#2022/08/30 : 2.3r1 (1.0.0-251.618)

#2022/07/29 : 2.3r1 (1.0.0-250.618)

• BUG/MEDIUMwdtdon't trigger the watchdog when p is unitialized

#2022/05/12 : 2.3r1 (1.0.0-248.617)

• MINORmux-h2report a trace event when failing to create a new stream
• BUG/MINORmux-h2mark the stream as open before processing it not after
• BUG/MAJORdnsmulti-thread concurrency issue on UDP socket

#2022/05/05 : 2.3r1 (1.0.0-248.614)

• BUILDproto_uxstdo not set unused flag
• BUILDsockpairdo not set unused flag
• BUILDfdremove unused variable totlen in fd_write_frag_line()
• CLEANUPaclRemove unused variable when releasing an acl expression
• BUG/MINORpoolsmake sure to also destroy shared pools in pool_destroy_all()
• REGTESTSfix the race conditions in be2dec.vtc ad field.vtc
• BUG/MINORrulesFix check_capture() function to use the right rule arguments
• DOCremove my name from the config doc
• BUG/MINORcacheDisable cache if applet creation fails
• SCRIPTSannounce-releaseadd shortened links to pending issues
• DOCluaupdate a few doc URLs
• SCRIPTSannounce-releaseupdate the doc's URL
• BUG/MEDIUMcompressionDon't forget to update htx_sl and http_msg flags
• BUG/MEDIUMfcgi-appUse http_msg flags to know if C-L header can be added
• BUG/MEDIUMmux-h1Don't request more room on partial trailers
• BUG/MINORmux-h2use timeout http-request as a fallback for http-keep-alive
• BUG/MINORmux-h2do not use timeout http-keep-alive on backend side
• BUG/MINORcachedo not display expired entries in show cache
• BUG/MINORmux-h2do not send GOAWAY if SETTINGS were not sent
• CIcirrusswitch to FreeBSD-13.0
• CIUpdate to actions/cache@v3
• CIUpdate to actions/checkout@v3
• BUG/MEDIUMhttp-actDon't replace URI if path is not found or invalid
• BUG/MEDIUMhttp-convFix url_enc() to not crush const samples
• BUG/MINORfcgi-appDon't add C-L header on response to HEAD requests
• CIgithub actions: update OpenSSL to 3.0.2
• BUG/MAJORmux_ptalways report the connection error to the conn_stream
• BUG/MINORcli/streamfix shutdown session to iterate over all threads
• DOCreflect H2 timeout changes
• BUG/MEDIUMmux-h2make use of http-request and keep-alive timeouts
• MEDIUMmux-h2slightly relax timeout management rules
• BUG/MEDIUMstream-intdo not rely on the connection error once established

#2022/03/29 : 2.3r1 (1.0.0-247.582)

• HAPEEupdate backported HAPEE patches
• DOCconfigExplictly add supported MQTT versions
• MEDIUMmqttsupport mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
• BUG/MEDIUMmux-h1Properly detect full buffer cases when adding EOM block
• BUG/MEDIUMmux-h1Properly detect full buffer cases during message parsing
• BUG/MEDIUMmux-fcgiProperly handle return value of headers/trailers parsing
• BUG/MINORtoolsurl2sa reads too far when no port nor path
• BUG/MEDIUMtraceavoid race condition when retrieving session from conn->owner
• BUG/MEDIUMmux-h1only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
• CIgithub actions: switch to LibreSSL-3.5.1

#2022/03/25 : 2.3r1 (1.0.0-246.572)

• BUG/MINORtoolsfix url2sa return value with IPv4

#2022/03/17 : 2.3r1 (1.0.0-246.571)

#2022/03/14 : 2.3r1 (1.0.0-245.571)

• BUILDtree-widemark a few numeric constants as explicitly long long
• DOCFix usage/examples of deprecated ACLs
• BUG/MINORstreammake the call_rate only count the no-progress calls
• BUG/MAJORmux-ptAlways destroy the backend connection on detach
• DEBUGstreamFix stream trace message to print response buffer state
• DEBUGstreamAdd the missing descriptions for stream trace events
• BUG/MEDIUMmcliProperly handle errors and timeouts during reponse processing
• DEBUGcacheUpdate underlying buffer when loading HTX message in cache applet
• BUG/MINORpromexSet conn-stream/channel EOI flags at the end of request
• BUG/MINORcacheSet conn-stream/channel EOI flags at the end of request
• BUG/MINORstatsSet conn-stream/channel EOI flags at the end of request
• BUG/MINORhluaSet conn-stream/channel EOI flags at the end of request
• BUG/MINORclishows correct mode in show sess
• BUG/MINORadd missing modes in proxy_mode_str()

#2022/03/01 : 2.3r1 (1.0.0-245.557)

• CIgithub actions: use cache for SSL libs
• CIgithub actions: add the output of $CC -dM -E-
• BUILD/MINORscheddrop the DEBUG_TASK parts from latest fix
• REGTESTSfix the race conditions in secure_memcmp.vtc
• BUG/MAJORschedprevent rare concurrent wakeup of multi-threaded tasks
• BUG/MINORtaskdo not set TASK_F_USR1 for no reason
• CLEANUPatomicadd a fetch-and-xxx variant for common operations

#2022/02/25 : 2.3r1 (1.0.0-245.550)

