Changelog

version 3.0r1



2024/12/16 : 3.0r1 (1.0.0-339.415) - MINOR: ssl/cli: add -A to the 'show ssl sni' command description - MINOR: ssl/cli: allow to filter expired certificates with 'show ssl sni' - MINOR: ssl: add utils functions to extract X509 notAfter date - MINOR: ssl/cli: add negative filters to "show ssl sni" - CLEANUP: ssl: fix comment in 'show ssl sni' - DOC: management: fix typos and paragraph ordering in 'show ssl sni' - MEDIUM: ssl/cli: "show ssl sni" list the loaded SNI in frontends - MINOR: ssl: add notBefore and notAfter utility functions - MINOR: hapee/modules: report the per-stream allocated size for each module - BUG/MINOR: hapee/modules: do not send trailing LFs on "modules list" 2024/12/16 : 3.0r1 (1.0.0-339.405) - BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks - CLEANUP: mux-h2/traces: reword certain ambiguous traces - MINOR: mux-h2/traces: add a missing trace on negative initial window size - BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported - BUG/MINOR: signal: register default handler for SIGINT in signal_init() - BUG/MINOR: h1-htx: Use default reason if not set when formatting the response - BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry - BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided - BUG/MINOR: log: fix lf_text() behavior with empty string - MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding 2024/12/05 : 3.0r1 (1.0.0-339.395) - MINOR: stktable: implement "recv-only" table option 2024/11/27 : 3.0r1 (1.0.0-337.394) - BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set - BUG/MEDIUM: http-ana: Don't release too early the L7 buffer - DEV: lags/show-sess-to-flags: Properly handle fd state on server side - BUG/MAJOR: quic: fix wrong packet building due to already acked frames 2024/11/22 : 3.0r1 (1.0.0-337.390) - BUG/MAJOR: mux-h1: Properly handle wrapping on obuf when dumping the first-line - BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy() - MINOR: activity/memprofile: offer a function to unregister stale info - BUG/MINOR: activity/memprofile: reinitialize the free calls on DSO summary - BUG/MEDIUM: wdt: fix the stuck detection for warnings - BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler() - DOC: config: Improve documentation of tune.http.maxhdr directive - BUG/MEDIUM: h3: Increase max number of headers when sending headers - BUG/MEDIUM: h3: Properly limit the number of headers received - BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding - BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames - BUG/MINOR: http-ana: Adjust the server status before the L7 retries - DOC: configuration: wrap long line for "strstr()" conditional expression - DOC: configuration: explain quotes and spaces in conditional blocks - DOC: lua: fix yield-dependent methods expected contexts - DOC: config: Move fs.* and bs.* in section about L5 samples - DOC: config: Move wait_end in section about internal samples - DOC: config: Slightly improve the %Tr documentation - BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only - DOC: config: Fix a typo in "1.3.1. The Request line" - DOC: config: A a space before ':' for {bs,fs}.aborted and {bs,fs}.rst_code - BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state - BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID 2024/11/13 : 3.0r1 (1.0.0-337.363) - BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list - BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI - BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error - BUG/MINOR: guid/server: ensure thread-safety on GUID insert/delete - CLEANUP: guid: remove global tree export - BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO - MINOR: quic: extend return value of CRYPTO parsing - MINOR: quic: use dynamically allocated frame on parsing - MINOR: quic: simplify qc_parse_pkt_frms() return path - BUG/MEDIUM: quic: support wait-for-handshake - BUG/MINOR: stream: unblock stream on wait-for-handshake completion - MINOR: quic: notify connection layer on handshake completion - BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg} - BUG/MINOR: hapee: Makefile: bad substitution for MODVERSION variable - BUG/MINOR: hapee: relax __vers symbol check - MINOR: debug: move the "recover now" warn message after the optional notes - BUILD: Missing inclusion header for ssize_t type - BUILD: debug: also declare strlen() in __ABORT_NOW() - DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info - DEBUG: wdt: make the blocked traffic warning delay configurable - DEBUG: cli: make it possible for "debug dev loop" to trigger warnings - DEBUG: wdt: better detect apparently locked up threads and warn about them - MINOR: debug: add a function to dump a stuck thread - MINOR: wdt: move the local timers to a struct - MINOR: debug: remove the redundant process.thread_info array from post_mortem - MINOR: debug: also add fdtab and acitvity to struct post_mortem - MINOR: debug: also add a pointer to struct global to post_mortem - MINOR: debug: do not limit backtraces to stuck threads - MINOR: debug: print gdb hints when crashing - MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name - MINOR: rawsock: set connection error codes when returning from recv/send/splice - MINOR: connection: add more connection error codes to cover common errno - BUG/MINOR: stats: Fix the name for the total number of streams created - MINOR: cli/debug: show dev: add cmdline and version - MINOR: tcpcheck: Add support for an option host header value for httpchk option - BUG/MINOR: quic: fix malformed probing packet building - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry - DOC: config: document connection error 44 (reverse connect failure) - BUG/MEDIUM: promex: Fix