#2024/12/02 : 2.8r1 (1.0.0-321.931)

• REGTESTScacheAdd test on 'vary' other than accept-encoding
• MEDIUMcacheAdd Origin header to secondary cache key
• MINORcacheChange hash function in default normalizer used in case of vary
• BUG/MEDIUMmux-h1Properly close H1C if an error is reported before sending data
• BUILDquicMove an ASSUME_NONNULL() for variable which is not null
• MINORquicAdd a BUG_ON() on quic_tx_packet refcount
• BUG/MINORquicensure a detached coalesced packet can't access its neighbours
• BUG/MINORinitset HAPROXY_STARTUP_VERSION from the variable, not the macro
• BUG/MAJORquicreject too large CRYPTO frames
• BUG/MEDIUMstktablefix missing lock on some table converters
• BUG/MINORquicreject NEW_TOKEN frames from clients
• BUG/MINORstktablefix big-endian compatiblity in smp_to_stkey()

#2025/01/09 : 2.8r1 (1.0.0-321.919)

• MINORconfigAlert about extra arguments for errorfile and errorloc
• BUG/MEDIUMqueueMake process_srv_queue return the number of streams
• DOCconfigadd example for server track keyword
• BUG/MEDIUMqueuesDo not use pendconn_grab_from_px().
• BUG/MEDIUMqueuesMake sure we call process_srv_queue() when leaving
• BUG/MEDIUMstconnOnly consider I/O timers to update stream's expiration date
• BUG/MEDIUMstconnDon't forward shut for SC in connecting state
• BUG/MEDIUMquicprevent crash due to CRYPTO parsing error
• BUG/MINORquicrepeat packet parsing to deal with fragmented CRYPTO
• MINORquicextend return value of CRYPTO parsing
• MINORquicuse dynamically allocated frame on parsing
• MINORquicsimplify qc_parse_pkt_frms() return path
• BUG/MEDIUMquicsupport wait-for-handshake
• BUG/MINORstreamunblock stream on wait-for-handshake completion
• MINORquicnotify connection layer on handshake completion
• BUG/MEDIUMpatternprevent uninitialized reads in pat_match_{str,beg}
• BUG/MEDIUMmux-h1Fix how timeouts are applied on H1 connections
• BUG/MEDIUMstconnReally report blocked send if sends are blocked by an error

#2024/12/16 : 2.8r1 (1.0.0-321.901)

• BUG/MINORserver-stateFix expiration date of srvrq_check tasks
• BUG/MINORquicremove startup alert if conn socket-owner unsupported
• BUG/MINORsignalregister default handler for SIGINT in signal_init()
• BUG/MINORh1-htxUse default reason if not set when formatting the response
• BUG/MEDIUMhttp-anaReset request flag about data sent to perform a L7 retry
• BUG/MEDIUMevent_hdlfix uninitialized value in async mode when no data is provided

#2024/12/02 : 2.8r1 (1.0.0-321.895)

#2024/11/27 : 2.8r1 (1.0.0-320.895)

• BUG/MEDIUMsockRemove FD_POLL_HUP during connect() if FD_POLL_ERR is not set
• BUG/MEDIUMhttp-anaDon't release too early the L7 buffer
• DEVlags/show-sess-to-flagsProperly handle fd state on server side
• BUG/MAJORquicfix wrong packet building due to already acked frames
• BUG/MINORquicprevent freeze after early QCS closure
• BUG/MEDIUMquichandle retransmit for standalone FIN STREAM
• MINORquicimplement function to check if STREAM is fully acked
• MINORquicconvert qc_stream_desc release field to flags
• BUG/MEDIUMpools/memprofilealways clean stale pool info on pool_destroy()
• MINORactivity/memprofileoffer a function to unregister stale info
• BUG/MEDIUMdebugdon't set the STUCK flag from debug_handler()
• BUG/MEDIUMh3Increase max number of headers when sending headers
• BUG/MEDIUMh3Properly limit the number of headers received
• BUG/MEDIUMmux-h2Check the number of headers in HEADERS frame after decoding
• BUG/MEDIUMmux-h2Increase max number of headers when encoding HEADERS frames
• BUG/MINORhttp-anaAdjust the server status before the L7 retries
• DOCconfigurationwrap long line for strstr() conditional expression
• DOCconfigurationexplain quotes and spaces in conditional blocks
• DOCluafix yield-dependent methods expected contexts
• DOCconfigMove wait_end in section about internal samples
• DOCconfigSlightly improve the %Tr documentation
• BUG/MINORhttp_anaReport -1 for %Tr for invalid response only
• BUG/MINORpeersmake sure to always apply offsets to now_ms in expiration
• BUG/MINORmux_quicmake sure to always apply offsets to now_ms in expiration
• BUG/MEDIUMmailersmake sure to always apply offsets to now_ms in expiration
• BUG/MEDIUMchecksmake sure to always apply offsets to now_ms in expiration
• BUG/MINORDon't report early srv aborts on request forwarding in DONE state
• BUG/MEDIUMmux-h2Don't send RST_STREAM frame for streams with no ID
• BUG/MEDIUMresolversInsert a non-executed resulution in front of the wait list
• BUG/MINORclidon't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI
• BUG/MEDIUMqueuemake sure never to queue when there's no more served conns
• BUG/MINORhttp-anaDisable fast-fwd for unfinished req waiting for upgrade
• BUG/MEDIUMqueuealways dequeue the backend when redistributing the last server
• BUG/MEDIUMstreammake stream_shutdown() async-safe
• MINORtaskdefine two new one-shot events for use with WOKEN_OTHER or MSG
• REGTESTSshorten a bit the delay for the h1/h2 upgrade test
• REGTESTSh1/h2Update script testing H1/H2 protocol upgrades
• BUG/MEDIUMmux-h1/mux-h2Reject upgrades with payload on H2 side only
• MINORmux-h1Set EOI on SE during demux when both side are in DONE state
• BUG/MINORh2reject extended connect for h2c protocol
• BUG/MINORh1do not forward h2c upgrade header token
• BUG/MINORssl_sockfix xprt_set_used() to properly clear the TASK_F_USR1 bit

#2024/11/22 : 2.8r1 (1.0.0-320.853)

• INORhapeeUpdate backports list
• MEDIUMpromexAdd support for filters on metric names

#2024/11/07 : 2.8r1 (1.0.0-320.851)

• DEBUGwdtmake the blocked traffic warning delay configurable
• DEBUGclimake it possible for debug dev loop to trigger warnings
• DEBUGwdtbetter detect apparently locked up threads and warn about them
• MINORdebugadd a function to dump a stuck thread
• MINORwdtmove the local timers to a struct
• MINORdebugremove the redundant process.thread_info array from post_mortem
• MINORdebugalso add fdtab and acitvity to struct post_mortem
• MINORdebugalso add a pointer to struct global to post_mortem
• MINORdebugdo not limit backtraces to stuck threads
• MINORstreammaintain a counter of the number of active streams.
• MINORconnectionadd new sample fetch functions fc_err_name and bc_err_name
• MINORrawsockset connection error codes when returning from recv/send/splice
• MINORconnectionadd more connection error codes to cover common errno
• DOCconfigdocument connection error 44 (reverse connect failure)
• MINORconnectiondefine error for reverse connect
• MINORtcpcheckAdd support for an option host header value for httpchk option
• CLEANUPconnectionproperly name the CO_ER_SSL_FATAL enum entry
• MINORstreamSave last evaluated rule on invalid yield
• BUG/MINORhttp-anaReport internal error if an action yields on a final eval
• BUG/MINORssl/cli'set ssl cert' does not check the transaction name correctly