• BUG/MEDIUMstreamAbort processing if response buffer allocation fails
• BUG/MAJORmux-h2Be sure to always report HTX parsing error to the app layer
• BUG/MEDIUMmux-h1Don't wake h1s if mux is blocked on lack of output buffer
• BUG/MEDIUMhtxBe sure to have a buffer to perform a raw copy of a message
• BUG/MINORtoolsurl2sa reads ipv4 too far
• BUG/MINORmailersnegotiate SMTP, not ESMTP
• CIgithub actions: update OpenSSL to 3.0.1
• CIgithubswitch to OpenSSL 3.0.0
• CIgithub actions: relax OpenSSL-3.0.0 version comparision
• CIgithub actions: -Wno-deprecated-declarations with OpenSSL 3.0.0
• CIgithub actions: add OpenSSL-3.0.0 builds
• BUILDadopt script/build-ssl.sh for OpenSSL-3.0.0beta2
• BUILDfix compilation for OpenSSL-3.0.0-alpha17
• CIsslkeep the old method for ancient OpenSSL versions
• CIssldo not needlessly build the OpenSSL docs
• CIsslenable parallel builds for OpenSSL on Linux
• BUG/MEDIUMfdalways align fdtab[] to 64 bytes
• BUG/MEDIUMresolversReally ignore trailing dot in domain names
• BUG/MINORsinkUse the right field in appctx context in release callback
• BUG/MINORmworkerfix a FD leak of a sockpair upon a failed reload
• BUG/MEDIUMmworkerclose unused transferred FDs on load failure
• MINORsockmove the unused socket cleaning code into its own function
• BUG/MAJORspoeproperly detach all agents when releasing the applet
• BUG/MAJORhttp/htxprevent unbounded loop in http_manage_server_side_cookies
• BUG/MEDIUMlistenerread-lock the listener during accept()
• MINORlistenerreplace the listener's spinlock with an rwlock
• BUG/MINORmworkerdoes not erase the pidfile upon reload
• BUG/MEDIUMmworkerdon't lose the stats socket on failed reload
• BUG/MEDIUMmclialways realign wrapping buffers before parsing them
• BUG/MEDIUMmclido not try to parse empty buffers
• BUG/MEDIUMcliNever wait for more data on client shutdown
• BUG/MINORcliavoid O(bufsize) parsing cost on pipelined commands
• MINORchanneladd new function co_getdelim() to support multiple delimiters
• MEDIUMcliyield between each pipelined command
• BUILD/MINORfix solaris build with clang.
• BUG/MEDIUMhtxAdjust length to add DATA block in an empty HTX buffer
• DOC/MINORfix typo in management document

#2022/01/13 : 2.3r1 (1.0.0-245.513)

• BUG/MINORsslfree the fields in srv->ssl_ctx
• CLEANUPsslmake ssl_sock_free_srv_ctx() zero the pointers after free
• REGTESTSsslfix ssl_default_server.vtc
• BUG/MEDIUMsslinitialize correctly ssl w/ default-server
• BUG/MINORsslDefault-server configuration ignored by server
• BUG/MEDIUMmworkerdon't use _getsocks in wait mode
• BUG/MEDIUMhttp-anaPreserve response's FLT_END analyser on L7 retry
• BUG/MINORclifix _getsocks with musl libc
• BUILD/MINORtoolssolaris build fix on dladdr.
• BUILDmakefileadd -Wno-atomic-alignment to work around clang abusive warning
• DOCfix misspelled keyword resolve_retries in resolvers
• BUILDsslunbreak the build with newer libressl
• BUILDcliclear a maybe-unused warning on some older compilers
• BUG/MINORpoolsdon't mark ourselves as harmless in DEBUG_UAF mode
• BUG/MINORbackendrestore the SF_SRV_REUSED flag original purpose
• BUG/MINORbackenddo not set sni on connection reuse
• MINORpoolswork around possibly slow malloc_trim() during gc
• BUG/MEDIUMmworker/clicrash when trying to access an old PID in prompt mode
• DOCconfigretry-on list is space-delimited
• DOCconfigSpecify %Ta is only available in HTTP mode
• DOCspoeClarify use of the event directive in spoe-message section
• BUILDtree-wideavoid warnings caused by redundant checks of obj_types
• MINORclishow version displays the current process version
• REGTESTSmark the abns test as broken again
• MINORsslmake tlskeys_list_get_next() take a list element
• CLEANUPsslRemove useless local variable in tlskeys_list_get_next()
• CLEANUPsslRemove useless loop in tlskeys_list_get_next()
• MEDIUMtaskextend the state field to 32 bits
• CIGithub Actions: temporarily disable BoringSSL builds
• CIGithub Actions: switch to LibreSSL-3.3.3
• CIgithub actions: update LibreSSL to 3.2.5
• CIgithub actions: switch to stable LibreSSL release
• CIFix the coverity builds
• CIFix DEBUG_STRICT definition for Coverity
• CIPin VTest to a known good commit
• CIgithub actions: build several popular contrib tools
• CIGitHub Actions: enable daily Coverity scan
• CIgithub actions: enable 51degrees feature
• CIgithub actions: update LibreSSL to 3.3.0
• CISet DEBUG=-DDEBUG_STRICT=1 in GitHub Actions
• CIClean up Windows CI
• CIPass the github.event_name to matrix.py
• CIGithub Action: run apt-get update before packages restore
• CIGithub Actions: enable BoringSSL builds
• CIGithub Actions: remove LibreSSL-3.0.2 builds
• CIGithub Actions: enable prometheus exporter
• CIMake the h2spec workflow more consistent with the VTest workflow
• CIStop hijacking the hosts file
• CIExpand use of GitHub Actions for CI
• DOCconfigurationissuers-chain-path only applies to bind lines

#2021/12/29 : 2.3r1 (1.0.0-245.462)

• BUG/MAJORsslfree of incorrect ptr in ssl_sess_new_srv_cb()

