BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure
- BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure
- CLEANUP: htx: Properly indent htx_reserve_max_data() function
- BUG/MINOR: stconn: Sanitize report for read activity
- BUG/MEDIUM: Don't apply a max value on room_needed in sc_need_room()
- BUG/MEDIUM: stconn: Don't report rcv/snd expiration date if SC cannot epxire
- BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range()
- BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure
- BUG/MINOR: stktable: missing free in parse_stick_table()
- BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure
- BUG/MEDIUM: ssl: segfault when cipher is NULL
- BUG/MINOR: mux-quic: fix early close if unset client timeout
- BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
- MEDIUM: quic: count quic_conn for global sslconns
- MEDIUM: quic: count quic_conn instance for maxconn
- MINOR: frontend: implement a dedicated actconn increment function
- BUG/MINOR: ssl: use a thread-safe sslconns increment
- BUG/MINOR: quic: do not consider idle timeout on CLOSING state
- BUG/MEDIUM: server: "proto" not working for dynamic servers
- MINOR: connection: add conn_pr_mode_to_proto_mode() helper func
- DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder
- MINOR: lua: Add flags to configure logging behaviour
- BUG/MINOR: ssl: load correctly @system-ca when ca-base is define
- DOC: internal: filters: fix reference to entities.pdf
2023/10/26 : 2.8r1 (1.0.0-307.317)
- BUG/MINOR: mux-h2: update tracked counters with req cnt/req err
- BUG/MINOR: mux-h2: commit the current stream ID even on reject
- BUG/MEDIUM: peers: Fix synchro for huge number of tables
- BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task
- BUG/MINOR: trace: fix trace parser error reporting
- BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again
- BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending
- BUG/MINOR: mux-h2: make up other blocked streams upon removal from list
- BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request
- BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash
- BUG/MINOR: mux-quic: fix free on qcs-new fail alloc
- BUG/MINOR: h3: strengthen host/authority header parsing
- BUG/MINOR: mux-quic: support initial 0 max-stream-data
- BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream
- BUG/MINOR: quic: reject packet with no frame
- BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos
- BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room()
- BUG/MINOR: hq-interop: simplify parser requirement
- BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set
- BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set
- BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried
- BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only
- MINOR: hlua: Test the hlua struct first when the lua socket is connecting
- MINOR: hlua: Save the lua socket's server in its context
- MINOR: hlua: Save the lua socket's timeout in its context
- MINOR: hlua: Don't preform operations on a not connected socket
- MINOR: hlua: Set context's appctx when the lua socket is created
- BUG/MEDIUM: http-ana: Try to handle response before handling server abort
2023/10/17 : 2.8r1 (1.0.0-306.289)
- BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed
2023/10/16 : 2.8r1 (1.0.0-306.288)
- HAPEE: DOC: document the GPTSTR extensions in configuration.txt
- HAPEE: Revert GPTSTR
- BUILD: hapee/addons: fix build without USE_QUIC=1
2023/10/06 : 2.8r1 (1.0.0-305.285)
- BUG/MEDIUM: hapee/addons: fix incorrect gpt index being used in sc-set-gptstr()
- HAPEE: addons: use GPT arrays to store regular strings
- HAPEE: makefile: automatically build objects in addons/hapee_*
- HAPEE: makefile: update the cleanup rule to also remove *.i from addons
- MINOR: haproxy: permit to register features during boot
- BUG/MEDIUM: actions: always apply a longest match on prefix lookup
2023/10/04 : 2.8r1 (1.0.0-305.279)
- BUG/MINOR: mux-quic: remove full demux flag on ncbuf release
- BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams
- MINOR: pattern: fix pat_{parse,match}_ip() function comments
- BUG/MINOR: server: add missing free for server->rdr_pfx
- BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers
- BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API
- BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1
- BUG/MINOR: promex: fix backend_agg_check_status
- BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records
- BUG/MINOR: hlua/init: coroutine may not resume itself
- BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
- CI: musl: drop shopt in workflow invocation
- CI: musl: highlight section if there are coredumps
2023/09/29 : 2.8r1 (1.0.0-304.266)
- MINOR: hapee: update backports list
- MINOR: stream: fix output alignment of stuck thread dumps
- CLEANUP: stream: remove the now unused stream_dump() function