#2024/10/24 : 2.8r1 (1.0.0-320.831)

• MINORhapeeupdate backports list (thread-dump and post_mortem)
• MINORdebugstore important pointers in post_mortem
• MINORdebugplace the post_mortem struct in its own section.
• MINORdebugplace a magic pattern at the beginning of post_mortem
• MEDIUMdebugon panic, make the target thread automatically allocate its buf
• MINORdebugreplace ha_thread_dump() with its two components
• MINORdebugmake ha_thread_dump_done() take the pointer to be used
• BUILDdebugsilence a build warning with threads disabled
• MINORdebugslightly change the thread_dump_pointer signification
• MINORdebugsplit ha_thread_dump() in two parts
• MINORchunkdrop the global thread_dump_buffer
• MINORdebugmake mark_tainted() return the previous value
• DEBUGadd a tainted flag when ha_panic() is called
• MINORdebugadd the ability to enter components in the post_mortem struct
• MINORdebugdump the mapping of the libs into post_mortem
• MINORdebugcopy the thread info into the post_mortem struct
• MINORdebugcollect some boot-time info related to the process
• MINORdebugadd OS/hardware info to the post_mortem struct
• MINORdebugstart to create a new struct post_mortem
• DEBUGtinfostore the pthread ID and the stack pointer in tinfo
• MINORcliremove non-printable characters from 'debug dev fd'
• MINORpoolsexport the pools variable
• BUG/MEDIUMserverfix race on servers_list during server deletion
• BUG/MEDIUMstconnReport blocked send if sends are blocked by an error
• BUG/MINORhttp-anaFix wrong client abort reports during responses forwarding
• BUG/MINORserverfix dynamic server leak with check on failed init
• BUG/MINORmux-quicdo not close STREAM with empty FIN if no data sent
• MINORhapeeupdate backports list (per-DSO memprofile stats)
• MINORactivity/memprofileshow per-DSO stats
• MINORactivityreport profiling duration and age in show profiling
• MINORactivity/memprofilealways return other bin on NULL return address
• BUG/MEDIUMconnection/http-reusefix address collision on unhandled address families
• BUG/MINORmworkerfix mworker-max-reloads parser
• DOCconfigfix rfc7239 forwarded typo in desc
• REGTESTSNever reuse server connection in http-messaging/truncated.vtc
• BUG/MINORhttp-anaDon't report a server abort if response payload is invalid
• BUG/MINORhttpclientreturn NULL when no proxy available during httpclient_new()
• BUG/MEDIUMmux-quicensure timeout server is active for short requests
• BUG/MEDIUMhluaproperly handle sample func errors in hlua_run_sample_{fetch,conv}()
• BUG/MEDIUMhluamake hlua_ctx_renew() safe
• BUG/MINORcfgparse-globalfix allowed args number for setenv
• BUG/MEDIUMcliDeadlock when setting frontend maxconn
• BUG/MEDIUMmux-ptNever fully close the connection on shutdown
• DOCconfigExplicitly list relaxing rules for accept-invalid-http-* options
• MEDIUMh1Accept invalid T-E values with accept-invalid-http-response option
• BUG/MEDIUMsslFix crash when calling update ssl ocsp-response when an update is ongoing
• BUG/MAJORocspSeparate refcount per instance and per store
• BUG/MINORcfgparse-listenfix option httpslog override warning message

#2024/10/21 : 2.8r1 (1.0.0-320.783)

• BUG/MEDIUMserverserver stuck in maintenance after FQDN change
• BUG/MINORservermake sure the HMAINT state is part of MAINT

#2024/10/07 : 2.8r1 (1.0.0-320.781)

• BUG/MINORproxyfix option tcplog clf invalid free

#2024/10/03 : 2.8r1 (1.0.0-320.780)

• MINORhapee/daenabling the use of DeviceAtlas C API v2
• BUG/MINORhapee/daenabling use of precompiled json database in 'deviceatlas-json-file'
• BUG/MINORhapee/dafixed bug when using binary version of database
• BUG/BUILDhapee/daadded preprocessed source code generation for *.cpp files
• BUILDdeviceatlasfix empty -I left on CFLAGS
• BUILDdeviceatlasremove unneeded depenency on libcurl / libzip
• BUILD/MEDIUMdeviceatlasupdating the addon part.
• DOCdeviceatlasupdate to be in line with the v3 api.
• BUILD/MEDIUMdeviceatlasaddon build rework.
• BUILDmakefilealso define cmd_CXX to pretty-print C++ build commands

#2024/09/17 : 2.8r1 (1.0.0-320.770)

• BUG/MEDIUMcfgparse-listenfix option tcplog regression
• BUG/MINORfix missing 'option httpslog' overrides previous 'option tcplog clf'... detection
• BUG/MINORfix missing log-format overrides previous 'option tcplog clf'... detection
• BUG/MEDIUMpromexWait to have the request before sending the response
• BUG/MEDIUMcache/statsWait to have the request before sending the response
• BUG/MEDIUMqueueimplement a flag to check for the dequeuing
• BUG/MINORclockvalidate that now_offset still applies to the current date
• BUG/MINORclockmake time jump corrections a bit more accurate
• BUG/MINORpollingfix time reporting when using busy polling

#2024/09/10 : 2.8r1 (1.0.0-320.761)

• MINORconfigCreated env variables for http and tcp clf formats
• MINORImplements new log format of option tcplog clf
• BUG/MAJORmux-h1Wake SC to perform 0-copy forwarding in CLOSING state
• BUG/MEDIUMpatternprevent UAF on reused pattern expr
• BUG/MINORpatternprevent const sample from being tampered in pat_match_beg()
• BUG/MEDIUMclockdetect and cover jumps during execution
• REGTESTSfix random failures with wrong_ip_port_logging.vtc under load
• DOCconfigurationplace the HAPROXY_HTTP_LOG_FMT example on the correct line
• BUG/MINORpatterndo not leave a leading comma on set error messages
• BUG/MINORpatternpat_ref_set: return 0 if err was found
• BUG/MINORpatternpat_ref_set: fix UAF reported by coverity

#2024/09/05 : 2.8r1 (1.0.0-320.750)

• BUG/MINORstconnRequest to send something to be woken up when the pipe is full
• BUG/MEDIUMmux-pt/mux-h1Release the pipe on connection error on sending path
• BUG/MEDIUMclockalso update the date offset on time jumps
• DOCconfigcorrect the table for option tcplog
• BUG/MINORh3properly reject too long header responses
• BUG/MINORproto_uxstdelete fd from fdtab if listen() fails
• BUG/MINORmux-quicdo not send too big MAX_STREAMS ID
• REGTESTSmclitest the pipelined commands on master CLI
• BUG/MEDIUMmworker/clifix pipelined modes on master CLI
• MINORchannelimplement ci_insert() function
• BUG/MINORproto_tcpkeep error msg if listen() fails
• BUG/MINORproto_tcpdelete fd from fdtab if listen() fails
• BUG/MINORquic/tracemake quic_conn_enc_level_init() emit NEW not CLOSE
• BUG/MINORtrace/quicmake qconn selectable as a lockon criterion
• BUG/MINORtraceautomatically start in waiting mode with "start <evt>"
• BUG/MEDIUMtracefix null deref in lockon mechanism since TRACE_ENABLED()
• BUG/MINORtrace/quicpermit to lock on frontend/connect/session etc
• BUG/MINORtrace/quicenable conn/session pointer recovery from quic_conn
• BUG/MINORfcgi-apphandle a possible strdup() failure
• BUG/MEDIUMmux-h2Propagate term flags to SE on error in h2s_wake_one_stream
• BUG/MEDIUMh2Only report early HTX EOM for tunneled streams
• BUG/MEDIUMhttp-anaReport error on write error waiting for the response
• BUG/MEDIUMquicprevent conn freeze on 0RTT undeciphered content
• BUG/MEDIUMstconnReport error on SC on send if a previous SE error was set
• BUG/MEDIUMmux-h1Properly handle empty message when an error is triggered
• BUG/MEDIUMcliAlways release back endpoint between two commands on the mcli
• BUG/MEDIUMstreamPrevent mux upgrades if client connection is no longer ready