#2021/12/07 : 2.3r1 (1.0.0-245.461)

• BUG/MEDIUMsslProperly release the SNI when the server ctx is freed

#2021/12/02 : 2.3r1 (1.0.0-245.460)

• BUG/MAJORsegfault using multiple log forward sections.
• BUG/MEDIUMresolversDetach query item on response error
• BUG/MEDIUMcliProperly set stream analyzers to process one command at a time

#2021/11/25 : 2.3r1 (1.0.0-245.457)

• BUG/MEDIUMsslbackend TLS resumption with sni and TLSv1.3
• MINORshctxadd a few BUG_ON() for consistency checks
• BUG/MINORshctxdo not look for available blocks when the first one is enough
• BUG/MEDIUMshctxleave the block allocator when enough blocks are found
• BUG/MEDIUMmux-h2always process a pending shut read
• BUG/MEDIUMsslabort with the correct SSL error when SNI not found
• MINORmux-h2perform a full cycle shutdown+drain on close
• MINORconnectionadd a new CO_FL_WANT_DRAIN flag to force drain on close
• BUG/MINORstick-table/cliCheck for invalid ipv6 key
• BUG/MEDIUMconnectionmake cs_shutr/cs_shutw//cs_close() idempotent
• BUG/MINORmux-h2Fix H2_CF_DEM_SHORT_READ value
• BUG/MINORmworkerdoesn't launch the program postparser
• BUG/MEDIUMconn-streamDon't reset CS flags on close
• DOCluaBe explicit with the Reply object limits
• BUG/MINORhttp-anaApply stop to the current section for http-response rules
• DOCconfigFix typo in ssl_fc_unique_id description
• BUG/MEDIUMmux-h1Fix H1C_F_ST_SILENT_SHUT value
• HAPEEupdate backported, hapee and dropped
• BUG/MINORsampleFix 'fix_tag_value' sample when waiting for more data
• SCRIPTSgit-show-backportsre-enable file-based filtering
• DOC/peerssome grammar fixes for peers 2.1 spec
• MINORstreamImprove dump of bogus streams
• MINORhalogAdd support for extracting captures using -hdr
• BUG/MINORhalogAdd missing newlines in die() messages
• CLEANUPhalogUse consistent indentation in help()
• MINORhalogRename -qry to -query
• DOChalogMove the `-qry` parameter into the correct section in help text
• MINORhalogAdd -qry parameter allowing to preserve the query string in -uX
• DOCconfigFix alphabetical order of fc_* samples
• BUG/MINORsamplefix backend direction flags consecutive to last fix
• BUG/MEDIUMsampleCumulate frontend and backend sample validity flags
• BUG/MINORvarsproperly set the argument parsing context in the expression
• MINORsampleadd missing ARGC_ entries
• BUG/MINORvarsimprove accuracy of the rules used to check expression validity
• BUG/MEDIUMstream-intBlock reads if channel cannot receive more data
• BUG/MINORhttpAuthorization value can have multiple spaces after the scheme
• BUG/MEDIUMhttp-anaDrain request data waiting the tarpit timeout expiration
• BUG/MEDIUMresolversTrack api calls with a counter to free resolutions
• BUG/MEDIUMresolversDon't recursively perform requester unlink
• MEDIUMresolversremove the last occurrences of the safe argument
• MEDIUMresolversuse a kill list to preserve the list consistency
• CLEANUPresolversreplace all LIST_DELETE with LIST_DEL_INIT
• CLEANUPresolverssimplify resolv_link_resolution() regarding requesters
• CLEANUPalways initialize the answer_list
• CLEANUPresolversdo not export resolv_purge_resolution_answer_records()
• BUG/MEDIUMmux-h1Perform a connection shutdown when the h1c is released
• BUG/MINORmux-h1Save shutdown mode if the shutdown is delayed
• BUILDfix compilation on NetBSD
• BUG/MINORmux-h2do not prevent from sending a final GOAWAY frame
• BUG/MAJORbuffix varint API post- vs pre- increment
• BUG/MEDIUMresolversalways check a valid item in query_list
• BUILDresolversavoid a possible warning on null-deref
• BUG/MAJORresolversadd other missing references during resolution removal
• MINORresolversmerge address and target into a union data
• BUG/MEDIUMresolversuse correct storage for the target address
• BUG/MEDIUMresolversfix truncated TLD consecutive to the API fix
• MINORresolversfix the resolv_dn_label_to_str() API about trailing zero
• BUG/MINORresolversdo not reject host names of length 255 in SRV records
• BUG/MEDIUMresolvermake sure to always use the correct hostname length
• MINORresolversfix the resolv_str_to_dn_label() API about trailing zero
• BUG/MEDIUMtcpcheckProperly catch early HTTP parsing errors

#2021/10/19 : 2.3r1 (1.0.0-245.395)

• BUG/MEDIUMsampleproperly verify that variables cast to sample
• MINORsampleprovide a generic var-to-sample conversion function
• CLEANUPsampleuninline sample_conv_var2smp_str()
• CLEANUPsamplerename sample_conv_var2smp() to *_sint
• BUG/MEDIUMstreamKeep FLT_END analyzers if a stream detects a channel error
• BUG/MINORhttp-anaDon't eval front after-response rules if stopped on back
• MINORinitcallRename __GLOBL and __GLOBL1.
• BUG/MEDIUMmux_h2Handle others remaining read0 cases on partial frames
• BUG/MEDIUMstream-intDefrag HTX message in si_cs_recv() if necessary
• MINORhtxAdd a function to know if the free space wraps
• MINORhtxAdd an HTX flag to know when a message is fragmented
• BUILDhapee/modulesselect either md5 or md5sum