dump of extra counters - MINOR: stream: Save last evaluated rule on invalid yield - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval - BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections - DOC: config: add missing glitch_{cnt,rate} sample definitions - DOC: config: add missing glitch_{cnt,rate} data types - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - BUG/MINOR: trace: stop rewriting argv with -dt - MINOR: cli: remove non-printable characters from 'debug dev fd' - MINOR: debug: store important pointers in post_mortem - MINOR: debug: place the post_mortem struct in its own section. - MINOR: debug: place a magic pattern at the beginning of post_mortem - MINOR: pools: export the pools variable - BUILD: debug: silence a build warning with threads disabled - BUG/MEDIUM: server: fix race on servers_list during server deletion - BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side - BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding - BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error - BUG/MINOR: server: fix dynamic server leak with check on failed init - MINOR: activity/memprofile: show per-DSO stats - MEDIUM: debug: on panic, make the target thread automatically allocate its buf - MINOR: debug: replace ha_thread_dump() with its two components - MINOR: debug: make ha_thread_dump_done() take the pointer to be used - MINOR: debug: slightly change the thread_dump_pointer signification - MINOR: debug: split ha_thread_dump() in two parts - MINOR: chunk: drop the global thread_dump_buffer - MINOR: debug: make mark_tainted() return the previous value - MINOR: activity/memprofile: always return "other" bin on NULL return address - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families - BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF - BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF - BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent - BUG/MINOR: mworker: fix mworker-max-reloads parser - DOC: config: fix rfc7239 forwarded typo in desc - BUG/MEDIUM: quic: avoid freezing 0RTT connections - BUG/MINOR: quic: avoid leaking post handshake frames - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc - BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter - BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify() - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid - BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send - BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new() - BUG/MEDIUM: queue: make sure never to queue when there's no more served conns - BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe - MINOR: arg: add an argument type for identifier - BUG/MEDIUM: server: server stuck in maintenance after FQDN change - MINOR: hapee/da: alert in case of incorrect data version - BUG/MINOR: hapee/da: enabling use of precompiled json database in 'deviceatlas-json-file' - MINOR: hapee: Update backports list and hapee commit list - BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade - BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding - MEDIUM: bwlim: Use a read-lock on the sticky session to apply a shared limit - MEDIUM: stick-table: Add support of a factor for IN/OUT bytes rates - MINOR: stream/stats: Expose the total number of streams ever created in stats - MINOR: stream/stats: Expose the current number of streams in stats - MINOR: stream: Support dynamic changes of the number of connection retries - MINOR: stream: Rely on a per-stream max connection retries value - MINOR: action: Export release_expr_int_action() release function - BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server - MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute() - BUG/MINOR: queue: make sure that maintenance redispatches server queue - BUG/MEDIUM: stream: make stream_shutdown() async-safe - MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG - MINOR: tools: do not attempt to use backtrace() on linux without glibc - BUILD: tools: only include execinfo.h for the real backtrace() function - BUG/MINOR: cfgparse-global: fix allowed args number for setenv - BUG/MINOR: server: make sure the HMAINT state is part of MAINT - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn - BUG/MEDIUM: cli: Be sure to catch immediate client abort - BUG/MINOR: mux-quic: report glitches to session - REGTESTS: shorten a bit the delay for the h1/h2 upgrade test - REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades - BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only - MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state - BUG/MINOR: h2: reject extended connect for h2c protocol - BUG/MINOR: h1: do not forward h2c upgrade header token - MINOR: connection: No longer include stconn type header in connection-t.h - BUG/MINOR: quic: prevent freeze after early QCS closure - BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM - MINOR: quic: implement function to check if STREAM is fully acked - MINOR: quic: convert qc_stream_desc release field to flags - BUG/MINOR: cfgparse-listen: fix option httpslog override warning message - BUG/MINOR: fix missing "'option httpslog' overrides previous 'option tcplog clf'..." detection - BUG/MINOR: fix missing "log-format overrides previous 'option tcplog clf'..." detection - BUG/MEDIUM: promex: Wait to have the request before sending the response - BUG/MEDIUM: cache/stats: Wait to have the request before sending the response - BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options - BUG/MINOR: peers: local entries updates may not be advertised after resync - BUG/MEDIUM: queue: implement a flag to check for the dequeuing - BUG/MINOR: clock: validate that now_offset still applies to the current date - BUG/MINOR: clock: make time jump corrections a bit more accurate - BUG/MINOR: polling: fix time reporting when using busy polling - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option - MEDIUM: hapee/51d: support data reload for 51Degrees V4 engine - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages - BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() - BUG/MEDIUM: clock: detect and cover jumps during execution - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load - MINOR: hapee: add a .hapee directory to list backporting notes - DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line - MINOR: config: Created env variables for http and tcp clf formats - MINOR: Implements new log format of option tcplog clf - BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only) - BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) - BUG/MEDIUM: quic: always validate sender address on 0-RTT - MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. - MINOR: quic: Implement qc_ssl_eary_data_accepted(). - MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) - BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder - MINOR: quic: Token for future connections implementation. - MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD - MINOR: quic: Implement quic_tls_derive_token_secret(). - MINOR: tools: Implement ipaddrcpy(). - BUG/MEDIUM: clock: also update the date offset on time jumps - BUILD: quic: 32bits build broken by wrong integer conversions for printf() - BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list - DOC: config: correct the table for option tcplog - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity - BUG/MINOR: h3: properly reject too long header responses - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails - BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID - REGTESTS: mcli: test the pipelined commands on master CLI - BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI - MINOR: channel: implement ci_insert() function - BUG/MINOR: proto_tcp: keep error msg if listen() fails - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails - BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE - BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion - BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" - BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() - BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc - BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn - DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted - BUG/MINOR: fcgi-app: handle a possible strdup() failure - BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync - BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams - BUG/MEDIUM: http-ana: Report error on write error waiting for the response - BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content - BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC - BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC - BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect - BUILD: mux-pt: Use the right name for the sedesc variable - BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path - BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set - BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak - BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut() - BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns - BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) - BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf - MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places - BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered - BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli - BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown - BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready - BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding - MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status - DOC: quic: fix default minimal value for max window size - MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck() - BUG/MINOR: hapee/da: fixed bug when using binary version of database - BUG/BUILD: hapee/da: added preprocessed source code generation for *.cpp files - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode." - MINOR: hapee/51d: add function that returns path to 51Degrees data file - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface" - BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) - BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() - MINOR: queue: add a function to check for TOCTOU after queueing - MEDIUM: h1: allow to preserve keep-alive on T-E + C-L - MINOR: quic: Add information to "show quic" for CUBIC cc. - MINOR: quic: Dump TX in flight bytes vs window values ratio. - BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature - BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) - MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface - BUG/MINOR: quic: Non optimal first datagram. - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution - BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter - DOC: config: improve the http-keep-alive section - DOC: configuration: issuers-chain-path not compatible with OCSP - BUG/MAJOR: mux-h2: force a hard error upon short read with pending error - BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path - DOC: install: don't reference removed CPU arg - BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts - BUG/MINOR: session: Eval L4/L5 rules defined in the default section - CLEANUP: quic: rename TID affinity elements - CLEANUP: proto: rename TID affinity callbacks - BUG/MEDIUM: quic: prevent crash on accept queue full - BUILD: listener: silence a build warning