#2024/07/29 : 2.8r1 (1.0.0-319.723)

• MEDIUMh1allow to preserve keep-alive on T-E + C-L
• BUG/MEDIUMinitfix fd_hard_limit default in compute_ideal_maxconn
• MEDIUMinitset default for fd_hard_limit via DEFAULT_MAXFD (take #2)
• BUG/MEDIUMqueuedeal with a rare TOCTOU in assign_server_and_queue()
• MINORqueueadd a function to check for TOCTOU after queueing
• BUG/MEDIUMjwtClear SSL error queue on error when checking the signature
• BUG/MINORquicLack of precision when computing K (cubic only cc)
• BUG/MINORcliAtomically inc the global request counter between CLI commands
• BUG/MINORserverDon't warn fallback IP is used during init-addr resolution
• BUG/MINORstick-tablefix crash for src_inc_gpc() without stkcounter
• DOCconfigimprove the http-keep-alive section
• DOCconfigurationissuers-chain-path not compatible with OCSP
• BUG/MEDIUMssl_sockfix deadlock in ssl_sock_load_ocsp() on error path
• BUG/MEDIUMdebug/clifix show threads crashing with low thread counts
• BUG/MINORsessionEval L4/L5 rules defined in the default section
• BUG/MEDIUMbwlimBe sure to never set the analyze expiration date in past
• BUG/MEDIUMspoeBe sure to create a SPOE applet if none on the current thread
• BUG/MEDIUMh1Reject empty Transfer-encoding header
• BUG/MINORh1Reject empty coding name as last transfer-encoding value
• BUG/MINORh1Fail to parse empty transfer coding names
• BUG/MINORjwtfix variable initialisation
• DOCconfigurationupdate maxconn description
• BUG/MINORjwtdon't try to load files with HMAC algorithm
• MEDIUMsslinitialize the SSL stack explicitely

#2024/07/03 : 2.8r1 (1.0.0-319.699)

• DEBUGpoolstore the memprof bin on alloc() and update it on free()
• DOCconfigurationmore details about the master-worker mode
• BUG/MEDIUMquicfix possible exit from qc_check_dcid() without unlocking
• BUG/MINORquicfix race-condition on trace for CID retrieval
• BUG/MINORquicfix race condition in qc_check_dcid()
• BUG/MEDIUMquicfix race-condition in quic_get_cid_tid()
• BUG/MEDIUMh3ensure the :scheme pseudo header is totally valid
• BUG/MEDIUMh3ensure the :method pseudo header is totally valid
• MINORactivitymake the memory profiling hash size configurable at build time
• BUG/MINORhluareport proper context upon error in hlua_cli_io_handler_fct()
• BUG/MINORquicfix BUG_ON() on Tx pkt alloc failure
• BUG/MINORmux-quicfix crash on qcs SD alloc failure
• BUG/MINORh3fix crash on STOP_SENDING receive after GOAWAY emission
• DOCapi/event_hdlsmall updates, fix an example and add some precisions
• SCRIPTSgit-show-backportsdo not truncate git-show output
• DOCconfigurationfix alphabetical order of bind options
• DOCmanagementrename show stats domain cli dns to resolvers
• DOC/MINORmanagementadd missed -dR and -dv options
• BUG/MINORproxyfix header_unique_id leak on deinit()
• BUG/MINORproxyfix source interface and usesrc leaks on deinit()
• BUG/MINORproxyfix dyncookie_key leak on deinit()
• BUG/MINORproxyfix check_{command,path} leak on deinit()
• BUG/MINORproxyfix log_tag leak on deinit()
• BUG/MINORproxyfix server_id_hdr_name leak on deinit()
• BUG/MINORquicfix computed length of emitted STREAM frames

#2024/06/10 : 2.8r1 (1.0.0-318.674)

• BUG/MEDIUMquicdon't blindly rely on unaligned accesses
• BUG/MAJORconnectionfix server used_conns with H2 + reuse safe
• BUG/MEDIUMhttp_anaignore NTLM for reuse aggressive/always and no H1
• BUG/MAJORserverdo not delete srv referenced by session
• MINORsessionrename private conns elements
• BUG/MEDIUMquicfix connection freeze on post handshake
• BUG/MEDIUMserverfix dynamic servers initial settings
• BUG/MEDIUMsslwrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
• CLEANUPhluasimplify ambiguous lua_insert() usage in hlua_ctx_resume()
• BUG/MINORhluafix leak in hlua_ckch_set() error path
• BUG/MINORhluaprevent LJMP in hlua_traceback()
• BUG/MINORhluafix unsafe hlua_pusherror() usage
• BUG/MINORhluadon't use lua_pushfstring() when we don't expect LJMP
• CLEANUPhluause hlua_pusherror() where relevant
• BUG/MINORquicprevent crash on qc_kill_conn()
• BUG/MINORhluause CertCache.set() from various hlua contexts
• BUG/MINORtoolsfix possible null-deref in env_expand() on out-of-memory
• BUG/MINORtcpcheckreport correct error in tcp-check rule parser
• BUG/MINORcfgparseremove the correct option on httpcheck send-state warning
• BUG/MINORactivityfix Delta_calls and Delta_bytes count
• BUG/MINORssl/ocspinit callback func ptr as NULL
• CLEANUPssl/ocspreadable ifdef in ssl_sock_load_ocsp
• BUILDfderrno is also needed without poll()
• CIscriptsfix build of vtest regarding option -C
• REGTESTSacl_cli_spacesavoid a warning caused by undefined logs
• DOCconfigfix incorrect section reference about custom log format
• DOCquicspecify that connection migration is not supported
• BUG/MINORserverDon't reset resolver options on a new default-server line
• BUG/MINORhttp-htxSupport default path during scheme based normalization
• BUG/MINORquicadjust restriction for stateless reset emission
• MEDIUMconfigprevent communication with privileged ports
• BUILDquicfix unused variable warning when threads are disabled
• BUG/MEDIUMmux-quicCreate sedesc in same time of the QUIC stream
• BUG/MEDIUMquic_tlsprevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305
• BUG/MAJORquicCrash with TLS_AES_128_CCM_SHA256 (libressl only)
• BUG/MINORconnectionparse PROXY TLV for LOCAL mode
• DOCconfigurationupdate the crt-list documentation
• CLEANUPssl/cliremove unused code in dump_crtlist_conf
• BUG/MINORstatsDon't state the 303 redirect response is chunked
• BUG/MINORhtpp-ana/statsSpecify that HTX redirect messages have a C-L header
• BUG/MEDIUMfdprevent memory waste in fdtab array
• BUILDstick-tablesbetter mark the stktable_data as 32-bit aligned
• BUG/MEDIUMh1Reject CONNECT request if the target has a scheme
• BUG/MINORh1Check authority for non-CONNECT methods only if a scheme is found
• BUG/MEDIUMstick-tablesproperly mark stktable_data as packed
• BUG/MEDIUMhtxmark htx_sl as packed since it may be realigned
• BUG/MINORqpackfix error code reported on QPACK decoding failure
• BUG/MINORmux-quicfix error code on shutdown for non HTTP/3
• BUG/MINORlogsmp_rgs array issues with inherited global log directives
• BUG/MINORlogkeep the ref in dup_logger()
• MINORlogadd dup_logsrv() helper function
• DOCluafix filters.txt file location
• BUG/MINORhaproxyonly tid 0 must not sleep if got signal
• BUILDclockimprove check for pthread_getcpuclockid()
• BUG/MINORmworkerreintroduce way to disable seamless reload with -x /dev/null
• BUG/MINORh1fix detection of upper bytes in the URI
• BUG/MINORbackenduse cum_sess counters instead of cum_conn
• BUG/MINORfdmy_closefrom() on Linux could skip contiguous series of sockets
• BUG/MINORsockhandle a weird condition with connect()
• BUG/MINORstconnFix sc_mux_strm() return value
• BUG/MEDIUMcacheVary not working properly on anything other than accept-encoding