#2021/10/08 : 2.3r1 (1.0.0-243.383)

• BUG/MEDIUMleastconnfix rare possibility of divide by zero
• BUG/MEDIUMhttp-anaClear request analyzers when applying redirect rule
• BUG/MEDIUMfiltersFix a typo when a filter is attached blocking the release
• MINORtaskscatch TICK_ETERNITY with BUG_ON() in __task_queue()
• BUG/MINORtcp-rulesStop content rules eval on read error and end-of-input
• BUG/MINORtcpcheckDon't use arg list for default proxies during parsing
• MINORargBe able to forbid unresolved args when building an argument list
• BUG/MAJORluause task_wakeup() to properly run a task once
• BUG/MEDIUMluafix wakeup condition from sleep()
• DOCpeersfix doc enable statement on peers sections
• BUG/MINORmux-h1/mux-fcgiSanitize TE header to only send trailers
• BUG/MEDIUMstreamStop waiting for more data if SI is blocked on RXBLK_ROOM
• BUG/MEDIUMstream-intNotify stream that the mux wants more room to xfer data
• BUG/MEDIUMmux-h1Adjust conditions to ask more space in the channel buffer
• BUG/MINORhttp-anaincrement internal_errors counter on response error
• BUG/MINORh1-htxFix a typo when request parser is reset
• BUG/MINORserverallow 'enable health' only if check configured

#2021/09/20 : 2.3r1 (1.0.0-243.366)

• BUG/MINORcli/payloaddo not search for args inside payload
• BUILDistprevent gcc11 maybe-uninitialized warning on istalloc
• DOCmanagementcertificate files must be sanitized before injection
• BUG/MINORtcpcheckImprove LDAP response parsing to fix LDAP check
• MINORpoolsuse mallinfo2() when available instead of mallinfo()
• MINORpoolsautomatically disable malloc_trim() with external allocators
• CLEANUPpoolsfactor all malloc_trim() calls into trim_all_pools()
• BUG/MINORcompatmake sure __WORDSIZE is always defined
• BUG/MEDIUMstream-intDon't block SI on a channel policy if EOI is reached
• BUG/MINORsystemdExecStartPre must use -Ws
• BUG/MINORfiltersSet right FLT_END analyser depending on channel
• BUG/MINORfiltersAlways set FLT_END analyser when CF_FLT_ANALYZE flag is set
• BUG/MEDIUMhttp-anaReset channels analysers when returning an error
• BUG/MINORstreamDon't release a stream if FLT_END is still registered
• BUG/MINORluaDon't yield in channel.append() and channel.set()
• BUG/MINORluaYield in channel functions only if lua context can yield
• MINORluaAdd a flag on lua context to know the yield capability at run time
• REGTESTSmark http_abortonclose as broken
• MINORactionUse a generic function to check validity of an action rule list

#2021/09/07 : 2.3r1 (1.0.0-243.345)

#2021/09/03 : 2.3r1 (1.0.0-242.345)

• BUG/MAJORhtxfix missing header name length check in htx_add_header/trailer
• CLEANUPhtxremove comments about "must be < 256 MB"
• BUG/MINORconfigreject configs using HTTP with bufsize >= 256 MB
• DOCconfigurationremove wrong tcp-request examples in tcp-response
• BUG/MINORvarsfix set-var/unset-var exclusivity in the keyword parser
• CLEANUPAdd missing include guard to signal.h
• BUG/MINORtoolsFix loop condition in dump_text()
• BUG/MINORebtreeremove dependency on incorrect macro for bits per long
• BUG/MINORluause strlcpy2() not strncpy() to copy sample keywords
• MINORcompilerimplement an ONLY_ONCE() macro
• BUG/MEDIUMbase64check output boundaries within base64{dec,urldec}
• BUG/MINORstick-tablefix the sc-set-gpt* parser when using expressions
• REGTESTSabortoncloseafter retries, 503 is expected, not close
• BUG/MEDIUMsockreally fix detection of early connection failures in for 2.3-

#2021/08/20 : 2.3r1 (1.0.0-242.330)

• BUG/MEDIUMh2match absolute-path not path-absolute for :path

#2021/08/13 : 2.3r1 (1.0.0-241.329)

• REGTESTSadd a test to prevent h2 desync attacks
• BUG/MEDIUMh2give :authority precedence over Host
• BUG/MAJORh2enforce checks on the method syntax before translating to HTX
• BUG/MAJORh2verify that :path starts with a '/' before concatenating it
• BUG/MAJORh2verify early that non-http/https schemes match the valid syntax
• MINORhttpadd a new function http_validate_scheme() to validate a scheme
• BUG/MEDIUMcfgcheckverify existing log-forward listeners during config check
• MINORhapeeupdate list of patches backported from 2.4
• BUILD/MINORmemprof fix macOs build.
• BUG/MEDIUMspoeFix policy to close applets when SPOE connections are queued
• DOCconfigFix 'http-response send-spoe-group' documentation
• DOCImprove the lua documentation
• BUG/MINORtcpcheckProperly detect pending HTTP data in output buffer
• BUG/MINORbufferfix buffer_dump() formatting
• BUG/MEDIUMspoeCreate a SPOE applet if necessary when the last one is released
• MINORspoeAdd a pointer on the filter config in the spoe_agent structure
• BUG/MINORserverupdate last_change on maint->ready transitions too
• BUG/MINORpollersalways program an update for migrated FDs
• BUG/MINORpollfix abnormally high skip_fd counter
• BUG/MINORselectfix excess number of dead/skip reported
• BUG/MEDIUMpollersclear the sleeping bit after waking up, not before
• BUG/MINORconnectionAdd missing error labels to conn_err_code_str
• BUG/MEDIUMmux-h2Handle remaining read0 cases on partial frames
• BUG/MINORmux-h2Obey dontlognull option during the preface
• BUG/MINORsystemdmust check the configuration using -Ws
• BUG/MINORresolversUse a null-terminated string to lookup in servers tree
• BUG/MINORcheckfix the condition to validate a port-less server
• BUG/MEDIUMssl_samplefix segfault for srv samples on invalid request
• BUG/MINORmworkerdo not export HAPROXY_MWORKER_REEXEC across programs
• BUG/MEDIUMmworkerdo not register an exit handler if exit is expected
• BUILDluasilence a build warning with TCC
• BUILDadd detection of missing important CFLAGS

