We are improving our documentation experience. View Beta Documentation.

Changelog

version 3.0r1



Summary

2025/10/27 : 3.0r1 (1.0.0-346.834) - BUG/MEDIUM: cli: do not return ACKs one char at a time - MINOR: cli: create cli_raw_rcv_buf() from the generic applet_raw_rcv_buf() - MINOR: applet: do not put SE_FL_WANT_ROOM on rcv_buf() if the channel is empty - BUG/MINOR: stick-tables: properly index string-type keys - BUG/MEDIUM: applet: Improve again spinning loops detection with the new API - BUG/MEDIUM: build: limit excessive and counter-productive gcc-15 vectorization - BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling - MINOR: ncbmbuf: add tests as standalone mode - MINOR: ncbmbuf: implement advance operation - MINOR: ncbmbuf: implement ncbmb_data() - MINOR: ncbmbuf: implement iterator bitmap utilities functions - MINOR: ncbmbuf: implement add - MINOR: ncbmbuf: define new ncbmbuf type - MINOR: ncbuf: extract common types - BUG/MEDIUM: h3: properly encode response after interim one in same buf - BUG/MAJOR: quic: uninitialized quic_conn_closed struct members - BUG/MINOR: quic: check applet_putchk() for 'show quic' first line - BUG/MEDIUM: stick-tables: Don't forget to dec count on failure. - BUG/MINOR mux-quic: apply correctly timeout on output pending data - BUG/MINOR: quic: don't coalesce probing and ACK packet of same type - BUG/MEDIUM: h3: handle interim response properly on FE side - MINOR: qmux: change API for snd_buf FIN transmission - BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side) - BUG/MEDIUM: h3: do not overwrite interim with final response 2025/10/17 : 3.0r1 (1.0.0-346.810) - MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant - BUG/MINOR: quic: too short PADDING frame for too short packets - BUILD: ssl: can't build when using -DLISTEN_DEFAULT_CIPHERS - MINOR: regex: use a thread-local match pointer for pcre2 - BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id - BUG/MINOR: ssl: Free key_base from global_ssl structure during deinit - BUG/MINOR: ssl: Free global_ssl structure contents during deinit 2025/10/15 : 3.0r1 (1.0.0-346.803) - MINOR: debug: add distro name and version in postmortem - BUG/MINOR: sink: retry attempt for sft server may never occur - MINOR: sink: Remove useless test on SE_FL_SHR/SHW flags 2025/10/10 : 3.0r1 (1.0.0-346.800) - BUG/MEDIUM: apppet: Improve spinning loop detection with the new API - BUILD: makefile: disable tail calls optimizations with memory profiling - BUG/MINOR: ssl: always clear the remains of the first hello for the second one - BUG/MEDIUM: ssl: take care of second client hello - BUG/MINOr: hlua: Fix receive from HTTP applet by properly accounting data 2025/10/03 : 3.0r1 (1.0.0-346.795) - Revert "MINOR: quic: Useless TX buffer size reduction in closing state" - BUG/MINOR: h3: forbid 'Z' as well in header field names checks - BUG/MINOR: h2: forbid 'Z' as well in header field names checks 2025/10/02 : 3.0r1 (1.0.0-346.792) - BUG/CRITICAL: mjson: fix possible DoS when parsing numbers - DOC: config: clarify some known limitations of the json_query() converter - BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file - BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix - BUG/MINOR: pattern: Properly flag virtual maps as using samples - MINOR: ssl: add the ssl_bc_sni sample fetch function to retrieve backend SNI - BUILD: halog: misleading indentation in halog.c - BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt - OPTIM: sink: reduce contention on sink_announce_dropped() - BUG/MINOR: server: Update healthcheck when server settings are changed via CLI - BUG/MEDIUM: server: Use sni as pool connection name for SSL server only - MINOR: server: Parse sni and pool-conn-name expressions in a dedicated function - BUG/MEDIUM: ring: invert the length check to avoid an int overflow - BUG/MINOR: resolvers: always normalize FQDN from response - BUG/MINOR: ocsp: Crash when updating CA during ocsp updates - BUG/MAJOR: stream: Force channel analysis on successful synchronous send - BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval - BUG/MINOR: activity: fix reporting of task latency - BUG/MEDIUM: ssl: create the mux immediately on early data - BUG/MEDIUM: h1: Allow reception if we have early data - BUG/MEDIUM: checks: fix ALPN inheritance from server - OPTIM: check: do not delay MUX for ALPN if SSL not active - CLEANUP: quic: fix typo in quic_tx trace - BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET() - BUILD: trace: silence a bogus build warning at -Og - BUG/MINOR: log: fix potential memory leak upon error in add_to_logformat_list() - BUG/MINOR: connection: streamline conn detach from lists - BUG/MEDIUM: conn: fix UAF on connection after reversal on edge - REGTESTS: explicitly use "balance roundrobin" where RR is needed - MINOR: quic: Add more information about RX packets - BUILD: acl: silence a possible null deref warning in parse_acl_expr() - BUG/MINOR: haproxy: be sure not to quit too early on soft stop - BUG/MINOR: quic: fix padding issue on INITIAL retransmit - BUG/MINOR: quic: fix room check if padding requested - BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames - BUG/MINOR: tools: Add OOM check for malloc() in indent_msg() - BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options() - BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen() - BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse() - BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger() - BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url() - BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server - REG-TESTS: map_redirect: Don't use hdr_dom in ACLs with "-m end" matching method - BUG/MAJOR: mux-quic: fix crash on reload during emission - BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete() - CLEANUP: quic: remove a useless CRYPTO frame variable assignment - MINOR: doc: add missing statistics column - MINOR: doc: add missing statistics column - DOC: configuration: confuse "strict-mode" with "zero-warning" - DOC: unreliable sockpair@ on macOS - BUG/MINOR: server: decrement session idle_conns on del server - BUG/MINOR: connection: remove extra session_unown_conn() on reverse - BUG/MINOR: connection: rearrange