about unused value without threads - MINOR: proto: extend connection thread rebind API - BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past - DEV: flags/quic: decode quic_conn flags - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread - BUG/MEDIUM: h1: Reject empty Transfer-encoding header - BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value - BUG/MINOR: h1: Fail to parse empty transfer coding names - BUG/MINOR: jwt: fix variable initialisation - Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD" - BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx - DOC: configuration: update maxconn description - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD - BUG/MINOR: jwt: don't try to load files with HMAC algorithm - BUG/MEDIUM: server: fix race on server_atomic_sync() - DOC: configuration: more details about the master-worker mode - BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers - BUG/MINOR: promex: Remove Help prefix repeated twice for each metric - BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking - BUG/MINOR: quic: fix race-condition on trace for CID retrieval - BUG/MINOR: quic: fix race condition in qc_check_dcid() - BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() - BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid - BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid - BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error - MINOR: activity: make the memory profiling hash size configurable at build time - BUG/MINOR: server: fix first server template name lookup UAF - DOC: configuration: add details about crt-store in bind "crt" keyword - BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() - DEV: flags/show-fd-to-flags: adapt to recent versions - BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure - BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure - BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure - BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission - DOC: api/event_hdl: small updates, fix an example and add some precisions - SCRIPTS: git-show-backports: do not truncate git-show output - BUG/MAJOR: quic: fix padding with short packets - DOC: management: document ptr lookup for table commands - DOC: configuration: fix alphabetical order of bind options - BUG/MEDIUM: proxy: fix email-alert invalid free - REGTESTS: ssl: fix some regtests 'feature cmd' start condition - DEBUG: hlua: distinguish burst timeout errors from exec timeout errors - BUG/MINOR: log: fix broken '+bin' logformat node option - DOC: management: rename show stats domain cli "dns" to "resolvers" - DOC/MINOR: management: add -dZ option - DOC/MINOR: management: add missed -dR and -dv options - BUG/MINOR: quic: fix padding of INITIAL packets - BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request - CLEANUP: log/proxy: fix comment in proxy_free_common() - BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions - MINOR: proxy: add proxy_free_common() helper function - BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section - DOC: config: add missing context hint for new server and proxy keywords - DOC: config: add missing section hint for "guid" proxy keyword - DOC: config: move "hash-key" from proxy to server options - BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section - BUG/MINOR: proxy: fix header_unique_id leak on deinit() - BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() - BUG/MINOR: proxy: fix dyncookie_key leak on deinit() - BUG/MINOR: proxy: fix check_{command,path} leak on deinit() - BUG/MINOR: proxy: fix email-alert leak on deinit() - BUG/MINOR: proxy: fix log_tag leak on deinit() - BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() - MINOR: log: fix "http-send-name-header" ignore warning message - BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag - BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego - BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts - BUG/MINOR: quic: ensure Tx buf is always purged - BUG/MINOR: quic: fix computed length of emitted STREAM frames - BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL - BUG/MINOR: hapee: remove leading \n on __vers error - MEDIUM: hapee: warn on unsupported initcalls - BUG/MINOR: hapee: forbid to load a module twice - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path - BUG/MINOR: hlua: prevent LJMP in hlua_traceback() - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP - CLEANUP: hlua: use hlua_pusherror() where relevant - BUG/MINOR: quic: prevent crash on qc_kill_conn() - BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released - MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd - BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts - DOC: configuration: add an example for keywords from crt-store - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning - HAPEE: udp: update structs and functions required for the UDP module - BUILD: hapee/addons: fix build without USE_QUIC=1 - HAPEE: makefile: automatically build objects in addons/hapee_* - HAPEE: makefile: update the cleanup rule to also remove *.i from addons - HAPEE: addons: quic CID in -vv - HAPEE: addons: adds quic CID generator to interop with packetshield - MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules - MINOR: hapee/modules: check if we generate the API hash correctly - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk - BUG/MINOR: hapee/modules: initialize the module head list - BUILD: hapee/modules: select either md5 or md5sum - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs for 3.0r1 - BUILD: hapee/modules: update HAPEE version macro to 3.0r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support


HAPEE-LB 3.0r1 – Changelog