#2021/07/09 : 2.3r1 (1.0.0-239.297)

• MINORhapee.hapee/backports renamed to .hapee/backported
• MINORhapeeUpdate the list of backported patches
• BUG/MINORcacheCorrectly handle existing-but-empty 'accept-encoding' header
• BUG/MINORmqttSupport empty client ID in CONNECT message
• BUG/MINORmqttFix parser for string with more than 127 characters
• BUG/MAJORpoolssecond fix for incomplete backport of lockless pool fix
• BUG/MAJORpoolsfix incomplete backport of lockless pool fix
• BUG/MINORpeersfix data_type bit computation more than 32 data_types
• BUG/MEDIUMresolversMake 1st server of a template take part to SRV resolution
• MINORresolversReset server IP on error in resolv_get_ip_from_response()
• BUG/MINORresolversReset server IP when no ip is found in the response
• BUG/MINORresolversAlways attach server on matching record on resolution
• BUG/MINORresolversUse resolver's lock in resolv_srvrq_expire_task()
• BUG/MEDIUMresolversAdd a task on servers to check SRV resolution status
• MINORresolversRemove server from named_servers tree when removing a SRV item
• MINORresolversClean server in a dedicated function when removing a SRV item
• BUG/MINORserverForbid to set fqdn on the CLI if SRV resolution is enabled
• BUG/MINORserver-stateload SRV resolution only if params match the config
• DOCconfiguse CREATE USER for mysql-check
• DOCpeersfix the protocol tag name in the doc
• DOCstick-tableadd missing documentation about gpt0 stored type
• BUG/MINORstick-tablefix several printf sign errors dumping tables
• BUG/MINORclifix server name output in show fd
• BUG/MEDIUMsockmake sure to never miss early connection failures
• BUG/MINORtcpcheckFix numbering of implicit HTTP send/expect rules
• BUG/MINORchecksreturn correct error code for srv_parse_agent_check
• DOCconfigAdd missing actions in tcp-request session documentation
• MINORtcp-actAdd set-src/set-src-port for tcp-request content rules
• REGTESTSfix maxconn update with agent-check
• BUG/MAJORserverfix deadlock when changing maxconn via agent-check
• BUG/MINORserver/cliFix locking in function processing set server command
• BUG/MEDIUMserver/cliFix ABBA deadlock when fqdn is set from the CLI
• BUG/MAJORresolverssegfault using server template without SRV RECORDs
• MEDIUMresolversadd a ref between servers and srv request or used SRV record
• MEDIUMresolversadd a ref on server to the used A/AAAA answer item
• BUG/MINORresolversanswser item list was randomly purged or errors

#2021/06/21 : 2.3r1 (1.0.0-239.260)

• BUILDcfgparse-sslRemove const from defpx param in keylog parsing function
• BUG/MEDIUMdnssend messages on closed/reused fd if fd was detected broken
• MINORmux-h2obey http-ignore-probes during the preface
• BUG/MINORstatsmake show stat typed desc work again
• MINORbackendonly skip LB when there are actual connections
• BUG/MAJORqueueset SF_ASSIGNED when setting strm->target on dequeue
• BUG/MINORmworkerfix typo in chroot error message
• BUG/MINORssluse atomic ops to update global shctx stats
• BUG/MEDIUMshctxuse at least thread-based locking on USE_PRIVATE_CACHE
• BUG/MINORstick-tableinsert srv in used_name tree even with fixed id
• DOCluaAdd a warning about buffers modification in HTTP
• BUG/MINORmux-fcgiExpose SERVER_SOFTWARE parameter by default
• BUG/MAJORhtxFix htx_defrag() when an HTX block is expanded
• CLEANUPpoolsremove now unused seq and pool_free_list
• BUG/MAJORpoolsfix possible race with free() in the lockless variant
• MEDIUMpoolsuse a single pool_gc() function for locked and lockless
• MINORpoolscall malloc_trim() under thread isolation
• MINORpoolsdo not maintain the lock during pool_flush()
• BUG/MINORpoolsfix a possible memory leak in the lockless pool_flush()
• BUG/MEDIUMcompressionAdd a flag to know the filter is still processing data
• BUG/MINORsslOCSP stapling does not work if expire too far in the future
• BUILDmake tune.ssl.keylog available again
• DOCuse the req.ssl_sni in examples
• BUG/MAJORstream-intRelease SI endpoint on server side ASAP on retry
• DOC/MINORmove uuid in the configuration to the right alphabetical order
• BUG/MINORlua/varsprevent get_var() from allocating a new name
• BUG/MINORproxyMissing calloc return value check in chash_init_server_tree
• BUG/MINORhttpMissing calloc return value check in make_arg_list
• BUG/MINORhttpMissing calloc return value check while parsing redirect rule
• BUG/MINORworkerMissing calloc return value check in mworker_env_to_proc_list
• BUG/MINORcompressionMissing calloc return value check in comp_append_type/algo
• BUG/MINORhttpMissing calloc return value check while parsing tcp-request rule
• BUG/MINORhttpMissing calloc return value check while parsing tcp-request/tcp-response
• BUG/MINORproxyMissing calloc return value check in proxy_defproxy_cpy
• BUG/MINORproxyMissing calloc return value check in proxy_parse_declare
• BUG/MINORhttpMissing calloc return value check in parse_http_req_capture
• BUG/MINORsslMissing calloc return value check in ssl_init_single_engine
• BUG/MINORpeersMissing calloc return value check in peers_register_table
• BUG/MINORserverMissing calloc return value check in srv_parse_source
• BUG/MINORhttp-anaHandle L7 retries on refused early data before K/A aborts
• BUG/MINORhttp-compPreserve HTTP_MSGF_COMPRESSIONG flag on the response
• BUG/MEDIUMfiltersExec pre/post analysers only one time per filter
• BUG/MAJORserverprevent deadlock when using 'set maxconn server'
• BUG/MEDIUMebtreeInvalid read when looking for dup entry
• REGTESTSAdd script to test abortonclose option
• BUG/MEDIUMmux-h1Properly report client close if abortonclose option is set
• MEDIUMmux-h1Don't block reads when waiting for the other side
• MINORconn-streamForce mux to wait for read events if abortonclose is set
• BUG/MINORstream-intDon't block reads in si_update_rx() if chn may receive
• MINORchannelRely on HTX version if appropriate in channel_may_recv()

