Search filters

Type

Section

Actions

Changelog - HAProxy Enterprise 1.7r2

#2020/04/02 : 1.7r2 (2.0.0-191.1077)

  • MINORproxy/http-anaAdd support of extra attributes for the cookie directive

#2019/10/23 : 1.7r2 (2.0.0-189.1076)

  • BUG/MINORstick-tablefix an incorrect 32 to 64 bit key conversion
  • MINORsampleAdd UUID-fetch
  • MINORtoolsimplement my_flsl()
  • DOCFix documentation about the cli command to get resolver stats
  • BUG/MINORWURFLfix send_log() function arguments
  • BUG/MEDIUMdacast the chunk to string.
  • BUG/MINORsampleMake the `field` converter compatible with `-m found`
  • BUG/MINORstick-tableNever exceed (MAX_SESS_STKCTR-1) when fetching a stkctr
  • BUG/MINORsslFix fd leak on error path when a TLS ticket keys file is parsed
  • BUG/MINORsslabort on sni_keytypes allocation failure
  • BUG/MINORsslabort on sni allocation failure
  • BUG/MINORsslfree the sni_keytype nodes
  • BUG/MEDIUMnamespaceclose open namespaces during soft shutdown
  • BUG/MINORhaproxyfix rule->file memory leak
  • BUG/MINORstream-intalso update analysers timeouts on activity
  • BUG/MEDIUMlb-chashEnsure the tree integrity when server weight is increased
  • BUG/MEDIUMlb-chashFix the realloc() when the number of nodes is increased
  • BUG/MINORluaProperly initialize the buffer's fields for string samples in hlua_lua2(smp|arg)
  • BUG/MINORluaSet right direction and flags on new HTTP objects
  • BUG/MINORhluaOnly execute functions of HTTP class if the txn is HTTP ready
  • MINORhluaAdd a flag on the lua txn to know in which context it can be used
  • MINORhluaDon't set request analyzers on response channel for lua actions
  • BUG/MEDIUMhluaCheck the calling direction in lua functions of the HTTP class
  • DOCimprove the wording in CONTRIBUTING about how to document a bug fix
  • BUG/MEDIUMcompressionSet Vary: Accept-Encoding for compressed responses
  • BUG/MEDIUMvarsmake the tcp/http unset-var() action support conditions
  • BUG/MEDIUMvarsmake sure the scope is always valid when accessing vars
  • CLEANUPconfigDon't alter listener->maxaccept when nbproc is set to 1
  • MINORconfigTest validity of tune.maxaccept during the config parsing
  • BUG/MINORaclFix memory leaks when an ACL expression is parsed
  • BUG/MAJORmap/aclreal fix segfault during show map/acl on CLI
  • BUG/MINORaclproperly detect pattern type SMP_T_ADDR
  • BUG/MEDIUMmapsonly try to parse the default value when it's present
  • BUG/MEDIUMpatternassign pattern IDs after checking the config validity
  • BUG/MEDIUMpeersfix a case where peer session is not cleanly reset on release.
  • BUILDmakefiledo not rely on shell substitutions to determine git version
  • BUILDmakefileuse :space: instead of digits to count commits
  • BUILDmakefilework around an old bug in GNU make-3.80
  • BUG/MEDIUMtcp-checkunbreak multiple connect rules again
  • BUG/MEDIUMhttpalso reject messages where chunked is missing from transfer-enoding
  • BUG/MEDIUMproto-httpAlways start the parsing if there is no outgoing data
  • BUG/MINORhttp-rulesmention deny_status for deny in the error message
  • BUG/MINORhttpCall stream_inc_be_http_req_ctr() only one time per request
  • BUG/MINORhttp/countersfix missing increment of fe->srv_aborts
  • BUG/MINORtcpDon't alter counters returned by tcp info fetchers

#2019/04/16 : 1.7r2 (2.0.0-187.1031)

  • MINORsslAdd aes_gcm_dec converter
  • BUG/MAJORcheckssegfault during tcpcheck_main
  • BUG/MAJORstatsFix how huge POST data are read from the channel

#2019/03/12 : 1.7r2 (2.0.0-186.1028)

  • BUG/MAJORstreamavoid double free on unique_id
  • BUG/MEDIUMhapee/51dfix a segfault on exit when 51d configuration is not loaded

#2019/02/06 : 1.7r2 (2.0.0-186.1026)

  • BUG/MINORconfigmake sure to count the error on incorrect track-sc/stick rules
  • BUG/MINORspoecorrected fragmentation string size
  • BUG/MEDIUMsslFix handling of TLS 1.3 KeyUpdate messages
  • BUG/MEDIUMsslDisable anti-replay protection and set max data with 0RTT.
  • BUG/MAJORcachefix confusion between zero and uninitialized cache key
  • DOChttp-request cache-use / http-response cache-store expects cache name
  • BUG/MEDIUMluadead lock when Lua tasks are trigerred
  • BUG/MINORluabad args are returned for Lua actions
  • BUG/MINORluaReturn an error if a legacy HTTP applet doesn't send anything
  • BUG/MEDIUMserverAlso copy check-sni for server templates.
  • DOCrefer to check-sni in the documentation of sni
  • DOCclarify that check-sni needs an argument.
  • BUG/MINORcfgparseFix the call to post parser of the last sections parsed
  • BUG/MINORcfgparseFix transition between 2 sections with the same name
  • BUG/MINORsslssl_sock_parse_clienthello ignores session id
  • BUG/MAJORhttphttp_txn_get_path() may deference an inexisting buffer
  • BUG/MINORonly auto-prefer last server if lb-alg is non-deterministic
  • BUG/MINORonly mark connections private if NTLM is detected
  • DOCcacheMissing information about total-max-size
  • BUG/MINORsslWrong usage of shctx_init().
  • BUG/MINORcacheWrong usage of shctx_init().
  • BUG/MINORcacheCrashes with total-max-size > 2047(MB).
  • BUG/MAJORspoeverify that backends used by SPOE cover all their callers' processes
  • BUG/MAJORconfigverify that targets of track-sc and stick rules are present
  • BUG/MEDIUMstreamDon't forget to free s->unique_id in stream_free().
  • BUG/MINORstreamdon't close the front connection when facing a backend error
  • SCRIPTSadd the issue tracker URL to the announce script
  • SCRIPTSadd the slack channel URL to the announce script
  • BUG/MINORdeinittcp_rep.inspect_rules not deinit, add to deinit
  • DOCmention the effect of nf_conntrack_tcp_loose on src/dst
  • BUG/MINORcheckWake the check task if the check is finished in wake_srv_chk()
  • BUG/MINORserverdon't always trust srv_check_health when loading a server state
  • BUG/MINORstick_tablePrevent conn_cur from underflowing
  • BUG/MINORbackendBE_LB_LKUP_CHTREE is a value, not a bit
  • BUG/MINORbackendbalance uri specific options were lost across defaults
  • BUG/MINORbackenddon't use url_param_name as a hint for BE_LB_ALGO_PH
  • BUG/MEDIUMsslmissing allocation failure checks loading tls key file
  • BUG/MAJORstream-intUpdate the stream expiration date in stream_int_notify()
  • BUG/MEDIUMdnsoverflowed dns name start position causing invalid dns error
  • DOCrestore note about independant typo
  • DOCUpdate configuration doc about the maximum number of stick counters.
  • BUGdnsFix out-of-bounds read via signedness error in dns_validate_dns_response()
  • BUG/MEDIUMdnsDon't prevent reading the last byte of the payload in dns_validate_response()
  • BUGdnsPrevent out-of-bounds read in dns_validate_dns_response()
  • BUGdnsPrevent out-of-bounds read in dns_read_name()
  • BUGdnsPrevent stack-exhaustion via recursion loop in dns_read_name
  • MINORstatsreport the number of active jobs and listeners in show info
  • BUG/MEDIUMsampleDon't treat SMP_T_METH as SMP_T_STR.
  • BUG/MINORconfigCopy default error messages when parsing of a backend starts
  • DOCfix reference to map files in MAINTAINERS
  • MINORpeersuse defines instead of enums to appease clang.
  • MINORcfgparseWrite 130 as 128 as 0x82 and 0x80.
  • MINORserverUse memcpy() instead of strncpy().
  • BUG/MEDIUMbuffersMake sure we don't wrap in buffer_insert_line2/replace2.
  • DOCclarify force-private-cache is an option
  • BUG/MINORtoolsfix set_net_port() / set_host_port() on IPv4
  • BUG/MEDIUMhluaMake sure we drain the output buffer when done.
  • BUG/MEDIUMluareset lua transaction between http requests
  • DOCFix spelling error in configuration doc
  • BUG/MINORmapfix map_regm with backref
  • BUG/MINORunixMake sure we can transfer abns sockets on seamless reload.
  • BUG/MEDIUMcachedon't cache when an Authorization header is present
  • BUG/MINORsslempty connections reported as errors.
  • BUG/MEDIUMsslfix missing error loading a keytype cert from a bundle.
  • BUG/MEDIUMluapossible CLOSE-WAIT state with '\n' headers
  • BUG/MINORserversDon't make server in a frontend fatal.
  • BUG/MEDIUMqueueprevent a backup server from draining the proxy's connections
  • BUG/MEDIUMluasocket timeouts are not applied
  • BUG/MINORluaBad HTTP client request duration.
  • BUG/MEDIUMsslloading dh param from certifile causes unpredictable error.
  • BUILDGenerate sha256 checksums in publish-release
  • BUG/MAJORmapfix a segfault when using http-request set-map
  • SCRIPTSgit-show-backportsadd missing quotes to echo
  • BUG/MINORconfigstick-table is not supported in defaults section
  • BUG/MEDIUMstatsdon't ask for more data as long as we're responding
  • BUG/MEDIUMstream-intdon't immediately enable reading when the buffer was reportedly full
  • BUG/MINORluaSegfaults with wrong usage of types.
  • BUG/MAJORluaDead lock with sockets
  • MINORtask/notificationIs notifications registered ?
  • BUG/MEDIUMlua/socketLength required read doesn't work
  • BUG/MINORssl/luaprevent lua from affecting automatic maxconn computation
  • BUG/MINORluaSocket.send threw runtime error: 'close' needs 1 arguments.