- MINOR: debug: use the more detailed stream dump in panics
- MEDIUM: stream: now provide full stream dumps in case of loops
- MINOR: streams: add support for line prefixes to strm_dump_to_buffer()
- MINOR: stream: make stream_dump() always multi-line
- MINOR: stream: make strm_dump_to_buffer() show the list of filters
- MINOR: stream: make strm_dump_to_buffer() take an arbitrary buffer
- CLEANUP: stream: make strm_dump_to_buffer() take a const stream
- CLEANUP: stream: use const filters in the dump function
- MINOR: stream: split stats_dump_full_strm_to_buffer() in two
- CLEANUP: stream: make the dump code not depend on the CLI appctx
- CLEANUP: freq_ctr: make all freq_ctr readers take a const
- MEDIUM: server/ssl: pick another thread's session when we have none yet
- MINOR: server/ssl: clear the shared good session index on failure
- MINOR: server/ssl: maintain an index of the last known valid SSL session
- MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session
- MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid
- CLEANUP: ssl: keep a pointer to the server in ssl_sock_init()
- DOC: ssl: add some comments about the non-obvious session allocation stuff
- MINOR: ssl_sock: avoid iterating realloc(+1) on stored context
- HAPEE: addons: quic CID in -vv
- Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token"
- BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread
- MINOR: hlua: add hlua_stream_ctx_prepare helper function
- HAPEE: addons: adds quic CID generator to interop with packetshield
- MINOR: quic: handle external extra CIDs generator.
- BUG/MINOR: quic: Wrong cluster secret initialization
- BUG/MINOR: quic: Leak of frames to send.
- BUILD: bug: make BUG_ON() void to avoid a rare warning
- BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT
2023/09/13 : 2.8r1 (1.0.0-302.234)
- BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code
- BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind
- BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help
- MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option
- MINOR: quic+openssl_compat: Do not start without "limited-quic"
- MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic"
- BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels
- DOC: quic: Add "limited-quic" new tuning setting
- MINOR: quic: Add "limited-quic" new tuning setting
- MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper.
- MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct
- MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()
- MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper
- MINOR: quic: Export some KDF functions (QUIC-TLS)
- MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper
- MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled()
- MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method()
- MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT
- MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header
- MINOR: quic: QUIC openssl wrapper implementation
- MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values
- MINOR: sample: implement act_conn sample fetch
- MINOR: sample: add pid sample
- MEDIUM: ssl: new sample fetch method to get curve name
- MINOR: ssl: add support for 'curves' keyword on server lines
- MINOR: hapee: add a .hapee directory to list backporting notes
- BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches
- MINOR: sample: Add common TLV types as constants for fc_pp_tlv
- MINOR: sample: Refactor fc_pp_unique_id by wrapping the generic TLV fetch
- MINOR: sample: Refactor fc_pp_authority by wrapping the generic TLV fetch
- MEDIUM: sample: Add fetch for arbitrary TLVs
- MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs
- CLEANUP/MINOR: connection: Improve consistency of PPv2 related constants
- CI: Update to actions/checkout@v4
- MEDIUM: capabilities: enable support for Linux capabilities
- BUG/MINOR: hlua/action: incorrect message on E_YIELD error
- BUG/MINOR: ring/cli: Don't expect input data when showing events
- BUG/MINOR: applet: Always expect data when CLI is waiting for a new command
- NUG/MEDIUM: stconn: Always update stream's expiration date after I/O
- BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout
- BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC
- BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC
- BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer
- BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var)
- BUG/MINOR: quic: Wrong RTT adjusments
- MINOR: httpclient: allow to configure the timeout.connect
- MINOR: httpclient: allow to configure the retries
- DOC: configuration: update examples for req.ver
- BUG/MINOR: stream: further protect stream_dump() against incomplete sessions
- BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer
- BUG/MAJOR: quic: Really ignore malformed ACK frames.
