Changelog - HAProxy Enterprise 2.4r1

#2024/10/29 : 2.4r1 (1.0.0-294.1376)

BUG/MINORhttp-anaReport internal error if an action yields on a final eval
BUG/MINORssl/cli'set ssl cert' does not check the transaction name correctly
BUG/MEDIUMconnection/http-reusefix address collision on unhandled address families
BUG/MINORmworkerfix mworker-max-reloads parser
BUG/MINORhttp-anaDon't report a server abort if response payload is invalid
BUG/MEDIUMhluaproperly handle sample func errors in hlua_run_sample_{fetch,conv}()
BUG/MEDIUMhluamake hlua_ctx_renew() safe
BUG/MEDIUMserverserver stuck in maintenance after FQDN change
BUG/MINORcfgparse-globalfix allowed args number for setenv
BUG/MEDIUMcliDeadlock when setting frontend maxconn
DOCconfigimprove the http-keep-alive section
DOCconfigurationissuers-chain-path not compatible with OCSP

#2024/09/17 : 2.4r1 (1.0.0-294.1364)

BUG/MINORserverDon't warn fallback IP is used during init-addr resolution
BUG/MINORpollingfix time reporting when using busy polling
BUG/MEDIUMpatternprevent UAF on reused pattern expr
BUG/MINORpatternprevent const sample from being tampered in pat_match_beg()
REGTESTSfix random failures with wrong_ip_port_logging.vtc under load
BUG/MINORpatterndo not leave a leading comma on set error messages
BUG/MINORpatternpat_ref_set: return 0 if err was found
BUG/MINORpatternpat_ref_set: fix UAF reported by coverity
BUG/MINORproto_uxstdelete fd from fdtab if listen() fails
BUG/MINORproto_tcpdelete fd from fdtab if listen() fails
BUG/MINORtraceautomatically start in waiting mode with "start <evt>"
BUG/MINORfcgi-apphandle a possible strdup() failure
BUG/MEDIUMh2Only report early HTX EOM for tunneled streams
BUG/MEDIUMcliAlways release back endpoint between two commands on the mcli
BUG/MEDIUMstreamPrevent mux upgrades if client connection is no longer ready
BUG/MINORcliAtomically inc the global request counter between CLI commands
BUG/MEDIUMspoeBe sure to create a SPOE applet if none on the current thread
MEDIUMsslinitialize the SSL stack explicitely

#2024/07/03 : 2.4r1 (1.0.0-294.1346)

BUG/MAJORserverdo not delete srv referenced by session
MINORsessionrename private conns elements
BUG/MINORhluareport proper context upon error in hlua_cli_io_handler_fct()
SCRIPTSgit-show-backportsdo not truncate git-show output
DOCconfigurationfix alphabetical order of bind options
DOCmanagementrename show stats domain cli dns to resolvers
DOC/MINORmanagementadd missed -dR and -dv options
BUG/MINORcfgparseremove the correct option on httpcheck send-state warning
BUG/MEDIUMclifix cli_output_msg() regression
CIscriptsfix build of vtest regarding option -C
CIintroduce scripts/build-vtest.sh for installing VTest
BUG/MINORhaproxyonly tid 0 must not sleep if got signal
BUG/MAJORconnectionfix server used_conns with H2 + reuse safe
BUG/MEDIUMhttp_anaignore NTLM for reuse aggressive/always and no H1
BUG/MEDIUMsslwrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
CLEANUPhluasimplify ambiguous lua_insert() usage in hlua_ctx_resume()
BUG/MINORhluaprevent LJMP in hlua_traceback()
MINORhluadon't dump empty entries in hlua_traceback()
BUG/MINORhluafix unsafe hlua_pusherror() usage
BUG/MINORhluadon't use lua_pushfstring() when we don't expect LJMP
CLEANUPhluause hlua_pusherror() where relevant
BUG/MINORtoolsfix possible null-deref in env_expand() on out-of-memory
BUG/MINORtcpcheckreport correct error in tcp-check rule parser
BUG/MINORactivityfix Delta_calls and Delta_bytes count
BUG/MINORssl/ocspinit callback func ptr as NULL
BUILDfderrno is also needed without poll()
BUG/MINORserverDon't reset resolver options on a new default-server line
BUG/MINORconnectionparse PROXY TLV for LOCAL mode
CLEANUPssl/cliremove unused code in dump_crtlist_conf
BUG/MINORstatsDon't state the 303 redirect response is chunked
BUG/MINORhtpp-ana/statsSpecify that HTX redirect messages have a C-L header
BUG/MEDIUMfdprevent memory waste in fdtab array
BUILDstick-tablesbetter mark the stktable_data as 32-bit aligned
BUG/MEDIUMstick-tablesproperly mark stktable_data as packed
BUG/MEDIUMhtxmark htx_sl as packed since it may be realigned
BUG/MINORh1fix detection of upper bytes in the URI
BUG/MINORbackenduse cum_sess counters instead of cum_conn
BUG/MINORfdmy_closefrom() on Linux could skip contiguous series of sockets
BUG/MINORsockhandle a weird condition with connect()
BUG/MEDIUMcacheVary not working properly on anything other than accept-encoding
BUG/MEDIUMevportsdo not clear returned events list on signal
BUG/MEDIUMstconnDon't forward channel data if input data must be filtered
CIrevert kernel addr randomization introduced in 3a0fc864
BUG/MEDIUMpeers/tracefix crash when listing event types
BUG/MEDIUMhttp-anaDeliver 502 on keep-alive for fressh server connection
BUG/MINORloginvalid snprintf() usage in sess_build_logline()
BUG/MINORtools/loginvalid encode_{chunk,string} usage
BUG/MINORlogfix lf_text_len() truncate inconsistency
BUG/MEDIUMcliWarn if pipelined commands are delimited by a \n
MINORcliRemove useless loop on commands to find unescaped semi-colon
BUG/MEDIUMclifix once for all the problem of missing trailing LFs
BUG/MEDIUMthread/schedset proper scheduling context upon ha_set_tid()
BUG/MINORproxyfix logformat expression leak in use_backend rules

#2024/04/05 : 2.4r1 (1.0.0-292.1293)

BUG/MEDIUMhluastreams don't support mixing lua-load with lua-load-per-thread (2nd try)
MINORhluause accessors for stream hlua ctx
DEBUGluaprecisely identify if stream is stuck inside lua or not
DOCconfigRemove httpclient.timeout.connect parameter
DOChttpclientadd dedicated httpclient section
BUG/MINORistonly store NUL byte on succeeded alloc
BUG/MINORbackendproperly handle redispatch 0
BUG/MINORserverignore 'enabled' for dynamic servers
BUG/MINORserver'source' interface ignored from 'default-server' directive
BUG/MEDIUMmux-fcgiProperly handle EOM flag on end-of-trailers HTX block
BUG/MINORsessionensure conn owner is set after insert into session
BUG/MEDIUMspoeReturn an invalid frame on recv if size is too small
CItemporarily adjust kernel entropy to work with ASAN/clang
BUG/MINORspoeBe sure to be able to quickly close IDLE applets on soft-stop
BUG/MEDIUMspoeDon't rely on stream's expiration to detect processing timeout
BUG/MINORlistenerDon't schedule frontend without task in listener_release()
BUG/MINORlistenerWake proxy's mngmt task up if necessary on session release
BUG/MINORsslfix possible ctx memory leak in sample_conv_aes_gcm()
DOCconfigurationclarify ciphersuites usage (V2)
BUG/MINORcfgparsereport proper location for log-format-sd errors
BUG/MAJORhluaimproper lock usage with hlua_ctx_resume()
BUG/MEDIUMhluaimproper lock usage with SET_SAFE_LJMP()
BUG/MINORhluadon't use lua_tostring() from unprotected contexts
BUG/MINORhluafix unsafe lua_tostring() usage with empty stack
BUG/MINORtoolsseed the statistical PRNG slightly better
MINORhluaBe able to disable logging from lua
BUG/MINORhluaFix log level to the right value when set via TXN:set_loglevel
DOCconfigurationclarify ciphersuites usage
BUG/MINORssl/cliduplicate cleaning code in cli_parse_del_crtlist
BUG/MINORistallocate nul byte on istdup
BUG/MEDIUMhluaDon't loop if a lua socket does not consume received data
DEVmakefilefix POSIX compatibility for range target
DEVmakefileadd a new range target to iteratively build all commits
CIUpdate to actions/cache@v4
DOCinternalupdate missing data types in peers-v2.0.txt
DOCinstallrecommend pcre2
DOCconfigurationclarify http-request wait-for-body
BUILDaddress a few remaining calloc(size, n) cases
BUG/MINORsslClear the ckch instance when deleting a crt-list line
BUG/MAJORssl_sockAlways clear retry flags in read/write functions
BUG/MEDIUMh1always reject the NUL character in header values
BUG/MEDIUMh1Don't support LF only to mark the end of a chunk size
BUG/MINORh1Don't support LF only at the end of chunks
BUG/MINORh1-htxproperly initialize the err_pos field
BUG/MEDIUMpoolfix rare risk of deadlock in pool_flush()
BUG/MINORvars/clifix missing LF after get var output
BUG/MEDIUMclisome err/warn msg dumps add LR into CSV output on stat's CLI

#2024/01/17 : 2.4r1 (1.0.0-291.1246)

BUG/MEDIUMspoeNever create new spoe applet if there is no server up
BUG/MEDIUMstconnForward shutdown on write timeout only if it is forwardable
DOCconfigUpdate documentation about local haproxy response
BUG/MEDIUMmux-h2Report too large HEADERS frame only when rxbuf is empty
DOCconfigurationtypo req.ssl_hello_type
BUG/MEDIUMconnectionreport connection errors even when no mux is installed
BUG/MINORsockmark abns sockets as non-suspendable and always unbind them

#2023/12/14 : 2.4r1 (1.0.0-290.1239)

BUG/MINORstartupset GTUNE_SOCKET_TRANSFER correctly
BUG/MEDIUMpatterndon't trim pools under lock in pat_ref_purge_range()
BUG/MINORcacheRemove incomplete entries from the cache when stream is closed
DOCClarify the differences between field() and word()
BUG/MINORsampleMake the `word` converter compatible with `-m found`
REGTESTSsampleTest the behavior of consecutive delimiters for the field converter
DOCconfigadd matrix entry for max-session-srv-conns
DOCconfigspecify supported sections for max-session-srv-conns
BUG/MINORconfigStopped parsing upon unmatched environment variables
DOCluafix Proxy.get_mode() output
DOCluaadd sticktable class reference from Proxy.stktable
REGTESTSconnectiondisable http_reuse_be_transparent.vtc if !TPROXY
DOC51dupdated 51Degrees repo URL for v3.2.10
BUG/MINORserverdo not leak default-server in defaults sections
REGTESTShttpadd a test to validate chunked responses delivery
BUG/MINORproxy/stktablemissing frees on proxy cleanup
MINORstktableadd stktable_deinit function
BUG/MINORstream/clireport correct stream age in show sess
BUG/MEDIUMmux-fcgifail earlier on malloc in takeover()
BUG/MEDIUMmux-h1fail earlier on malloc in takeover()
BUG/MEDIUMmux-h2fail earlier on malloc in takeover()
BUG/MINORstconnUse HTX-aware channel's functions to get info on buffer
BUG/MINORstconnFix streamer detection for HTX streams
MINORchannelAdd functions to get info on buffers and deal with HTX streams
MINORhtxUse a macro for overhead induced by HTX
BUG/MEDIUMstreamDon't call mux .ctl() callback if not implemented
REGTESTShttpImprove script testing abortonclose option
BUG/MEDIUMstreamProperly handle abortonclose when set on backend only
MEDIUMmux-h1Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
MINORconnectionAdd a CTL flag to notify mux it should wait for reads again
BUG/MINORstconnHandle abortonclose if backend connection was already set up
DOCconfiguse the word 'backend' instead of 'proxy' in 'track' description
DOCmanagement-q is quiet all the time
BUG/MINORmux-h1Properly handle http-request and http-keep-alive timeouts
BUG/MINORstick-table/cliCheck for invalid ipv4 key
CLEANUPhtxProperly indent htx_reserve_max_data() function
BUG/MINORcfgparse/stktablefix error message on stktable_init() failure
BUG/MINORstktablemissing free in parse_stick_table()
BUG/MINORtcpcheckReport hexstring instead of binary one on check failure
BUG/MEDIUMsslsegfault when cipher is NULL
BUG/MINORsslsuboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
BUG/MINORmux-h2update tracked counters with req cnt/req err
BUG/MINORmux-h2commit the current stream ID even on reject
BUG/MEDIUMpeersBe sure to always refresh recconnect timer in sync task
BUG/MEDIUMmux-h2Don't report an error on shutr if a shutw is pending
BUG/MINORmux-h2make up other blocked streams upon removal from list
BUG/MEDIUMactionsalways apply a longest match on prefix lookup
BUILDsslbuggy -Werror=dangling-pointer since gcc 13.0
BUG/MINORdebugenter ha_panic() only once
BUG/MEDIUMlistener/proxyfix listeners notify for proxy resume (2nd try)