#2021/05/11 : 2.3r1 (1.0.0-239.210)

• MINORmemprofalso report the totals and delta alloc-free
• MINORmemprofalso report the method used by each call
• BUG/MINORmemprofproperly account for differences for realloc()
• BUILDcompatinclude malloc_np.h for USE_MEMORY_PROFILING on FreeBSD
• BUILDmemprofmake the old caller pointer a const in get_prof_bin()
• DOCsslAdd information about crl-file option
• BUG/MINORhttp_fetchfix possible uninit sockaddr in fetch_url_ip/port
• BUG/MINORchecksReschedule check on observe mode only if fastinter is set
• BUG/MINORchecksHandle synchronous connect when a tcpcheck is started
• BUG/MINORstreamReset stream final state and si error type on L7 retry
• BUG/MINORstreamproperly clear the previous error mask on L7 retries
• BUG/MINORstreamDecrement server current session counter on L7 retry
• BUG/MEDIUMdnsreset file descriptor if send returns an error

#2021/05/07 : 2.3r1 (1.0.0-239.197)

• BUG/MINORactivityuse the new pointer to calculate the new size in realloc()
• BUILDactivitydo not include malloc.h
• MINORhapeeUpdate the list of backported patches
• BUILDmakefileadd new option USE_MEMORY_PROFILING
• MINORactivityadd the profiling.memory global setting
• MINORactivitymake show profiling also dump the memoery usage
• MINORactivitymake show profiling support a few arguments
• MINORactivityclean up the show profiling io_handler a little bit
• MEDIUMactivitycollect memory allocator statistics with USE_MEMORY_PROFILING
• MINORactivitydeclare the storage for memory usage statistics
• MINORactivityadd a memory entry to profiling
• MINORtoolsadd functions to retrieve the address of a symbol

#2021/05/05 : 2.3r1 (1.0.0-239.185)

• MINORdebugadd a new debug dev sym command in expert mode
• MINORpools/debugslightly relax DEBUG_DONT_SHARE_POOLS
• MEDIUMpoolscall malloc_trim() from pool_gc()
• MINORcompatautomatically include malloc.h on glibc
• BUG/MINORssl/clifix a lock leak when no memory available
• BUG/MEDIUMcliprevent memory leak on write errors
• BUG/MINORhluaDon't rely on top of the stack when using Lua buffers
• REGTESTSadd minimal CLI add map tests

#2021/04/29 : 2.3r1 (1.0.0-239.177)

• MINORhapeeUpdate the list of backported/hapee patches
• DOCgeneralfix example in set-timeout
• REGTESTSadd regtest for http-request set-timeout
• MINORstreamadd timeout sample fetches
• MINORstreamadd sample fetches
• MINORbackendadd timeout sample fetches
• MINORfrontendadd client timeout sample fetch
• MEDIUMhttp_actdefine set-timeout server/tunnel action
• MEDIUMstreamsupport a dynamic tunnel timeout
• MEDIUMstreamsupport a dynamic server timeout
• MINORstreamprepare the hot refresh of timeouts
• MINORactiondefine enum for timeout type of the set-timeout rule

#2021/04/28 : 2.3r1 (1.0.0-239.165)