union list members - BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found - BUG/MINOR: mux-quic: trace with non initialized qcc - MINOR: quic: remove ->offset qf_crypto struct field - BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets - BUG/MEDIUM: Remove sync sends from streams to applets - BUG/MEDIUM: stconn: Fix conditions to know an applet can get data from stream - MINOR: quic: centralize padding for HP sampling on packet building - BUG/MAJOR: quic: fix INITIAL padding with probing packet only - BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested - BUG/MINOR: mux-h1: fix wrong lock label - BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer - DOC: config: recommend single quoting passwords - DOC: management: fix typo in commit f4f93c56 - BUG/MINOR: init: Initialize random seed earlier in the init process - BUG/MEDIUM: ssl: fix build with AWS-LC - BUG/MEDIUM: ssl: Fix 0rtt to the server - BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR - BUILD: compat: always set _POSIX_VERSION to ease comparisons - BUILD: compat: provide relaxed versions of the MIN/MAX macros - DOC: list missing global QUIC settings - BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS - BUG/MINOR: halog: exit with error when some output filters are set simultaneosly - BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init - BUG/MINOR: quic: Wrong source address use on FreeBSD - BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM - BUG/MEDIUM: http-client: Drain the request if an early response is received - BUG/MINOR: http-client: Reject any 101-switching-protocols response - BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode - BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred - BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred - BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred - BUG/MINOR: listener: really assign distinct IDs to shards - MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory - DOC: management: clarify usage of -V with -c - BUG/MINOR: hlua: take default-path into account with lua-load-per-thread - BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options - BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established - BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket - BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket - BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet - DOC: deviceatlas build clarifications - BUILD/MEDIUM: deviceatlas: fix when installed in custom locations. - BUG/MINOR: httpclient: wrongly named httpproxy flag - DOC: Fix 'jwt_verify' converter doc - BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter - BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending - BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services - SCRIPTS: drop the HTML generation from announce-release - MINOR: quic: Useless TX buffer size reduction in closing state - BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding - DOC: configuration: add details on prefer-client-ciphers - BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation - BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself - BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream - DOC: config: prefer-last-server: add notes for non-deterministic algorithms - BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field - BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly - MINOR: http: add a function to validate characters of :authority - MINOR: compiler: add __nonstring macro - BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator - BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency - BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers - MEDIUM: hapee/51d: use '_' instead of '-' in 51d-set-property-vars() names - MEDIUM: hapee/51d: set version and date metadata variables - REORG: hapee/51d: Create a function for setting property variables - MEDIUM: hapee/51d: add a new action "http-request 51d-set-property-vars" 2025/08/21 : 3.0r1 (1.0.0-345.673) - MINOR: config: show HAPROXY_BRANCH in "show env" output 2025/06/17 : 3.0r1 (1.0.0-344.672) - BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported - MINOR: cli: handle EOS/ERROR first - BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available - BUG/MINOR: config/server: reject QUIC addresses - BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing - BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info - BUG/MINOR: quic: Missing SSL session object freeing - BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout - DOC: config: Fix a typo in 2.7 (Name format for maps and ACLs) - BUILD: tools: properly define ha_dump_backtrace() to avoid a build warning - BUG/MINOR: quic: ensure cwnd limits are always enforced - MINOR: quic: rename min/max fields for congestion window algo - BUG/MINOR: mux-quic: do not decode if conn in error - BUG/MEDIUM: peers: also limit the number of incoming updates - DOC: hlua: fix a few typos in HTTPMessage.set_body_len() documentation - DOC: hlua: Add a note to warn user about httpclient object reuse - BUG/MEDIUM: httpclient: Throw an error if an lua httpclient instance is reused 2025/05/28 : 3.0r1 (1.0.0-344.655) - MINOR: hapee: Update backports and hapee lists - BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0 - CI: vtest: Fix the build script to properly work on MaOS - CI: vtest: Rely on VTest2 to run regression tests - REGTESTS: Explicitly allow failing shell commands in some scripts - REGTESTS: Make the script testing conditional set-var compatible with Vtest2 - BUG/MEDIUM: hlua: Fix getline() for TCP applets to work with applet's buffers - BUG/MEDIUM: hlua: Properly detect shudowns for TCP applets based on the new API - BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request - DOC: configuration: fix the example in crt-store - BUG/MAJOR: cache: Crash because of wrong cache entry deleted - BUG/MEDIUM: server: fix potential null-deref after previous fix - BUG/MEDIUM: server: fix crash after duplicate GUID insertion - BUILD: makefile: enable backtrace by default on musl 2025/05/22 : 3.0r1 (1.0.0-344.641) - MINOR: ssl: support strict-sni in ssl-default-bind-options - BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent - BUG/MEDIUM: stconn: Disable 0-copy forwarding for filters altering the payload - MEDIUM: hlua: Add function to change the body length of an HTTP Message - MINOR: quic: Add useful error traces about qc_ssl_sess_init() failures - CLEANUP: quic: Useless BIO_METHOD initialization - BUG/MINOR: h3: don't insert more than one Host header - DOC: config: recommend disabling libc-based resolution with resolvers - DOC: config: restore default values for resolvers hold directive - DOC: ring: refer to newer RFC5424 - BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers - BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation - BUG/MINOR: threads: fix soft-stop without multithreading support - BUG/MINOR: ssl/ckch: always free() the previous entry during parsing - BUG/MINOR: cli: fix too many args detection for commands - BUG/MEDIUM: peers: hold the refcnt until updating ts->seen - BUG/MINOR: quic: reject invalid max_udp_payload size - BUG/MINOR: quic: fix TP reject on invalid max-ack-delay - BUG/MINOR: quic: use proper error code on invalid received TP value - BUG/MINOR: quic: reject retry_source_cid TP on server side - BUG/MINOR: quic: use proper error code on invalid server TP - BUG/MINOR: quic: use proper error code on missing CID in TPs - MINOR: quic: extend return value during TP parsing - BUG/MINOR: proxy: only use proxy_inc_fe_cum_sess_ver_ctr() with frontends - BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection - BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade - BUG/MINOR: dns: prevent ds accumulation within dss - CLEANUP: dns: remove unused dns_stream_server struct member - BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers - MINOR: applet: add appctx_schedule() macro - BUG/MAJOR: listeners: transfer connection accounting when switching listeners - BUG/MINOR: cli: Issue an error when too many args are passed for a command - MINOR: hapee: remove "r1" from HAPROXY_BRANCH env variable 2025/05/07 : 3.0r1 (1.0.0-344.608) - BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not empty - MINOR: tools: also protect the library name resolution against concurrent accesses - BUG/MINOR: rhttp: ensure GOAWAY can be emitted after reversal - BUG/MINOR: rhttp: fix reconnect if timeout connect unset - BUG/MINOR: mux-h2: prevent past scheduling with idle connections - BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill() - IMPORT: plock: use cpu_relax() for a shorter time in EBO - IMPORT: plock: lower the slope of the exponential back-off - IMPORT: plock: give higher precedence to W than S - MEDIUM: epoll: skip reports of stale file descriptors - DEBUG: epoll: store and compare the FD's generation count with reported event - MINOR: fd: add a generation number to file descriptors - DEBUG: fd: add a counter of takeovers of an FD since it was last opened - BUG/MEDIUM: mux-fcgi: Properly handle read0 on partial records - BUG/MINOR: stktable: invalid use of stkctr_set_entry() with mixed table types - DEBUG: stream: Add debug counters to track some client/server aborts - BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure 2025/04/17 : 3.0r1 (1.0.0-344.591) - BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) - BUG/MINOR: h3: reject request URI with invalid characters - BUG/MINOR: h3: reject invalid :path in request - BUG/MINOR: h3: filter upgrade connection header - BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding - BUG/MEDIUM: h3: trim whitespaces when parsing headers value - BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers (2) - BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding - BUG/MINOR: http-ana: Properly detect client abort when forwarding the response - DOC: config: add the missing "profiling.memory" to the global kw index - BUG/MINOR: hlua: fix invalid errmsg use in hlua_init() - BUG/MINOR: backend: do not use the source port when hashing clientip - BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs - BUG/MINOR: log: fix CBOR encoding with LOG_VARTEXT_START() + lf_encode_chunk() - CLEANUP: log: adjust _lf_cbor_encode_byte() comment - BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait() - MINOR: task: add thread safe notification_new and notification_wake variants - TESTS: Fix build for filltab25.c - BUG/MEDIUM: stream: Fix a possible freeze during a forced shut on a stream - BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port - BUG/MINOR: backend: do not overwrite srv dst address on reuse - BUG/MINOR: rhttp: fix incorrect dst/dst_port values - BUILD: compiler: undefine the CONCAT() macro if already defined - DOC: config: fix two missing "content" in "tcp-request" examples - BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays - BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream() - BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local 2025/04/03 : 3.0r1 (1.0.0-344.564) - BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node - BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks - MINOR: log: support "raw" logformat node typecast 2025/03/20 : 3.0r1 (1.0.0-344.561) - BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name() - MINOR: tools: teach resolve_sym_name() a few more common symbols - MINOR: tools: ease the declaration of known symbols in resolve_sym_name() - MINOR: tools: improve symbol resolution without dl_addr - MINOR: cli: export cli_io_handler() to ease symbol resolution - MINOR: tinfo: split the signal handler report flags into 3 - BUILD: tools: silence a build warning when USE_THREAD=0 - MINOR: tools: use only opportunistic symbols resolution - MINOR: tools: resolve main() only once in resolve_sym_name() - MINOR: compiler: add a new __decl_thread_var() macro to declare local variables - MINOR: compiler: add a simple macro to concatenate resolved strings - BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler - BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - BUG/MINOR: http-check: Don't pretend a C-L heeader is set before adding it - BUG/MINOR: ssl_crtlist: handle a possible strdup() failure - BUG/MINOR: namespace: handle a possible strdup() failure - BUG/MINOR: stats: fix capabilities and hide settings for some generic metrics - MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or "server" lines - BUG/MINOR: server: dont return immediately from parse_server() when skipping checks - BUG/MINOR: cfgparse/peers: properly handle ignored local peer case - BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server - BUG/MEIDUM: startup: return to initial cwd only after check_config_validity() - BUG/MINOR: log: set proper smp size for balance log-hash - CLEANUP: log: removing "log-balance" references - BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer - CLEANUP: h3: fix documentation of h3_rcv_buf() - BUG/MINOR: h3: do not report transfer as aborted on preemptive response - BUG/MINOR: h2: always trim leading and trailing LWS in header values - BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper - MINOR: freq_ctr: provide non-blocking read functions - BUG/MEDIUM: stream: never allocate connection addresses from signal handler - MINOR: tinfo: add a new thread flag to indicate a call from a sig handler - BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info() - MINOR: clock: always use atomic ops for global_now_ms - BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers - BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers - BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer - BUG/MINOR: flt-trace: Support only one name option - BUG/MINOR: auth: Fix a leak on error path when parsing user's groups - BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive - BUG/MINOR: cli: Fix a possible infinite loop in _getsocks() - BUG/MINOR: cli: Fix memory leak on error for _getsocks command - BUG/MINOR: cli: Don't set SE flags from the cli applet - BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval - BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut - BUG/MINOR: mux-quic: prevent crash after MUX init failure - BUG/MINOR: quic: prevent crash on conn access after MUX init failure - BUG/MINOR: fcgi: Don't set the status to 302 if it is already set - BUG/MEDIUM: filters: Handle filters registered on data with no payload callback - BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals - BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding - BUG/MINOR: quic: reserve length field for long header encoding - BUG/MEDIUM: debug: close a possible race between thread dump and panic() - BUILD: ssl: more cleaner approach to WolfSSL without renegotiation - BUILD: ssl: allow to build without the renegotiation API of WolfSSL - BUG/MINOR: log: prevent saddr NULL deref in syslog_io_handler() 2025/03/14 : 3.0r1 (1.0.0-344.503) - BUG/MINOR: server: fix the "server-template" prefix memory leak - MINOR: log: handle log-forward "option host" - MINOR: log: add "option host" log-forward option - MINOR: tools: only print address in sa2str() when port == -1 - MINOR: log: provide source address information in syslog_process_message() - MINOR: proxy: add proxy->options3 - CLEANUP: log: add syslog_process_message() helper - MINOR: log: detach prepare from parse message 2025/03/13 : 3.0r1 (1.0.0-344.495) - DOC: management: rename some last occurences from domain "dns" to "resolvers" - BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity - MINOR: startup: adjust alert messages, when capabilities are missed - BUG/MINOR: cfgparse-tcp: relax namespace bind check - BUG/MINOR: stream: fix age calculation in "show sess" output - CI: github: fix h2spec.config proxy names - TESTS: ist: fix wrong array size - BUG/MEDIUM: server: properly initialize PROXY v2 TLVs - DOC: option redispatch should mention persist options - DOC: htx: clarify <mark> parameter for htx_xfer_blks() - BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks() - REGTESTS: Fix truncated.vtc to send 0-CRLF - BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED 2025/02/19 : 3.0r1 (1.0.0-342.482) - BUG/MEDIUM: spoe: Don't wakeup idle applets in loop during stopping - BUG/MINOR: spoe: Allow applet creation when closing the last one during stopping - BUG/MINOR: spoe: Check the shared waiting queue to shut applets during stopping - BUG/MINOR: mux-quic: handle closure of uni-stream - MINOR: mux-quic: change return value of qcs_attach_sc() - BUG/MEDIUM: mux-quic: do not attach on already closed stream - BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3 2025/02/17 : 3.0r1 (1.0.0-341.475) - HAPEE: ssl: enable USE_ENGINE automatically when OpenSSL < 3.0 - BUG/MINOR: startup: hap_register_feature() fix for partial feature name - MINOR: startup: allow hap_register_feature() to enable a feature in the list - BUILD: makefile: make ERR apply to build options as well 2025/01/28 : 3.0r1 (1.0.0-339.471) - MINOR: hapee: Update backports list - MINOR: epoll: permit to mask certain specific events - BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions" - BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES - BUG/MINOR: quic: do not increase congestion window if app limited 2025/01/23 : 3.0r1 (1.0.0-339.466) - BUG/MEDIUM: mux-h1: Properly close H1C if an error is reported before sending data - BUILD: quic: Move an ASSUME_NONNULL() for variable which is not null - MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount - BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours - BUG/MINOR: init: set HAPROXY_STARTUP_VERSION from the variable, not the macro - BUG/MAJOR: log/sink: possible sink collision in sink_new_from_srv() - BUG/MAJOR: quic: reject too large CRYPTO frames - BUG/MEDIUM: promex: Use right context pointers to dump backends extra-counters - BUG/MEDIUM: stktable: fix missing lock on some table converters - BUG/MINOR: quic: reject NEW_TOKEN frames from clients - BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey() 2025/01/09 : 3.0r1 (1.0.0-339.455) - BUILD: activity/memprofile: fix a build warning in the posix_memalign handler - MINOR: activity/memprofile: monitor non-portable calls as well - MINOR: activity/memprofile: also monitor strdup() activity - DEV: sock: Add a debug counter to track strange flag on fd during connect() - MINOR: debug/cli: replace "debug dev counters" with "debug counters" - MINOR: debug: add "debug dev counters" to list code counters - MINOR: debug: add a new debug macro COUNT_IF() - MEDIUM: debug: add match counters for BUG_ON/WARN_ON/CHECK_IF - CLEANUP: debug: make the BUG_ON() macros check the condition in the outer one - MINOR: sample: extend the "when" converter to support an ACL - MINOR: acl: export find_acl_default() - MINOR: sample: add the "when" converter to condition some expressions - MINOR: mux-h1: Add support of the debug string for logs - MINOR: mux-quic: measure QCS lifetime and its blocking state - MINOR: time: define tot_time structure - MINOR: quic: dump quic_conn debug string for logs - MINOR: mux-quic: implement debug string for logs - MINOR: mux-quic: define dump functions for QCC and QCS - MINOR: mux-h2: implement the debug string for logs - MINOR: stconn: add a new pair of sf functions {bs,fs}.debug_str - BUG/MEDIUM: h1-htx: Properly handle bodyless messages - BUG/MEDIUM: promex/resolvers: Don't dump metrics if no nameserver is defined - MINOR: config: Alert about extra arguments for errorfile and errorloc - DOC: config: add missing "track-sc0" in action keywords matrix - BUG/MINOR: stats: fix segfault caused by uninitialized value in "show schema json" - BUG/MEDIUM: queue: Make process_srv_queue return the number of streams - BUG/MINOR: h2/rhttp: fix HTTP2 conn counters on reverse - DOC: config: add "tune.lua.burst-timeout" to the list of global parameters - DOC: config: reorder "tune.lua.*" keywords by alphabetical order - DOC: config: add example for server "track" keyword - BUG/MEDIUM: queues: Do not use pendconn_grab_from_px(). - BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving - BUG/MEDIUM: stconn: Only consider I/O timers to update stream's expiration date - REGTESTS: ssl: add a PEM with mix of LF and CRLF line endings - BUG/MINOR: cli: cli_snd_buf: preserve \r\n for payload lines - BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY - BUG/MEDIUM: stats/server: use watcher to track server during stats dump - MINOR: list: define a watcher type - BUG/MINOR: stats: decrement srv refcount on stats-file release - BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state 2024/12/17 : 3.0r1 (1.0.0-339.415) - MINOR: ssl/cli: add -A to the 'show ssl sni' command description - MINOR: ssl/cli: allow to filter expired certificates with 'show ssl sni' - MINOR: ssl: add utils functions to extract X509 notAfter date - MINOR: ssl/cli: add negative filters to "show ssl sni" - CLEANUP: ssl: fix comment in 'show ssl sni' - DOC: management: fix typos and paragraph ordering in 'show ssl sni' - MEDIUM: ssl/cli: "show ssl sni" list the loaded SNI in frontends - MINOR: ssl: add notBefore and notAfter utility functions - MINOR: hapee/modules: report the per-stream allocated size for each module - BUG/MINOR: hapee/modules: do not send trailing LFs on "modules list" 2024/12/16 : 3.0r1 (1.0.0-339.405) - BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks - CLEANUP: mux-h2/traces: reword certain ambiguous traces - MINOR: mux-h2/traces: add a missing trace on negative initial window size - BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported - BUG/MINOR: signal: register default handler for SIGINT in signal_init() - BUG/MINOR: h1-htx: Use default reason if not set when formatting the response - BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry - BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided - BUG/MINOR: log: fix lf_text() behavior with empty string - MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding 2024/12/05 : 3.0r1 (1.0.0-339.395) - MINOR: stktable: implement "recv-only" table option 2024/11/27 : 3.0r1 (1.0.0-337.394) - BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set - BUG/MEDIUM: http-ana: Don't release too early the L7 buffer - DEV: lags/show-sess-to-flags: Properly handle fd state on server side - BUG/MAJOR: quic: fix wrong packet building due to already acked frames 2024/11/22 : 3.0r1 (1.0.0-337.390) - BUG/MAJOR: mux-h1: Properly handle wrapping on obuf when dumping the first-line - BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy() - MINOR: activity/memprofile: offer a function to unregister stale info - BUG/MINOR: activity/memprofile: reinitialize the free calls on DSO summary - BUG/MEDIUM: wdt: fix the stuck detection for warnings - BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler() - DOC: config: Improve documentation of tune.http.maxhdr directive - BUG/MEDIUM: h3: Increase max number of headers when sending headers - BUG/MEDIUM: h3: Properly limit the number of headers received - BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding - BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames - BUG/MINOR: http-ana: Adjust the server status before the L7 retries - DOC: configuration: wrap long line for "strstr()" conditional expression - DOC: configuration: explain quotes and spaces in conditional blocks - DOC: lua: fix yield-dependent methods expected contexts - DOC: config: Move fs.* and bs.* in section about L5 samples - DOC: config: Move wait_end in section about internal samples - DOC: config: Slightly improve the %Tr documentation - BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only - DOC: config: Fix a typo in "1.3.1. The Request line" - DOC: config: A a space before ':' for {bs,fs}.aborted and {bs,fs}.rst_code - BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state - BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID 2024/11/13 : 3.0r1 (1.0.0-337.363) - BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list - BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI - BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error - BUG/MINOR: guid/server: ensure thread-safety on GUID insert/delete - CLEANUP: guid: remove global tree export - BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO - MINOR: quic: extend return value of CRYPTO parsing - MINOR: quic: use dynamically allocated frame on parsing - MINOR: quic: simplify qc_parse_pkt_frms() return path - BUG/MEDIUM: quic: support wait-for-handshake - BUG/MINOR: stream: unblock stream on wait-for-handshake completion - MINOR: quic: notify connection layer on handshake completion - BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg} - BUG/MINOR: hapee: Makefile: bad substitution for MODVERSION variable - BUG/MINOR: hapee: relax __vers symbol check - MINOR: debug: move the "recover