#2023/10/10 : 2.4r1 (1.0.0-289.1189)

#2023/10/04 : 2.4r1 (1.0.0-288.1189)

MINORhapeeUpdate list of backported commit
MINORpatternfix pat_{parse,match}_ip() function comments
BUG/MINORserveradd missing free for server->rdr_pfx
BUG/MAJORmux-h2Report a protocol error for any DATA frame before headers
BUG/MINORfreq_ctrfix possible negative rate with the scaled API
BUG/MINORpromexfix backend_agg_check_status
BUG/MEDIUMmux-fcgiDon't swap trash and dbuf when handling STDERR records
BUG/MINORhlua/initcoroutine may not resume itself
BUG/MEDIUMhluadon't pass stale nargs argument to lua_resume()
BUG/MEDIUMhluastreams don't support mixing lua-load with lua-load-per-thread
MINORhluaadd hlua_stream_ctx_prepare helper function
CIUpdate to actions/checkout@v4
BUG/MINORhlua/actionincorrect message on E_YIELD error
BUG/MEDIUMstconn/streamForward shutdown on write timeout
BUG/MEDIUMstconnWake applets on sending path if there is a pending shutdown
DOCluafix core.register_action typo
BUG/MINORhlua_fcnpotentially unsafe stktable_data_ptr usage
BUILDMakefileadd the USE_QUIC option to make help
SCRIPTSgit-show-backportsautomatic ref and base detection with -m
BUG/MINORstktableallow sc-set-gpt(0) from tcp-request connection
BUG/MINORhluafix invalid use of lua_pop on error paths
BUG/MEDIUMdnsBe sure to unlock DSS when existing dns_session_io_handler()

#2023/09/27 : 2.4r1 (1.0.0-288.1167)

MEDIUMserver/sslpick another thread's session when we have none yet
MINORserver/sslclear the shared good session index on failure
MINORserver/sslmaintain an index of the last known valid SSL session
MEDIUMserver/sslplace an rwlock in the per-thread ssl server session
BUG/MINORssl_sockfix possible memory leak on OOM
MEDIUMssl_sockalways use the SSL's server name, not the one from the tid
CLEANUPsslkeep a pointer to the server in ssl_sock_init()
DOCssladd some comments about the non-obvious session allocation stuff
MINORssl_sockavoid iterating realloc(+1) on stored context

#2023/08/16 : 2.4r1 (1.0.0-288.1158)

BUG/MINORhttpskip leading zeroes in content-length values
DOCclarify the handling of URL fragments in requests
REGTESTShttp-rulesverify that we block '#' by default for normalize-uri
BUG/MINORh2reject more chars from the :path pseudo header
BUG/MINORh1do not accept '#' as part of the URI component
REGTESTShttp-rulesadd accept-invalid-http-request for normalize-uri tests
MINORh2pass accept-invalid-http-request down the request parser
MINORhttpadd new function http_path_has_forbidden_char()
MINORistadd new function ist_find_range() to find a character range
BUG/MAJORhttpreject any empty content-length header value
BUG/MAJORhttp-anaGet a fresh trash buffer for each header value replacement
BUG/MINORchunkfix chunk_appendf() to not write a zero if buffer is full
DOCconfigurationdescribe Td in Timing events
BUG/MEDIUMlistenerAcquire proxy's lock in relax_listener() if necessary
BUG/MINORh1-htxReturn the right reason for 302 FCGI responses
BUG/MINORhluaadd check for lua_newstate
CIexplicitely highlight VTest result section if there's something
BUG/MINORhttpReturn the right reason for 302
BUG/MINORsampleFix wrong overflow detection in add/sub conveters
BUG/MINORhluahlua_yieldk ctx argument should support pointers
BUG/MINORconfigRemove final '\n' in error messages
BUG/MINORsink/logproperly deinit srv in sink_new_from_logsrv()
BUG/MINORsinkfix errors handling in cfg_post_parse_ring()
BUG/MINORsinkinvalid sft free in sink_deinit()
BUG/MINORlogfree errmsg on error in cfg_parse_log_forward()
BUG/MINORlogfix multiple error paths in cfg_parse_log_forward()
BUG/MINORlogfix missing name error message in cfg_parse_log_forward()
BUG/MEDIUMlogimproper use of logsrv->maxlen for buffer targets
MINORsink/apipass explicit maxlen parameter to sink_write()
BUG/MINORlogLF upsets maxlen for UDP targets
BUG/MINORringmaxlen warning reported as alert
BUG/MINORringsize warning incorrectly reported as fatal error
BUG/MINORsinkmissing sft free in sink_deinit()
BUG/MEDIUMsinkinvalid server list in sink_new_from_logsrv()
BUG/MINORcacheA 'max-age=0' cache-control directive can be overriden by a s-maxage
BUG/MINORtcp_samplebc_{dst,src} return IP not INT
BUILDdebugavoid a build warning related to epoll_wait() in debug code
DOCAdd tune.h2.max-frame-size option to table of contents
BUG/MEDIUMmworkerincrease maxsock with each new worker
BUG/MINORnamespacemissing free in netns_sig_stop()
BUG/MINORserverinherit from netns in srv_settings_cpy()
BUG/MEDIUMhluaprevent deadlocks with main lua lock
MINORhluasimplify lua locking
BUG/MINORhluafix reference leak in hlua_post_init_state()
BUG/MINORhluafix reference leak in core.register_task()
MINORhluaadd simple hlua reference handling API
CLEANUPRemove unused function hlua_get_top_error_string
MINORluaAdd a function to get a reference on a table in the stack
MINORproto_uxability to dump ABNS names in error messages
MEDIUMproto_uxproperly suspend named UNIX listeners
BUG/MEDIUMlistener/proxyfix listeners notify for proxy resume
MINORlistenerpause_listener() becomes suspend_listener()
BUG/MEDIUMresume from LI_ASSIGNED in default_resume_listener()
BUG/MINORlistenerfix resume_listener() resume return value handling
BUG/MEDIUMlistenerfix pause_listener() suspend return value handling
MINORlistenermake sure we don't pause/resume bypassed listeners
MINORlistenerworkaround for closing a tiny race between resume_listener() and stopping
MINORlisteneradd relax_listener() function
MINORlistener/apiadd lli hint to listener functions
BUG/MINORlistenernull pointer dereference suspected by coverity
CLEANUPlistenerfunction comment typo in stop_listener()
MINORproto_uxstadd resume method
BUG/MINORproxyadd missing interface bind free in free_proxy
BUG/MINORcfgparse-tcpleak when re-declaring interface from bind line

#2023/06/09 : 2.4r1 (1.0.0-288.1094)

#2023/06/06 : 2.4r1 (1.0.0-286.1094)

BUG/MINORspoeOnly skip sending new frame after a receive attempt
CONTRIBAdd vi file extensions to .gitignore
DOCconfigFix bind/server/peer documentation in the peers section
BUG/MINORhttp_rulesfix errors paths in http_parse_redirect_rule()
MINORproxyadd http_free_redirect_rule() function

#2023/05/26 : 2.4r1 (1.0.0-286.1089)

BUG/MEDIUMfiltersDon't deinit filters for disabled proxies during startup
CIcirrus-cibump FreeBSD image to 13-1
BUG/MINORserverdon't use date when restoring last_change from state file
BUG/MINORserverdon't miss server stats update on server state transitions
BUG/MINORserverdon't miss proxy stats update on server state transitions
MINORserverexplicitly commit state change in srv_update_status()
BUG/MINORserverincorrect report for tracking servers leaving drain
BUILDsslswitch LibreSSL to Fastly CDN
CIswitch to Fastly CDN to download LibreSSL
BUG/MEDIUMspoeDon't start new applet if there are enough idle ones
BUG/MINORdebugdo not emit empty lines in thread dumps
BUILDmjsonFix warning about unused variables
MINORspoeDon't stop disabled proxies
BUG/MINORproxymissing free in free_proxy for redirect rules
BUG/MINORlogfix memory error handling in parse_logsrv()
SCRIPTSpublish-releaseupdate the umask to keep group write access
BUG/MINORhluaunsafe hlua_lua2smp() usage
DOC/MINORconfigFix typo in description for `ssl_bc` in configuration.txt
DOCadd size format section to manual
DOCconfigClarify conditions to shorten the inspect-delay for TCP rules
BUG/MINORtcp-rulesDon't shortened the inspect-delay when EOI is set

#2023/05/17 : 2.4r1 (1.0.0-286.1068)

BUG/MINORclockfix the boot time measurement method for 2.6 and older
BUG/MINORcheckspostpone the startup of health checks by the boot time
MINORclockmeasure the total boot time
MINORchecksmake sure spread-checks is used also at boot time

#2023/04/24 : 2.4r1 (1.0.0-286.1064)

MINORhappeupdate backported and dropped files
BUG/MINORmux-h2make sure to produce a log on invalid requests
BUG/MEDIUMUpdate read expiration date on synchronous send
BUG/MEDIUMproxy/sktableprevent watchdog trigger on soft-stop
BUG/MINORcfgparsemake sure to include openssl-compat
CLEANUPbackendRemove useless debug message in assign_server()
BUG/MEDIUMlogProperly handle client aborts in syslog applet
REGTESTSfix the race conditions in log_uri.vtc
CIbump actions/checkout to v3 for cross zoo matrix
BUG/MINORstick_tablealert when type len has incorrect characters
BUG/MEDIUMresolversForce the connect timeout for DNS resolutions
CLEANUPhluafix conflicting comment in hlua_ctx_destroy()
BUG/MINORhluaenforce proper running context for register_x functions
BUG/MINORlogfree log forward proxies on deinit()
BUG/MINORsinkfree forward_px on deinit()
BUG/MEDIUMdnsProperly handle error when a response consumed
BUG/MEDIUMchannelImprove reports for shut in co_getblk()
DOCconfigstrict-sni allows to start without certificate
MINORproxy/poolprevent unnecessary calls to pool_gc()
BUILDdaextends CFLAGS to support API v3 from 3.1.7 and onwards.
BUG/MEDIUMmux-h1Wakeup H1C on shutw if there is no I/O subscription
BUG/MEDIUMmux-h2erase h2c->wait_event.tasklet on error path
BUG/MEDIUMconnectionPreserve flags when a conn is removed from an idle list
BUG/MEDIUMconnectionClear flags when a conn is removed from an idle list
BUG/MINORsock_unixmatch finalname with tempname in sock_unix_addrcmp()
BUG/MINORprotocolfix minor memory leak in protocol_bind_all()
BUG/MINORproto_uxreport correct error when bind_listener fails
BUG/MEDIUMspoeDon't set the default traget for the SPOE agent frontend
BUG/MEDIUMlistenerduplicate inherited FDs if needed
BUG/MINORmux-h2make sure the h2c task exists before refreshing it
DOC/CLEANUPfix typos
BUG/MINORinitmake sure to always limit the total number of threads
BUG/MINORinitproperly detect NUMA bindings on large systems
BUG/MINORsslUse 'date' instead of 'now' in ocsp stapling callback
BUG/MINORhttp-anaDo a L7 retry on read error if there is no response
BUG/MINORhttp-checkSkip C-L header for empty body when it's not mandatory
BUG/MINORhttp-checkDon't set HTX_SL_F_BODYLESS flag with a log-format body
DOCconfigClarify the meaning of 'hold' in the 'resolvers' section
DOCconfigAdd the missing tune.fail-alloc option from global listing
DOCconfigFix description of options about HTTP connection modes
BUG/MINORringdo not realign ring contents on resize
BUG/MINORcacheCheck cache entry is complete in case of Vary
BUG/MINORcacheCache response even if request has no-cache directive
BUG/MINORmworkerprevent incorrect values in uptime
BUG/MEDIUMschedallow a bit more TASK_HEAVY to be processed when needed
BUG/MINORschedproperly report long_rq when tasks remain in the queue
MINORstartupHAPROXY_STARTUP_VERSION contains the version used to start
BUG/MEDIUMmworkerdon't register mworker_accept_wrapper() when master FD is wrong
BUG/MINORmworkerstop doing strtok directly from the env
BUG/MINORsslssl-(min|max)-ver parameter not duplicated for bundles in crt-list
DEVhpackfix `trash` build regression
CIgithubdon't warn on deprecated openssl functions on windows
BUG/MEDIUMhttpclient/luafix a race between lua GC and hlua_ctx_destroy
BUG/MINORlua/httpclientmissing free in hlua_httpclient_send()