#2018/05/18 : 1.7r2 (2.0.0-183.944)

  • BUG/MINORspoeMistake in error message about SPOE configuration
  • BUG/MINORluaensure large proxy IDs can be represented
  • BUG/MINORmapcorrectly track reference to the last ref_elt being dumped
  • BUG/MINORchecksFix check->health computation for flapping servers

#2018/04/30 : 1.7r2 (2.0.0-183.940)

  • BUG/MINORspoeFix parsing of dontlog-normal option
  • BUG/MINORspoeFix counters update when processing is interrupted
  • BUG/MINORconfigdisable http-reuse on TCP proxies
  • BUG/MAJORchannelFix crash when trying to read from a closed socket
  • BUG/MEDIUMtcp-checksingle connect rule can't detect DOWN servers
  • CLEANUPsslRemove a duplicated #include
  • BUILD/MINORfix Lua build on Mac OS X (again)
  • MINOR/BUILDfix Lua build on Mac OS X
  • CLEANUPFix typo in ARGT_MSK6 comment
  • CLEANUPsampleFix outdated comment about sample casts functions
  • CLEANUPsampleFix comment encoding of sample.c
  • BUG/MINORpolltoo large size allocation for FD events
  • DOCclarify the scope of ssl_fc_is_resumed

#2018/04/19 : 1.7r2 (2.0.0-183.927)

  • DOCluaupdate the links to the config and Lua API
  • BUILDsampleavoid build warning in sample.c
  • MEDIUMsampleExtend functionality for field/word converters
  • MINORproxyAdd fe_defbe fetcher
  • MINORcliEnsure the CLI always outputs an error when it should
  • BUG/MINORcliGuard against NULL messages when using CLI_ST_PRINT_FREE
  • BUG/MINORhttpReturn an error in proxy mode when url2sa fails
  • BUG/MAJORcachealways initialize newly created objects
  • BUG/MAJORcachefix random crashes caused by incorrect delete() on non-first blocks
  • BUG/MINORcachefix show cache output
  • BUG/MINORlua funtion hlua_socket_settimeout don't check negative values
  • BUG/MINORluathe function returns anything
  • BUG/MINORcliEnsure all command outputs end with a LF
  • DOCdon't suggest using http-server-close
  • DOClogmore than 2 log servers are allowed
  • BUILD/BUGenable -fno-strict-overflow by default
  • MINORlogstop emitting alerts when it's not possible to write on the socket
  • BUG/MINORemail-alertSet the mailer port during alert initialization
  • BUG/MINORtcp-checkuse the server's service port as a fallback
  • BUG/MINORluareturn bad error messages
  • BUG/MINORspoa-exampleunexpected behavior for more than 127 args
  • BUG/MINORcliFix a crash when sending a command with too many arguments
  • BUG/MINORseemless reload: Fix crash when an interface is specified.
  • BUG/MINORdnsdon't downgrade DNS accepted payload size automatically
  • BUG/MINORforce-persist and ignore-persist only apply to backends
  • BUG/MINORcliFix a typo in the 'set rate-limit' usage
  • BUG/MINORcliFix a crash when passing a negative or too large value to show fd
  • BUG/MINORcliuse global.maxsock and not maxfd to list all FDs
  • BUG/MINORunixDon't mess up when removing the socket from the xfer_sock_list.
  • BUG/MINORsessionFix tcp-request session failure if handshake.
  • BUG/MEDIUMbufferFix the wrapping case in bi_putblk
  • BUG/MEDIUMbufferFix the wrapping case in bo_putblk

#2018/04/06 : 1.7r2 (2.0.0-183.895)

  • MINORspoeAdd counters to log info about SPOE agents
  • MINORspoeuse agent's logger to log SPOE messages
  • MINORspoeAdd support for option dontlog-normal in the SPOE agent section
  • MINORspoeAdd loggers dedicated to the SPOE agent
  • MINORspoeAdd options to store processing times in variables
  • MINORspoeAdd metrics in to know time spent in the SPOE
  • BUG/MINORspoeDon't forget to decrement fpa when a processing is interrupted
  • BUG/MINORspoeRegister the variable to set when an error occurred
  • BUG/MINORspoeDon't release the context buffer in .check_timeouts callbaclk
  • BUG/MINORspoeInitialize variables used during conf parsing before any check
  • CLEANUPspoeRemove unused label retry
  • MINORlogmove 'log' keyword parsing in dedicated function
  • BUG/MEDIUMstream-intDon't loss write's notifs when a stream is woken up
  • BUG/MEDIUMsrv-statealways ensure there's a warmup task before manipulating it

#2018/03/01 : 1.7r2 (2.0.0-181.881)

  • BUG/MEDIUMspoeRemove idle applets from idle list when HAProxy is stopping

#2018/02/22 : 1.7r2 (2.0.0-181.880)

  • MINORdebug/poolsmake DEBUG_UAF also detect underflows
  • BUG/MINORdebug/poolsproperly handle out-of-memory when building with DEBUG_UAF
  • MINORssl/sampleadds ssl_bc_is_resumed fetch keyword.
  • MINORsampleadd a new concat converter
  • DOCcfgparseWarn on option (tcp|http)log in backend
  • DOCluanew prototype for function register_action()
  • BUG/MEDIUMhttpSwitch the HTTP response in tunnel mode as earlier as possible
  • BUG/MEDIUMsslShutdown the connection for reading on SSL_ERROR_SYSCALL
  • BUG/MEDIUMsslDon't always treat SSL_ERROR_SYSCALL as unrecovarable.
  • BUG/MINORconfigdon't emit a warning when global stats is incompletely configured
  • DOCMention -Ws in the list of available options
  • DOCDescribe routing impact of using interface keyword on bind lines
  • BUG/MEDIUMstandardFix memory leak in str2ip2()
  • MINORpoolsimplement DEBUG_UAF to detect use after free
  • MINORpoolsprepare functions to override malloc/free in pools
  • BUILDcompileradd a new type modifier __maybe_unused
  • MINORconfigAdd support for ARGT_MSK6
  • MINORstandardAdd str2mask6 function
  • BUG/MINORsampleFix output type of c_ipv62ip
  • CLEANUPstandardUse len2mask4 in str2mask

#2018/02/06 : 1.7r2 (2.0.0-181.860)

  • MINORconfigEnable tracking of up to MAX_SESS_STKCTR stick counters.
  • MINORstick-tablesAdds support for new gpc1 and gpc1_rate counters.
  • MEDIUMsampleAdd IPv6 support to the ipmask converter
  • MINORspoeAdd max-waiting-frames directive in spoe-agent configuration
  • MEDIUMspoeUse an ebtree to manage idle applets
  • MINORspoeCount the number of frames waiting for an ack for each applet
  • MINORspoeReplace sending_rate by a frequency counter
  • MINORspoeAlways link a SPOE context with the applet processing it
  • MINORspoeRemove check on min_applets number when a SPOE context is queued
  • BUG/MEDIUMspoeAllow producer to read and to forward shutdown on request side
  • BUG/MEDIUMspoeAlways try to receive or send the frame to detect shutdowns
  • MINORsampleadd date_us sample
  • BUG/MINORmworkeronly write to pidfile if it exists
  • BUG/MEDIUMmworkerexecvp failure depending on argv[0]
  • BUG/MEDIUMsslcache doesn't release shctx blocks
  • BUG/MAJORnetscaleraddress truncated CIP header detection
  • BUG/MEDIUMnetscaleruse the appropriate IPv6 header size
  • BUGMINORhttp: don't check http-request capture id when len is provided

#2018/01/15 : 1.7r2 (2.0.0-181.842)

