Summary

2024/11/27 : 2.9r1 (1.0.0-329.655) - BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set - BUG/MEDIUM: http-ana: Don't release too early the L7 buffer - DEV: lags/show-sess-to-flags: Properly handle fd state on server side - BUG/MAJOR: quic: fix wrong packet building due to already acked frames 2024/11/22 : 2.9r1 (1.0.0-329.651) - BUG/MAJOR: mux-h1: Properly handle wrapping on obuf when dumping the first-line - BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy() - MINOR: activity/memprofile: offer a function to unregister stale info - BUG/MINOR: activity/memprofile: reinitialize the free calls on DSO summary - BUG/MEDIUM: wdt: fix the stuck detection for warnings - BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler() - DOC: config: Improve documentation of tune.http.maxhdr directive - BUG/MEDIUM: h3: Increase max number of headers when sending headers - BUG/MEDIUM: h3: Properly limit the number of headers received - BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding - BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames - BUG/MINOR: http-ana: Adjust the server status before the L7 retries - DOC: configuration: wrap long line for "strstr()" conditional expression - DOC: configuration: explain quotes and spaces in conditional blocks - DOC: lua: fix yield-dependent methods expected contexts - DOC: config: Move wait_end in section about internal samples - DOC: config: Slightly improve the %Tr documentation - BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only - DOC: config: Fix a typo in "1.3.1. The Request line" - BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state - BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID 2024/11/13 : 2.9r1 (1.0.0-329.626) - BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list - BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI 2024/11/07 : 2.9r1 (1.0.0-329.624) - MINOR: debug: move the "recover now" warn message after the optional notes - DEBUG: wdt: make the blocked traffic warning delay configurable - DEBUG: cli: make it possible for "debug dev loop" to trigger warnings - DEBUG: wdt: better detect apparently locked up threads and warn about them - MINOR: debug: add a function to dump a stuck thread - MINOR: wdt: move the local timers to a struct - MINOR: debug: remove the redundant process.thread_info array from post_mortem - MINOR: debug: also add fdtab and acitvity to struct post_mortem - MINOR: debug: also add a pointer to struct global to post_mortem - MINOR: debug: do not limit backtraces to stuck threads - MINOR: debug: print gdb hints when crashing - MINOR: stream: maintain a counter of the number of active streams. - MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name - MINOR: rawsock: set connection error codes when returning from recv/send/splice - MINOR: connection: add more connection error codes to cover common errno - MINOR: cli/debug: show dev: add cmdline and version - BUG/MEDIUM: promex: Fix dump of extra counters - MINOR: tcpcheck: Add support for an option host header value for httpchk option - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry - DOC: config: document connection error 44 (reverse connect failure) - MINOR: stream: Save last evaluated rule on invalid yield - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval - BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - BUG/MINOR: trace: stop rewriting argv with -dt 2024/10/24 : 2.9r1 (1.0.0-329.599) - MINOR: cli: remove non-printable characters from 'debug dev fd' - MINOR: debug: store important pointers in post_mortem - MINOR: debug: place the post_mortem struct in its own section. - MINOR: debug: place a magic pattern at the beginning of post_mortem - MINOR: pools: export the pools variable - BUILD: debug: silence a build warning with threads disabled - BUG/MEDIUM: server: fix race on servers_list during server deletion - BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side - BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding - BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error - BUG/MINOR: server: fix dynamic server leak with check on failed init - BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent - MINOR: activity/memprofile: show per-DSO stats - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families - MINOR: activity/memprofile: always return "other" bin on NULL return address - BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF - BUG/MINOR: mworker: fix mworker-max-reloads parser - DOC: config: fix rfc7239 forwarded typo in desc - BUG/MEDIUM: quic: avoid freezing 0RTT connections - BUG/MINOR: quic: avoid leaking post handshake frames - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc - BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter - BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify() - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid - BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send - BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new() - BUG/MEDIUM: queue: make sure never to queue when there's no more served conns - BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe - MEDIUM: debug: on panic, make the target thread automatically allocate its buf - MINOR: debug: replace