#2023/02/13 : 2.4r1 (1.0.0-285.1010)

BUG/CRITICALhttpproperly reject empty http header field names
BUG/MEDIUMstconnSchedule a shutw on shutr if data must be sent first
DOCproxy-protocolfix wrong byte in provided example
DOCconfig'http-send-name-header' option may be used in default section
DOCconfigfix option spop-check proxy compatibility
BUG/MEDIUMcacheuse the correct time reference when comparing dates
BUG/MEDIUMstick-tabledo not leave entries in end of window during purge
BUG/MINORssl/crt-listwarn when a line is malformated
BUG/MEDIUMsslwrong eviction from the session cache tree
BUG/MINORfcgi-appprevent 'use-fcgi-app' in default section
BUG/MINORsinkfree the forwarding task on exit

#2023/02/08 : 2.4r1 (1.0.0-284.999)

#2023/01/23 : 2.4r1 (1.0.0-282.999)

BUG/MINORsslFix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)

#2023/01/21 : 2.4r1 (1.0.0-282.998)

MINORhapeeupdate backported file
BUG/MEDIUMhttpclient/luadouble LIST_DELETE on end of lua task
BUG/MINORjwtWrong return value checked
BUG/MEDIUMjwtProperly process ecdsa signatures (concatenated R and S params)
BUILDhpackinclude global.h for the trash that is needed in debug mode
BUG/MINORmux-h2add missing traces on failed headers decoding
BUG/MINORlistenerclose tiny race between resume_listener() and stopping
DOCconfigfix Address formats chapter syntax
BUG/MINORmux-fcgiCorrectly set pathinfo
DOCconfigfix aliases for protocol prefixes udp4@ and udp6@
DOCconfigfix wrong section number for protocol prefixes
BUG/MINORlistenersfix suspend/resume of inherited FDs
BUG/MINORhttp-anamake set-status also update txn->status
BUG/MINORhttp-fetchDon't block HTTP sample fetch eval in HTTP_MSG_ERROR state
BUG/MINORhttp-anaReport SF_FINST_R flag on error waiting the request body
BUG/MINORpromexDon't forget to consume the request on error
BUG/MINORresolversWait the resolution execution for a do_resolv action
BUG/MINORh1-htxRemove flags about protocol upgrade on non-101 responses
CLEANUPhtxfix a typo in an error message of http_str_to_htx
BUG/MINORhttpMemory leak of http redirect rules' format string
REGTESTfix the race conditions in hmac.vtc
REGTESTfix the race conditions in digest.vtc
REGTESTfix the race conditions in json_query.vtc
BUG/MAJORbufFix copy of wrapping output data when a buffer is realigned
BUG/MINORhttp-fetchOnly fill txn status during prefetch if not already set
BUILDmakefilesort the features list
BUILDmakefilebuild the features list dynamically
BUG/MINORpool/statsUse ullong to report total pool usage in bytes in stats
BUG/MEDIUMmux-h2Refuse interim responses with end-stream flag set
BUG/MINORsslFix memory leak of find_chain in ssl_sock_load_cert_chain
LICENSEwurflclarify the dummy library license.
BUG/MEDIUMresolversUse tick_first() to update the resolvers task timeout
REGTESTSstartupcheck maxconn computation
REGTESTSfix the race conditions in iff.vtc
BUG/MAJORfcgiFix uninitialized reserved bytes
DOCpromexAdd missing backend metrics
MINORpromexintroduce haproxy_backend_agg_check_status
BUG/MINORpromexcreate haproxy_backend_agg_server_status
BUG/MEDIUMmworkerfix segv in early failure of mworker mode with peers
BUG/MINORsslFix potential overflow
BUG/MEDIUMsslVerify error codes can exceed 63
BUG/MINORresolversDon't wait periodic resolution on healthcheck failure

#2022/12/27 : 2.4r1 (1.0.0-280.956)

#2022/12/16 : 2.4r1 (1.0.0-279.956)

BUILDpeerspeers-t.h depends on stick-table-t.h
BUG/MINORhapee/modulesmake sure generated includes and structs are sorted
MINORhapee/modulescheck if we generate the API hash correctly

#2022/12/15 : 2.4r1 (1.0.0-279.953)

BUG/MINORhapee/modulesadjust include match() in gen-modules-config-h.awk

#2022/12/09 : 2.4r1 (1.0.0-279.952)

CIgithubchange ubuntu-latest to ubuntu-20.04
BUG/MEDIIMstconnFlush output data before forwarding close to write side
SCRIPTSannounce-releaseadd a link to the data plane API
DOCconfigclarify the -m dir and -m dom pattern matching methods
DOCconfigclarify the fact that retries is not just for connections
DOCconfigexplain how default matching method for ACL works
DOCconfigmention that a single monitor-uri rule is supported
DOCconfigclarify the fact that SNI should not be used in HTTP scenarios
DOCconfigprovide some configuration hints for http-reuse

#2022/11/29 : 2.4r1 (1.0.0-279.940)

BUG/MINORmux-h1Fix handling of 408-Request-Time-Out
BUILDhttp-htxSilent build error about a possible NULL start-line
BUG/MINORhttp-htxDon't consider an URI as normalized after a set-uri action
BUG/MINORlogfix parse_log_message rfc5424 size check
BUG/MINORcfgparse-listenfix ebpt_next_dup pointer dereference on proxy from inheritance
BUILDlistenerfix build warning on global_listener_rwlock without threads
BUG/MINORserver/idleat least use atomic stores when updating max_used_conns
BUILDpeersRemove unused variables
BUG/MEDIUMpeersmessages about unkown tables not correctly ignored
BUG/MINORssldon't initialize the keylog callback when not required
BUG/MINORhttp_ana/txndon't re-initialize txn and req var lists
BUG/MEDIUMlistenerFix race condition when updating the global mngmt task
BUG/MINORpool/cliuse ullong to report total pool usage in bytes
BUG/MEDIUMringfix creation of server in uninitialized ring
DOCconfigfix alphabetical ordering of global section
REG-TESTScacheRemove T-E header for 304-Not-Modified responses
BUG/MINORmux-h1Do not send a last null chunk on body-less answers
BUG/MEDIUMmux-fcgiAvoid value length overflow when it doesn't fit at once
BUG/MINORmux-fcgiBe sure to send empty STDING record in case of zero-copy
BUG/MINORresolversSet port before IP address when processing SRV records
BUG/MINORhttp-htxFix error handling during parsing http replies
BUG/MEDIUMwdt/clockproperly handle early task hangs
CIemit the compiler's version in the build reports
CIswitch to the latest LibreSSL
BUG/MINORsslocsp structure not freed properly in case of error
BUG/MINORsslMemory leak of AUTHORITY_KEYID struct when loading issuer
CIadd monthly gcc cross compile jobs
BUG/MINORlogfixing bug in tcp syslog_io_handler Octet-Counting
BUG/MEDIUMstick-tablefix a race condition when updating the expiration task

#2022/10/26 : 2.4r1 (1.0.0-279.911)

MINORhapeeupdate backported file
DOCluaadd a note about compression w/ httpclient
REGTESTShttpclient/luatest the lua task timeout with the httpclient
BUG/MEDIUMhttpclientcheck if the httpclient was released in the IO handler
BUG/MEDIUMhttpclient/luacrash when the lua task timeout before the httpclient
MINORhttpclient/luaDon't set req_payload callback if body is empty
BUG/MAJORstick-tabledon't process store-response rules for applets
DOCmanagementadd forgotten show startup-logs
BUG/MINORstick-tableUse server_id instead of std_t_sint in process_store_rules()
CISSLtemporarily stick to LibreSSL=3.5.3
CISSLuse proper version generating when latest semantic is used
BUG/MINORsinkSet default connect/server timeout for implicit ring buffers
BUG/MINORsinkOnly use backend capability for the sink proxies
BUG/MEDIUMcompressionhandle rewrite errors when updating response headers
BUG/MINORringProperly parse connect timeout
BUG/MINORlogPreserve message facility when the log target is a ring buffer
CIReplace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition
CIReplace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py
BUG/MINORservermake sure show servers state hides private bits
BUG/MAJORstick-tablesdo not try to index a server name for applets
DOCconfigurationmissing 'if' in tcp-request content example
BUG/MINORbackendonly enforce turn-around state when not redispatching
BUG/MINORsmtpchkSMTP Service check should gracefully close SMTP transaction
MINORsmtpchkUpdate expect rule to fully match replies to EHLO commands
BUG/MINORmux-h1Account consumed output data on synchronous connection error
BUILDhttp_fetchsilence an uninitiialized warning with gcc-4/5/6 at -Os
BUG/MINORhttp-fetchUpdate method after a prefetch in smp_fetch_meth()
BUILDh1silence an initiialized warning with gcc-4.7 and -Os
BUG/MEDIUMluahandle stick table implicit arguments right.
BUG/MEDIUMluaDon't crash in hlua_lua2arg_check on failure
DOCconfigFix pgsql-check documentation to make user param mandatory
BUG/MINORchecksupdate pgsql regex on auth packet
BUG/MEDIUMresolversRemove aborted resolutions from query_ids tree
REGTESTS4be_1srv_smtpchk_httpchk_layer47errorsReturn valid SMTP replies

#2022/09/20 : 2.4r1 (1.0.0-279.877)

BUG/MINORlogimproper behavior when escaping log data
SCRIPTSannounce-releaseupdate some URLs to https
BUILDfdfix a build warning on the DWCAS
BUG/MEDIUMcapturesfree() an error capture out of the proxy lock
DOCfix TOC in starter guide for subsection 3.3.8. Statistics
REGTESTSssl/logtest the log-forward with SSL
BUG/MEDIUMsinkbad init sequence on tcp sink from a ring.
REGTESTSlogtest the log-forward feature
REGTESTShealthcheckmailRelax matching on the healthcheck log message
BUG/MINORstatsfixing stat shows disabled frontend status as 'OPEN'
MINORlistenersmall API change
BUG/MEDIUMproxyensure pause_proxy() and resume_proxy() own PROXY_LOCK
CIcirrus-cibump FreeBSD image to 13-1
BUG/MINORsignals/pollerensure wakeup from signals
BUG/MINORsignals/pollerset the poller timeout to 0 when there are signals
BUG/MINORtaskalways reset a new tasklet's call date
BUG/MINORh1Support headers case adjustment for TCP proxies
BUILDmakefileenable crypt(3) for NetBSD

#2022/09/15 : 2.4r1 (1.0.0-279.859)

BUG/MINORregexProperly handle PCRE2 lib compiled without JIT support
BUG/MINORmux-fcgifix the show fd dest buffer for the subscriber
BUG/MINORmux-h1fix the show fd dest buffer for the subscriber
BUG/MINORmux-h2fix the show fd dest buffer for the subscriber
BUG/MEDIUMmux-h1always use RST to kill idle connections in pools
REGTESTShttp_request_bufferAdd a barrier to not mix up log messages
BUG/MEDIUMmux-h1do not refrain from signaling errors after end of input

#2022/08/30 : 2.4r1 (1.0.0-279.852)