now" warn message after the optional notes - BUILD: Missing inclusion header for ssize_t type - BUILD: debug: also declare strlen() in __ABORT_NOW() - DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info - DEBUG: wdt: make the blocked traffic warning delay configurable - DEBUG: cli: make it possible for "debug dev loop" to trigger warnings - DEBUG: wdt: better detect apparently locked up threads and warn about them - MINOR: debug: add a function to dump a stuck thread - MINOR: wdt: move the local timers to a struct - MINOR: debug: remove the redundant process.thread_info array from post_mortem - MINOR: debug: also add fdtab and acitvity to struct post_mortem - MINOR: debug: also add a pointer to struct global to post_mortem - MINOR: debug: do not limit backtraces to stuck threads - MINOR: debug: print gdb hints when crashing - MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name - MINOR: rawsock: set connection error codes when returning from recv/send/splice - MINOR: connection: add more connection error codes to cover common errno - BUG/MINOR: stats: Fix the name for the total number of streams created - MINOR: cli/debug: show dev: add cmdline and version - MINOR: tcpcheck: Add support for an option host header value for httpchk option - BUG/MINOR: quic: fix malformed probing packet building - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry - DOC: config: document connection error 44 (reverse connect failure) - BUG/MEDIUM: promex: Fix dump of extra counters - MINOR: stream: Save last evaluated rule on invalid yield - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval - BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections - DOC: config: add missing glitch_{cnt,rate} sample definitions - DOC: config: add missing glitch_{cnt,rate} data types - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - BUG/MINOR: trace: stop rewriting argv with -dt - MINOR: cli: remove non-printable characters from 'debug dev fd' - MINOR: debug: store important pointers in post_mortem - MINOR: debug: place the post_mortem struct in its own section. - MINOR: debug: place a magic pattern at the beginning of post_mortem - MINOR: pools: export the pools variable - BUILD: debug: silence a build warning with threads disabled - BUG/MEDIUM: server: fix race on servers_list during server deletion - BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side - BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding - BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error - BUG/MINOR: server: fix dynamic server leak with check on failed init - MINOR: activity/memprofile: show per-DSO stats - MEDIUM: debug: on panic, make the target thread automatically allocate its buf - MINOR: debug: replace ha_thread_dump() with its two components - MINOR: debug: make ha_thread_dump_done() take the pointer to be used - MINOR: debug: slightly change the thread_dump_pointer signification - MINOR: debug: split ha_thread_dump() in two parts - MINOR: chunk: drop the global thread_dump_buffer - MINOR: debug: make mark_tainted() return the previous value - MINOR: activity/memprofile: always return "other" bin on NULL return address - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families - BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF - BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF - BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent - BUG/MINOR: mworker: fix mworker-max-reloads parser - DOC: config: fix rfc7239 forwarded typo in desc - BUG/MEDIUM: quic: avoid freezing 0RTT connections - BUG/MINOR: quic: avoid leaking post handshake frames - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc - BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter - BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify() - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid - BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send - BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new() - BUG/MEDIUM: queue: make sure never to queue when there's no more served conns - BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe - MINOR: arg: add an argument type for identifier - BUG/MEDIUM: server: server stuck in maintenance after FQDN change - MINOR: hapee/da: alert in case of incorrect data version - BUG/MINOR: hapee/da: enabling use of precompiled json database in 'deviceatlas-json-file' - MINOR: hapee: Update backports list and hapee commit list - BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade - BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding - MEDIUM: bwlim: Use a read-lock on the sticky session to apply a shared limit - MEDIUM: stick-table: Add support of a factor for IN/OUT bytes rates - MINOR: stream/stats: Expose the total number of streams ever created in stats - MINOR: stream/stats: Expose the current number of streams in stats - MINOR: stream: Support dynamic changes of the number of connection retries - MINOR: stream: Rely on a per-stream max connection retries value - MINOR: action: Export release_expr_int_action() release function - BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server - MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute() - BUG/MINOR: queue: make sure that maintenance redispatches server queue - BUG/MEDIUM: stream: make stream_shutdown() async-safe - MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG - MINOR: tools: do not attempt to use backtrace() on linux without glibc - BUILD: tools: only include execinfo.h for the real backtrace() function - BUG/MINOR: cfgparse-global: fix allowed args number for setenv - BUG/MINOR: server: make sure the HMAINT state is part of MAINT - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn - BUG/MEDIUM: cli: Be sure to catch immediate client abort - BUG/MINOR: mux-quic: report glitches to session - REGTESTS: shorten a bit the delay for the h1/h2 upgrade test - REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades - BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only - MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state - BUG/MINOR: h2: reject extended connect for h2c protocol - BUG/MINOR: h1: do not forward h2c upgrade header token - MINOR: connection: No longer include stconn