  • MINORsamplerename the len converter to length
  • MINORsampleadd len converter
  • BUG/MEDIUMstreamproperly handle client aborts during redispatch
  • BUG/MINORluaFix return value of Socket.settimeout
  • DOCluaFix typos in comments of hlua_socket_receive
  • BUG/MINORluaFix default value for pattern in Socket.receive
  • BUG/MEDIUMhttpdon't automatically forward request close
  • BUG/MEDIUMluafix crash when using bogus mode in register_service()
  • BUG/MEDIUMhttpdon't disable lingering on requests with tunnelled responses
  • CONTRIBiprangeFix compiler warning in iprange.c
  • DOC1.7 is stable
  • MINORchecksdon't create then kill a dummy connection before tcp-checks
  • MINORtcp-checkmake tcpcheck_main() take a check, not a connection
  • MINORspoeDon't queue a SPOE context if nothing is sent
  • MINORspoeadd register-var-names directive in spoe-agent configuration
  • MINORspoeadd force-set-var option in spoe-agent configuration
  • MINORdon't close stdio anymore
  • BUG/MEDIUMmworkerdon't close stdio several time
  • DOC/MINORconfigurationtypo, formatting fixes
  • BUG/MEDIUMcachedon't cache the response on no-cache=set-cookie
  • BUG/MEDIUMcacherespect the request cache-control header
  • BUG/MEDIUMcachereplace old object on store
  • BUG/MEDIUMcachedo not try to retrieve host-less requests from the cache
  • MINORhttpadd a function to check request's cache-control header field
  • BUG/MINORcachedo not force the TX_CACHEABLE flag before checking cacheability
  • BUG/MINORhttpproperly detect max-age=0 and s-maxage=0 in responses
  • BUG/MINORhttpdo not ignore cache-control: public
  • MINORhttpstart to compute the transaction's cacheability from the request
  • MINORhttpupdate the list of cacheable status codes as per RFC7231
  • MINORhttpadjust the list of supposedly cacheable methods
  • CONTRIBhalogFix compiler warnings in halog.c
  • DOC/MINORintrotypo, wording, formatting fixes
  • BUG/MEDIUMmworkerSet FD_CLOEXEC flag on log fd
  • MINORmodulesAdd the ability to register variable and functions.

#2017/12/13 : 1.7r2 (2.0.0-181.808)

  • CONTRIBhalogAdd help text for -s switch in halog program
  • MINORmworkerImprove wording in `void mworker_wait()`
  • MINORmworkerUpdate messages referencing exit-on-failure
  • BUG/MEDIUMpeersset NOLINGER on the outgoing stream interface
  • BUG/MEDIUMssl engines: Fix async engines fds were not considered to fix fd limit automatically.
  • BUG/MEDIUMmworkeralso close peers sockets in the master
  • CLEANUPcachemore efficiently pack the struct cache

#2017/12/11 : 1.7r2 (2.0.0-181.801)

  • MEDIUM51duse fiftyoneDegreesProvider to access the pool and dataset

#2017/12/05 : 1.7r2 (2.0.0-181.800)