BUG/MINORtcpcheckDisable QUICKACK for default tcp-check (with no rule)
BUG/MINORhluaRely on CF_EOI to detect end of message in HTTP applets
BUG/MEDIUMpeersDon't start resync on reload if local peer is not up-to-date
BUG/MEDIUMpeersDon't use resync timer when local resync is in progress
BUG/MEDIUMpeersAdd connect and server timeut to peers proxy
BUG/MEDIUMspoeProperly update streams waiting for a ACK in async mode
DOCconfigurationdo-resolve doesn't work with a port in the string
REGTESTSFix prometheus script to perform HTTP health-checks
BUG/MINORtcpcheckDisable QUICKACK only if data should be sent after connect
BUG/MINORresolversreturn the correct value in resolvers_finalize_config()
BUG/MAJORmworkerfix infinite loop on master with no proxies.
BUG/MAJORlog-forwardFix log-forward proxies not fully initialized
BUG/MEDIUMmux-h2do not fiddle with ->dsi to indicate demux is idle
BUG/MEDIUMhttp-anafix crash or wrong header deletion by http-restrict-req-hdr-names

#2022/08/17 : 2.4r1 (1.0.0-278.838)

MINORhapeeupdate backported file with pool-related stuff
MINORchunkinline alloc_trash_chunk()
MINORpools/memprofstore and report the pool's name in each bin
MINORpool/memprofreport pool alloc/free in memory profiling
MINORmemprofexport the minimum definitions for memory profiling
MINORpoolspartially uninline pool_alloc()
MINORpoolspartially uninline pool_free()

#2022/08/12 : 2.4r1 (1.0.0-277.831)

BUILDhttpsilence an uninitialized warning affecting gcc-5
BUG/MEDIUMringfix too lax 'size' parser
BUILDdebugsilence warning on gcc-5
BUG/MEDIUMtaskrelax one thread consistency check in task_unlink_wq()
BUG/MEDIUMpolleruse fd_delete() to release the poller pipes
BUILDcfgparsealways defined _GNU_SOURCE for sched.h and crypt.h
BUG/MINORsinkfix a race condition between the writer and the reader
BUG/MINORring/clifix a race condition between the writer and the reader
BUG/MEDIUMproxyPerform a custom copy for default server settings
REORGserverExport srv_settings_cpy() function
MINORserverConstify source server to copy its settings
BUG/MEDIUMdnsProperly initialize new DNS session
BUG/MINORpeersUse right channel flag to consider the peer as connected
BUG/MEDIUMpeerslimit reconnect attempts of the old process on reload
MINORpeersUse a dedicated reconnect timeout when stopping the local peer
BUG/MEDIUMpatternonly visit equivalent nodes when skipping versions
MINORebtreeadd ebmb_lookup_shorter() to pursue lookups

#2022/07/29 : 2.4r1 (1.0.0-277.814)

MINORhttp-htxUse new HTTP functions for the scheme based normalization
BUG/MEDIUMh1Improve authority validation for CONNCET request
MINORhttpAdd function to detect default port
MINORhttpAdd function to get port part of a host
HAPEEupdate backported HAPEE patches
MEDIUMhttpclientDon't close CLI applet at the end of a response
BUG/MEDIUMhttpclientRework CLI I/O handler to handle full buffer cases
BUG/MEDIUMhttpclientDon't remove HTX header blocks before duplicating them
BUG/MEDIUMmworkeruse default maxconn in wait mode
BUG/MINORsockpairwrong return value for fd_send_uxst()
BUG/MINORbackendFallback on RR algo if balance on source is impossible
BUILDadd detection for unsupported compiler models
BUG/MEDIUMmworkerproc_self incorrectly set crashes upon reload
REGTESTSFix some scripts to be compatible with 2.4 and prior
BUG/MINORtoolsfix statistical_prng_range()'s output range
BUG/MEDIUMtoolsavoid calling dlsym() in static builds (try 2)
BUILDmakefileFix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
BUG/MEDIUMtoolsavoid calling dlsym() in static builds
MEDIUMmworkerset the iocb of the socketpair without using fd_insert()
BUG/MEDIUMmux-h1Handle connection error after a synchronous send
BUG/MEDIUMhttp-anaDon't wait to have an empty buf to switch in TUNNEL state
BUG/MINORmux-h1Be sure to commit htx changes in the demux buffer
REGTEESTSfiltersFix CONNECT request in random-forwarding script
BUG/MEDIUMhttp-fetchDon't fetch the method if there is no stream
BUG/MINORhttp-htxFix scheme based normalization for URIs wih userinfo
BUG/MINORpeersfix possible NULL dereferences at config parsing
BUG/MINORhttp-actProperly generate 103 responses when several rules are used
BUG/MINORhttp-checkPreserve headers if not redefined by an implicit rule
BUG/MINORpeers/configalways fill the bind_conf's argument
MINORfdAdd BUG_ON checks on fd_insert()
CIre-enable gcc asan builds
BUILDMakefileAdd Lua 5.4 autodetect
BUG/MEDIUMssl/fdunexpected fd close using async engine
MINORfdadd a new FD_DISOWN flag to prevent from closing a deleted FD
BUG/MINORhttp-fetchUse integer value when possible in method sample fetch
BUG/MINORhttp-anaSet method to HTTP_METH_OTHER when an HTTP txn is created
BUG/MINORsslDo not look for key in extra files if already in pem
MEDIUMmux-h2try to coalesce outgoing WINDOW_UPDATE frames
BUG/MEDIUMssl/clicrash when crt inserted into a crt-list
BUG/MINORtcp-rulesMake action call final on read error and delay expiration
BUG/MINORcli/statsadd missing trailing LF after show info json
BUG/MINORserverdo not enable DNS resolution on disabled proxies
BUG/MINORcli/statsadd missing trailing LF after JSON outputs
REGTESTShealthcheckmailRelax health-check failure condition
REGTESTShealthcheckmailUpdate the test to be functionnal again
BUG/MINORchecksProperly handle email alerts in trace messages
BUG/MINORtraceTest server existence for health-checks to get proxy
BUG/MEDIUMmailersSet the object type for check attached to an email alert
BUILDcompilerimplement unreachable for older compilers too
REGTESTSrestrict_req_hdr_namesExtend supported versions
REGTESTShttp_abortoncloseExtend supported versions
BUG/MINORssl_ckchFix possible uninitialized value in show_cert I/O handler
BUG/MINORssl_ckchDump cert transaction only once if show command yield
REGTESTShttp_request_bufferIncrease client timeout to wait slow clients
REGTESTSabortoncloseAdd a barrier to not mix up log messages
MEDIUMhttp-anaAlways report rewrite failures as PRXCOND in logs
BUG/MEDIUMssl/crt-listRework 'add ssl crt-list' to handle full buffer cases
BUG/MEDIUMssl_ckchRework 'commit ssl cert' to handle full buffer cases
BUG/MINORssl_ckchDon't duplicate path when replacing a cert entry
BUG/MEDIUMssl_ckchDon't delete a cert entry if it is being modified
BUG/MINORssl_ckchFree error msg if commit changes on a cert entry fails
DOCintroadjust the numbering of paragrams to keep the output ordered

#2022/07/13 : 2.4r1 (1.0.0-276.752)

#2022/06/10 : 2.4r1 (1.0.0-274.752)

DOCpeersfix port number and addresses on new peers section format
DOCpeersclarify when entry expiration date is renewed.
DOCpeersindicate that some server settings are not usable
SCRIPTSmake publish-release try to launch make-releases-json
SCRIPTSadd make-releases-json to recreate a releases.json file in download dirs
REGTESTSDo not use REQUIRE_VERSION for HAProxy 2.5+ (2)
BUG/MEDIUMsampleFix adjusting size in word converter
BUG/MEDIUMpeersprevent unitialized multiple listeners on peers section
BUG/MEDIUMpeersfix segfault using multiple bind on peers sections
BUG/MEDIUMresolversDon't defer resolutions release in deinit function
BUG/MEDIUMhttpProperly reject non-HTTP/1.x protocols
BUG/MEDIUMtoolsFix `inet_ntop` usage in sa2str
CIdetermine actual OpenSSL version dynamically
BUILD/MINORcpuset fix build for FreeBSD 13.1
BUG/MINORpeersfix error reporting of bind lines
BUG/MINORcfgparseabort earlier in case of allocation error
BUG/MINORcheckReinit the buffer wait list at the end of a check
BUG/MEDIUMconfigReset outline buffer size on realloc error in readcfgfile()
REGTESTSabortoncloseFix some race conditions
BUG/MINORsslFix crash when no private key is found in pem
MINORtoolsadd get_exec_path implementation for solaris based systems.
BUILDfix build warning on solaris based systems with __maybe_unused.
MEDIUMhttp-anaAdd a proxy option to restrict chars in request header names
CIdetermine actual LibreSSL version dynamically

#2022/05/13 : 2.4r1 (1.0.0-272.728)

CLEANUPmux-h1Fix comments and error messages for global options
BUG/MEDIUMwdtdon't trigger the watchdog when p is unitialized
BUG/MINORconn_streamdo not confirm a connection from the frontend path
BUG/MINORserverMake SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
DOCinstallupdate gcc version requirements
BUG/MEDIUMsslfix the gcc-12 broken fix :-(
BUILDlistenershut report of possible null-deref in listener_accept()
BUILDdebugwork around gcc-12 excessive -Warray-bounds warnings
BUILDsslwork around bogus warning in gcc 12's -Wformat-truncation
CIdynamically determine actual version of h2spec
DOCfix typo ant for and in INSTALL
BUG/MINORmap/climake sure patterns don't vanish under show map's init
BUG/MINORmap/cliprotect the backref list during show map errors
BUG/MEDIUMclimake show cli sockets really yield
BUG/MEDIUMresolversmake show resolvers properly yield
BUG/MINORtcp/httprelease the expr of set-{src,dst}[-port]
DOCconfigUpdate doc for PR/PH session states to warn about rewrite failures
HAPEEupdate backported HAPEE patches
BUG/MINORhttphttp_auth_bearer fetch does not work on custom header name
BUG/MINORjwtMemory leak if same key is used in multiple jwt_verify calls
BUG/MINORjwtMissing pkey free during cleanup
BUG/MINORjwtDouble free in deinit function
BUG/MEDIUMsampleFix memory leak in sample_conv_jwt_member_query
BUG/MINORjwtFix jwt_parse_alg incorrectly returning JWS_ALG_NONE
MINORjwtMake invalid static JWT algorithms an error in `jwt_verify` converter
CLEANUPjwtRemove the use of a trash buffer in jwt_jwsverify_rsa_ecdsa()
CLEANUPjwtRemove the use of a trash buffer in jwt_jwsverify_hmac()
MINORjwtDo not rely on enum order anymore
MINORjwtjwt_verify returns negative values in case of error
MINORjwtEmpty the certificate tree during deinit
BUG/MEDIUMsample/jwtfix another instance of base64 error detection
DOCjwtfix a typo in the jwt_verify() keyword description
BUG/MINORjwtuse CRYPTO_memcmp() to compare HMACs
BUG/MEDIUMjwtfix base64 decoding error detection
BUILDjwtfix declaration of EVP_KEY in jwt-h.h
REGTESTSjwtAdd tests for the jwt_verify converter
MEDIUMjwtAdd jwt_verify converter to verify JWT integrity
MINORjwtjwt_header_query and jwt_payload_query converters
MINORjwtInsert public certificates into dedicated JWT tree
MINORjwtJWT tokenizing helper function
MINORjwtParse JWT alg field
MINORhttpAdd http_auth_bearer sample fetch

#2022/05/12 : 2.4r1 (1.0.0-272.686)

MINORmux-h2report a trace event when failing to create a new stream
BUG/MINORmux-h2mark the stream as open before processing it not after
BUG/MAJORdnsmulti-thread concurrency issue on UDP socket

#2022/05/05 : 2.4r1 (1.0.0-272.683)

HAPEEupdate backported HAPEE patches
BUG/MEDIUMhttpclientFix loop consuming HTX blocks from the response channel
BUG/MEDIUMmux-h1Be able to handle trailers when C-L header was specified
BUG/MEDIUMmux-fcgiBe sure to never set EOM flag on an empty HTX message
SCRIPTSannounce-releaseadd URL of dev packages
CIgithub actions: update LibreSSL to 3.5.2

#2022/05/02 : 2.4r1 (1.0.0-271.677)