#2024/05/03 : 2.8r1 (1.0.0-317.613)

#2024/04/19 : 2.8r1 (1.0.0-312.613)

• BUG/MINORserverfix slowstart behavior
• BUG/MEDIUMpeersFix exit condition when max-updates-at-once is reached
• BUG/MEDIUMspoeAlways retry when an applet fails to send a frame
• BUG/MEDIUMappletFix applet API to put input data in a buffer
• BUG/MEDIUMevportsdo not clear returned events list on signal
• BUG/MEDIUMstconnDon't forward channel data if input data must be filtered
• BUG/MEDIUMgrpcFix several unaligned 32/64 bits accesses
• MINORnet_helperAdd support for floats/doubles.
• CIrevert kernel addr randomization introduced in 3a0fc864
• BUG/MEDIUMpeers/tracefix crash when listing event types
• BUG/MINORdebugmake sure DEBUG_STRICT=0 does work as documented
• BUG/MINORhttp-anaFix TX_L7_RETRY and TX_D_L7_RETRY values
• BUG/MEDIUMhttp-anaDeliver 502 on keep-alive for fressh server connection
• CLEANUPloglf_text_len() returns a pointer not an integer
• BUG/MINORloginvalid snprintf() usage in sess_build_logline()
• BUG/MINORtools/loginvalid encode_{chunk,string} usage
• BUG/MINORlogfix lf_text_len() truncate inconsistency
• BUG/MINORlisteneralways assign distinct IDs to shards
• BUG/MINORcliReport an error to user if command or payload is too big
• BUILDproxyReplace free_logformat_list() to manually release log-format
• BUG/MINORproxyfix logformat expression leak in use_backend rules

#2024/04/04 : 2.8r1 (1.0.0-312.592)