type header in connection-t.h - BUG/MINOR: quic: prevent freeze after early QCS closure - BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM - MINOR: quic: implement function to check if STREAM is fully acked - MINOR: quic: convert qc_stream_desc release field to flags - BUG/MINOR: cfgparse-listen: fix option httpslog override warning message - BUG/MINOR: fix missing "'option httpslog' overrides previous 'option tcplog clf'..." detection - BUG/MINOR: fix missing "log-format overrides previous 'option tcplog clf'..." detection - BUG/MEDIUM: promex: Wait to have the request before sending the response - BUG/MEDIUM: cache/stats: Wait to have the request before sending the response - BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options - BUG/MINOR: peers: local entries updates may not be advertised after resync - BUG/MEDIUM: queue: implement a flag to check for the dequeuing - BUG/MINOR: clock: validate that now_offset still applies to the current date - BUG/MINOR: clock: make time jump corrections a bit more accurate - BUG/MINOR: polling: fix time reporting when using busy polling - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option - MEDIUM: hapee/51d: support data reload for 51Degrees V4 engine - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages - BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() - BUG/MEDIUM: clock: detect and cover jumps during execution - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load - MINOR: hapee: add a .hapee directory to list backporting notes - DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line - MINOR: config: Created env variables for http and tcp clf formats - MINOR: Implements new log format of option tcplog clf - BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only) - BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) - BUG/MEDIUM: quic: always validate sender address on 0-RTT - MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. - MINOR: quic: Implement qc_ssl_eary_data_accepted(). - MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) - BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder - MINOR: quic: Token for future connections implementation. - MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD - MINOR: quic: Implement quic_tls_derive_token_secret(). - MINOR: tools: Implement ipaddrcpy(). - BUG/MEDIUM: clock: also update the date offset on time jumps - BUILD: quic: 32bits build broken by wrong integer conversions for printf() - BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list - DOC: config: correct the table for option tcplog - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity - BUG/MINOR: h3: properly reject too long header responses - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails - BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID - REGTESTS: mcli: test the pipelined commands on master CLI - BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI - MINOR: channel: implement ci_insert() function - BUG/MINOR: proto_tcp: keep error msg if listen() fails - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails - BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE - BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion - BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" - BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() - BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc - BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn - DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted - BUG/MINOR: fcgi-app: handle a possible strdup() failure - BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync - BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams - BUG/MEDIUM: http-ana: Report error on write error waiting for the response - BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content - BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC - BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC - BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect - BUILD: mux-pt: Use the right name for the sedesc variable - BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path - BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set - BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak - BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut() - BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns - BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) - BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf - MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places - BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered - BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli - BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown - BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready - BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding - MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status - DOC: quic: fix default minimal value for max window size - MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck() - BUG/MINOR: hapee/da: fixed bug when using binary version of database - BUG/BUILD: hapee/da: added preprocessed source code generation for *.cpp files - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode." - MINOR: hapee/51d: add function that returns path to 51Degrees data file - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface" - BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) - BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() - MINOR: queue: add a function to check for TOCTOU after queueing - MEDIUM: h1: allow to preserve keep-alive on T-E + C-L - MINOR: quic: Add information to "show quic" for CUBIC cc. - MINOR: quic: Dump TX in flight bytes vs window values ratio. - BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature - BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) - MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface - BUG/MINOR: quic: Non optimal first datagram. - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution - BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter - DOC: config: improve the http-keep-alive section - DOC: configuration: issuers-chain-path not compatible with OCSP - BUG/MAJOR: mux-h2: force a hard error upon short read with pending error - BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path - DOC: install: don't reference removed CPU arg - BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts - BUG/MINOR: session: Eval L4/L5 rules defined in the default section - CLEANUP: quic: rename TID affinity elements - CLEANUP: proto: rename TID affinity callbacks - BUG/MEDIUM: quic: prevent crash on accept queue full - BUILD: listener: silence a build warning about unused value without threads - MINOR: proto: extend connection thread rebind API - BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past - DEV: flags/quic: decode quic_conn flags - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread - BUG/MEDIUM: h1: Reject empty Transfer-encoding header - BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value - BUG/MINOR: h1: Fail to parse empty transfer coding names - BUG/MINOR: jwt: fix variable initialisation - Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD" - BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx - DOC: configuration: update maxconn description - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD - BUG/MINOR: jwt: don't try to load files with HMAC algorithm - BUG/MEDIUM: server: fix race on server_atomic_sync() - DOC: configuration: more details about the master-worker mode - BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers - BUG/MINOR: promex: Remove Help prefix repeated twice for each metric - BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking - BUG/MINOR: quic: fix race-condition on trace for CID retrieval - BUG/MINOR: quic: fix race condition in qc_check_dcid() - BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() - BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid - BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid - BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error - MINOR: activity: make the memory profiling hash size configurable at build time - BUG/MINOR: server: fix first server template name lookup UAF - DOC: configuration: add details about crt-store in bind "crt" keyword - BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() - DEV: flags/show-fd-to-flags: adapt to recent versions - BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure - BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure - BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure - BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission - DOC: api/event_hdl: small updates, fix an example and add some precisions - SCRIPTS: git-show-backports: do not truncate git-show output - BUG/MAJOR: quic: fix padding with short packets - DOC: management: document ptr lookup for table commands - DOC: configuration: fix alphabetical order of bind options - BUG/MEDIUM: proxy: fix email-alert invalid free - REGTESTS: ssl: fix some regtests 'feature cmd' start condition - DEBUG: hlua: distinguish burst timeout errors from exec timeout errors - BUG/MINOR: log: fix broken '+bin' logformat node option - DOC: management: rename show stats domain cli "dns" to "resolvers" - DOC/MINOR: management: add -dZ option - DOC/MINOR: management: add missed -dR and -dv options - BUG/MINOR: quic: fix padding of INITIAL packets - BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request - CLEANUP: log/proxy: fix comment in proxy_free_common() - BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions - MINOR: proxy: add proxy_free_common() helper function - BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section - DOC: config: add missing context hint for new server and proxy keywords - DOC: config: add missing section hint for "guid" proxy keyword - DOC: config: move "hash-key" from proxy to server options - BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section - BUG/MINOR: proxy: fix header_unique_id leak on deinit() - BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() - BUG/MINOR: proxy: fix dyncookie_key leak on deinit() - BUG/MINOR: proxy: fix check_{command,path} leak on deinit() - BUG/MINOR: proxy: fix email-alert leak on deinit() - BUG/MINOR: proxy: fix log_tag leak on deinit() - BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() - MINOR: log: fix "http-send-name-header" ignore warning message - BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag - BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego - BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts - BUG/MINOR: quic: ensure Tx buf is always purged - BUG/MINOR: quic: fix computed length of emitted STREAM frames - BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL - BUG/MINOR: hapee: remove leading \n on __vers error - MEDIUM: hapee: warn on unsupported initcalls - BUG/MINOR: hapee: forbid to load a module twice - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path - BUG/MINOR: hlua: prevent LJMP in hlua_traceback() - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP - CLEANUP: hlua: use hlua_pusherror() where relevant - BUG/MINOR: quic: prevent crash on qc_kill_conn() - BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released - MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd - BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts - DOC: configuration: add an example for keywords from crt-store - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning - HAPEE: udp: update structs and functions required for the UDP module - BUILD: hapee/addons: fix build without USE_QUIC=1 - HAPEE: makefile: automatically build objects in addons/hapee_* - HAPEE: makefile: update the cleanup rule to also remove *.i from addons - HAPEE: addons: quic CID in -vv - HAPEE: addons: adds quic CID generator to interop with packetshield - MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules - MINOR: hapee/modules: check if we generate the API hash correctly - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk - BUG/MINOR: hapee/modules: initialize the module head list - BUILD: hapee/modules: select either md5 or md5sum - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs for 3.0r1 - BUILD: hapee/modules: update HAPEE version macro to 3.0r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support

HAPEE-LB 3.0r1 – Changelog