ha_thread_dump() with its two components - MINOR: debug: make ha_thread_dump_done() take the pointer to be used - MINOR: debug: slightly change the thread_dump_pointer signification - MINOR: debug: split ha_thread_dump() in two parts - MINOR: chunk: drop the global thread_dump_buffer - MINOR: debug: make mark_tainted() return the previous value 2024/10/21 : 2.9r1 (1.0.0-329.562) - MINOR: arg: add an argument type for identifier - BUG/MEDIUM: server: server stuck in maintenance after FQDN change 2024/10/07 : 2.9r1 (1.0.0-329.560) - BUG/MINOR: proxy: fix "option tcplog clf" invalid free 2024/10/02 : 2.9r1 (1.0.0-329.559) - BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade - BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding - BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server - MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute() - BUG/MINOR: queue: make sure that maintenance redispatches server queue - BUG/MEDIUM: stream: make stream_shutdown() async-safe - MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG - BUG/MINOR: quic: prevent freeze after early QCS closure - BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM - MINOR: quic: implement function to check if STREAM is fully acked - MINOR: quic: convert qc_stream_desc release field to flags - BUG/MINOR: cfgparse-global: fix allowed args number for setenv - BUG/MINOR: server: make sure the HMAINT state is part of MAINT - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn - REGTESTS: shorten a bit the delay for the h1/h2 upgrade test - REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades - BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only - MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state - BUG/MINOR: h2: reject extended connect for h2c protocol - BUG/MINOR: h1: do not forward h2c upgrade header token - BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit - BUG/MINOR: cfgparse-listen: fix option httpslog override warning message 2024/09/17 : 2.9r1 (1.0.0-329.537) - BUG/MEDIUM: cfgparse-listen: fix "option tcplog" regression - BUG/MINOR: fix missing "'option httpslog' overrides previous 'option tcplog clf'..." detection - BUG/MINOR: fix missing "log-format overrides previous 'option tcplog clf'..." detection - BUG/MEDIUM: promex: Wait to have the request before sending the response - BUG/MEDIUM: cache/stats: Wait to have the request before sending the response - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options - BUG/MEDIUM: queue: implement a flag to check for the dequeuing - BUG/MINOR: clock: validate that now_offset still applies to the current date - BUG/MINOR: clock: make time jump corrections a bit more accurate - BUG/MINOR: polling: fix time reporting when using busy polling - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages 2024/09/09 : 2.9r1 (1.0.0-329.525) - HAPEE: update list of backported patches (tcplog clf) - MINOR: config: Created env variables for http and tcp clf formats - MINOR: Implements new log format of option tcplog clf - BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() - BUG/MEDIUM: clock: detect and cover jumps during execution - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load - DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line - BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only) - BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) - BUG/MEDIUM: quic: always validate sender address on 0-RTT - MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. - MINOR: quic: Implement qc_ssl_eary_data_accepted(). - MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) - BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder - MINOR: quic: Token for future connections implementation. - MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD - MINOR: quic: Implement quic_tls_derive_token_secret(). - MINOR: tools: Implement ipaddrcpy(). - BUG/MEDIUM: clock: also update the date offset on time jumps 2024/09/04 : 2.9r1 (1.0.0-329.503) - BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list - DOC: config: correct the table for option tcplog - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity - BUG/MINOR: h3: properly reject too long header responses - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails - BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID - REGTESTS: mcli: test the pipelined commands on master CLI - BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI - MINOR: channel: implement ci_insert() function - BUG/MINOR: proto_tcp: keep error msg if listen() fails - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails - BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE - BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion - BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" - BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() - BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc - BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn - BUG/MINOR: fcgi-app: handle a possible strdup() failure - BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams - BUG/MEDIUM: http-ana: Report error on write error waiting for the response - BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content - BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect - BUILD: mux-pt: Use the right name for the sedesc variable - BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path - BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set - BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak 2024/09/03 : 2.9r1 (1.0.0-328.475) - BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns - BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) - BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf - MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places - BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered - BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli - BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready - BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding - DOC: quic: fix default minimal value for max window size 2024/08/02 : 2.9r1 (1.0.0-328.464) - HAPEE: DOC: fix gptstr for dconv parsing - MEDIUM: h1: allow to preserve keep-alive on T-E + C-L - BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) - BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() - MINOR: queue: add a function to check for TOCTOU after queueing - BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature - BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution - BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter - DOC: config: improve the http-keep-alive section - DOC: configuration: issuers-chain-path not compatible with OCSP - BUG/MAJOR: mux-h2: force a hard error upon short read with pending error - BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path - BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts - BUG/MINOR: session: Eval L4/L5 rules defined in the default section - BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread - BUG/MEDIUM: h1: Reject empty Transfer-encoding header - BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value - BUG/MINOR: h1: Fail to parse empty transfer coding names - BUG/MINOR: jwt: fix variable initialisation - DOC: configuration: update maxconn description - BUG/MINOR: jwt: don't try to load files with HMAC algorithm - HAPEE: DOC: document the GPTSTR extensions in configuration.txt 2024/07/03 : 2.9r1 (1.0.0-328.438) - MINOR: hapee: update the notes to reflect backport of RLIMIT_DATA - MINOR: hapee: refresh the list of backported commits - MINOR: init: use RLIMIT_DATA instead of RLIMIT_AS - MINOR: hapee: update backports list - BUG/MINOR: promex: Remove Help prefix repeated twice for each metric - BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section - DOC: configuration: more details about the master-worker mode - BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking - BUG/MINOR: quic: fix race-condition on trace for CID retrieval - BUG/MINOR: quic: fix race condition in qc_check_dcid() - BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() - BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid - BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid - MINOR: activity: make the memory profiling hash size configurable at build time - BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() - BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure - BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure - BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission - DOC: api/event_hdl: small updates, fix an example and add some precisions - SCRIPTS: git-show-backports: do not truncate git-show output - DOC: configuration: fix alphabetical order of bind options - BUG/MEDIUM: proxy: fix email-alert invalid free - REGTESTS: ssl: fix some regtests 'feature cmd' start condition - DOC: management: rename show stats domain cli "dns" to "resolvers" - DOC/MINOR: management: add -dZ option - DOC/MINOR: management: add missed -dR and -dv options - BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request - BUG/MINOR: proxy: fix header_unique_id leak on deinit() - BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() - BUG/MINOR: proxy: fix dyncookie_key leak on deinit() - BUG/MINOR: proxy: fix check_{command,path} leak on deinit() - BUG/MINOR: proxy: fix email-alert leak on deinit() - BUG/MINOR: proxy: fix log_tag leak on deinit() - BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() - MINOR: log: fix "http-send-name-header" ignore warning message - BUG/MINOR: quic: fix computed length of emitted STREAM frames - BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL 2024/06/10 : 2.9r1 (1.0.0-327.400) - CI: scripts: reset backported changes on macOS version - BUG/MEDIUM: stick-tables: Fix locking of updt_lock when trashing oldest entries - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path - BUG/MINOR: hlua: prevent LJMP in hlua_traceback() - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP - CLEANUP: hlua: use hlua_pusherror() where relevant - BUG/MINOR: quic: prevent crash on qc_kill_conn() - BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL - CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp - DOC: config: add %ID logformat alias alternative - BUILD: fd: errno is also needed without poll() - CI: scripts: fix build of vtest regarding option -C - CI: modernize macos matrix - REGTESTS: acl_cli_spaces: avoid a warning caused by undefined logs - DOC: config: fix incorrect section reference about custom log format - DOC: quic: specify that connection migration is not supported - BUG/MINOR: server: Don't reset resolver options on a new default-server line - BUG/MINOR: http-htx: Support default path during scheme based normalization - BUG/MINOR: quic: adjust restriction for stateless reset emission - MEDIUM: config: prevent communication with privileged ports - BUG/MEDIUM: stick-tables: make sure never to create two same remote entries - BUG/MEDIUM: stick-tables: Fix race with peers when killing a sticky session - BUG/MEDIUM: stick-tables: Fix race with peers when trashing oldest entries - BUILD: quic: fix unused variable warning when threads are disabled - BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream - BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305 - BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only) - BUG/MINOR: rhttp: fix task_wakeup state - BUG/MINOR: rhttp: prevent listener suspend - BUG/MEDIUM: rhttp: fix preconnect on single-thread - BUG/MINOR: server: free PROXY v2 TLVs on srv drop - BUG/MINOR: connection: parse PROXY TLV for LOCAL mode - BUG/MINOR: http-ana: Don't crush stream termination condition on internal error - DOC: configuration: update the crt-list documentation - CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf - MEDIUM: mux-h1: Support C-L/T-E header suppressions when sending messages - MINOR: mux-h1: Add a flag to ignore the request payload - BUG/MINOR: stats: Don't state the 303 redirect response is chunked - BUG/MEDIUM: fd: prevent memory waste in fdtab array - BUILD: stick-tables: better mark the stktable_data as 32-bit aligned - BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme - BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found - BUG/MEDIUM: stick-tables: properly mark stktable_data as packed - BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned - BUG/MINOR: qpack: fix error code reported on QPACK decoding failure - BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3 - BUG/MINOR: log: smp_rgs array issues with inherited global log directives - DOC: lua: fix filters.txt file location - BUG/MINOR: cfgparse: use curproxy global var from config post validation - BUG/MINOR: acl: support built-in ACLs with acl() sample - REGTEST: add tests for acl() sample fetch - BUG/MINOR: haproxy: only tid 0 must not sleep if got signal - BUILD: clock: improve check for pthread_getcpuclockid() - BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null - BUG/MINOR: h1: fix detection of upper bytes in the URI - BUG/MINOR: backend: use cum_sess counters instead of cum_conn - BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets - BUG/MINOR: sock: handle a weird condition with connect() - BUG/MINOR: stconn: Fix sc_mux_strm() return value 2024/05/03 : 2.9r1 (1.0.0-325.332) 2024/04/29 : 2.9r1 (1.0.0-321.332) - REGTESTS: cache: Add test on 'vary' other than accept-encoding - BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding 2024/04/19 : 2.9r1 (1.0.0-320.330) - BUG/MINOR: server: fix slowstart behavior - BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached - BUG/MEDIUM: spoe: Always retry when an applet fails to send a frame - BUG/MEDIUM: applet: Fix applet API to put input data in a buffer - BUG/MEDIUM: evports: do not clear returned events list on signal - BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered - BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses - MINOR: net_helper: Add support for floats/doubles. - CI: revert kernel addr randomization introduced in 3a0fc864 - BUG/MAJOR: stick-tables: fix race with peers in entry expiration - BUG/MEDIUM: peers/trace: fix crash when listing event types - BUILD: cache: fix non-inline vs inline declaration mismatch to silence a warning - BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented - BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values - BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection - CLEANUP: log: lf_text_len() returns a pointer not an integer - BUG/MINOR: log: invalid snprintf() usage in sess_build_logline() - BUG/MINOR: tools/log: invalid encode_{chunk,string} usage - BUG/MINOR: log: fix lf_text_len() truncate inconsistency - BUG/MINOR: listener: always assign distinct IDs to shards - BUG/MEDIUM: quic: don't blindly rely on unaligned accesses - BUG/MINOR: cli: Report an error to user if command or payload is too big - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe - BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1 - BUG/MAJOR: server: do not delete srv referenced by session - MINOR: session: rename private conns elements - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing - BUG/MAJOR: ocsp: Separate refcount per instance and per store - MEDIUM: ssl: initialize the SSL stack explicitely - BUG/MEDIUM: quic: fix connection freeze on post handshake - MEDIUM: htx/http-ana: No longer close connection on early HAProxy response - MAJOR: mux-h1: Drain requests on client side before shut a stream down - MINOR: mux-h1: Move all stuff to detach a stream in an internal function - MINOR: mux-h1: Move checks performed before a shutdown in a dedicated function - BUG/MEDIUM: server: fix dynamic servers initial settings - BUG/MINOR: init: relax LSTCHK_NETADM checks for non root - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules 2024/04/04 : 2.9r1 (1.0.0-320.293) - MINOR: hapee: Update list of dropped commits - BUG/MEDIUM: stick-table: use the update lock when reading tables from peers - BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty - BUG/MINOR: backend: properly handle redispatch 0 - BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task - BUG/MINOR: log/balance: detect if user tries to use unsupported algo - DOC: config: balance 'first' not usable in LOG mode - BUG/MINOR: server: ignore 'enabled' for dynamic servers - MINOR: server: allow cookie for dynamic servers - BUG/MINOR: server: fix persistence cookie for dynamic servers - BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities - BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message - BUILD: ssl: fix build error on older compilers with openssl-3.2 - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive - OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6} - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block - BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet - BUG/MEDIUM: ssl: Fix crash in ocsp-update log function - BUG/MINOR: session: ensure conn owner is set after insert into session - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small - CI: temporarily adjust kernel entropy to work with ASAN/clang - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout - BUG/MINOR: listener: Don't schedule frontend without task in listener_release() - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try) - MINOR: hlua: use accessors for stream hlua ctx - DEBUG: lua: precisely identify if stream is stuck inside lua or not - BUG/MINOR: hlua: fix missing lock in hlua_filter_delete() - BUG/MINOR: hlua: missing lock in hlua_filter_new() - BUG/MINOR: hlua: segfault when loading the same filter from different contexts - CI: github: add -DDEBUG_LIST to the default builds - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm() - DOC: configuration: clarify ciphersuites usage (V2) - BUILD: solaris: fix compilation errors - MINOR: quic: always use ncbuf for rx CRYPTO - BUG/MEDIUM: quic: fix handshake freeze under high traffic - BUG/MINOR: cfgparse: report proper location for log-format-sd errors - BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description - CI: skip scheduled builds on forks - BUG/MINOR: sink: fix a race condition in the TCP log forwarding code - BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe() - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP() - BUG/MINOR: hlua: improper lock usage in hlua_filter_new() - BUG/MINOR: hlua: improper lock usage in hlua_filter_callback() - BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load - BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts - BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack - BUG/MINOR: tools: seed the statistical PRNG slightly better - MINOR: hlua: Be able to disable logging from lua - BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel - BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener - DOC: configuration: clarify ciphersuites usage - BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego - LICENSE: http_ext: fix GPL license version - LICENSE: event_hdl: fix GPL license version - BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist - BUG/MINOR: ist: only store NUL byte on succeeded alloc - BUG/MINOR: quic: fix output of show quic - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon - BUG/MAJOR: server: fix stream crash due to deleted server - BUG/MINOR: stats: drop srv refcount on early release - BUG/MINOR: ist: allocate nul byte on istdup - MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support - DOC: quic: fix recommandation for bind on multiple address - BUG/MEDIUM: quic: fix transient send error with listener socket - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data - BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets - BUG/MEDIUM: applet: Immediately free appctx on early error - DOC: quic: Missing tuning setting in "Global parameters" - BUG/MINOR: qpack: reject invalid dynamic table capacity - BUG/MINOR: qpack: reject invalid increment count decoding - BUG/MINOR: quic: reject HANDSHAKE_DONE as server - BUG/MINOR: quic: reject unknown frame type - MINOR: connection: add sample fetches to report per-connection glitches - MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES - MINOR: connection: add a new mux_ctl to report number of connection glitches - MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection - MINOR: mux-h2: always use h2c_report_glitch() - MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch - MINOR: mux-h2: count excess of CONTINUATION frames as a glitch - BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control - MINOR: mux-h2: add a counter of "glitches" on a connection - BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI - BUG/MAJOR: promex: fix crash on deleted server - BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams - BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C - BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty - BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty - MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding - BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides - MINOR: muxes: Announce support for zero-copy forwarding on consumer side - MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side - MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield - CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield - BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up - BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending - MINOR: quic: Add a counter for reordered packets - MINOR: quic: Dynamic packet reordering threshold - MINOR: quic: Update K CUBIC calculation (RFC 9438) - BUG/MEDIUM: quic: Wrong K CUBIC calculation. - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing - BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush() - BUILD: address a few remaining calloc(size, n) cases - CI: Update to actions/cache@v4 - BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs - BUG/MINOR: vars/cli: fix missing LF after "get var" output - DOC: internal: update missing data types in peers-v2.0.txt - DOC: config: fix misplaced "bytes_{in,out}" - DOC: config: fix typos for "bytes_{in,out}" - DOC: config: fix misplaced "txn.conn_retries" - DOC: install: recommend pcre2 - REGTESTS: ssl: Add OCSP related tests - REGTESTS: ssl: Fix empty line in cli command input - BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list" - BUG/MINOR: ssl: Destroy ckch instances before the store during deinit - BUG/MEDIUM: ocsp: Separate refcount per instance and per store - MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line - BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch 2024/04/04 : 2.9r1 (1.0.0-319.171) - MINOR: ssl: Call callback function after loading SSL CRL data 2024/02/27 : 2.9r1 (1.0.0-315.170) - MINOR: hapee: add a .hapee directory to list backporting notes - MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT - BUILD: debug: remove leftover parentheses in ABORT_NOW() - MINOR: debug: make ABORT_NOW() store the caller's line number when using abort - MINOR: debug: make sure calls to ha_crash_now() are never merged - MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding - MINOR: quic: Stop using 1024th of a second. - BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation - CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438) - BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call - BUILD: quic: Variable name typo inside a BUG_ON(). - BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit. - BUG/MINOR: diag: run the final diags before quitting when using -c - BUG/MINOR: diag: always show the version before dumping a diag warning - REGTESTS: promex: Adapt script to be less verbose - MEDIUM: promex: Add support for filters on metric names - MINOR: promex: Always pass the final name and description to promex_dmp_ts() - MINOR: promex: Rename dump functions to use the right wording - MEDIUM: promex/resolvers: Dump resolvers metrics via a promex module - MEDIUM: promex/stick-table: Dump stick-table metrics via a promex module - MEDIUM: promex: Dump metrics of registered modules with a way to filter them - MEDIUM: promex: Add a registration mechanism to support modules - MINOR: promex: Remove unsued htx parameter when a metric is dumped - MEDIUM: promex: Simplify the context using generic pointers for restart points - MINOR: promex: Always limit the number of labels dumped for each metric - DOC: promex: Add documentation about extra-counters - MEDIUM: promex: Dump listeners extra counters if requested - MEDIUM: promex: Dump servers extra counters if requested - MEDIUM: promex: Dump backends extra counters if requested - MEDIUM: promex: Dump frontends extra counters if requested - MINOR: promex: Add info in the promex context to dump extra counters - MINOR: promex: Add a param to override the description when a metric is dumped - MEDIUM: stats: Be able to access a specific field into a stats module - MINOR: stats: Be able to access to registered stats modules from anywhere - MINOR: promex: Export active/backup metrics per-server - MINOR: promex: Add support for specialized front/back/li/srv metric names - MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions - MEDIUM: tcp-act: <expr> support for set-fc-{mark,tos} actions - MINOR: hlua: Rename set_{tos, mark} to set_fc_{tos, mark} - MINOR: tcp-act: Rename "set-{mark,tos}" to "set-fc-{mark,tos}" - MINOR: tcp_act: fix alphabetical ordering of tcp request content actions - OPTIM: connection: progressive hash for conn_calculate_hash() - CLEANUP: connection: remove obsolete comment in header file - BUG/MEDIUM: h1: always reject the NUL character in header values - BUG/MINOR: h1-htx: properly initialize the err_pos field - DOC: httpclient: add dedicated httpclient section - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size - BUG/MINOR: h1: Don't support LF only at the end of chunks - BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON - BUG/MEDIUM: qpack: allow 6xx..9xx status codes - BUG/MEDIUM: h3: do not crash on invalid response status code - MINOR: h3: add traces for stream sending function - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions - DOC: configuration: clarify http-request