• BUG/MINORbackendproperly handle redispatch 0
• BUG/MINORserverignore 'enabled' for dynamic servers
• BUG/MEDIUMcliWarn if pipelined commands are delimited by a \n
• MINORcliRemove useless loop on commands to find unescaped semi-colon
• MINORserverallow cookie for dynamic servers
• BUG/MINORserverfix persistence cookie for dynamic servers
• BUG/MINORsslDetect more 'ocsp-update' incompatibilities
• BUG/MINORsslWrong ocsp-update incompatibility error message
• BUG/MINORserver'source' interface ignored from 'default-server' directive
• OPTIMhttp_extavoid useless copy in http_7239_extract_{ipv4,ipv6}
• BUG/MEDIUMmux-fcgiProperly handle EOM flag on end-of-trailers HTX block
• BUG/MINORmux-quicclose all QCS before freeing QCC tasklet
• BUG/MEDIUMsslFix crash in ocsp-update log function
• BUG/MINORsessionensure conn owner is set after insert into session
• BUG/MEDIUMspoeReturn an invalid frame on recv if size is too small
• CItemporarily adjust kernel entropy to work with ASAN/clang
• BUG/MINORspoeBe sure to be able to quickly close IDLE applets on soft-stop
• BUG/MEDIUMspoeDon't rely on stream's expiration to detect processing timeout
• BUG/MINORlistenerDon't schedule frontend without task in listener_release()
• BUG/MINORlistenerWake proxy's mngmt task up if necessary on session release
• BUG/MEDIUMhluastreams don't support mixing lua-load with lua-load-per-thread (2nd try)
• MINORhluause accessors for stream hlua ctx
• DEBUGluaprecisely identify if stream is stuck inside lua or not
• BUG/MINORhluafix missing lock in hlua_filter_delete()
• BUG/MINORhluamissing lock in hlua_filter_new()
• BUG/MINORhluasegfault when loading the same filter from different contexts
• BUG/MINORsslfix possible ctx memory leak in sample_conv_aes_gcm()
• DOCconfigurationclarify ciphersuites usage (V2)
• BUILDsolarisfix compilation errors
• BUG/MINORcfgparsereport proper location for log-format-sd errors
• BUG/MINORssl/clitypo in new ssl crl-file CLI description
• CIskip scheduled builds on forks
• BUG/MINORsinkfix a race condition in the TCP log forwarding code
• BUG/MINORhluadon't call ha_alert() in hlua_event_subscribe()
• BUG/MAJORhluaimproper lock usage with hlua_ctx_resume()
• BUG/MEDIUMhluaimproper lock usage with SET_SAFE_LJMP()
• BUG/MINORhluaimproper lock usage in hlua_filter_new()
• BUG/MINORhluaimproper lock usage in hlua_filter_callback()
• BUG/MINORhluafix possible crash in hlua_filter_new() under load
• BUG/MINORhluadon't use lua_tostring() from unprotected contexts
• BUG/MINORhluafix unsafe lua_tostring() usage with empty stack
• BUG/MINORtoolsseed the statistical PRNG slightly better
• MINORhluaBe able to disable logging from lua
• BUG/MINORhluaFix log level to the right value when set via TXN:set_loglevel
• BUG/MINORconfig/quicAlert about PROXY protocol use on a QUIC listener
• DOCconfigurationclarify ciphersuites usage
• LICENSEhttp_extfix GPL license version
• LICENSEevent_hdlfix GPL license version
• BUG/MINORssl/cliduplicate cleaning code in cli_parse_del_crtlist
• BUG/MINORistonly store NUL byte on succeeded alloc
• BUG/MINORquicfix output of show quic
• BUG/MAJORserverfix stream crash due to deleted server
• BUG/MINORstatsdrop srv refcount on early release
• BUG/MINORistallocate nul byte on istdup
• MINORquicwarn on bind on multiple addresses if no IP_PKTINFO support
• DOCquicfix recommandation for bind on multiple address
• BUG/MEDIUMquicfix transient send error with listener socket
• BUG/MEDIUMhluaDon't loop if a lua socket does not consume received data
• BUG/MEDIUMhluaBe able to garbage collect uninitialized lua sockets
• BUG/MEDIUMappletImmediately free appctx on early error
• DOCquicMissing tuning setting in Global parameters
• BUG/MINORqpackreject invalid dynamic table capacity
• BUG/MINORqpackreject invalid increment count decoding
• BUG/MINORquicreject HANDSHAKE_DONE as server
• BUG/MINORquicreject unknown frame type
• BUG/MAJORpromexfix crash on deleted server
• MINORconnectionadd sample fetches to report per-connection glitches
• MINORmux-h2implement MUX_CTL_GET_GLITCHES
• MINORconnectionadd a new mux_ctl to report number of connection glitches
• MEDIUMmux-h2allow to set the glitches threshold to kill a connection
• MINORmux-h2always use h2c_report_glitch()
• MINORmux-h2count late reduction of INITIAL_WINDOW_SIZE as a glitch
• MINORmux-h2count excess of CONTINUATION frames as a glitch
• BUG/MINORmux-h2count rejected DATA frames against the connection's flow control
• MINORmux-h2add a counter of glitches on a connection
• BUG/MAJORssl/ocspcrash with ocsp when old process exit or using ocsp CLI
• DEVmakefilefix POSIX compatibility for range target
• DEVmakefileadd a new range target to iteratively build all commits
• CIUpdate to actions/cache@v4
• DOCinternalupdate missing data types in peers-v2.0.txt
• DOCinstallrecommend pcre2
• DOChttpclientadd dedicated httpclient section
• DOCconfigurationclarify http-request wait-for-body
• BUILDaddress a few remaining calloc(size, n) cases
• BUG/MINORext-checkcannot use without preserve-env
• MINORext-checkadd an option to preserve environment variables
• BUG/MINORdiagrun the final diags before quitting when using -c
• BUG/MINORdiagalways show the version before dumping a diag warning
• MINORerrorsha_alert() and ha_warning() uses warn_exec_path()
• MINORquicAdd a counter for reordered packets
• MINORquicDynamic packet reordering threshold
• MINORquicUpdate K CUBIC calculation (RFC 9438)
• BUG/MEDIUMquicWrong K CUBIC calculation.
• MINORquicStop using 1024th of a second.
• BUG/MINORquicfix possible integer wrap around in cubic window calculation
• CLEANUPquicCode clarifications for QUIC CUBIC (RFC 9438)
• BUG/MINORquicWrong ack ranges handling when reaching the limit.
• BUG/MEDIUMquicfix crash on invalid qc_stream_buf_free() BUG_ON
• BUG/MEDIUMqpackallow 6xx..9xx status codes
• BUG/MEDIUMh3do not crash on invalid response status code
• MINORh3add traces for stream sending function
• BUG/MEDIUMquicremove unsent data from qc_stream_desc buf
• MINORquicextract qc_stream_buf free in a dedicated function
• MINORquicStop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
• CLEANUPquicRemove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
• BUG/MEDIUMmux-quicreport early error on stream
• BUG/MINORh3fix checking on NULL Tx buffer
• BUG/MEDIUMsslFix crash when calling update ssl ocsp-response when an update is ongoing
• REGTESTSsslAdd OCSP related tests
• REGTESTSsslFix empty line in cli command input
• BUG/MINORsslReenable ocsp auto-update after an add ssl crt-list
• BUG/MINORsslDestroy ckch instances before the store during deinit
• BUG/MEDIUMocspSeparate refcount per instance and per store
• MINORsslUse OCSP_CERTID instead of ckch_store in ckch_store_build_certid
• BUG/MINORsslClear the ckch instance when deleting a crt-list line
• BUG/MINORsslDuplicate ocsp update mode when dup'ing ckch
• BUG/MINORsslFix error message after ssl_sock_load_ocsp call
• BUG/MAJORssl_sockAlways clear retry flags in read/write functions
• BUG/MEDIUMh1always reject the NUL character in header values
• BUG/MINORh1-htxproperly initialize the err_pos field
• BUG/MEDIUMh1Don't support LF only to mark the end of a chunk size
• BUG/MINORh1Don't support LF only at the end of chunks
• BUG/MEDIUMstconnDon't check pending shutdown to wake an applet up
• BUG/MEDIUMstconnAllow expiration update when READ/WRITE event is pending
• BUG/MEDIUMpoolfix rare risk of deadlock in pool_flush()
• BUG/MINORjwtfix jwt_verify crash on 32-bit archs
• BUG/MEDIUMclifix once for all the problem of missing trailing LFs
• BUG/MINORvars/clifix missing LF after get var output
• BUG/MEDIUMclisome err/warn msg dumps add LR into CSV output on stat's CLI
• REGTESTSadd a test to ensure map-ordering is preserved
• MINORmux-h2/tracesadd a missing trace on connection WU with negative inc
• BUG/MEDIUMmux-h2refine connection vs stream error on headers
• MINORmux-h2/tracesclarify the rejected H2 request event
• MINORmux-h2/tracesexplicitly show the error/refused stream states
• MINORmux-h2/tracesalso suggest invalid header upon parsing error
• MINORdebugmake BUG_ON() catch build errors even without DEBUG_STRICT
• MINORdebugmake ABORT_NOW() store the caller's line number when using abort
• MINORdebugmake sure calls to ha_crash_now() are never merged
• MINORcompileradd a new DO_NOT_FOLD() macro to prevent code folding

#2024/02/13 : 2.8r1 (1.0.0-311.453)

• HAPEEDOCfix missing quotes in the GPTSTR examples in configuration.txt

#2024/01/22 : 2.8r1 (1.0.0-311.452)

• MEDIUMstktable/peerswrite-to local table on peer updates
• MINORstktablecheck if a type should be used as-is
• MINORstktablestktable_init() sets err_msg on error

#2024/01/17 : 2.8r1 (1.0.0-311.449)

• BUG/MEDIUMquickeylog callback not called (USE_OPENSSL_COMPAT)
• BUG/MINORmux-h2also count streams for refused ones
• BUG/MINORmux-quicdo not prevent non-STREAM sending on flow control
• DOCconfigurationcorrected description of keyword tune.ssl.ocsp-update.mindelay
• MINORmux-h2support limiting the total number of H2 streams per connection
• BUG/MEDIUMspoeNever create new spoe applet if there is no server up
• BUG/MEDIUMstconnForward shutdown on write timeout only if it is forwardable
• BUG/MEDIUMh3fix incorrect snd_buf return value
• CLEANUPquicRemaining useless code into server part
• BUG/MINORh3close connection on sending alloc errors
• BUG/MINORh3properly handle alloc failure on finalize
• BUG/MINORh3close connection on header list too big
• MINORh3check connection error during sending
• BUG/MINORquicMissing call to TLS message callbacks
• BUG/MINORquicWrong keylog callback setting.
• BUG/MINORmux-quicalways report error to SC on RESET_STREAM emission
• BUG/MEDIUMstatsunhandled switching rules with TCP frontend
• MINORstatsstore the parent proxy in stats ctx (http)
• DOCconfigUpdate documentation about local haproxy response
• BUG/MINORresolversdefault resolvers fails when network not configured
• BUG/MEDIUMmux-h2Report too large HEADERS frame only when rxbuf is empty
• BUG/MEDIUMquicQUIC CID removed from tree without locking
• BUG/MEDIUMquicPossible buffer overflow when building TLS records
• BUG/MINORmworker/clifix set severity-output support
• DOCconfigurationtypo req.ssl_hello_type

#2024/01/12 : 2.8r1 (1.0.0-310.424)

• MEDIUMudpallow to retrieve the frontend destination address

#2024/01/11 : 2.8r1 (1.0.0-310.422)

• HAPEEudpupdate structs and functions required for the UDP module
• MEDIUMudpallow to retrieve the frontend destination address
• MINORtcpcheckexport proxy_parse_tcpcheck()
• MINORbackendexport get_server_*() functions

#2023/12/14 : 2.8r1 (1.0.0-310.418)