• MINORpeersadd informative flags about resync process for debugging
• BUG/MEDIUMpeersreset tables stage flags stages on new conns
• BUG/MEDIUMpeersre-work updates lookup during the sync on the fly
• BUG/MEDIUMpeersreset commitupdate value in new conns
• BUG/MEDIUMpeersreset starting point if peers appears longly disconnected
• BUG/MEDIUMpeersstop considering ack messages teaching a full resync
• BUG/MEDIUMpeersregister last acked value as origin receiving a resync req
• BUG/MEDIUMpeersinitialize resync timer to get an initial full resync
• MINORhapeeUpdate the list of backported/hapee patches
• BUG/MINORsslssl_sock_prepare_ssl_ctx does not return an error code
• BUG/MINORappletNotify the other side if data were consumed by an applet
• BUG/MINORhtxPreserve HTX flags when draining data from an HTX message
• BUG/MINORmux-fcgiDon't send normalized uri to FCGI application
• BUG/MEDIUMpeersre-work refcnt on table to protect against flush
• BUG/MEDIUMpeersre-work connection to new process during reload.
• BUG/MINORpeersremove useless table check if initial resync is finished
• BUG/MEDIUMmux-h2Properly handle shutdowns when received with data
• BUG/MINORmworkerdon't use oldpids[] anymore for reload
• BUG/MINORmworker/initdon't reset nb_oldpids in non-mworker cases
• BUG/MEDIUMconfigfix cpu-map notation with both process and threads
• BUG/MEDIUMmux-h2Fix dfl calculation when merging CONTINUATION frames
• BUG/MAJORmux-h2Properly detect too large frames when decoding headers
• BUG/MINORserverfree srv.lb_nodes in free_server
• BUG/MINORmux-h1Release idle server H1 connection if data are received
• BUG/MINORlogsReport the true number of retries if there was no connection
• BUG/MINORhttp_htxRemove BUG_ON() from http_get_stline() function
• BUG/MINORhttp-fetchMake method smp safe if headers were already forwarded
• BUG/MINORssl-samplesFix ssl_bc_* samples when called from a health-check
• MINORconnectionMake bc_http_major compatible with tcp-checks
• BUG/MINORconnectionFix fc_http_major and bc_http_major for TCP connections
• MINORlogsAdd support of checks as session origin to format lf strings
• BUG/MINORchecksSet missing id to the dummy checks frontend
• BUG/MEDIUMthreadsIgnore current thread to end its harmless period
• DOCsslCertificate hot update only works on fronted certificates
• BUG/MEDIUMsampleFix adjusting size in field converter
• MINORNo longer rely on deprecated sample fetches for predefined ACLs
• DOCclarify that compression works for HTTP/2
• BUG/MINORtoolsfix parsing us unit for timers
• CONTRIBhalogfix issue with array of type char
• REGTESTSsslmark set_ssl_cert_bundle.vtc as broken
• DOCExplicitly state only IPv4 are supported by forwardfor/originalto options

#2021/04/02 : 2.3r1 (1.0.0-239.124)

• MINORhapeeUpdate list of dropped/hapee patches
• REGTESTSsslset ssl cert and multi-certificates bundle

#2021/04/01 : 2.3r1 (1.0.0-239.122)

• MINORhapeefix the backports command line
• BUG/MINORhttp_fetchmake hdr_ip() resistant to empty fields
• BUG/MINORsslPrevent removal of crt-list line if the instance is a default one
• BUG/MINORsslFix update of default certificate
• BUILDtcpuse IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
• BUG/MINORtcpfix silent-drop workaround for IPv6
• BUILDbackendfix build breakage in idle conn locking fix
• BUG/MEDIUMtimemake sure to always initialize the global tick
• BUG/MINORstatsApply proper styles in HTML status page.
• BUG/MINORpayloadWait for more data if buffer is empty in payload/payload_lv
• MEDIUMbackenduse a trylock to grab a connection on high FD counts as well
• BUG/MEDIUMmux-h1make h1_shutw_conn() idempotent
• BUG/MINORhttp_fetchmake hdr_ip() reject trailing characters
• MINORtoolsmake url2ipv4 return the exact number of bytes parsed
• BUG/MEDIUMthreadFix a deadlock if an isolated thread is marked as harmless
• BUG/MEDIUMfdTake the fd_mig_lock when closing if no DWCAS is available.

#2021/03/26 : 2.3r1 (1.0.0-239.106)

#2021/03/24 : 2.3r1 (1.0.0-238.106)

• CLEANUPfdremove unused fd_set_running_excl()
• BUG/MEDIUMfddo not wait on FD removal in fd_delete()
• MINORfdremove the unneeded running bit from fd_insert()
• MINORfdmake fd_clr_running() return the remaining running mask
• MINORhapeeUpdate the list of backported/hapee patches
• MINORssladd SSL_SERVER_LOCK label in threads.h
• BUG/MEDIUMluaAlways init the lua stack before referencing the context
• BUG/MEDIUMdebug/luaUse internal hlua function to dump the lua traceback
• MINORluaSlightly improve function dumping the lua traceback
• BUILDsslguard ecdh functions with SSL_CTX_set_tmp_ecdh macro
• BUG/MINORsslPrevent disk access when using add ssl crt-list
• BUG/MEDIUMdebug/luaDon't dump the lua stack if not dumpable
• MEDIUMluaUse a per-thread counter to track some non-reentrant parts of lua
• MINOR/BUGmworker/clido not use the unix_bind prefix for the master CLI socket
• BUG/MINORprotocoladd missing support of dgram unix socket.
• BUG/MEDIUMfreq_ctr/threadsuse the global_now_ms variable
• MINORtimealso provide a global, monotonic global_now_ms timer
• BUG/MEDIUMmux-fcgiFix locking of idle_conns lock in the FCGI I/O callback

#2021/03/18 : 2.3r1 (1.0.0-238.88)