  • BUG/MINORsslsupport tune.ssl.cachesize 0 again
  • BUG/MINORactionDon't check http capture rules when no id is defined
  • BUG/MINORmworkerdetach from tty when in daemon mode
  • BUG/MINORmworkerfix validity check for the pipe FDs
  • BUILDconfigfix accidental ha_warning() in cfgparse.c
  • MINORconfigreport when monitor fail rules are misplaced
  • BUILDchecksdon't include server.h
  • MAJORmworkerexits the master on failure
  • BUG/MINORsystemdignore daemon mode
  • MEDIUMmworkerAdd systemd `Type=notify` support
  • MINORhttpimplement the http-request reject rule
  • BUG/MEDIUMcachebad computation of the remaining size
  • DOCcacheupdate sections and fix some typos
  • DOCcacheconfiguration and management
  • MEDIUMcachemax-age configuration keyword
  • MINORcachereplace a fprint() by an abort()
  • MINORcachemove the refcount decrease in the applet release
  • BUG/MEDIUMcachefree ressources in chn_end_analyze
  • MEDIUMcachestore sha1 for hashing the cache key
  • BUG/MINORstreamfix tv_request calculation for applets
  • BUG/MEDIUMcache fix cli_kws structure
  • BUG/MEDIUMcacherefcount forbids to free the objects
  • BUG/MEDIUMcacheuse key=0 as a condition for freeing
  • MEDIUMcacheshow cache on the cli
  • CLEANUPcachereorder includes
  • CLEANUPcacheremove wrong comment
  • MEDIUMcacheenable the HTTP analysers
  • CLEANUPcacheremove unused struct
  • BUG/MEDIUMcachefree callback to remove from tree
  • BUG/MEDIUMssldon't allocate shctx several time
  • MEDIUMshctxuse unsigned int for len and block_count
  • MINORsslHandle early data with BoringSSL
  • MINORsslHandle reading early data after writing better.
  • MINORsslDon't disable early data handling if we could not write.
  • BUG/MINORsslAlways start the handshake if we can't send early data.
  • MINORsslMake sure we don't shutw the connection before the handshake.
  • MINORSSLStore the ASN1 representation of client sessions.
  • MINORconfigSupport partial ranges in cpu-map directive
  • MINORconfigAdd auto-increment feature for cpu-map
  • MINORstandardAdd my_ffsl function to get the position of the bit set to one
  • MINORconfigExport parse_process_number and use it wherever it's applicable
  • MINORconfigSlightly change how parse_process_number works
  • MINORconfigSupport a range to specify processes in cpu-map parameter
  • MINORconfigbackport the new cpu-map parser
  • CONTRIBspoa_exampleremove SPOE enums that are useless for clients
  • CONTRIBspoa_exampleremove last dependencies on type sample
  • CONTRIBspoa_exampleremove bref, wordlist, cond_wordlist
  • CONTRIBspoa_exampleallow to compile outside HAProxy.
  • BUG/MEDIUMkqueueDon't bother closing the kqueue after fork.
  • BUG/MEDIUMstreamalways release the stream-interface on abort
  • BUG/MINORUse crt_base instead of ca_base when crt is parsed on a server line
  • BUG/MEDIUMdeinitcorrectly deinitialize the proxy and global listener tasks
  • BUG/MINORlistenerAllow multiple process options on bind lines
  • BUG/MAJORstreamensure analysers are always called upon close
  • BUG/MEDIUMdeviceatlasignore not valuable HTTP request data
  • BUG/MEDIUMstreamdon't ignore res.analyse_exp anymore
  • MINORtestsadd a python wrapper to test inherited fd
  • BUG/MEDIUMmworkerdoes not close inherited FD
  • MINORcachedisable cache if shctx_row_data_append fail
  • MINORcacheforward data with headers
  • BUG/MEDIUMcacheuse msg->sov to forward header
  • BUG/MEDIUMmworkerFix re-exec when haproxy is started from PATH
  • MINORlistenersmake listeners count consistent with reality
  • MINORlistenersnew function create_listeners
  • MINORunixremove the now unused proto_uxst.h file
  • MINORprotocolsregister the ->add function and stop calling them directly
  • MINORprotocolsalways pass a port argument to the listener creation
  • BUG/MEDIUMmworkerdoes not deinit anymore
  • BUG/MEDIUMmworkerwait again for signals when execvp fail
  • MINORmworkerdisplay an accurate error when the reexec fail
  • CONTRIBWireshark dissector for HAProxy Peer Protocol.
  • DOCpeersAdd a first version of peers protocol v2.1.
  • BUG/MINORspoecheck buffer size before acquiring or releasing it
  • BUG/MEDIUMcachedoes not cache if no Content-Length
  • MEDIUMhttpalways reject the PRI method
  • MINORpeersdon't reference the incoming listener on outgoing connections
  • BUG/MAJORstreamin stream_free(), close the front endpoint and not the origin
  • CLEANUPtaskremove all initializations to TICK_ETERNITY after task_new()
  • DOCAdd note about encrypted password CPU usage
  • BUILDuse MAXPATHLEN instead of NAME_MAX.
  • MINORstandardAdd memvprintf function
  • BUG/MINORmailersFix a memory leak when email alerts are released
  • MAJORdnsRefactor the DNS code
  • BUG/MINORluaconst attribute of a string is overridden
  • BUG/MINORtoolsfix my_htonll() on x86_64
  • MINORtoolsmake my_htonll() more efficient on x86_64
  • MINORserverHandle weight increase in consistent hash.
  • BUG/MINORstream-intdon't set MSG_MORE on closed request path
  • BUG/MINORstream-intdon't set MSG_MORE on SHUTW_NOW without AUTO_CLOSE
  • CLEANUUPchecksdon't set conn->handle.fd to -1
  • MINORconnectionensure conn_ctrl_close() also resets the fd
  • BUILDshctxdo not depend on openssl anymore
  • BUILDsslfix build of backend without ssl
  • MINORsslHandle sending early data to server.
  • MINORsslSpell 0x10101000L correctly.
  • MINORsslHandle session resumption with TLS 1.3
  • MINORsslRemove the global allow-0rtt option.
  • MINORsslDon't abuse ssl_options.
  • MINORssl/proto_httpAdd keywords to take care of early data.
  • BUILDMakefiledisable -Wunused-label
  • BUG/MINORchecksDon't forget to release the connection on error case.
  • MEDIUMsslHandle early data with OpenSSL 1.1.1
  • MINORhttpMark the 425 code as Too Early.
  • REORGhttpmove the HTTP/1 header block parser to h1.c
  • REORGhttpmove the HTTP/1 chunk parser to h1.{c,h}
  • REORGhttpmove some very http1-specific parts to h1.{c,h}
  • MINORhttpexport some of the HTTP parser macros
  • BUILDmodulesupdate HAPEE version macro to 1.7r2
  • MINORactionAdd a functions to check http capture rules
  • MINORmworkerdo not store child pid anymore in the pidfile
  • MINORmworkerwrite parent pid in the pidfile
  • MINORmworkerallow pidfile in mworker + foreground
  • MINORadd master-worker in the warning about nbproc
  • BUG/MINORcliadd severity in set server addr parser
  • BUG/MINORclido not perform an invalid action on set server check-port
  • BUG/MAJORbuffersfix get_buffer_nc() for data at end of buffer
  • BUG/MEDIUMcachedon't try to resolve wrong filters
  • BUILDshctxallow to be built without openssl
  • MINORcacheDon't confuse act_return and act_parse_ret.
  • MINORcacheRemove useless test for nonzero.
  • MEDIUMcachedeliver objects from cache
  • MEDIUMcachestore objects in cache
  • MEDIUMcacheconfiguration parsing and initialization
  • MEDIUMshctxforbid shctx to read more than expected
  • BUG/MINORdnsFix CLI keyword declaration
  • MEDIUMspoe/rulesProcess send-spoe-group action
  • MINORspoeAdd a generic function to encode a list of SPOE message
  • MINORspoeAdd a type to qualify the message list during encoding
  • MINORspoeMove message encoding in its own function
  • MEDIUMspoe/rulesAdd send-spoe-group action for tcp/http rules
  • MEDIUMspoeParse new spoe-group section in SPOE config file
  • MINORspoeCheck uniqness of SPOE engine names during config parsing
  • MEDIUMspoeAdd support of ACLS to enable or disable sending of SPOE messages
  • MINORaclPass the ACLs as an explicit parameter of build_acl_cond
  • MINORactionFactorize checks on rules calling check_ptr if defined
  • MINORactionAdd function to check rules using an action ACT_ACTION_TRK_*
  • MINORactionAdd a function pointer in act_rule struct to check its validity
  • MINORactionUse trk_idx instead of tcp/http_trk_idx
  • MINORactionAdd trk_idx inline function
  • BUG/MINORspoaUpdate pointer on the end of the frame when a reply is encoded
  • BUG/MINORspoeDon't compare engine name and SPOE scope when both are NULL
  • MINORshctxrename lock functions
  • MEDIUMshctxseparate ssl and shctx
  • REORGshctxmove ssl functions to ssl_sock.c
  • MEDIUMshctxallow the use of multiple shctx
  • REORGshctxmove lock functions and struct
  • MEDIUMlistslist_for_each_entry{_safe}_from functions
  • CLEANUPshctxget ride of the shsess_packet{_hdr} structures
  • MINORsslgenerated certificate is missing in switchctx early callback
  • MINORsslsupport Openssl 1.1.1 early callback for switchctx
  • MINORbufferadd the buffer input manipulation functions
  • MEDIUMsslconvert CBS (BoringSSL api) usage to neutral code
  • MINORhluaAdd regex class
  • MINORluaadd uuid to the Class Proxy
  • BUG/MEDIUMprevent buffers being overwritten during build_logline() execution
  • MINORssldon't abort after sending 16kB
  • MEDIUMcfgparsepost parsing registration
  • MEDIUMcfgparsepost section callback
  • MINORsampleadd the hex2i converter
  • MINORsampleadd the sha1 converter
  • BUG/MINORunixproperly check for octal digits in the mode argument
  • BUILDMakefileimprove detection of support for compiler warnings
  • BUILDMakefileshut certain gcc/clang stupid warnings
  • BUILDMakefileadd a function to detect support by the compiler of certain options
  • TESTSistadd a test file for the functions
  • IMPORTsha1import SHA1 functions
  • BUG/MINORclirestore set ssl tls-key command
  • BUG/MINORsslOCSP_single_get0_status can return -1
  • BUG/MINORsslocsp response with 'revoked' status is correct
  • MINORsslbuild with recent BoringSSL library
  • BUILDsslsupport OPENSSL_NO_ASYNC #define
  • CONTRIBtracereport the base name only for file names