• MINORhapeeUpdate backports list and hapee commit list
• BUG/MEDIUMproxyalways initialize the default settings after init
• BUG/MINORluaWrong OCSP CID after modifying an SSL certficate (LUA)
• BUG/MINORsslWrong OCSP CID after modifying an SSL certficate
• MINORssl/cliAdd ha_(warning|alert) msgs to CLI ckch callback
• BUG/MINORsslDouble free of OCSP Certificate ID
• BUG/MINORquicPacket number spaces too lately initialized
• BUG/MINORquicMissing QUIC connection path member initialization
• BUG/MINORquicPossible leak of TX packets under heavy load
• BUG/MEDIUMquicPossible crash during retransmissions and heavy load
• BUG/MINORcacheRemove incomplete entries from the cache when stream is closed
• BUG/MEDIUMpeersfix partial message decoding
• DOCClarify the differences between field() and word()
• BUG/MINORsampleMake the `word` converter compatible with `-m found`
• REGTESTSsampleTest the behavior of consecutive delimiters for the field converter
• DOCconfigfix monitor-fail typo
• DOCconfigadd matrix entry for max-session-srv-conns
• DOCconfigspecify supported sections for max-session-srv-conns
• BUG/MINORcfgparse-listenfix warning being reported as an alert
• BUG/MINORconfigStopped parsing upon unmatched environment variables
• BUG/MINORquic_tpfix preferred_address decoding
• DOCconfigfix missing characters in set-spoe-group action
• BUG/MINORh3always reject PUSH_PROMISE
• BUG/MINORh3fix TRAILERS encoding
• BUG/MEDIUMmaster/cliProperly pin the master CLI on thread 1 / group 1
• BUG/MINORcompressionpossible NULL dereferences in comp_prepare_compress_request()
• BUG/MINORquicfix CONNECTION_CLOSE_APP encoding
• DOCluafix Proxy.get_mode() output
• DOCluaadd sticktable class reference from Proxy.stktable
• REGTESTSconnectiondisable http_reuse_be_transparent.vtc if !TPROXY
• DOCconfigfix timeout check inheritance restrictions
• DOC51dupdated 51Degrees repo URL for v3.2.10
• BUG/MINORserverdo not leak default-server in defaults sections
• BUG/MINORquicPossible RX packet memory leak under heavy load
• BUG/MEDIUMquicPossible crash for connections to be killed
• BUG/MINORsockmark abns sockets as non-suspendable and always unbind them
• BUG/MINORstartupset GTUNE_SOCKET_TRANSFER correctly
• REGTESTShttpadd a test to validate chunked responses delivery
• BUG/MINORproxy/stktablemissing frees on proxy cleanup
• MINORstktableadd stktable_deinit function
• BUG/MEDIUMmux-fcgifail earlier on malloc in takeover()
• BUG/MEDIUMmux-h1fail earlier on malloc in takeover()
• BUG/MEDIUMmux-h2fail earlier on malloc in takeover()
• BUG/MINORstream/clireport correct stream age in show sess

#2023/11/21 : 2.8r1 (1.0.0-310.374)

• BUG/MAJORquiccomplete thread migration before tcp-rules

#2023/11/17 : 2.8r1 (1.0.0-310.373)

• BUG/MINORstconnReport read activity on non-indep streams for partial sends
• BUG/MINORstconn/appletReport send activity only if there was output data
• BUG/MINORstconnUse HTX-aware channel's functions to get info on buffer
• BUG/MINORstconnFix streamer detection for HTX streams
• MINORchannelAdd functions to get info on buffers and deal with HTX streams
• MINORhtxUse a macro for overhead induced by HTX
• BUG/MEDIUMstconnUpdate fsb date on partial sends
• BUG/MEDIUMstreamDon't call mux .ctl() callback if not implemented
• BUG/MEDIUMmworkerset the master variable earlier

#2023/11/14 : 2.8r1 (1.0.0-310.364)

• BUG/MEDIUMappletReport a send activity everytime data were sent
• BUG/MEDIUMstconnReport a send activity everytime data were sent
• REGTESTShttpImprove script testing abortonclose option
• BUG/MEDIUMstreamProperly handle abortonclose when set on backend only
• MEDIUMmux-h1Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
• MINORconnectionAdd a CTL flag to notify mux it should wait for reads again
• BUG/MINORstconnHandle abortonclose if backend connection was already set up
• BUG/MEDIUMconnectionreport connection errors even when no mux is installed
• DOCquicWrong syntax for quic-cc-algo keyword.
• BUG/MINORsinkdon't learn srv port from srv addr
• BUG/MEDIUMappletRemove appctx from buffer wait list on release
• DOCconfiguse the word 'backend' instead of 'proxy' in 'track' description
• BUG/MINORquicfix retry token check inconsistency
• DOCmanagement-q is quiet all the time

#2023/11/13 : 2.8r1 (1.0.0-310.350)

• BUG/MEDIUMstconnDon't update stream expiration date if already expired
• BUG/MEDIUMquicAvoid some crashes upon TX packet allocation failures
• BUG/MEDIUMquicPossible crashes when sending too short Initial packets
• BUG/MEDIUMquicAvoid trying to send ACK frames from an empty ack ranges tree
• BUG/MINORquicidle timer task requeued in the past
• BUG/MEDIUMpoolfix releasable pool calculation when overloaded
• BUG/MEDIUMfreq-ctrDon't report overshoot for long inactivity period
• BUG/MINORmux-h1Properly handle http-request and http-keep-alive timeouts
• BUG/MINORstick-table/cliCheck for invalid ipv4 key
• BUG/MEDIUMquicfix sslconns on quic_conn alloc failure
• BUG/MEDIUMquicfix actconn on quic_conn alloc failure
• CLEANUPhtxProperly indent htx_reserve_max_data() function
• BUG/MINORstconnSanitize report for read activity
• BUG/MEDIUMDon't apply a max value on room_needed in sc_need_room()
• BUG/MEDIUMstconnDon't report rcv/snd expiration date if SC cannot epxire
• BUG/MEDIUMpatterndon't trim pools under lock in pat_ref_purge_range()
• BUG/MINORcfgparse/stktablefix error message on stktable_init() failure
• BUG/MINORstktablemissing free in parse_stick_table()
• BUG/MINORtcpcheckReport hexstring instead of binary one on check failure
• BUG/MEDIUMsslsegfault when cipher is NULL
• BUG/MINORmux-quicfix early close if unset client timeout
• BUG/MINORsslsuboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
• MEDIUMquiccount quic_conn for global sslconns
• MEDIUMquiccount quic_conn instance for maxconn
• MINORfrontendimplement a dedicated actconn increment function
• BUG/MINORssluse a thread-safe sslconns increment
• BUG/MINORquicdo not consider idle timeout on CLOSING state
• BUG/MEDIUMserverproto not working for dynamic servers
• MINORconnectionadd conn_pr_mode_to_proto_mode() helper func
• DEBUGmux-h2/flagsfix list of h2c flags used by the flags decoder
• MINORluaAdd flags to configure logging behaviour
• BUG/MINORsslload correctly @system-ca when ca-base is define
• DOCinternalfilters: fix reference to entities.pdf

#2023/10/26 : 2.8r1 (1.0.0-307.317)