HAPEEupdate backported HAPEE patches
MINORconnectionAdd way to disable active connection closing during soft-stop
BUG/MINORconnectionconnection:close header added despite 'close-spread-time'
MEDIUMglobalAdd a close-spread-time option to spread soft-stop on time window

#2022/04/29 : 2.4r1 (1.0.0-271.673)

BUG/MEDIUMhttp-anaFix memleak in redirect rules with ignore-empty option
BUG/MINORhttpclientend callback in applet release
BUILDopentracingFix OT build due to misuse of var_clear()
BUILDproto_uxstdo not set unused flag
BUILDsockpairdo not set unused flag
BUILDfdremove unused variable totlen in fd_write_frag_line()
CLEANUPaclRemove unused variable when releasing an acl expression
BUG/MINORpoolsmake sure to also destroy shared pools in pool_destroy_all()
BUG/MINORresolversFix memory leak in resolvers_deinit()
BUILDcompilerproperly distinguish weak and global symbols
REGTESTSfix the race conditions in be2dec.vtc ad field.vtc
MEDIUMqueueuse tasklet_instant_wakeup() to wake tasks
MINORtaskadd a new task_instant_wakeup() function
BUG/MINORrulesFix check_capture() function to use the right rule arguments
DOCremove my name from the config doc
BUG/MAJORconnectionNever remove connection from idle lists outside the lock
BUG/MINORcacheDisable cache if applet creation fails
SCRIPTSannounce-releaseadd shortened links to pending issues
DOCluaupdate a few doc URLs
SCRIPTSannounce-releaseupdate the doc's URL
BUG/MEDIUMcompressionDon't forget to update htx_sl and http_msg flags
BUG/MEDIUMfcgi-appUse http_msg flags to know if C-L header can be added
BUG/MEDIUMstreamdo not abort connection setup too early
BUILDcompileruse a more portable set of asm(.weak) statements
BUILDschedworkaround crazy and dangerous warning in Clang 14
BUG/MEDIUMmux-h1Don't request more room on partial trailers
BUG/MINORmux-h2use timeout http-request as a fallback for http-keep-alive
BUG/MINORmux-h2do not use timeout http-keep-alive on backend side
BUILDdebugmark the __start_mem_stats/__stop_mem_stats symbols as weak
BUG/MINORcachedo not display expired entries in show cache
BUG/MINORmux-h2do not send GOAWAY if SETTINGS were not sent
CIcirrusswitch to FreeBSD-13.0
CIUpdate to actions/cache@v3
CIUpdate to actions/checkout@v3
DEBUGopentracingshow return values of all functions in the debug output
CLEANUPopentracingadded variable to store variable length
CLEANUPopentracingadded flt_ot_smp_init() function
CLEANUPopentracingremoved unused function flt_ot_var_get()
CLEANUPopentracingremoved unused function flt_ot_var_unset()
DOCopentracingcorrected comments in function descriptions
EXAMPLESopentracingrefined shell scripts for testing filter performance
BUG/MINORopentracingsetting the return value in function flt_ot_var_set()
BUG/MEDIUMhttp-actDon't replace URI if path is not found or invalid
BUG/MEDIUMhttp-convFix url_enc() to not crush const samples
BUG/MEDIUMmux-h1Set outgoing message to DONE when payload length is reached
BUG/MEDIUMpromexBe sure to never set EOM flag on an empty HTX message
BUG/MEDIUMhluaDon't set EOM flag on an empty HTX message in HTTP applet
BUG/MEDIUMstatsBe sure to never set EOM flag on an empty HTX message
BUG/MINORfcgi-appDon't add C-L header on response to HEAD requests
CIgithub actions: update OpenSSL to 3.0.2
BUG/MAJORmux_ptalways report the connection error to the conn_stream
BUG/MINORcli/streamfix shutdown session to iterate over all threads
BUG/MINORsamplesadd missing context names for sample fetch functions
DOCreflect H2 timeout changes
BUG/MEDIUMmux-h2make use of http-request and keep-alive timeouts
MEDIUMmux-h2slightly relax timeout management rules
BUG/MEDIUMstream-intdo not rely on the connection error once established

#2022/03/29 : 2.4r1 (1.0.0-270.616)

HAPEEupdate backported HAPEE patches
BUG/MINORhttpclientCF_SHUTW_NOW should be tested with channel_is_empty()
BUG/MINORhttpclientprocess the response when received before the end of the request
BUG/MINORhttpclientonly check co_data() instead of HTTP_MSG_DATA
BUILDhttpclientfix build without SSL
BUG/MINORhttpclientsend the SNI using the host header
MINORserverexport server_parse_sni_expr() function
BUG/MINORhttpclient/luastuck when closing without data
BUG/MEDIUMmux-h1Properly detect full buffer cases during message parsing
BUG/MEDIUMmux-fcgiProperly handle return value of headers/trailers parsing
BUG/MINORtoolsurl2sa reads too far when no port nor path
DOCconfigExplictly add supported MQTT versions
MEDIUMmqttsupport mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
BUG/MEDIUMtraceavoid race condition when retrieving session from conn->owner
BUG/MEDIUMmux-h1only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
CIgithub actions: switch to LibreSSL-3.5.1
BUG/MINORserver/sslfree the SNI sample expression

#2022/03/25 : 2.4r1 (1.0.0-269.599)

BUG/MINORtoolsfix url2sa return value with IPv4
BUILDtree-widemark a few numeric constants as explicitly long long
BUG/MINORstreammake the call_rate only count the no-progress calls

#2022/03/17 : 2.4r1 (1.0.0-269.596)

#2022/03/14 : 2.4r1 (1.0.0-268.596)

HAPEEupdate backported HAPEE patches
BUG/MEDIUMhttpclientmust manipulate head, not first
BUG/MINORhttpclientremove the UNUSED block when parsing headers
BUG/MINORhttpclientconsume partly the blocks when necessary
CLEANUPhtxremove unused co_htx_remove_blk()
BUG/MEDIUMhttpclientdon't consume data before it was analyzed
BUG/MEDIUMstreamUse the front analyzers for new listener-less streams
BUG/MINORhttpclientSet conn-stream/channel EOI flags at the end of request
BUG/MEDIUMhttpclient/luainfinite appctx loop with POST
DOCFix usage/examples of deprecated ACLs
BUG/MEDIUMhttpclientlimit transfers to the maximum available room
CLEANUPhttpclient/clifix indentation alignment of the help message
BUG/MINORhttpclientreinit flags in httpclient_start()
MINORhttpclientDon't limit data transfer to 1024 bytes
BUG/MINORhttpclient/clidisplay junk characters in vsn
BUG/MEDIUMhttpclientXfer the request when the stream is created
BUG/MINORhttpclientRevisit HC request and response buffers allocation
BUG/MINORhttpclient/luadon't pop the lua stack when getting headers
BUG/MINORhttpclientset default Accept and User-Agent headers
BUG/MINORhttpclientdon't send an empty body
BUG/MINORsessionfix theoretical risk of memleak in session_accept_fd()
BUG/MAJORmux-ptAlways destroy the backend connection on detach
DEBUGstreamFix stream trace message to print response buffer state
DEBUGstreamAdd the missing descriptions for stream trace events
BUG/MEDIUMmcliProperly handle errors and timeouts during reponse processing
DEBUGcacheUpdate underlying buffer when loading HTX message in cache applet
BUG/MINORpromexSet conn-stream/channel EOI flags at the end of request
BUG/MINORcacheSet conn-stream/channel EOI flags at the end of request
BUG/MINORstatsSet conn-stream/channel EOI flags at the end of request
BUG/MINORhluaSet conn-stream/channel EOI flags at the end of request
BUG/MINORclishows correct mode in show sess
BUG/MINORadd missing modes in proxy_mode_str()

#2022/03/08 : 2.4r1 (1.0.0-268.564)

BUILDpoolsfix backport of no-memory-trimming on non-linux OS
MINORpoolsadd a new global option no-memory-trimming
BUG/MEDIUMpoolsfix ha_free() on area in the process of being freed
BUG/MINORpoolalways align pool_heads to 64 bytes

#2022/03/01 : 2.4r1 (1.0.0-268.560)

REGTESTSfix the race conditions in secure_memcmp.vtc
REGTESTSfix the race conditions in normalize_uri.vtc
BUG/MEDIUMhtxFix a possible null derefs in htx_xfer_blks()
CIgithub actions: use cache for SSL libs
CIgithub actions: use cache for OpenTracing
CIgithub actions: add OpenTracing builds
CIgithub actions: add the output of $CC -dM -E-

#2022/02/25 : 2.4r1 (1.0.0-268.553)

BUG/MEDIUMstreamAbort processing if response buffer allocation fails
CIgithubenable pool debugging by default
REGTESTSfix the race conditions in 40be_2srv_odd_health_checks
BUG/MINORproxypreset the error message pointer to NULL in parse_new_proxy()
BUG/MAJORmux-h2Be sure to always report HTX parsing error to the app layer
BUG/MEDIUMmux-h1Don't wake h1s if mux is blocked on lack of output buffer
BUG/MEDIUMhtxBe sure to have a buffer to perform a raw copy of a message
BUG/MINORtoolsurl2sa reads ipv4 too far
BUG/MINORmailersnegotiate SMTP, not ESMTP
CIgithub actions: update OpenSSL to 3.0.1
CIgithubswitch to OpenSSL 3.0.0
CIgithub actions: relax OpenSSL-3.0.0 version comparision
CIgithub actions: -Wno-deprecated-declarations with OpenSSL 3.0.0
CIgithub actions: add OpenSSL-3.0.0 builds
BUILDadopt script/build-ssl.sh for OpenSSL-3.0.0beta2
BUILDfix compilation for OpenSSL-3.0.0-alpha17
CIsslkeep the old method for ancient OpenSSL versions
CIssldo not needlessly build the OpenSSL docs
CIsslenable parallel builds for OpenSSL on Linux
BUG/MAJORcompilerrelax alignment constraints on certain structures
BUG/MEDIUMfdalways align fdtab[] to 64 bytes
BUG/MEDIUMresolversReally ignore trailing dot in domain names
BUG/MINORsinkUse the right field in appctx context in release callback
BUG/MINORmworkerfix a FD leak of a sockpair upon a failed reload
BUG/MEDIUMmworkerclose unused transferred FDs on load failure
MINORsockmove the unused socket cleaning code into its own function
BUG/MINORmux-h2update the session's idle delay before creating the stream
BUG/MEDIUMh2/hpackfix emission of HPACK DTSU after settings change
REGTESTSpeersleave a bit more time to peers to synchronize
BUG/MAJORspoeproperly detach all agents when releasing the applet
BUG/MAJORhttp/htxprevent unbounded loop in http_manage_server_side_cookies
BUG/MEDIUMlistenerread-lock the listener during accept()
MINORlistenerreplace the listener's spinlock with an rwlock
BUG/MINORmworkerdoes not erase the pidfile upon reload
BUG/MAJORschedprevent rare concurrent wakeup of multi-threaded tasks
DEBUGpoolsreplace the link pointer with the caller's address on pool_free()
DEBUGpoolslet's add reverse mapping from cache heads to thread and pool
DEBUGpoolsadd extra sanity checks when picking objects from a local cache
BUG/MINORpoolsalways flush pools about to be destroyed
BUG/MEDIUMmworkerdon't lose the stats socket on failed reload
DEBUGpoolsadd new build option DEBUG_POOL_INTEGRITY
BUILDdebug/clicondition test of O_ASYNC to its existence
DEBUGcliadd a new debug dev fd expert command
MEDIUMh2/hpackemit a Dynamic Table Size Update after settings change
BUG/MEDIUMmclialways realign wrapping buffers before parsing them
BUG/MEDIUMmclido not try to parse empty buffers
BUG/MEDIUMcliNever wait for more data on client shutdown
BUG/MINORcliavoid O(bufsize) parsing cost on pipelined commands
MINORchanneladd new function co_getdelim() to support multiple delimiters
MEDIUMcliyield between each pipelined command
BUG/MEDIUMserveravoid changing healthcheck ctx with set server ssl
BUILD/MINORfix solaris build with clang.
BUG/MEDIUMhtxAdjust length to add DATA block in an empty HTX buffer
BUG/MEDIUMconnectionproperly leave stopping list on error