  • CONTRIBtracetry to display the function's return value on exit
  • CONTRIBtraceadd the possibility to place trace calls in the code
  • MINORchannelmake the channel be a const in all {ci,co}_get* functions
  • MINORchannelmake use of bo_getblk{,_nc} for their channel equivalents
  • REORGchannelfinally rename the last bi_* / bo_* functions
  • MINORbuffermake bo_getblk_nc() not return 2 for a full buffer
  • MINORbufferadd bo_getblk() and bo_getblk_nc()
  • MINORbufferadd buffer_space_wraps()
  • MINORbufferadd two functions to inject data into buffers
  • MINORbufferadd a function to match against string patterns
  • MINORbufferadd bo_del() to delete a number of characters from output
  • MINORbufferadd b_end() and b_to_end()
  • MINORbufferadd b_del() to delete a number of characters
  • MINORistimplement very simple indirect strings
  • MINORchunksadd chunk_memcpy() and chunk_memcat()
  • MINORcheckFix checks when using SRV records.
  • BUG/MINORstatsClear a bit more counters with in cli_parse_clear_counters().
  • MINORchecksAdd a new keyword to specify a SNI when doing SSL checks.
  • BUG/MEDIUMsslfix OCSP expiry calculation
  • MINORserveradd the srv_queue() sample fetch method
  • MINORcompilerrestore the likely() wrapper for gcc 5.x
  • TESTSchecksadd a simple test config for tcp-checks
  • TESTSchecksadd a simple test config for external checks
  • BUG/MINORcontrib/modsecurityclose the va_list ap before return
  • BUG/MINORcontrib/mod_defenderclose the va_list argp before return
  • MINORsslRemove useless checks on bind_conf or bind_conf->is_ssl
  • BUG/MINORdnsFix check on nameserver in snr_resolution_cb
  • BUG/MINORspoeDon't rely on SPOE ctx in debug message when its creation failed
  • MINORadd severity information to cli feedback messages
  • MINORcliadd socket commands and config to prepend informational messages with severity
  • MINORnet_helperInline functions meant to be inlined.
  • MINORsslrework smp_fetch_ssl_fc_cl_str without internal ssl use
  • CLEANUPmemoryRemove unused function pool_destroy
  • DOCAdd note about * prefix in CSV stats
  • MINORsslremove duplicate ssl_methods in struct bind_conf
  • DOCRefer to Mozilla TLS info / config generator
  • DOCadd CLI info on privilege levels
  • BUG/MINORstream-intdon't check the CO_FL_CURR_WR_ENA flag
  • OPTIMluadon't add Connection: close on the response
  • OPTIMluadon't use expensive functions to parse headers in the HTTP applet
  • MINORluaproperly process the contents of the content-length field
  • BUG/MEDIUMdnsfix accepted_payload_size parser to avoid integer overflow
  • BUG/MINORdnswrong resolution interval lead to 100% CPU
  • CLEANUPdnsremove duplicated code in dns_validate_dns_response()
  • CLEANUPdnsremove duplicated code in dns_resolve_recv()
  • MINORdnsmake SRV record processing more verbose
  • MINORdnsautomatic reduction of DNS accpeted payload size
  • MINORdnsMaximum DNS udp payload set to 8192
  • BUG/MINORdnsserver set by SRV records stay in no resolution status
  • BUG/MINORWrong type used as argument for spoe_decode_buffer().
  • MINORdnsdefault hold obsolete timeout set to 0
  • MINORdnsenabled edns0 extension and make accpeted payload size tunable
  • MINORdnsnew dns record type (RTYPE) for OPT
  • MINORdnsenable caching of responses for server set by a SRV record
  • MINORdnsability to use a SRV resolution for multiple backends
  • MINORdnsmake debugging function dump_dns_config() compatible with SRV records
  • MINORdnsduplicate entries in resolution wait queue for SRV records
  • MINORdnsupdate dns response buffer reading pointer due to SRV record
  • MINORdnsupdate record dname matching for SRV query types
  • MINORdnsUpdate analysis of TRUNCATED response for SRV records
  • MINORinitFix CPU affinity setting on FreeBSD.
  • CLEANUPraw_sockUse a better name for the constructor than __ssl_sock_deinit()
  • BUILD/MINORbuild without openssl still broken
  • BUILDsslreplace SSL_CTX_get0_privatekey for openssl < 1.0.2
  • MINORdocDocument SRV label usage.
  • MINORdnsHandle SRV records.
  • MINORobjAdd a new type of object, OBJ_TYPE_SRVRQ.
  • MINORdnsCache previous DNS answers.
  • MINORsslallow to start without certificate if strict-sni is set
  • MINORAdd server port field to server state file.
  • BUG/MEDIUMsslFix regression about certificates generation
  • MINORssladd no-ca-names parameter for bind
  • BUG/MEDIUMstreamdon't retry SSL connections which fail the SNI name check
  • MINORssladd a new error codes for wrong server certificates
  • BUG/MINORsslmake use of the name in SNI before verifyhost
  • BUG/MINORsslFix check against SNI during server certificate verification
  • MINORtaskalways preinitialize the task's timeout in task_init()
  • MINORsamplesDon't allocate memory for SMP_T_METH sample when method is known
  • MINORsamplesHandle the type SMP_T_METH in smp_is_safe and smp_is_rw
  • MINORsamplesHandle the type SMP_T_METH when we duplicate a sample in smp_dup
  • MINORmemoryremove macros
  • BUILDsslfix compatibility with openssl without TLSEXT_signature_*
  • MINORsslremove an unecessary SSL_OP_NO_* dependancy
  • BUG/MINORsslremove haproxy SSLv3 support when ssl lib have no SSLv3
  • BUG/MINORcontrib/mod_defenderbuild fix
  • BUG/MINORcontrib/modsecurityBSD build fix
  • BUG/MINORhttpFix bug introduced in previous patch in http_resync_states
  • MINORhttpRely on analyzers mask to end processing in forward_body functions
  • BUG/MINORLuavariable already initialized
  • BUG/MINORPrevent a use-after-free on error scenario on option -x.
  • OPTIMssldon't consider a small ssl_read() as an indication of end of buffer
  • MINORsslcompare server certificate names to the SNI on outgoing connections
  • BUG/MAJORhttpfix buffer overflow on loguri buffer.
  • MINORcompressionUse a memory pool to allocate compression states
  • BUG/MEDIUMmworkerdon't reuse PIDs passed to the master
  • MINORmworkerdon't copy -x argument anymore in copy_argv()
  • BUG/MINORsslBe sure that SSLv3 connection methods exist for openssl < 1.1.0
  • CONTRIBplug qdiscs: Plug queuing disciplines mini HOWTO.
  • BUILDscriptsadd a quiet mode to publish-release
  • BUILDscriptsadd an automatic mode for publish-release
  • BUILDscriptsmake publish-release support bare repositories
  • BUG/MEDIUMmisplaced exit and wrong exit code
  • BUG/MINORwarningneed_resend may be used uninitialized
  • BUG/MEDIUMbuild without openssl broken
  • BUG/MINORssldo not call directly the conn_fd_handler from async_fd_handler
  • BUG/MAJORsslbuffer overflow using offloaded ciphering on async engine
  • BUG/MAJORsslfix segfault on connection close using async engines.
  • MEDIUMssldisable SSLv3 per default for bind
  • MINORsslsupport ssl-min-ver and ssl-max-ver with crt-list
  • MEDIUMsslctx_set_version/ssl_set_version func for methodVersions table
  • REORGsslmove defines and methodVersions table upper
  • CLEANUPconnectionremove unused CO_FL_WAIT_DATA
  • MINORtoolsmake debug_hexdump() take a string prefix
  • MINORtoolsmake debug_hexdump() use a const char for the string
  • CLEANUPstr2mask return code comment: non-zero -> zero.
  • MINORAdd Mod Defender integration as contrib
  • BUILDsslfix build with OPENSSL_NO_ENGINE
  • MEDIUMsystemdType=forking in unit file
  • DOCadd documentation for the master-worker mode
  • MAJOR/REORGdnsDNS resolution task and requester queues
  • MINORdnsintroduce roundrobin into the internal cache (WIP)
  • MINORdnsmake 'ancount' field to match the number of saved records
  • MINORdnsimplement a LRU cache for DNS resolutions
  • MAJORdnssave a copy of the DNS response in struct resolution
  • MINORdnsnew snr_check_ip_callback function
  • REORGdnsdns_option structure, storage of hostname_dn
  • MINORdnsparse_server() now uses srv_alloc_dns_resolution()
  • MINORdnsfunctions to manage memory for a DNS resolution structure
  • MINORdnssmallest DNS fqdn size
  • CLEANUPserver.cmissing prototype of srv_free_dns_resolution
  • MAJORsystemd-wrapperget rid of the wrapper
  • MEDIUMmworkerworkers exit when the master leaves
  • MEDIUMmworkerexit-on-failure option
  • MEDIUMmworkertry to guess the next stats socket to use with -x
  • MEDIUMmworkerwait mode on reload failure
  • MEDIUMmworkerhandle reload and signals
  • MEDIUMmworkerreplace systemd mode by master worker mode
  • MINORboringsslbasic support for OCSP Stapling
  • MEDIUMsslhandle multiple async engines
  • MAJORssladd openssl async mode support
  • MEDIUMssladd basic support for OpenSSL crypto engine
  • CLEANUPretire obsoleted USE_GETSOCKNAME build option
  • MEDIUMsslssl-min-ver and ssl-max-ver compatibility.
  • MEDIUMssladd ssl-min-ver and ssl-max-ver parameters for bind and server
  • MINORsslshow methods supported by openssl
  • MINORsslsupport TLSv1.3 for bind and server
  • MEDIUMsslcalculate the real min/max TLS version and find holes
  • MEDIUMsslssl_methods implementation is reworked and factored for min/max tlsxx
  • MEDIUMsslrevert ssl/tls version settings relative to default-server.
  • MINORssladd prefer-client-ciphers
  • BUG/MINORcontrib/mod_securityfix build on FreeBSD
  • CONTRIBtcploopadd action X to execute a command
  • BUG/MINORsslfix warnings about methods for opensslv1.1.
  • MINORAdd ModSecurity wrapper as contrib
  • MINORproto-httpAdd sample fetch wich returns all HTTP headers
  • MINORAdd binary encoding request header sample fetch
  • REORGspoemove spoe_encode_varint / spoe_decode_varint from spoe to common
  • BUG/MINORchange header-declared function to static inline
  • CLEANUPluaremove test
  • BUILD/MINORtoolsfix build warning in debug_hexdump()
  • CLEANUPservermoving netinet/tcp.h inclusion
  • MINORhttpAdd debug messages when HTTP body analyzers are called