• BUG/MINORsampleRename SenderComID/TargetComID to SenderCompID/TargetCompID
• MINORhapeeUpdate list of backports
• BUG/MINORfreq_ctr/threadsmake use of the last updated global time
• MINORtimeexport the global_now variable
• BUG/MINORresolversAdd missing case-insensitive comparisons of DNS hostnames
• MINORresolversDon't try to match immediatly renewed ADD items
• MINORresolversUse milliseconds for cached items in resolver responses
• BUG/MEDIUMresolversSkip DNS resolution at startup if SRV resolution is set
• BUG/MEDIUMresolversDon't release resolution from a requester callbacks
• MINORresolversDirectly call srvrq_update_srv_state() when possible
• MINORresolversAdd function to change the srv status based on SRV resolution
• MINORresolversPurge answer items when a SRV resolution triggers an error
• MINORresolversUse a function to remove answers attached to a resolution
• BUG/MEDIUMresolversTrigger a DNS resolution if an ADD item is obsolete
• MINORresolversnew function find_srvrq_answer_record()
• BUG/MEDIUMresolversFix the loop looking for an existing ADD item
• BUG/MEDIUMresolversDon't set an address-less server as UP
• BUG/MINORresolversUnlink DNS resolution to set RMAINT on SRV resolution
• BUG/MINORresolversReset server address on DNS error only on status change
• BUG/MINORresolversConsider server to have no IP on DNS resolution error
• CLEANUPtcp-rulesadd missing actions in the tcp-request error message
• BUG/MINORtcpcheckFix double free on error path when parsing tcp/http-check
• BUG/MINORsessionAdd some forgotten tests on session's listener
• BUG/MINORproxy/sessionBe sure to have a listener to increment its counters
• BUG/MINORtcpcheckUpdate .health threshold of agent inside an agent-check
• BUG/MEDIUMfiltersSet CF_FL_ANALYZE on channels when filters are attached
• BUILDatomic/arm64force the register pairs to use in __ha_cas_dw()
• BUG/MEDIUMstick-tablesfix ref counter in table entry using multiple http tracksc.
• OPTIMtaskautomatically adjust the default runqueue-depth to the threads
• MINORtaskgive the scheduler a bit more flexibility in the runqueue size
• MEDIUMtaskremove the tasks_run_queue counter and have one per thread
• MEDIUMsslimplement xprt_set_used and xprt_set_idle to relax context checks
• MINORxprtadd new xprt_set_idle and xprt_set_used methods
• MEDIUMmuxesmark idle conns tasklets with TASK_F_USR1
• MINORtaskadd an application specific flag to the state: TASK_F_USR1
• BUG/MEDIUMsslproperly remove the TASK_HEAVY flag at end of handshake
• MINORsslmark the SSL handshake tasklet as heavy
• MINORtasklimit the number of subsequent heavy tasks with flag TASK_HEAVY
• MEDIUMbackenduse a trylock when trying to grab an idle connection
• MINORpoolsdouble the local pool cache size to 1 MB
• MEDIUMpoolsadd CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS
• MEDIUMstreamsdo not use the streams lock anymore
• MINORstreamsuse one list per stream instead of a global one
• MINORcli/streamsmake show sess dump all streams till the new epoch
• MINORstreamadd an epoch to figure which streams appeared when
• MINORdynbufpass offer_buffers() the number of buffers instead of a threshold
• MINORdynbufuse regular lists instead of mt_lists for buffer_wait
• MINORdynbufmake the buffer wait queue per thread
• OPTIMlb-leastconndo not unlink the server if it did not change
• OPTIMlb-leastconndo not take the server lock on take_conn/drop_conn
• OPTIMlb-firstdo not take the server lock on take_conn/drop_conn
• MINORlb/apilet callers of take_conn/drop_conn tell if they have the lock
• MINORservermove actconns to the per-thread structure
• OPTIMserverswitch the actconn list to an mt-list
• MINORlistenerrefine the default MAX_ACCEPT from 64 to 4
• MINORtasksrefine the default run queue depth
• BUG/MEDIUMsessionNULL dereference possible when accessing the listener
• MINORatomicimplement a more efficient arm64 __ha_cas_dw() using pairs
• MINORatomicadd armv8.1-a atomics variant for cas-dw
• BUG/MINORmt-listalways perform a cpu_relax call on failure
• REORGatomicreimplement pl_cpu_relax() from atomic-ops.h
• BUG/MINORssldon't truncate the file descriptor to 16 bits in debug mode
• BUG/MINORhluaDon't strip last non-LWS char in hlua_pushstrippedstring()
• BUG/MINORbackendfix condition for reuse on mode HTTP
• BUG/MINORhttp-anaDon't increment HTTP error counter on read error/timeout
• BUG/MINORmux-h2Fix typo in scheme adjustment
• DOCspoeAdd a note about fragmentation support in HAProxy
• BUG/MEDIUMspoeKill applets if there are pending connections and nbthread > 1
• BUG/MINORconnectionUse the client's dst family for adressless servers
• BUG/MINORtcp-actDon't forget to set the original port for IPv4 set-dst rule
• BUG/MINORhttp-anaOnly consider dst address to process originalto option
• BUG/MINORmux-h1Immediately report H1C errors from h1_snd_buf()
• BUG/MINORstatsfix compare of no-maint url suffix
• CLEANUPmuxesRemove useless if condition in show_fd function
• BUG/MEDIUMresolversReset address for unresolved servers
• BUG/MEDIUMresolversReset server address and port for obselete SRV records
• BUG/MINORresolversnew callback to properly handle SRV record errors
• BUG/MINORresolversOnly renew TTL for SRV records with an additional record
• BUG/MINORresolversFix condition to release received ARs if not assigned
• BUG/MINORfdproperly wait for !running_mask in fd_set_running_excl()
• BUG/MINORproxywake up all threads when sending the hard-stop signal
• BUG/MEDIUMcli/shutdown sessions: make it thread-safe
• BUG/MEDIUMproxyuse thread-safe stream killing on hard-stop
• BUG/MEDIUMvarsmake functions vars_get_by_{name,desc} thread-safe
• BUG/MINORsamplesecure convs that accept base64 string and var name as args
• MINORConfigure the `cpp` userdiff driver for *.[ch] in .gitattributes

#2021/03/16 : 2.3r1 (1.0.0-238.0)

#2021/03/01 : 2.3r1 (1.0.0-237.0)