#2022/01/13 : 2.4r1 (1.0.0-268.499)

BUG/MAJORmux-h1Don't decrement .curr_len for unsent data
BUG/MEDIUMmworkerdon't use _getsocks in wait mode
BUG/MEDIUMhttp-anaPreserve response's FLT_END analyser on L7 retry
BUG/MINORclifix _getsocks with musl libc
BUILD/MINORtoolssolaris build fix on dladdr.
BUILD/MINORcpuset FreeBSD 14 build fix.
BUG/MEDIUMsslfree the ckch instance linked to a server
BUG/MINORsslfree the fields in srv->ssl_ctx
MINORdebugadd support for -dL to dump library names at boot
MINORdebugadd ability to dump loaded shared libraries
MINORcompatdetect support for dl_iterate_phdr()
BUG/MINORmux-h1Fix splicing for messages with unknown length
BUG/MEDIUMmux-h1Fix splicing by properly detecting end of message
BUILDmakefileadd -Wno-atomic-alignment to work around clang abusive warning
MINORproxyadd option idle-close-on-response
REGTESTSsslfix ssl_default_server.vtc
BUG/MEDIUMsslinitialize correctly ssl w/ default-server
DOCfix misspelled keyword resolve_retries in resolvers
BUILDsslunbreak the build with newer libressl
BUILDcliclear a maybe-unused warning on some older compilers
BUG/MINORpoolsdon't mark ourselves as harmless in DEBUG_UAF mode
CIGithub Actions: temporarily disable BoringSSL builds

#2021/12/24 : 2.4r1 (1.0.0-268.477)

BUG/MEDIUMbackendfix possible sockaddr leak on redispatch
BUG/MINORbackendrestore the SF_SRV_REUSED flag original purpose
BUG/MINORbackenddo not set sni on connection reuse
MINORpoolswork around possibly slow malloc_trim() during gc
BUG/MEDIUMmworker/clicrash when trying to access an old PID in prompt mode
DOCconfigretry-on list is space-delimited
DOCconfigSpecify %Ta is only available in HTTP mode
DOCspoeClarify use of the event directive in spoe-message section
BUG/MINORcli/serverDon't crash when a server is added with a custom id
IMPORTslzuse the correct CRC32 instruction when running in 32-bit mode
BUILDtree-wideavoid warnings caused by redundant checks of obj_types
MINORclishow version displays the current process version
BUILDbugFix error when compiling with -DDEBUG_STRICT_NOCRASH

#2021/12/02 : 2.4r1 (1.0.0-268.464)

MINORmux-h1Improve H1 traces by adding info about http parsers
BUG/MAJORsegfault using multiple log forward sections.
BUG/MEDIUMresolversDetach query item on response error
BUG/MINORserverDon't rely on last default-server to init server SSL context
BUG/MEDIUMcliProperly set stream analyzers to process one command at a time

#2021/11/25 : 2.4r1 (1.0.0-268.459)

BUILD/MINORserverfix compilation without SSL
HAPEEUpdate backported and hapee patches
BUG/MINORcacheFix loop on cache entries in show cache
MINORpromexbackend aggregated server check status
MINORserveradd ws keyword
MEDIUMserver/backendimplement websocket protocol selection
MINORconnectionadd alternative mux_ops param for conn_install_mux_be
MINORconnectionimplement function to update ALPN
MINORstream/muximplement websocket stream flag
BUG/MINORsslmake SSL counters atomic
MINORshctxadd a few BUG_ON() for consistency checks
BUG/MINORshctxdo not look for available blocks when the first one is enough
BUG/MEDIUMshctxleave the block allocator when enough blocks are found
BUG/MEDIUMcache/climake show cache thread-safe
BUG/MEDIUMmux-h2always process a pending shut read
BUG/MEDIUMsslabort with the correct SSL error when SNI not found
CLEANUPsslfix wrong #else commentary
BUG/MINORsslfree correctly the sni in the backend SSL cache
BUG/MEDIUMsslbackend TLS resumption with sni and TLSv1.3
BUILDmakefilesimplify detection of libatomic
BUG/MEDIUMmux-h1Handle delayed silent shut in h1_process() to release H1C
BUG/MINORstick-table/cliCheck for invalid ipv6 key
BUG/MEDIUMconnectionmake cs_shutr/cs_shutw//cs_close() idempotent
BUG/MINORmux-h2Fix H2_CF_DEM_SHORT_READ value
BUG/MINORmworkerdoesn't launch the program postparser
BUG/MEDIUMconn-streamDon't reset CS flags on close
MINORmux-h1Slightly Improve H1 traces
DOCluaBe explicit with the Reply object limits
BUG/MINORhttp-anaApply stop to the current section for http-response rules
DOCconfigFix typo in ssl_fc_unique_id description
BUG/MINORcacheproperly ignore unparsable max-age in quotes
BUG/MINORresolversthrow log message if trash not large enough for query
BUG/MINORresolversfix sent messages were counted twice
BUG/MEDIUMmux-h2reject upgrade if no RFC8441 support
MINORmux-h2add trace on extended connect usage
MINORmux-h2perform a full cycle shutdown+drain on close
MINORconnectionadd a new CO_FL_WANT_DRAIN flag to force drain on close
SCRIPTSgit-show-backportsre-enable file-based filtering
DOC/peerssome grammar fixes for peers 2.1 spec
MINORstreamImprove dump of bogus streams
BUILD/MINORcpuset freebsd build fix
DOCconfigFix alphabetical order of fc_* samples
BUG/MINORsamplefix backend direction flags consecutive to last fix
BUG/MEDIUMsampleCumulate frontend and backend sample validity flags
BUG/MEDIUMstream-intBlock reads if channel cannot receive more data
BUG/MINORhttpAuthorization value can have multiple spaces after the scheme
BUG/MEDIUMhttp-anaDrain request data waiting the tarpit timeout expiration
MINORhalogAdd support for extracting captures using -hdr
BUG/MINORhalogAdd missing newlines in die() messages
CLEANUPhalogUse consistent indentation in help()
MINORhalogRename -qry to -query
DOChalogMove the `-qry` parameter into the correct section in help text
MINORhalogAdd -qry parameter allowing to preserve the query string in -uX
BUG/MEDIUMresolversTrack api calls with a counter to free resolutions
BUG/MEDIUMresolversDon't recursively perform requester unlink
MEDIUMresolversremove the last occurrences of the safe argument
MEDIUMresolversuse a kill list to preserve the list consistency
CLEANUPresolversreplace all LIST_DELETE with LIST_DEL_INIT
CLEANUPresolverssimplify resolv_link_resolution() regarding requesters
CLEANUPalways initialize the answer_list
CLEANUPresolversdo not export resolv_purge_resolution_answer_records()
BUG/MEDIUMmux-h1Perform a connection shutdown when the h1c is released
BUG/MINORmux-h1Save shutdown mode if the shutdown is delayed
BUILDatomicfix build on mac/arm64
BUG/MINORbackendfix improper insert in avail tree for always reuse
BUILDfix compilation on NetBSD
MINORmemprofadd one pointer size to the size of allocations
MINORmemprofreport the delta between alloc and free on realloc()
BUG/MEDIUMluafix memory leaks with realloc() on non-glibc systems
BUG/MINORmux-h2do not prevent from sending a final GOAWAY frame
BUG/MINORtaskdo not set TASK_F_USR1 for no reason
BUG/MAJORbuffix varint API post- vs pre- increment
BUG/MEDIUMresolversalways check a valid item in query_list
BUILDresolversavoid a possible warning on null-deref
BUG/MAJORresolversadd other missing references during resolution removal
MINORresolversmerge address and target into a union data
BUG/MEDIUMresolversuse correct storage for the target address
BUG/MEDIUMresolversfix truncated TLD consecutive to the API fix
MINORresolversfix the resolv_dn_label_to_str() API about trailing zero
BUG/MINORresolversdo not reject host names of length 255 in SRV records
BUG/MEDIUMresolvermake sure to always use the correct hostname length
MINORresolversfix the resolv_str_to_dn_label() API about trailing zero
BUG/MAJORdnsattempt to lock globaly for msg waiter list instead of use barrier
BUG/MAJORdnstcp session can remain attached to a list after a free
BUG/MEDIUMtcpcheckProperly catch early HTTP parsing errors

#2021/11/24 : 2.4r1 (1.0.0-268.373)

BUG/MINORluadon't expose internal proxies
BUG/MINORhttpclientallow to replace the host header
DOCluadocumentation about the httpclient API
REGTESTShttpclient/luaadd greater body values
BUG/MEDIUMhttpclient/clifree of unallocated hc->req.uri
BUG/MEDIUMhttpclientchannel_add_input() must use htx->data
BUG/MINORhttpclient/luarcv freeze when no request payload
BUG/MINORhttpclientuse a placeholder value for Host header
BUG/MINORhttpclient/luamisplaced luaL_buffinit()
REGTESTSluatest httpclient with body streaming
MINORhttpclient/luahandle the streaming into the lua applet
MINORhttpclientrequest streaming with a callback
MINORhttpclient/luareturn an error when it can't generate the request
MINORhttpclient/luasupport more HTTP methods
MINORhttpclientsupport payload within a buffer
DOCmanagementdoc about the CLI httpclient
MINORhttpclient/cliaccess should be only done from expert mode

#2021/11/08 : 2.4r1 (1.0.0-268.356)

#2021/10/20 : 2.4r1 (1.0.0-264.356)

BUG/MEDIUMsampleproperly verify that variables cast to sample
MINORsampleprovide a generic var-to-sample conversion function
CLEANUPsampleuninline sample_conv_var2smp_str()
CLEANUPsamplerename sample_conv_var2smp() to *_sint
CLEANUPserveralways include the storage for SSL settings
BUG/MEDIUMstreamKeep FLT_END analyzers if a stream detects a channel error
BUG/MEDIUMcpusetfix cpuset size for FreeBSD
BUG/MINORsampleFix 'fix_tag_value' sample when waiting for more data
BUG/MINORhttp-anaDon't eval front after-response rules if stopped on back
MINORinitcallRename __GLOBL and __GLOBL1.
DOCconfigurationadd clarification on escaping in keyword arguments
BUG/MEDIUMmux_h2Handle others remaining read0 cases on partial frames

#2021/10/14 : 2.4r1 (1.0.0-263.343)

BUILDhapee/modulesselect either md5 or md5sum

#2021/10/08 : 2.4r1 (1.0.0-259.342)