  • MINORhttpremove useless check on HTTP_MSGF_XFER_LEN for the request
  • CLEANUPbuffersRemove buffer_contig_area and buffer_work_area functions
  • CLEANUPbuffersRemove buffer_bounce_realign function
  • CLEANUPhttpRemove channel_congested function
  • CLEANUPtimecurr_sec_ms doesn't need to be exported
  • MEDIUMkqueueonly set FD_POLL_IN when there are pending data
  • MEDIUMkqueuetake care of EV_EOF to improve polling status accuracy
  • MINORkqueueexclusively rely on the kqueue returned status
  • BUILDsslfix OPENSSL_NO_SSL_TRACE for boringssl and libressl
  • BUILDsslsimplify SSL_CTX_set_ecdh_auto compatibility
  • CLEANUPconnectioncompletely remove CO_FL_WAKE_DATA
  • MEDIUMconnectiondon't test for CO_FL_WAKE_DATA
  • TESTSadd a test configuration to stress handshake combinations
  • CLEANUPhttpmake http_server_error() not set the status anymore
  • MINORhttp-request tarpit deny_status.
  • MEDIUMhttp_error_messagetxn->status / http_get_status_idx.
  • CLEANUPRemove comment that's no longer valid
  • DOCspoeUpdate SPOE documentation to reflect recent changes
  • MINORspoeAdd max-frame-size statement in spoe-agent section
  • MINORspoeAdd send-frag-payload option in spoe-agent section
  • MINORspoeRely on alertif_too_many_arg during configuration parsing
  • MINORspoeAdd pipelining and async options in spoe-agent section
  • MINORspoeAdd support of negation for options in SPOE configuration file
  • MINORspoeImprove implementation of the payload fragmentation
  • REORGspoeMove low-level encoding/decoding functions in dedicated header file
  • REORGspoeMove struct and enum definitions in dedicated header file
  • MINORspoeHandle NOTIFY frames cancellation using ABORT bit in ACK frames
  • MAJORspoerefactor the filter to clean up the code
  • MINORspoeAdd support for fragmentation capability in the SPOA example
  • MAJORspoeAdd support of payload fragmentation in NOTIFY frames
  • MINORspoeUse the min of all known max_frame_size to encode messages
  • MEDIUMspoeBe sure to wakeup the good entity waiting for a buffer
  • MINORspoeCheck the scope of sample fetches used in SPOE messages
  • MINORspoeSend a log message when an error occurred during event processing
  • MINORspoeAdd status code in error variable instead of hardcoded value
  • MINORspoeRemove SPOE details from the appctx structure
  • MINORspoeAdd support for pipelining/async capabilities in the SPOA example
  • MAJORspoeAdd support of pipelined and asynchronous exchanges with agents
  • MINORsslimproved cipherlist captures
  • BUG/MINORsslfix cipherlist captures with sustainable SSL calls
  • MEDIUMssladd new sample-fetch which captures the cipherlist
  • BUG/MEDIUMsslin bind line, ssl-options after 'crt' are ignored.
  • MEDIUMsslremove ssl-options from crt-list
  • BUILDsslfix build with -DOPENSSL_NO_DH
  • MINORsslremoves SSL_CTX_set_ssl_version call and cleanup CTX creation.
  • BUG/MEDIUMsslfix verify/ca-file per certificate
  • MEDIUMboringsslsupport native multi-cert selection without bundling
  • BUG/MAJORsslfix a regression in ssl_sock_shutw()
  • BUILDsslkill a build warning introduced by BoringSSL compatibility
  • BUILDsslfix to build (again) with boringssl
  • MINORssladd curve suite for ECDHE negotiation
  • MAJORsslbind configuration per certificat
  • MINORssldon't show prefer-server-ciphers output
  • MINORcompressionfix -vv output without zlib/slz
  • BUG/MINORsslassert on SSL_set_shutdown with BoringSSL
  • MINORtoolsadd a generic hexdump function for debugging
  • MEDIUMregexpcre2 support
  • CLEANUPsslmove most ssl-specific global settings to ssl_sock.c
  • CLEANUPsslmove tlskeys_finalize_config() to a post_check callback
  • MINORssl_sockimplement and use prepare_srv()/destroy_srv()
  • MINORconnectionadd new prepare_srv()/destroy_srv() entries to xprt_ops
  • CLEANUPconnectionunexport raw_sock and ssl_sock
  • CLEANUPconnectionremove all direct references to raw_sock and ssl_sock
  • MINORconnectionadd a minimal transport layer registration system
  • MINORssl_sockimplement ssl_sock_destroy_bind_conf()
  • MINORconnectionadd a new destroy_bind_conf() entry to xprt_ops
  • MEDIUMssl_sockimplement ssl_sock_prepare_bind_conf()
  • MINORconnectionadd a new prepare_bind_conf() entry to xprt_ops
  • MEDIUMsslremote the proxy argument from most functions
  • MEDIUMmove listener->frontend to bind_conf->frontend
  • MINORlistenermove the transport layer pointer to the bind_conf
  • MEDIUMspoedon't create a dummy listener for outgoing connections
  • MEDIUMcfgparsemove ssl-dh-param-file parsing to ssl_sock
  • MINORcfgparsemove parsing of ssl-default-{bind,server}-ciphers to ssl_sock
  • MEDIUMcfgparsemove maxsslconn parsing to ssl_sock
  • MEDIUMcfgparsemove all tune.ssl.* keywords to ssl_sock
  • MINORcfgparsemove parsing of ca-base and crt-base to ssl_sock
  • CLEANUPdamove global settings out of the global section
  • CLEANUP51dmove global settings out of the global section
  • CLEANUPdaregister the deinitialization function
  • CLEANUP51dregister the deinitialization function
  • CLEANUPwurflregister the deinit function via the dedicated list
  • CLEANUPauthuse the build options list to report its support
  • MEDIUMcompressionmove the zlib-specific stuff from global.h to compression.c
  • CLEANUPcompressionuse the build options list to report the algos
  • CLEANUPwurflmove global settings out of the global section
  • CLEANUPdamake use of the late init registration code
  • CLEANUP51dmake use of the late init registration
  • CLEANUPwurflmake use of the late init registration
  • CLEANUPfiltersuse the function registration to initialize all proxies
  • CLEANUPchecksmake use of the post-init registration to start checks
  • CLEANUPssluse the build options list to report the SSL details
  • CLEANUPregexuse the build options list to report the regex type
  • CLEANUPluause the build options list to report it
  • CLEANUPtcpuse the build options list to report transparent modes
  • CLEANUPnamespacesuse the build options list to report it
  • CLEANUPdause the build options list to report it
  • CLEANUP51duse the build options list to report it
  • CLEANUPwurfluse the build options list to report it
  • MEDIUMluaremove Lua struct from session, and allocate it with memory pools
  • BUG/MINORluamemleak when Lua/cli fails
  • MINORappctx/cliremove the tlskeys entry from the appctx union
  • MINORappctx/cliremove the server_state entry from the appctx union
  • MINORappctx/cliremove the dns entry from the appctx union
  • MINORappctx/cliremove the be entry from the appctx union
  • MINORappctx/cliremove the env entry from the appctx union
  • MINORappctx/cliremove the cli_socket entry from the appctx union
  • CLEANUPstatsmove a misplaced stats context initialization
  • CLEANUPappletgroup all CLI contexts together
  • MINORlua/signalsRemove Lua part from signals.
  • MEDIUMluause memory pool for hlua struct in applets
  • CLEANUPluarename one of the lua appctx union
  • CLEANUPappletremove the now unused appctx->private field
  • CLEANUPapplet/tableadd an action entry in ->table context
  • CLEANUPapplet/luacreate a dedicated ->fcn entry in hlua_cli context
  • MINORcliRemove useless call to bi_putchk
  • MINORdnsimprove DNS response parsing to use as many available records as possible
  • MINORlogAdd logurilen tunable.
  • MEDIUMproxyzombify proxies only when the expose-fd socket is bound
  • MINORsampleAdd b64dec sample converter
  • MINORservercli: Add server FQDNs to server-state file and stats socket.
  • BUG/MINORserverFix a wrong error message during 'usesrc' keyword parsing.
  • BUILD/MINORstatsremove unexpected argument to stats_dump_json_header()
  • MEDIUMstatsAdd show json schema
  • MEDIUMstatsAdd JSON output option to show (info|stat)
  • BUILD/MINOR51dfix warning when building with 51Degrees release version 3.2.12.12
  • DOCfix some typos
  • DOC51dUpdated git URL and instructions for getting Hash Trie data files.
  • DOC51dadd 51Degrees git URL that points to release version 3.2.12.12
  • BUG/MAJORstream-intdon't re-arm recv if send fails
  • BUG/MEDIUMhttpReturn an error when url_dec sample converter failed
  • BUG/MINORtcp-checkdon't initialize then break a connection starting with a comment
  • BUG/MEDIUMtcp-checkdon't call tcpcheck_main() from the I/O handlers!
  • BUG/MINORtcp-checkdon't quit with pending data in the send buffer
  • BUG/MEDIUMtcp-checkproperly indicate polling state before performing I/O
  • BUG/MEDIUMtcp/httpset-dst-port action broken
  • BUG/MINORcontrib/halogfixing small memory leak
  • BUG/MINORlogfixing small memory leak in error code path.
  • BUG/MINORcompressionCheck response headers before http-response rules eval
  • BUG/MEDIUMcompressionFix check on txn in smp_fetch_res_comp_algo
  • BUG/MINORLuaThe socket may be destroyed when we try to access.
  • BUG/MEDIUMhttpClose streams for connections closed before a redirect
  • BUG/MEDIUMepollensure we always consider HUP and ERR
  • BUG/MEDIUMhttpFix a regression bug when a HTTP response is in TUNNEL mode
  • BUG/MEDIUMstreamproperly set the required HTTP analysers on use-service
  • BUG/MEDIUMluaHTTP services must take care of body-less status codes
  • BUG/MINORluaFix bitwise logic for hlua_server_check_* functions.
  • BUG/MEDIUMconnectionremove useless flag CO_FL_DATA_RD_SH
  • BUG/MEDIUMclifix show fd crash when dumping closed FDs
  • BUILD/MINORclishut a minor gcc warning in show fd
  • MINORpeersAdd additional information to stick-table definition messages.
  • MINORcliadd a new show fd command
  • MINORlisteneradd a function to return a listener's state as a string
  • DOCfix alphabetical order of show commands in management.txt