• BUG/MINORmux-h2update tracked counters with req cnt/req err
• BUG/MINORmux-h2commit the current stream ID even on reject
• BUG/MEDIUMpeersFix synchro for huge number of tables
• BUG/MEDIUMpeersBe sure to always refresh recconnect timer in sync task
• BUG/MINORtracefix trace parser error reporting
• BUG/MINORmux-h2fix http-request and http-keep-alive timeouts again
• BUG/MEDIUMmux-h2Don't report an error on shutr if a shutw is pending
• BUG/MINORmux-h2make up other blocked streams upon removal from list
• BUG/MINORmux-h1Send a 400-bad-request on shutdown before the first request
• BUG/MEDIUMquic-connfree unsent frames on retransmit to prevent crash
• BUG/MINORmux-quicfix free on qcs-new fail alloc
• BUG/MINORh3strengthen host/authority header parsing
• BUG/MINORmux-quicsupport initial 0 max-stream-data
• BUG/MEDIUMmux-quicfix RESET_STREAM on send-only stream
• BUG/MINORquicreject packet with no frame
• BUG/MINORquicAvoid crashing with unsupported cryptographic algos
• BUG/MEDIUMstconnFix comparison sign in sc_need_room()
• BUG/MINORhq-interopsimplify parser requirement
• BUG/MEDIUMh1Ignore C-L value in the H1 parser if T-E is also set
• BUG/MINORmux-h1Ignore C-L when sending H1 messages if T-E is also set
• BUG/MINORmux-h1Handle read0 in rcv_pipe() only when data receipt was tried
• BUG/MEDIUMhluaInitialize appctx used by a lua socket on connect only
• MINORhluaTest the hlua struct first when the lua socket is connecting
• MINORhluaSave the lua socket's server in its context
• MINORhluaSave the lua socket's timeout in its context
• MINORhluaDon't preform operations on a not connected socket
• MINORhluaSet context's appctx when the lua socket is created
• BUG/MEDIUMhttp-anaTry to handle response before handling server abort

#2023/10/17 : 2.8r1 (1.0.0-306.289)

• BUG/MEDIUMquic_connlet the scheduler kill the task when needed

#2023/10/16 : 2.8r1 (1.0.0-306.288)

• HAPEEDOCdocument the GPTSTR extensions in configuration.txt
• HAPEERevert GPTSTR
• BUILDhapee/addonsfix build without USE_QUIC=1

#2023/10/06 : 2.8r1 (1.0.0-305.285)

• BUG/MEDIUMhapee/addonsfix incorrect gpt index being used in sc-set-gptstr()
• HAPEEaddonsuse GPT arrays to store regular strings
• HAPEEmakefileautomatically build objects in addons/hapee_*
• HAPEEmakefileupdate the cleanup rule to also remove *.i from addons
• MINORhaproxypermit to register features during boot
• BUG/MEDIUMactionsalways apply a longest match on prefix lookup

#2023/10/04 : 2.8r1 (1.0.0-305.279)

• BUG/MINORmux-quicremove full demux flag on ncbuf release
• BUG/MEDIUMserver/clidon't delete a dynamic server that has streams
• MINORpatternfix pat_{parse,match}_ip() function comments
• BUG/MINORserveradd missing free for server->rdr_pfx
• BUG/MAJORmux-h2Report a protocol error for any DATA frame before headers
• BUG/MINORfreq_ctrfix possible negative rate with the scaled API
• BUG/MEDIUMmaster/cliPin the master CLI on the first thread of the group 1
• BUG/MINORpromexfix backend_agg_check_status
• BUG/MEDIUMmux-fcgiDon't swap trash and dbuf when handling STDERR records
• BUG/MINORhlua/initcoroutine may not resume itself
• BUG/MEDIUMhluadon't pass stale nargs argument to lua_resume()
• CImusldrop shopt in workflow invocation
• CImuslhighlight section if there are coredumps

#2023/09/29 : 2.8r1 (1.0.0-304.266)

• MINORhapeeupdate backports list
• MINORstreamfix output alignment of stuck thread dumps
• CLEANUPstreamremove the now unused stream_dump() function
• MINORdebuguse the more detailed stream dump in panics
• MEDIUMstreamnow provide full stream dumps in case of loops
• MINORstreamsadd support for line prefixes to strm_dump_to_buffer()
• MINORstreammake stream_dump() always multi-line
• MINORstreammake strm_dump_to_buffer() show the list of filters
• MINORstreammake strm_dump_to_buffer() take an arbitrary buffer
• CLEANUPstreammake strm_dump_to_buffer() take a const stream
• CLEANUPstreamuse const filters in the dump function
• MINORstreamsplit stats_dump_full_strm_to_buffer() in two
• CLEANUPstreammake the dump code not depend on the CLI appctx
• CLEANUPfreq_ctrmake all freq_ctr readers take a const
• MEDIUMserver/sslpick another thread's session when we have none yet
• MINORserver/sslclear the shared good session index on failure
• MINORserver/sslmaintain an index of the last known valid SSL session
• MEDIUMserver/sslplace an rwlock in the per-thread ssl server session
• MEDIUMssl_sockalways use the SSL's server name, not the one from the tid
• CLEANUPsslkeep a pointer to the server in ssl_sock_init()
• DOCssladd some comments about the non-obvious session allocation stuff
• MINORssl_sockavoid iterating realloc(+1) on stored context
• HAPEEaddonsquic CID in -vv
• BUG/MEDIUMhluastreams don't support mixing lua-load with lua-load-per-thread
• MINORhluaadd hlua_stream_ctx_prepare helper function
• HAPEEaddonsadds quic CID generator to interop with packetshield
• MINORquichandle external extra CIDs generator.
• BUG/MINORquicWrong cluster secret initialization
• BUG/MINORquicLeak of frames to send.
• BUILDbugmake BUG_ON() void to avoid a rare warning
• BUILDquicfix build on centos 8 and USE_QUIC_OPENSSL_COMPAT

#2023/09/13 : 2.8r1 (1.0.0-302.234)