MINORhapeeupdate backported and hapee patches
BUG/MEDIUMhttp-anaClear request analyzers when applying redirect rule
BUG/MEDIUMfiltersFix a typo when a filter is attached blocking the release
MINORtaskscatch TICK_ETERNITY with BUG_ON() in __task_queue()
BUG/MINORtcp-rulesStop content rules eval on read error and end-of-input
BUG/MINORtcpcheckDon't use arg list for default proxies during parsing
MINORargBe able to forbid unresolved args when building an argument list
BUG/MAJORluause task_wakeup() to properly run a task once
BUG/MEDIUMluafix wakeup condition from sleep()
MINORMakefileadd MEMORY_POOLS to the list of DEBUG_xxx options
DOCpeersfix doc enable statement on peers sections
BUG/MINORmux-h1/mux-fcgiSanitize TE header to only send trailers
MINORstream-intNotify mux when the buffer is not stuck when calling rcv_buf
BUG/MEDIUMstream-intDefrag HTX message in si_cs_recv() if necessary
MINORhtxAdd a function to know if the free space wraps
MINORhtxAdd an HTX flag to know when a message is fragmented
MINORstream-intSet CO_RFL transient/persistent flags apart in si_cs_rcv()
BUG/MEDIUMstreamStop waiting for more data if SI is blocked on RXBLK_ROOM
BUG/MEDIUMstream-intNotify stream that the mux wants more room to xfer data
BUG/MEDIUMmux-h1Adjust conditions to ask more space in the channel buffer
BUG/MINORstatsuse refcount to protect dynamic server on dump
MINORserverreturn the next srv instance on free_server
BUG/MINORserverdo not use refcount in free_server in stopping mode
MINORglobaldefine MODE_STOPPING
MINORserverimplement a refcount for dynamic servers
BUG/MINORhttp-anaincrement internal_errors counter on response error
BUG/MINORh1-htxFix a typo when request parser is reset
BUG/MEDIUMleastconnfix rare possibility of divide by zero
BUG/MINORserverallow 'enable health' only if check configured
BUILDthreadsfix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
BUILDhalogfix a -Wundef warning on non-glibc systems
BUILDcompilerfixed a missing test on defined(__GNUC__)
BUILDfix dragonfly build again on __read_mostly
BUILDtoolsproperly guard __GLIBC__ with defined()
BUILDsslfix two remaining occurrences of #if USE_OPENSSL
BUILDsslnext round of build warnings on LIBRESSL_VERSION_NUMBER
BUILD/MINORregexavoid a build warning on USE_PCRE2 with -Wundef
IMPORTslzsilence a build warning with -Wundef
BUILD/MINORsslavoid a build warning on LIBRESSL_VERSION with -Wundef
BUILD/MINORdefaultseliminate warning on MAXHOSTNAMELEN with -Wundef
BUILDactivityuse #ifdef not #if on USE_MEMORY_PROFILING
MINORprocsetting the process to produce a core dump on FreeBSD.
MINORtoolsadd FreeBSD support to get_exec_path()
BUILDtoolsget the absolute path of the current binary on NetBSD.
BUG/MINORflt-tracefix an infinite loop when random-parsing is set
BUG/MINORcli/payloaddo not search for args inside payload
BUILDistprevent gcc11 maybe-uninitialized warning on istalloc
BUG/MINORconnectionprevent null deref on mux cleanup task allocation
DOCmanagementcertificate files must be sanitized before injection
BUG/MINORtcpcheckImprove LDAP response parsing to fix LDAP check
BUG/MAJORmux-h1Don't eval input data if an error was reported
BUILDhttpclientinclude missing ssl_sock-t
MINORhttpclient/luasupports headers via named arguments
BUG/MINORhttpclient/luadoes not process headers when failed
MINORhttpclientdestroy checks if a client was started but not stopped
BUG/MEDIUMhttpclient/luacrash because of b_xfer and get_trash_chunk()
MINORbufAdd b_force_xfer() function
MINORhttpclient/luaimplement garbage collection
MINORhttpclienttest if started during stop_and_destroy()
MINORhttpclientstop_and_destroy() ask the applet to autokill
MINORhttpclientset HTTPCLIENT_F_ENDED only in release
MINORhttpclientdestroy() must free the headers and the ists
BUG/MEDIUMhttpclientreplace ist0 by istptr
REGTESTSluatest the httpclient:get() feature
BUG/MINORhttpclient/luareturn an error on argument check
MINORhttpclient/luaimplement the headers in the response object
MINORhttpclient/luahttpclient:get() API in lua
MINORhttpclienthttpclient_ended() returns 1 if the client ended
MINORhttpclienthttpclient_data() returns the available data
MINORhttpclientadd the EOH when no headers where provided
BUILDhttpclientfix build without OpenSSL

#2021/10/04 : 2.4r1 (1.0.0-254.271)

#2021/10/01 : 2.4r1 (1.0.0-253.271)

HAPEEupdate backports and notes
REGTESTSre-enable the ssl_default_server regtest on 2.4
REGTESTSre-enable the vars regtest on 2.4
MINORhttp-rulesadd a new ignore-empty option to redirects.
CLEANUPvarsname the temporary proxy CFG instead of CLI for global vars
MINORlogmake log-format expressions completely usable outside of req/resp
MINORvarsmake the vars() sample fetch function support a default value
BUILDotadd argument for default value to vars_get_by_name()
MINORvarsmake vars_get_by_* support an optional default value
CLEANUPvarsfactor out common code from vars_get_by_{desc,name}
MEDIUMvarsalso support format strings in CLI's set var command
MINORvarsadd a set-var-fmt directive to the global section
BUG/MINORvarsdo not talk about global section in CLI errors for set-var
BUG/MINORvarstruncate the variable name in error reports about scope.
BUG/MEDIUMvarsrun over the correct list in release_store_rules()
MEDIUMvarsadd a new set-var-fmt action
BUG/MINORvarsproperly set the argument parsing context in the expression
BUG/MINORvarsimprove accuracy of the rules used to check expression validity
MINORsampleadd missing ARGC_ entries
BUILD/MEDIUMtcpset-mark setting support for FreeBSD.
CLEANUPtcp-actSort action lists
BUILDtcp-actavoid warning when set-mark / set-tos are not supported
MINORhttp-act/tcp-actAdd set-mark and set-tos for tcp content rules
MINORhttp-act/tcp-actAdd set-nice for tcp content rules
MINORhttp-act/tcp-actAdd set-log-level for tcp content rules
MINORtcp-actAdd set-src/set-src-port for tcp-request content rules
BUG/MEDIUMcfgparsedo not allocate IDs to automatic internal proxies
BUG/MINORproxydon't dump servers of internal proxies
MINORpoolsuse mallinfo2() when available instead of mallinfo()
MINORpoolsautomatically disable malloc_trim() with external allocators
CLEANUPpoolsfactor all malloc_trim() calls into trim_all_pools()
BUG/MINORcompatmake sure __WORDSIZE is always defined
BUG/MEDIUMstream-intDon't block SI on a channel policy if EOI is reached
CLEANUPmux-h1Remove condition rejecting upgrade requests with payload
MINORhtxSkip headers with no value when adding a header list to a message
BUG/MEDIUMmux-h1Remove Upgrade: header for requests with payload
BUG/MINORsystemdExecStartPre must use -Ws
BUG/MINORfiltersSet right FLT_END analyser depending on channel
BUG/MINORfiltersAlways set FLT_END analyser when CF_FLT_ANALYZE flag is set
BUG/MEDIUMhttp-anaReset channels analysers when returning an error
BUG/MINORstreamDon't release a stream if FLT_END is still registered
BUG/MINORluaDon't yield in channel.append() and channel.set()
BUG/MINORluaYield in channel functions only if lua context can yield
MINORluaAdd a flag on lua context to know the yield capability at run time
BUG/MAJORhtxfix missing header name length check in htx_add_header/trailer
CLEANUPhtxremove comments about "must be < 256 MB"
BUG/MINORconfigreject configs using HTTP with bufsize >= 256 MB
DOCconfigurationremove wrong tcp-request examples in tcp-response
BUG/MINORvarsfix set-var/unset-var exclusivity in the keyword parser
CLEANUPAdd missing include guard to signal.h
BUG/MINORtoolsFix loop condition in dump_text()
BUG/MINORebtreeremove dependency on incorrect macro for bits per long
MINORtimeadd report_idle() to report process-wide idle time
BUG/MINORtimefix idle time computation for long sleeps
BUG/MINORluause strlcpy2() not strncpy() to copy sample keywords
MINORcompilerimplement an ONLY_ONCE() macro
BUG/MINORbase64base64urldec() ignores padding in output size check
BUG/MEDIUMbase64check output boundaries within base64{dec,urldec}
BUG/MINORstick-tablefix the sc-set-gpt* parser when using expressions
MINORhluatake the global Lua lock inside a global function
REGTESTSabortoncloseafter retries, 503 is expected, not close
REGTESTShttp_upgradefix incorrect expectation on TCP->H1->H2
BUG/MINORhttpclientfix Host header
MINORhttpclientadd the server to the proxy
MINORhttpclientset verify none on the https server
BUG/MINORhttpclientremove deinit of the httpclient
MINORproxydisable warnings for internal proxies
MINORclidelare the CLI frontend as an internal proxy
MINORproxycheck if p is NULL in free_proxy()
MINORhttpclient/clichange the User-Agent to HAProxy
MINORhttpclientcleanup the include files
BUG/MINORhttpclientcheck if hdr_num is not 0
BUG/MINORhttpclient/clichange the appctx test in the callbacks
MINORhttpclient/cliimplement a simple client over the CLI
BUG/MINORhttpclientfix uninitialized sl variable
BUG/MINORhttp_clientmake sure to preset the proxy's default settings
MINORchannelremove an htx block from a channel
MINORhttpclientimplement a simple HTTP Client API
MINORhttpclientinitialize the proxy
MINORstatsshows proxy in a stopped state
MINORproxydisabled takes a stopping and a disabled state
MINORstatsdon't output internal proxies (PR_CAP_INT)
MINORmworkerthe mworker CLI proxy is internal
MINORproxyrename PR_CAP_LUA to PR_CAP_INT
MEDIUMstatsinclude disabled proxies that hold active sessions to stats
BUG/MEDIUMh2match absolute-path not path-absolute for :path
REGTESTSadd a test to prevent h2 desync attacks
BUG/MEDIUMh2give :authority precedence over Host
BUG/MAJORh2enforce stricter syntax checks on the :method pseudo-header
BUG/MAJORh2verify that :path starts with a '/' before concatenating it
BUG/MAJORh2verify early that non-http/https schemes match the valid syntax
MINORhttpadd a new function http_validate_scheme() to validate a scheme
DOC/MINORfix typo in management document
CLEANUPassorted typo fixes in the code and comments
BUG/MEDIUMcfgcheckverify existing log-forward listeners during config check
BUG/MEDIUMspoeFix policy to close applets when SPOE connections are queued
DOCconfigFix 'http-response send-spoe-group' documentation
DOCImprove the lua documentation
BUG/MINORtcpcheckProperly detect pending HTTP data in output buffer
BUG/MINORbufferfix buffer_dump() formatting
BUG/MEDIUMspoeCreate a SPOE applet if necessary when the last one is released
MINORspoeAdd a pointer on the filter config in the spoe_agent structure
ADMINdyncookieimplement a simple dynamic cookie calculator
MINORserverunmark deprecated on enable health/agent cli
BUG/MINORserverupdate last_change on maint->ready transitions too
BUG/MINORserverremove srv from px list on CLI 'add server' error
BUILDopentracingfixed build when using pkg-config utility
DOCinternalsdocument the FD takeover process
BUG/MINORfdprotect fd state harder against a concurrent takeover
BUG/MINORpollersalways program an update for migrated FDs
BUG/MINORpollfix abnormally high skip_fd counter
BUG/MINORselectfix excess number of dead/skip reported
BUG/MEDIUMpollersclear the sleeping bit after waking up, not before
BUG/MEDIUMconnectionclose a rare race between idle conn close and takeover
BUG/MINORconnectionAdd missing error labels to conn_err_code_str
BUG/MEDIUMmux-h2Handle remaining read0 cases on partial frames
BUG/MINORmux-h1Be sure to swap H1C to splice mode when rcv_pipe() is called
BUG/MINORmux-h2Obey dontlognull option during the preface
BUG/MINORmux-h1Obey dontlognull option for empty requests
BUG/MINORsystemdmust check the configuration using -Ws
BUG/MINORresolversUse a null-terminated string to lookup in servers tree
BUG/MINORcheckfix the condition to validate a port-less server
BUG/MINORstatsAdd missing agent stats on servers
BUG/MEDIUMssl_samplefix segfault for srv samples on invalid request
BUILD/MINORmemprof fix macOs build.
BUG/MINORmworkerdo not export HAPROXY_MWORKER_REEXEC across programs
BUG/MEDIUMmworkerdo not register an exit handler if exit is expected
BUILDluasilence a build warning with TCC
BUILDadd detection of missing important CFLAGS
BUG/MINORsslDefault-server configuration ignored by server
MINORmux_h2define config to disable h2 websocket support
BUILDhttp_htxfix ci compilation error with isdigit for Windows
REGTESTSadd http scheme-based normalization test
MEDIUMh2apply scheme-based normalization on h2 requests
MEDIUMh1-htxapply scheme-based normalization on h1 requests
MEDIUMhttpimplement scheme-based normalization
MINORhttpimplement http_get_scheme
BUG/MINORclifix server name output in show fd
BUG/MEDIUMsockmake sure to never miss early connection failures
DOCstick-tableadd missing documentation about gpt0 stored type
BUG/MINORpeersfix data_type bit computation more than 32 data_types
BUG/MINORstick-tablefix several printf sign errors dumping tables
DOCconfiguse CREATE USER for mysql-check
BUG/MEDIUMresolversMake 1st server of a template take part to SRV resolution
BUG/MINORmqttSupport empty client ID in CONNECT message
BUG/MINORmqttFix parser for string with more than 127 characters
BUG/MINORtcpcheckFix numbering of implicit HTTP send/expect rules
BUILDMakefilefix linkage for Haiku.
BUG/MINORchecksreturn correct error code for srv_parse_agent_check
MINORresolversReset server IP on error in resolv_get_ip_from_response()
BUG/MINORresolversReset server IP when no ip is found in the response
BUG/MINORresolversAlways attach server on matching record on resolution
CLEANUPdnsRemove a forgotten debug message
DOCconfigAdd missing actions in tcp-request session documentation
MINORtcp-actAdd set-src/set-src-port for tcp-request content rules
REGTESTSfix maxconn update with agent-check
BUG/MAJORserverfix deadlock when changing maxconn via agent-check
BUG/MINORcacheCorrectly handle existing-but-empty 'accept-encoding' header
BUG/MINORserver/cliFix locking in function processing set server command
BUG/MINORresolversUse resolver's lock in resolv_srvrq_expire_task()
BUG/MEDIUMresolversAdd a task on servers to check SRV resolution status
MINORresolversRemove server from named_servers tree when removing a SRV item
MINORresolversClean server in a dedicated function when removing a SRV item
BUG/MEDIUMserver/cliFix ABBA deadlock when fqdn is set from the CLI
BUG/MINORserverForbid to set fqdn on the CLI if SRV resolution is enabled
BUG/MINORserver-stateload SRV resolution only if params match the config
BUG/MINORmux-h2/tracesbring back the lost sent H2 REQ/RES traces
BUG/MINORmux-h2/tracesbring back the lost rcvd H2 REQ trace
MINORmux-h2obey http-ignore-probes during the preface
BUG/MINORstatsmake show stat typed desc work again
CLEANUPmux-h2/tracesbetter align user messages
MINORmux-h2/tracereport a few connection-level info during h2_init()
MINORconnectionadd helper conn_append_debug_info()
MINORhapeeadd a .hapee directory to list backporting notes
BUG/MINORserverexplicitly set none init-addr for dynamic servers
BUG/MINORmux-h1do not skip the error response on bad requests
MINORbackendonly skip LB when there are actual connections
BUG/MAJORqueueset SF_ASSIGNED when setting strm->target on dequeue
CLEANUPglobalremove unused definition of stopping_task[]
BUG/MINORmworkerfix typo in chroot error message
BUG/MINORssluse atomic ops to update global shctx stats
BUG/MEDIUMshctxuse at least thread-based locking on USE_PRIVATE_CACHE
BUG/MEDIUMserverdo not auto insert a dynamic server in px addr_node
BUG/MINORserverdo not keep an invalid dynamic server in px ids tree
BUG/MEDIUMserverdo not forget to generate the dynamic servers ids
BUG/MEDIUMserverclear dynamic srv on delete from proxy id/name trees
BUG/MEDIUMserverextend thread-isolate over much of CLI 'add server'
BUG/MINORstick-tableinsert srv in used_name tree even with fixed id
DOCluaAdd a warning about buffers modification in HTTP
BUG/MAJORresolverssegfault using server template without SRV RECORDs
MEDIUMresolversadd a ref between servers and srv request or used SRV record
MEDIUMresolversadd a ref on server to the used A/AAAA answer item
BUG/MINORresolversanswser item list was randomly purged or errors
CLEANUPl7-retriesdo not test the buffer before calling b_alloc()
BUG/MINORmux-fcgiExpose SERVER_SOFTWARE parameter by default
BUG/MAJORhtxFix htx_defrag() when an HTX block is expanded
CLEANUPpoolsremove now unused seq and pool_free_list
BUG/MAJORpoolsfix possible race with free() in the lockless variant
MEDIUMpoolsuse a single pool_gc() function for locked and lockless
MINORpoolscall malloc_trim() under thread isolation
MINORpoolsdo not maintain the lock during pool_flush()
BUG/MINORpoolsmake DEBUG_UAF always write to the to-be-freed location
BUG/MINORpoolsfix a possible memory leak in the lockless pool_flush()
BUG/MEDIUMcompressionAdd a flag to know the filter is still processing data
BUG/MEDIUMcompressionProperly get the next block to iterate on payload
BUG/MEDIUMcompressionFix loop skipping unused blocks to get the next block
BUG/MEDIUMopentracinginitialization before establishing daemon and/or chroot mode
BUG/MINORsslOCSP stapling does not work if expire too far in the future
BUILDmake tune.ssl.keylog available again
DOCuse the req.ssl_sni in examples
MINORerrorsallow empty va_args for diag variadic macro
BUG/MAJORstream-intRelease SI endpoint on server side ASAP on retry
DOC/MINORmove uuid in the configuration to the right alphabetical order
BUG/MINORvarsBe sure to have a session to get checks variables
CLEANUPhttp-anaRemove useless if statement about L7 retries
BUG/MINORproxyMissing calloc return value check in chash_init_server_tree
BUG/MINORhttpMissing calloc return value check in make_arg_list
BUG/MINORhttpMissing calloc return value check while parsing redirect rule
BUG/MINORworkerMissing calloc return value check in mworker_env_to_proc_list
BUG/MINORcompressionMissing calloc return value check in comp_append_type/algo
BUG/MINORhttpMissing calloc return value check while parsing tcp-request rule
BUG/MINORhttpMissing calloc return value check while parsing tcp-request/tcp-response
BUG/MINORproxyMissing calloc return value check in proxy_defproxy_cpy
BUG/MINORproxyMissing calloc return value check in proxy_parse_declare
BUG/MINORhttpMissing calloc return value check in parse_http_req_capture
BUG/MINORsslMissing calloc return value check in ssl_init_single_engine
BUG/MINORpeersMissing calloc return value check in peers_register_table
BUG/MINORserverMissing calloc return value check in srv_parse_source
DOCintroFix typo in starter guide
MINORcfgparseFail when encountering extra arguments in macro
MINORhttp-anaPerform L7 retries because of status codes in response analyser
BUG/MINORhttp-anaHandle L7 retries on refused early data before K/A aborts
BUG/MINORhttp-anaSend the right error if max retries is reached on L7 retry
BUG/MINORhttp-compPreserve HTTP_MSGF_COMPRESSIONG flag on the response
BUG/MEDIUMfiltersExec pre/post analysers only one time per filter
BUILD/MINORopentracingfixed build when using clang
BUG/MAJORserverprevent deadlock when using 'set maxconn server'
BUG/MEDIUMebtreeInvalid read when looking for dup entry
MINORhapee/WURFLtransfer error status from the _wurfl_reload() function
MINORhapee/WURFLadded live update database function
MINORhapee/WURFLadded custom API log function
MINORhapee/WURFLadded function to check correct module initialization
BUG/MINORhapee/WURFLcorrected version check of used wurfl library
BUILDhapee/darepaired build in case of using old DeviceAtlas library
MINORhapee/daadd function that allow data reload
MINORhapee/daadd spin locking
MINORhapee/daadd support for loading a precompiled json data
MINORhapee/51dadd function that allow data reload
BUG/MINORhapee/51dadd spin locking
BUILDhapee/51dfix error when building with 51Degrees enabled
BUG/MEDIUMhapee/51dfix a segfault on exit when 51d configuration is not loaded
MEDIUMhapee/51duse fiftyoneDegreesProvider to access the pool and dataset
MEDIUMhapee/modulesload the STG_REGISTER initcalls
BUILDhapee/modulesclean(up) the copts-hash file not copts_hash
BUG/MINORhapee/modulesdisplay detailed error message on mod_init() failure
MINORhapee/modulesadd a new label MODULES_LOCK to the lock_label enum
MINORhapee/modulesadd the ability to register variable and functions.
MEDIUMhapee/modules'modules list' on the cli shows currently loaded modules
MINORhapee/modulesterminate properly loaded modules if possible
MINORhapee/modulesregister function called after the main config check
MEDIUMhapee/modulesadd memory reservation support for the modules
MINORhapeechange URLs and EOL date for 2.4r1
BUILDhapee/modulesupdate HAPEE version macro to 2.4r1
BUILDhapee/modulesadd macros to compute numerical value of a HAPEE version
BUILDhapee/modulesadd version of the module in the defines
MEDIUMhapee/modulesadd modules support