  • MINORcliadd two general purpose pointers and integers in the CLI struct
  • MINORluaAdd lists of frontends and backends
  • DOCluaProxy class doc update
  • MINORluaAdd proxy as member of proxy object.
  • BUG/MINORluaalways detach the tcp/http tasks before freeing them
  • BUG/MINORluaCorrectly use INET6_ADDRSTRLEN in Server.get_addr()
  • BUG/MINORluaFix Server.get_addr() port values
  • BUG/MAJORhttpFix possible infinity loop in http_sync_(req|res)_state
  • BUG/MEDIUMhttpSwitch HTTP responses in TUNNEL mode when body length is undefined
  • MINORhttpSwitch requests/responses in TUNNEL mode only by checking txn flags
  • MINORhttpReorder/rewrite checks in http_resync_states
  • BUG/MINORhttpSet the response error state in http_sync_res_state
  • DOCUpdated 51Degrees git URL to point to a stable version.
  • BUILDluareplace timegm() with my_timegm() to fix build on Solaris 10
  • MINORtoolsadd a portable timegm() alternative
  • DOCupdate the list of OpenSSL versions in the README
  • DOCupdate CONTRIBUTING regarding optional parts and message format
  • BUG/MEDIUMluabad memory access
  • BUG/MAJORlua/socketresources not detroyed when the socket is aborted
  • BUG/MINORluaexecutes the function destroying the Lua session in safe mode
  • BUG/MINORluaIn error case, the safe mode is not removed
  • BUG/MINORpeerspeer synchronization issue (with several peers sections).
  • BUG/MINORhttpproperly handle all 1xx informational responses
  • BUG/MEDIUMfiltersBe sure to call flt_end_analyze for both channels
  • BUG/MINORhttpDon't reset the transaction if there are still data to send
  • BUG/MINORstreamDon't forget to remove CF_WAKE_ONCE flag on response channel
  • BUG/MEDIUMmap/aclfix unwanted flags inheritance.
  • DOCfix references to the section about time format.
  • BUG/MAJORcompressionBe sure to release the compression state in all cases
  • BUG/MAJORmapfix segfault during 'show map/acl' on cli.
  • BUG/MAJORclifix custom io_release was crushed by NULL.
  • BUG/MINORstreamflag TASK_WOKEN_RES not set if task in runqueue
  • BUG/MINORlogpin the front connection when front ip/ports are logged
  • BUG/MINORhaproxy/cli : fix for solaris/illumos distros for CMSG* macros
  • SCRIPTScreate-releaseenforce GIT_COMMITTER_{NAME|EMAIL} validity
  • scriptscreate-release pass -n to tail
  • BUG/MAJORserverSegfault after parsing server state file.
  • BUG/MEDIUMpeersPeers CLOSE_WAIT issue.
  • BUG/MINORhttp/filtersBe sure to wait if a filter loops in HTTP_MSG_ENDING
  • BUG/MINORaclsSet the right refflag when patterns are loaded from a map
  • BUG/MINORbuffersFix bi/bo_contig_space to handle full buffers
  • DOCfix references to the section about the unix socket
  • BUG/MEDIUMcfgparseCheck if tune.http.maxhdr is in the range 1..32767
  • BUG/MEDIUMhttpDrop the connection establishment when a redirect is performed
  • BUG/MINORWrong peer task expiration handling during synchronization processing.
  • BUG/MEDIUMunixnever unlink a unix socket from the file system
  • MINORwarning on multiple -x
  • BUG/MEDIUMfix segfault when no argument to -x option
  • DOCAdd documentation for new server-template keyword.
  • MINORserverAdd server_template_init() function to initialize servers from a templates.
  • MINORserverAdd 'server-template' new keyword supported in backend sections.
  • MINORserverExtract the code which finalizes server initializations after 'server' lines parsing.
  • MINORserverExtract the code responsible of copying default-server settings.
  • BUG/MAJORBroken parsing for valid keywords provided after 'source' setting.
  • BUG/MEDIUMserverWrong server default CRT filenames initialization.
  • DOCserverAdd docs for server and default-server new no-* and other settings.
  • MINORserverAdd 'no-agent-check' server keyword.
  • MINORserverMake 'default-server' support 'disabled' keyword.
  • MINORserverMake 'default-server' support 'addr' keyword.
  • MINORserverMake 'default-server' support 'sni' keyword.
  • MINORserverMake 'default-server' support 'source' keyword.
  • MINORserverMake 'default-server' support 'namespace' keyword.
  • MINORserverMake 'default-server' support 'tcp-ut' keyword.
  • MINORserverMake 'default-server' support 'ciphers' keyword.
  • MINORserverMake 'default-server' support 'cookie' keyword.
  • CLEANUPconfigTypo in comment.
  • MINORcliLet configure the dynamic cookies from the cli.
  • MINORserverAdd dynamic session cookies.
  • MINORserverMake 'default-server' support 'observe' keyword.
  • MINORserverMake 'default-server' support 'redir' keyword.
  • MINORserverMake 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
  • MINORserverMake 'default-server' support 'track' setting.
  • MINORserverMake 'default-server' support 'check' keyword.
  • MINORserverMake 'default-server' support 'verifyhost' setting.
  • MINORserverMake 'default-server' support 'verify' keyword.
  • CLEANUPservercode alignement.
  • MINORserverMake 'default-server' support 'send-proxy-v2-ssl*' keywords.
  • MINORserverMake 'default-server' support 'ssl' keyword.
  • MINORserverMake 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords.
  • CLEANUPservercode alignement.
  • MINORserverMake 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords.
  • MINORserverMake 'default-server' support 'check-ssl' keyword.
  • MINORserverMake 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords.
  • MINORserverMake 'default-server' support 'non-stick' keyword.
  • CLEANUPservercode alignement.
  • MINORserverMake 'default-server' support 'check-send-proxy' keyword.
  • MINORserverMake 'default-server' support 'backup' keyword.
  • MINORservermove the use_ssl field out of the ifdef USE_OPENSSL
  • MINORcliadd 'expose-fd listeners' to pass listeners FDs
  • MINORcliadd ACCESS_LVL_MASK to store the access level
  • MINORsystemd wrapper: add support for passing the -x option.
  • MINORsocket transfer: Set a timeout on the socket.
  • MINORproxyDon't close FDs if not our proxy.
  • MINORdocdocument the -x flag
  • MINORtcpWhen binding socket, attempt to reuse one from the old proc.
  • MINORglobalAdd an option to get the old listening sockets.
  • MINORcliAdd a command to send listening sockets.
  • BUG/MAJORhttpcall manage_client_side_cookies() before erasing the buffer
  • BUG/MINORMakefilefix compile error with USE_LUA=1 in ubuntu16.04
  • BUG/MEDIUMluasegfault if a converter or a sample doesn't return anything
  • BUG/MAJORdnsBroken kqueue events handling (BSD systems).
  • BUG/MINORchecksdon't send proxy protocol with agent checks
  • DOCupdate RFC references
  • BUG/MINORhttpFix conditions to clean up a txn and to handle the next request
  • MINOR/DOCluajust precise one thing
  • BUG/MINORhash-balance-factor isn't effective in certain circumstances
  • MEDIUMconfigdon't check config validity when there are fatal errors
  • BUG/MEDIUMluamemory leak
  • DOCerrloc/errorloc302/errorloc303 missing status codes.
  • DOCadd layer 4 links/cross reference to block keyword.
  • BUG/MINORservermissing default server 'resolvers' setting duplication.
  • BUG/MINORserverdon't use proxy when px is really meant.
  • BUG/MAJORUse -fwrapv.
  • BUG/MEDIUMaclproprely release unused args in prune_acl_expr()
  • CLEANUPlogstypo: simgle => single
  • MINORluaensure the memory allocator is used all the time
  • BUG/MEDIUMacldon't free unresolved args in prune_acl_expr()
  • BUG/MEDIUMargensure that we properly unlink unresolved arguments on error
  • BUG/MINORargdon't try to add an argument on failed memory allocation
  • BUG/MINORconfigmissing goto out after parsing an incorrect ACL character
  • BUG/MINORdnsWrong address family used when creating IPv6 sockets.
  • DOCstick-table is available in frontend sections
  • DOCmention lighttpd 1.4.46 implements PROXY
  • DOCupdate sample code for PROXY protocol
  • DOCadd few comments to examples.
  • DOCchanged block(deprecated) examples to http-request deny
  • MINORconfig parsing: add warning when log-format/tcplog/httplog is overriden in defaults sections
  • DOClog-format/tcplog/httplog update
  • DOCupdate the contributing file
  • DOCfix parenthesis and add missing Example tags
  • BUG/MINORfiltersDon't force the stream's wakeup when we wait in flt_end_analyze
  • BUG/MEDIUMhttpFix blocked HTTP/1.0 responses when compression is enabled
  • BUG/MEDIUMbuffersFix how input/output data are injected into buffers
  • BUG/MEDIUMpeersfix buffer overflow control in intdecode.
  • BUILDscriptsfix typo in announce-release error message
  • BUILDmake the release script use shortlog for the final changelog
  • MINORAdd hostname sample fetch
  • CLEANUPReplace repeated code to count usable servers with be_usable_srv()
  • MINORAdd nbsrv sample converter
  • BUG/MEDIUMtcpdon't require privileges to bind to device
  • MINORdocfix use-server example (imap vs mail)
  • MINORserverirrelevant error message with 'default-server' config file keyword.
  • BUG/MINORcfgparseloop in tracked servers lists not detected by check_config_validity().
  • MEDIUMglobaladd a 'hard-stop-after' option to cap the soft-stop time
  • DOCProtocol doc: add noop TLV
  • DOCProtocol doc: add SSL TLVs, rename CHECKSUM
  • DOCProtocol doc: add checksum, TLV type ranges
  • DOC/MINORFix typos in proxy protocol doc
  • OPTIMpollenable support for POLLRDHUP
  • BUG/MINORraw_sockalways perfom the last recv if RDHUP is not available
  • MINORfdadd a new flag HAP_POLL_F_RDHUP to struct poller
  • BUG/MEDIUMstreamfix client-fin/server-fin handling
  • MINORdoc2.4. Examples should be 2.5. Examples
  • BUG/MAJORhttpfix typo in http_apply_redirect_rule
  • BUGpayloadfix payload not retrieving arbitrary lengths