wait-for-body - BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf - MINOR: quic: extract qc_stream_buf free in a dedicated function - MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT) - CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro. - BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available - BUG/MEDIUM: cache: Fix crash when deleting secondary entry - BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var() - BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs - BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI - MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc - BUG/MEDIUM: mux-h2: refine connection vs stream error on headers - DOC: configuration: fix set-dst in actions keywords matrix - BUG/MINOR: h3: fix checking on NULL Tx buffer - BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT) - BUG/MINOR: mux-h2: also count streams for refused ones - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control - BUILD: quic: missing include for quic_tp - DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay - REGTESTS: add a test to ensure map-ordering is preserved - BUG/MINOR: map: list-based matching potential ordering regression - CLEANUP: quic: Double quic_dgram_parse() prototype declaration. - MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name - MINOR: ot: logsrv struct becomes logger - MINOR: mux-h2: support limiting the total number of H2 streams per connection - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - BUG/MEDIUM: h3: fix incorrect snd_buf return value - BUILD: quic: Missing quic_ssl.h header protection - CLEANUP: quic: Remaining useless code into server part - REGTESTS: check attach-srv out of order declaration - MINOR: debug: add features and build options to "show dev" - MINOR: global: export a way to list build options - CI: use semantic version compare for determing "latest" OpenSSL - BUG/MINOR: h3: disable fast-forward on buffer alloc failure - BUG/MINOR: h3: close connection on sending alloc errors - BUG/MINOR: h3: properly handle alloc failure on finalize - MINOR: h3: add traces for connection init stage - BUG/MINOR: h3: close connection on header list too big - MINOR: h3: check connection error during sending - BUG/MINOR: quic: Missing call to TLS message callbacks - BUG/MINOR: quic: Wrong keylog callback setting. - BUG/MINOR: mux-quic: disable fast-fwd if connection on error - BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission - DOC: fix typo for fastfwd QUIC option - BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event - MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype - MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage - BUG/MEDIUM: stats: unhandled switching rules with TCP frontend - MINOR: stats: store the parent proxy in stats ctx (http) - BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error - BUG/MINOR: server: Use the configured address family for the initial resolution 2024/01/17 : 2.9r1 (1.0.0-311.64) - HAPEE: udp: update structs and functions required for the UDP module - MEDIUM: udp: allow to retrieve the frontend destination address - MINOR: tcpcheck: export proxy_parse_tcpcheck() - MINOR: backend: export get_server_*() functions - BUILD: hapee/addons: fix build without USE_QUIC=1 - HAPEE: makefile: automatically build objects in addons/hapee_* - HAPEE: makefile: update the cleanup rule to also remove *.i from addons - HAPEE: addons: quic CID in -vv - HAPEE: addons: adds quic CID generator to interop with packetshield - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode." - MINOR: hapee/51d: add function that returns path to 51Degrees data file - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - DOC: config: Update documentation about local haproxy response - BUG/MINOR: resolvers: default resolvers fails when network not configured - DOC: config: also add arguments to the converters in the table - DOC: config: add arguments to sample fetch methods in the table - BUG/MEDIUM: mux-quic: report early error on stream - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - CLEANUP: mux-h1: Fix a trace message about C-L header addition - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side - BUG/MEDIUM: quic: QUIC CID removed from tree without locking - BUG/MINOR: ext-check: cannot use without preserve-env - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions - BUILD: ssl: update types in wolfssl cert selection callback - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records - BUG/MINOR: mworker/cli: fix set severity-output support - DOC: configuration: typo req.ssl_hello_type - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback - BUG/MINOR: ssl: Double free of OCSP Certificate ID - MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules - MINOR: hapee/modules: check if we generate the API hash correctly - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk - BUG/MINOR: hapee/modules: initialize the module head list - BUILD: hapee/modules: select either md5 or md5sum - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs for 2.9r1 - BUILD: hapee/modules: update HAPEE version macro to 2.9r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support - MINOR: version: mention that it's stable now