Search filters

Type

Section

Actions

Product Documentation

API Documentation

Configuration Documentation

Changelog - HAProxy Enterprise 2.4r1

#2024/10/29 : 2.4r1 (1.0.0-294.1376)

#2024/09/17 : 2.4r1 (1.0.0-294.1364)

#2024/07/03 : 2.4r1 (1.0.0-294.1346)

#2024/04/05 : 2.4r1 (1.0.0-292.1293)

#2024/01/17 : 2.4r1 (1.0.0-291.1246)

#2023/12/14 : 2.4r1 (1.0.0-290.1239)

#2023/10/10 : 2.4r1 (1.0.0-289.1189)

#2023/10/04 : 2.4r1 (1.0.0-288.1189)

#2023/09/27 : 2.4r1 (1.0.0-288.1167)

#2023/08/16 : 2.4r1 (1.0.0-288.1158)

#2023/06/09 : 2.4r1 (1.0.0-288.1094)

#2023/06/06 : 2.4r1 (1.0.0-286.1094)

#2023/05/26 : 2.4r1 (1.0.0-286.1089)

#2023/05/17 : 2.4r1 (1.0.0-286.1068)

#2023/04/24 : 2.4r1 (1.0.0-286.1064)

#2023/02/13 : 2.4r1 (1.0.0-285.1010)

#2023/02/08 : 2.4r1 (1.0.0-284.999)

#2023/01/23 : 2.4r1 (1.0.0-282.999)

#2023/01/21 : 2.4r1 (1.0.0-282.998)

#2022/12/27 : 2.4r1 (1.0.0-280.956)

#2022/12/16 : 2.4r1 (1.0.0-279.956)

#2022/12/15 : 2.4r1 (1.0.0-279.953)

#2022/12/09 : 2.4r1 (1.0.0-279.952)

#2022/11/29 : 2.4r1 (1.0.0-279.940)

#2022/10/26 : 2.4r1 (1.0.0-279.911)

#2022/09/20 : 2.4r1 (1.0.0-279.877)

#2022/09/15 : 2.4r1 (1.0.0-279.859)

#2022/08/30 : 2.4r1 (1.0.0-279.852)

#2022/08/17 : 2.4r1 (1.0.0-278.838)

#2022/08/12 : 2.4r1 (1.0.0-277.831)

#2022/07/29 : 2.4r1 (1.0.0-277.814)

#2022/07/13 : 2.4r1 (1.0.0-276.752)

#2022/06/10 : 2.4r1 (1.0.0-274.752)

#2022/05/13 : 2.4r1 (1.0.0-272.728)

#2022/05/12 : 2.4r1 (1.0.0-272.686)

#2022/05/05 : 2.4r1 (1.0.0-272.683)

#2022/05/02 : 2.4r1 (1.0.0-271.677)

#2022/04/29 : 2.4r1 (1.0.0-271.673)

#2022/03/29 : 2.4r1 (1.0.0-270.616)

#2022/03/25 : 2.4r1 (1.0.0-269.599)

#2022/03/17 : 2.4r1 (1.0.0-269.596)

#2022/03/14 : 2.4r1 (1.0.0-268.596)

#2022/03/08 : 2.4r1 (1.0.0-268.564)

#2022/03/01 : 2.4r1 (1.0.0-268.560)

#2022/02/25 : 2.4r1 (1.0.0-268.553)

#2022/01/13 : 2.4r1 (1.0.0-268.499)

#2021/12/24 : 2.4r1 (1.0.0-268.477)

#2021/12/02 : 2.4r1 (1.0.0-268.464)

#2021/11/25 : 2.4r1 (1.0.0-268.459)

#2021/11/24 : 2.4r1 (1.0.0-268.373)

#2021/11/08 : 2.4r1 (1.0.0-268.356)

#2021/10/20 : 2.4r1 (1.0.0-264.356)

#2021/10/14 : 2.4r1 (1.0.0-263.343)

#2021/10/08 : 2.4r1 (1.0.0-259.342)

#2021/10/04 : 2.4r1 (1.0.0-254.271)

#2021/10/01 : 2.4r1 (1.0.0-253.271)

Additional documentation

About the new layout