  • BUG/MEDIUMconnectionensure to always report the end of handshakes
  • BUG/MAJORstream-intdo not depend on connection flags to detect connection
  • BUG/MEDIUMfiltersFix channels synchronization in flt_end_analyze
  • BUG/MEDIUMlistenerdo not try to rebind another process' socket
  • CONTRIBtcploopuse the trash instead of NULL for recv()
  • CONTRIBtcploopfix connect's address length
  • CONTRIBtcploopreport action 'K' (kill) in usage message
  • CONTRIBtcploopfix time format to silence build warnings
  • CONTRIBtcploopmake it build on FreeBSD
  • CONTRIBtcploopadd limits.h to fix build issue with some compilers
  • BUG/MINORchecksattempt clean shutw for SSL check
  • BUG/MEDIUMsslswitchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
  • BUG/MAJORconnectionupdate CO_FL_CONNECTED before calling the data layer
  • BUG/MINORFix "get map <map> <value>" CLI command
  • BUG/MEDIUMcliPrevent double free in CLI ACL lookup
  • BUG/MEDIUMsslClear OpenSSL error stack after trying to parse OCSP file
  • BUG/MINORspoeFix parsing of arguments in spoe-message section
  • BUG/MINORspoeFix soft stop handler using a specific id for spoe filters
  • MINORconfigwarn when some HTTP rules are used in a TCP proxy
  • MINORhttpdon't close when redirect location doesn't start with /
  • BUG/MEDIUMconfigreject anything but if or unless after a use-backend rule
  • MEDIUMssladd new sample-fetch which captures the cipherlist
  • BUG/MAJORlua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
  • MINORserverextend the flags to 32 bits
  • MINORdocAdd docs for agent-addr and agent-send CLI commands
  • MINORdocAdd docs for agent-addr configuration variable
  • MINORcliAdd possiblity to change agent config via CLI/socket
  • MINORchecksAdd agent-addr config directive
  • BUG/MINORsendmailThe return of vsnprintf is not cleanly tested
  • BUG/MINORhttpReturn an error when a replace-header rule failed on the response
  • BUG/MEDIUMhttpPrevent replace-header from overwriting a buffer
  • BUG/MEDIUMfiltersDo not truncate HTTP response when body length is undefined
  • BUG/MEDIUMhttpprevent redirect from overwriting a buffer
  • MINORchunksimplement a simple dynamic allocator for trash buffers
  • BUG/MAJORdnsrestart sockets after fork()
  • MINORdnsgive ability to dns_init_resolvers() to close a socket when requested
  • BUG/MINORluaMap.end are not reliable because end is a reserved keyword
  • DOCluaimprove links
  • BUG/MINORunixfix connect's polling in case no data are scheduled
  • BUG/MEDIUMtcpdon't poll for write when connect() succeeds
  • BUILDssleliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes()
  • BUILDsslsilence a warning reported for ERR_remove_state()
  • BUILDsslfix build on OpenSSL 1.0.0
  • MINORmodulesreport more precise errors about module API mismatch
  • MINORmodulesRemove Gcc warnings about unused variables
  • BUILDmodulesRemove modules-config.h from DEP variable to generate .i file
  • BUILDmodulesAdd macors to compute numerical value of a HAPEE version
  • BUILDmodulesOnly define the all target if MODULES isn't defined.
  • MINORUse 500 Internal Server Error for 500 error/status code message.
  • MINORsamplesadd xx-hash functions
  • DOCluaAdd documentation about variable manipulation from applet
  • MINORluagive HAProxy variable access to the applets
  • MINORluaAllow argument for actions
  • OPTIM/MINORconfigOptimize fullconn automatic computation loading configuration
  • OPTIMstream-intdon't disable polling anymore on DONT_READ
  • CLEANUPmemoryremove the now unused cli_parse_show_pools() function
  • MINORcliautomatically enable a CLI I/O handler when there's no parser
  • DOCclishow cli sockets
  • BUG/MINORclishow cli sockets would always report process 64
  • BUG/MINORclishow cli sockets wouldn't list all processes
  • MEDIUMcli'show cli sockets' list the CLI sockets
  • MINORtcp-rulescheck that the listener exists before updating its counters
  • MINORcfgparseadd two new functions to check arguments count
  • MINORhaproxyadd a registration for post-deinit functions
  • MINORhaproxyadd a registration for post-check functions
  • MINORhaproxyadd a registration for build options
  • CLEANUPhaproxystatify unexported functions
  • BUG/MINORstreamFix how backend-specific analyzers are set on a stream
  • MEDIUMmodules'modules list' on the cli shows currently loaded modules
  • BUILDmodulesstrip the MODULE_COPTS before hashing them
  • BUILDmodulesadd make module-copts to show module options
  • BUILDmodulestake pkg-config out of install-inc
  • MINORmodulesfix incorrect API HASH generation with certain awk versions
  • MODULESBUILDmodules: Add version of the module in the defines
  • BUILDmodulesuse gawk insteads of awk
  • BUILDmodulesmake modules support optional
  • MINORmodulesDon't use constructor/destructor anymore...
  • MINORmodulesTerminate properly loaded modules if possible
  • MINORmodulesKeep a list of loaded modules to unload them when HAProxy is stopped
  • MINORmodulesRegister function called after the main config check
  • MEDIUMmodulesmodules: Add memory reservation support for the modules
  • MEDIUMmodulesmodules: Add modules support
  • BUG/MINORReset errno variable before calling strtol(3)
  • DOCadd deprecation notice to block
  • MINORproto_http.c 502 error txt typo.
  • BUG/MINORsslEVP_PKEY must be freed after X509_get_pubkey usage
  • BUG/MEDIUMtoolsdo not force an unresolved address to AF_INET:0.0.0.0
  • MEDIUMserverdisable protocol validations when the server doesn't resolve
  • MINORservertake the destination port from the port field, not the addr
  • MINORtoolsmake str2sa_range() return the port in a separate argument
  • MEDIUMserversplit the address and the port into two different fields
  • BUG/MEDIUMserverconsider AF_UNSPEC as a valid address family
  • BUG/MINORtoolsfix off-by-one in port size check
  • BUG/MINORconfigemit a warning if http-reuse is enabled with incompatible options
  • MINORconnectionadd sample fetch fc_rcvd_proxy
  • MINORhttpcustom status reason.
  • BUG/MAJORhttpfix risk of getting invalid reports of bad requests
  • BUILDscriptsautomatically update the branch in version.h when releasing
  • BUG/MINORhttpreport real parser state in error captures
  • BUG/MAJORchannelFix the definition order of channel analyzers
  • BUG/MINORsample-fetches/stick-tablesbad type for the sample fetches sc*_get_gpt0
  • MINORstatsSupport select all for backend actions
  • BUG/MINORoption prefer-last-server must be ignored in some case
  • BUILDluabuild failed on FreeBSD.
  • DOCAdd timings events schemas
  • BUG/MINORsystemdpotential zombie processes
  • BUG/MEDIUMsslfor a handshake when server-side SNI changes
  • BUG/MINORbackendnbsrv() should return 0 if backend is disabled
  • BUG/MINORstatsfix be/sessions/current out in typed stats
  • BUG/MEDIUMsslavoid double free when releasing bind_confs
  • BUG/MEDIUMsslproperly reset the reused_sess during a forced handshake
  • BUG/MINORluabad return code
  • BUG/MINORluamemory leak executing tasks
  • BUG/MINORFix the sending function in Lua's cosocket
  • DOCfix small typo in fe_id (backend instead of frontend)
  • BUG/MINORlua/clibad error message
  • DOCluasection declared twice
  • DOCluadocumentation about time parser functions
  • BUG/MINORstream-intautomatically release SI_FL_WAIT_DATA on SHUTW_NOW
  • SCRIPTSgit-show-backportsadd -H to use the hash of the commit message
  • SCRIPTSgit-show-backportsfix a harmless typo
  • BUG/MEDIUMluaIn some case, the return of sample-fetches is ignored (2)
  • BUILD/MEDIUMFixing the build using LibreSSL
  • BUG/MAJORFix how the list of entities waiting for a buffer is handled
  • BUG/MEDIUMstreamSave unprocessed events for a stream
  • MINORtaskRename run_queue and run_queue_cur counters
  • MINORappletCount number of (active) applets
  • BUG/MINORclibe sure to always warn the cli applet when input buffer is full
  • DOCFix some typo in SPOE documentation
  • DOCAdd undocumented argument of the trace filter
  • MINORDo not forward the header Expect: 100-continue when the option http-buffer-request is set
  • DOCluaDocumentation about some entry missing
  • MINORproxyAdd fe_name/be_name fetchers next to existing fe_id/be_id
  • BUG/MINORstatsfix be/sessions/max output in html stats
  • BUG/MEDIUMvariablessome variable name can hide another ones
  • DOCmention that req_tot is for both frontends and backends
  • BUG/MINORhttpdon't send an extra CRLF after a Set-Cookie in a redirect
  • DOCAdded 51Degrees conv and fetch functions to documentation.
  • DOCFix map table's format
  • BUG/MEDIUMclifix show stat resolvers and show tls-keys
  • BUG/MINORcliallow the backslash to be escaped on the CLI
  • BUG/MAJORstreamfix session abort on resource shortage
  • BUG/MINORhttpCall XFER_DATA analyzer when HTTP txn is switched in tunnel mode
  • BUG/MINORfiltersInvert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
  • BUG/MINORfiltersProtect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
  • BUG/MINORhttpKeep the same behavior between 1.6 and 1.7 for tunneled txn
  • BUG/MEDIUMhttpFix tunnel mode when the CONNECT method is used
  • DOCSpelling fixes
  • BUG/MINORstatsmake field_str() return an empty string on NULL
  • BUG/MEDIUMproxyreturn none and unknown for unknown LB algos
  • BUILDfix the reported version number
×

About the new layout

For 2025, we're happy to introduce a redesigned HAProxy Configuration Manual!

The new manual enhances the user experience by providing more help for keywords, including more details about context, usage, and syntax. New search filters help you find keywords faster, with separate coverage for each variant.

If you would prefer to use the older layout click here.