- BUG/MINOR: quic: Possible skipped RTT sampling
- BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown
- BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown
- BUG/MINOR: stconn: Don't report blocked sends during connection establishment
- BUG/MEDIUM: stconn: Update stream expiration date on blocked sends
- DEBUG: applet: Properly report opposite SC expiration dates in traces
- BUG/MINOR: checks: do not queue/wake a bounced check
- DOC: config: mention uid dependency on the tune.quic.socket-owner option
- BUG/MINOR: stream: protect stream_dump() against incomplete streams
- BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate
- BUILD: import: guard plock.h against multiple inclusion
- BUG/MINOR: ssl_sock: fix possible memory leak on OOM
- DOC: lua: fix core.register_action typo
- BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
- CI: fedora: fix "dnf" invocation syntax
- IMPORT: xxhash: update xxHash to version 0.8.2
- MINOR: atomic: make sure to always relax after a failed CAS
- MINOR: threads: inline the wait function for pthread_rwlock emulation
- IMPORT: plock: also support inlining the int code
- BUILD: Makefile: add the USE_QUIC option to make help
- DOC: jwt: Add explicit list of supported algorithms
- REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)
- SCRIPTS: git-show-backports: automatic ref and base detection with -m
- DOC: typo: fix sc-set-gpt references
- BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection
- BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
- DEV: flags/show-sess-to-flags: properly decode fd.state
- BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
- BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing
- CI: get rid of travis-ci wrapper for Coverity scan
- CI: do not use "groupinstall" for Fedora Rawhide builds
- MINOR: ssl: allow to change the client-sigalgs on server lines
- MINOR: ssl: allow to change the server signature algorithm on server lines
- MINOR: peers: add peers keyword registration
- BUG/MINOR: http: skip leading zeroes in content-length values
- DOC: clarify the handling of URL fragments in requests
- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri
- BUG/MINOR: h3: reject more chars from the :path pseudo header
- BUG/MINOR: h2: reject more chars from the :path pseudo header
- BUG/MINOR: h1: do not accept '#' as part of the URI component
- REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests
- MINOR: h2: pass accept-invalid-http-request down the request parser
- MINOR: http: add new function http_path_has_forbidden_char()
- MINOR: ist: add new function ist_find_range() to find a character range
- BUG/MAJOR: http: reject any empty content-length header value
- BUG/MAJOR: h3: reject header values containing invalid chars
- REORG: http: move has_forbidden_char() from h2.c to http.h
- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
- BUILD: quic: fix wrong potential NULL dereference
- BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error
- BUG/MINOR: http-client: Don't forget to commit changes on HTX message
- BUG/MEDIUM: quic: consume contig space on requeue datagram
- BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends
- BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame
- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full
- DOC: configuration: describe Td in Timing events
- BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line
- BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX
- MINOR: quic: Useless call to SSL_CTX_set_quic_method()
- MINOR: quic: Make ->set_encryption_secrets() be callable two times
- BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary
- BUG/MINOR: server-state: Avoid warning on 'file not found'
- BUG/MINOR: server-state: Ignore empty files
- BUG/MINOR: quic: Missing parentheses around PTO probe variable.
- BUG/MINOR: server: Don't warn on server resolution failure with init-addr none
- BUG/MINOR: init: set process' affinity even in foreground
- BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct
- BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured
- MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found
- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses
- BUG/MINOR: hlua: add check for lua_newstate
- BUILD: quic: fix warning during compilation using gcc-6.5
- CI: explicitely highlight VTest result section if there's something
- CI: add naming convention documentation
- BUG/MINOR: http: Return the right reason for 302
- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters
- DOC: config: Fix fc_src description to state the source address is returned
- BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing
- BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers
- CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt
- BUG/MEDIUM: quic: timestamp shared in token was using internal time clock
- BUG/MEDIUM: quic: missing check of dcid for init pkt including a token
- BUG/MINOR: quic: retry token remove one useless intermediate expand
- BUG/MEDIUM: quic: token IV was not computed using a strong secret
- BUG/MINOR: config: Remove final '\n' in error messages
- BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size
- EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script
- BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv()
- MINOR: hlua_fcn/mailers: handle timeout mail from mailers section
- BUG/MINOR: server: set rid default value in new_server()
- BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring()
- BUG/MINOR: sink: invalid sft free in sink_deinit()
- BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward()
- BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward()
- BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward()
- BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets
- MINOR: sink/api: pass explicit maxlen parameter to sink_write()
- BUG/MINOR: log: LF upsets maxlen for UDP targets
- BUG/MINOR: ring: maxlen warning reported as alert
- BUG/MINOR: ring: size warning incorrectly reported as fatal error
- BUG/MINOR: sink: missing sft free in sink_deinit()
- BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239()
- BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv()
- BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage
- BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT
- DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list only aspect
- DOC: ssl: Fix typo in 'ocsp-update' option
- CLEANUP: quic: Remove server specific about Initial packet number space
- MINOR: quic: Reduce the maximum length of TLS secrets
- MINOR: quic: Move packet number space related functions
- MINOR: quic: Move QUIC encryption level structure definition
- BUILD: debug: avoid a build warning related to epoll_wait() in debug code
- MINOR: compression/slz: add support for a pure flush of pending bytes
- IMPORT: slz: implement a synchronous flush() operation
- BUG/MINOR: quic: Wrong endianess for version field in Retry token
- BUG/MINOR: quic: Wrong Retry paquet version field endianess
- BUG/MINOR: quic: Missing random bits in Retry packet header
- BUG/MINOR: config: fix stick table duplicate name check
- BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag
- BUG/MINOR: quic: Prevent deadlock with CID tree lock
- BUG/MINOR: mworker: leak of a socketpair during startup failure
- BUG/MINOR: http_ext: fix if-none regression in forwardfor option
- DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size
- REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages
- DOC: Add tune.h2.max-frame-size option to table of contents
- DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents
- BUG/MINOR: quic: ticks comparison without ticks API use
- BUG/MEDIUM: mworker: increase maxsock with each new worker
- BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr()
- BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()
- BUG/MINOR: quic: Missing initialization (packet number space probing)
- BUG/MINOR: namespace: missing free in netns_sig_stop()
- BUG/MINOR: server: inherit from netns in srv_settings_cpy()
- BUG/MINOR: quic: Address inversion in "show quic full"
- BUG/MINOR: quic: Wrong encryption level flags checking
- BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure
- REG-TESTS: stickiness: Delay haproxys start to properly resolv variables
- BUG/MINOR: peers: Improve detection of config errors in peers sections
- BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions
- BUG/MINOR: proxy/server: free default-server on deinit
- MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function
- MINOR: hapee/WURFL: added live update database function
- MINOR: hapee/WURFL: added custom API log function
- MINOR: hapee/WURFL: added function to check correct module initialization
- BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library
- BUILD: hapee/da: repaired build in case of using old DeviceAtlas library
- MINOR: hapee/da: add function that allow data reload
- MINOR: hapee/da: add spin locking
- MINOR: hapee/da: add support for loading a precompiled json data
- MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode."
- MINOR: hapee/51d: add function that returns path to 51Degrees data file
- MINOR: hapee/51d: add function that allow data reload
- BUG/MINOR: hapee/51d: add spin locking
- BUILD: hapee/51d: fix error when building with 51Degrees enabled
- BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded
- MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset
- BUG/MINOR: proxy: add missing interface bind free in free_proxy
- BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
- DOC: config: fix rfc7239 converter examples (again)
- DOC: config: fix jwt_verify() example using var()
- DOC: quic: fix misspelled tune.quic.socket-owner
- BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
- CONTRIB: Add vi file extensions to .gitignore
- BUG/MINOR: quic: Possible crash when SSL session init fails
- BUG/MINOR: stream: do not use client-fin/server-fin with HTX
- BUG/MINOR: stats: Fix Lua's `get_stats` function
- MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules
- MINOR: hapee/modules: check if we generate the API hash correctly
- BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk
- BUG/MINOR: hapee/modules: initialize the module head list
- BUILD: hapee/modules: select either md5 or md5sum
- MEDIUM: hapee/modules: load the STG_REGISTER initcalls
- BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure
- MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum
- MINOR: hapee/modules: add the ability to register variable and functions.
- MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules
- MINOR: hapee/modules: terminate properly loaded modules if possible
- MEDIUM: hapee/modules: add memory reservation support for the modules
- MINOR: hapee: change URLs for 2.8r1
- BUILD: hapee/modules: update HAPEE version macro to 2.8r1
- BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version
- BUILD: hapee/modules: add version of the module in the defines
- MEDIUM: hapee/modules: add modules support
HAPEE-LB 2.8r1 – Changelog