• BUG/MINORquicssl_quic_initial_ctx() uses error count not error code
• BUG/MINORquicallow-0rtt warning must only be emitted with quic bind
• BUILDMakefileadd USE_QUIC_OPENSSL_COMPAT to make help
• MINORquic+openssl_compatEmit an alert for allow-0rtt option
• MINORquic+openssl_compatDo not start without limited-quic
• MINORquicWarning for OpenSSL wrapper QUIC bindings without limited-quic
• BUG/MINORquic+openssl_compatNon initialized TLS encryption levels
• DOCquicAdd limited-quic new tuning setting
• MINORquicAdd limited-quic new tuning setting
• MINORquicSSL context initialization with QUIC OpenSSL wrapper.
• MINORquicAdd a quic_openssl_compat struct to quic_conn struct
• MINORquicCall the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()
• MINORquicInitialize TLS contexts for QUIC openssl wrapper
• MINORquicExport some KDF functions (QUIC-TLS)
• MINORquicAdd a compilation option for the QUIC OpenSSL wrapper
• MINORquicDo not enable 0RTT with SSL_set_quic_early_data_enabled()
• MINORquicSet the QUIC connection as extra data before calling SSL_set_quic_method()
• MINORquicDo not enable O-RTT with USE_QUIC_OPENSSL_COMPAT
• MINORquicInclude QUIC opensssl wrapper header from TLS stacks compatibility header
• MINORquicQUIC openssl wrapper implementation
• MINORsampleaccept_date / request_date return %Ts / %tr timestamp values
• MINORsampleimplement act_conn sample fetch
• MINORsampleadd pid sample
• MEDIUMsslnew sample fetch method to get curve name
• MINORssladd support for 'curves' keyword on server lines
• MINORhapeeadd a .hapee directory to list backporting notes
• BUG/MEDIUMconnectionfix pool free regression with recent ppv2 TLV patches
• MINORsampleAdd common TLV types as constants for fc_pp_tlv
• MINORsampleRefactor fc_pp_unique_id by wrapping the generic TLV fetch
• MINORsampleRefactor fc_pp_authority by wrapping the generic TLV fetch
• MEDIUMsampleAdd fetch for arbitrary TLVs
• MEDIUMconnectionGeneric, list-based allocation and look-up of PPv2 TLVs
• CLEANUP/MINORconnectionImprove consistency of PPv2 related constants
• CIUpdate to actions/checkout@v4
• MEDIUMcapabilitiesenable support for Linux capabilities
• BUG/MINORhlua/actionincorrect message on E_YIELD error
• BUG/MINORring/cliDon't expect input data when showing events
• BUG/MINORappletAlways expect data when CLI is waiting for a new command
• NUG/MEDIUMstconnAlways update stream's expiration date after I/O
• BUG/MEDIUMstconn/streamForward shutdown on write timeout
• BUG/MEDIUMappletReport an error if applet request more room on aborted SC
• BUG/MEDIUMstconnReport read activity when a stream is attached to front SC
• BUG/MEDIUMappletFix API for function to push new data in channels buffer
• BUG/MINORquicWrong RTT computation (srtt and rrt_var)
• BUG/MINORquicWrong RTT adjusments
• MINORhttpclientallow to configure the timeout.connect
• MINORhttpclientallow to configure the retries
• DOCconfigurationupdate examples for req.ver
• BUG/MINORstreamfurther protect stream_dump() against incomplete sessions
• BUG/MEDIUMh1-htxEnsure chunked parsing with full output buffer
• BUG/MAJORquicReally ignore malformed ACK frames.
• BUG/MINORquicPossible skipped RTT sampling
• BUG/MEDIUMstconnDon't block sends if there is a pending shutdown
• BUG/MEDIUMstconnWake applets on sending path if there is a pending shutdown
• BUG/MINORstconnDon't report blocked sends during connection establishment
• BUG/MEDIUMstconnUpdate stream expiration date on blocked sends
• DEBUGappletProperly report opposite SC expiration dates in traces
• BUG/MINORchecksdo not queue/wake a bounced check
• DOCconfigmention uid dependency on the tune.quic.socket-owner option
• BUG/MINORstreamprotect stream_dump() against incomplete streams
• BUG/MINORssl/clican't find .crt files when replacing a certificate
• BUILDimportguard plock.h against multiple inclusion
• BUG/MINORssl_sockfix possible memory leak on OOM
• DOCluafix core.register_action typo
• BUG/MINORhlua_fcnpotentially unsafe stktable_data_ptr usage
• CIfedorafix dnf invocation syntax
• IMPORTxxhashupdate xxHash to version 0.8.2
• MINORatomicmake sure to always relax after a failed CAS
• MINORthreadsinline the wait function for pthread_rwlock emulation
• IMPORTplockalso support inlining the int code
• BUILDMakefileadd the USE_QUIC option to make help
• DOCjwtAdd explicit list of supported algorithms
• REGTESTSDo not use REQUIRE_VERSION for HAProxy 2.5+ (3)
• SCRIPTSgit-show-backportsautomatic ref and base detection with -m
• DOCtypofix sc-set-gpt references
• BUG/MINORstktableallow sc-add-gpc from tcp-request connection
• BUG/MINORstktableallow sc-set-gpt(0) from tcp-request connection
• DEVflags/show-sess-to-flagsproperly decode fd.state
• BUG/MINORhluafix invalid use of lua_pop on error paths
• BUG/MEDIUMquicfix tasklet_wakeup loop on connection closing
• CIget rid of travis-ci wrapper for Coverity scan
• CIdo not use groupinstall for Fedora Rawhide builds
• MINORsslallow to change the client-sigalgs on server lines
• MINORsslallow to change the server signature algorithm on server lines
• MINORpeersadd peers keyword registration
• BUG/MINORhttpskip leading zeroes in content-length values
• DOCclarify the handling of URL fragments in requests
• REGTESTShttp-rulesverify that we block '#' by default for normalize-uri
• BUG/MINORh3reject more chars from the :path pseudo header
• BUG/MINORh2reject more chars from the :path pseudo header
• BUG/MINORh1do not accept '#' as part of the URI component
• REGTESTShttp-rulesadd accept-invalid-http-request for normalize-uri tests
• MINORh2pass accept-invalid-http-request down the request parser
• MINORhttpadd new function http_path_has_forbidden_char()
• MINORistadd new function ist_find_range() to find a character range
• BUG/MAJORhttpreject any empty content-length header value
• BUG/MAJORh3reject header values containing invalid chars
• REORGhttpmove has_forbidden_char() from h2.c to http.h
• BUG/MAJORhttp-anaGet a fresh trash buffer for each header value replacement
• BUILDquicfix wrong potential NULL dereference
• BUG/MINORquicreappend rxbuf buffer on fake dgram alloc error
• BUG/MINORhttp-clientDon't forget to commit changes on HTX message
• BUG/MEDIUMquicconsume contig space on requeue datagram
• BUG/MEDIUMbwlimReset analyse expiration date when then channel analyse ends
• BUG/MEDIUMh3Be sure to handle fin bit on the last DATA frame
• BUG/MINORchunkfix chunk_appendf() to not write a zero if buffer is full
• DOCconfigurationdescribe Td in Timing events
• BUG/MEDIUMh3Properly report a C-L header was found to the HTX start-line
• BUG/MINORsslOCSP callback only registered for first SSL_CTX
• MINORquicUseless call to SSL_CTX_set_quic_method()
• MINORquicMake ->set_encryption_secrets() be callable two times
• BUG/MEDIUMlistenerAcquire proxy's lock in relax_listener() if necessary
• BUG/MINORserver-stateAvoid warning on 'file not found'
• BUG/MINORserver-stateIgnore empty files
• BUG/MINORquicMissing parentheses around PTO probe variable.
• BUG/MINORserverDon't warn on server resolution failure with init-addr none
• BUG/MINORinitset process' affinity even in foreground
• BUG/MINORcpusetremove the bogus proc from the cpu_map struct
• BUG/MINORconfigdo not detect NUMA topology when cpu-map is configured
• MINORcpusetadd cpu_map_configured() to know if a cpu-map was found
• BUG/MINORh1-htxReturn the right reason for 302 FCGI responses
• BUG/MINORhluaadd check for lua_newstate
• BUILDquicfix warning during compilation using gcc-6.5
• CIexplicitely highlight VTest result section if there's something
• CIadd naming convention documentation
• BUG/MINORhttpReturn the right reason for 302
• BUG/MINORsampleFix wrong overflow detection in add/sub conveters
• DOCconfigFix fc_src description to state the source address is returned
• BUG/MEDIUMhlua_fcn/queuebad pop_wait sequencing
• BUG/MINORhluahlua_yieldk ctx argument should support pointers
• CLEANUPquicremove useless parameter 'key' from quic_packet_encrypt
• BUG/MEDIUMquictimestamp shared in token was using internal time clock
• BUG/MEDIUMquicmissing check of dcid for init pkt including a token
• BUG/MINORquicretry token remove one useless intermediate expand
• BUG/MEDIUMquictoken IV was not computed using a strong secret
• BUG/MINORconfigRemove final '\n' in error messages
• BUG/MINORhlua_fcn/queueuse atomic load to fetch queue size
• EXAMPLESmaintain haproxy 2.8 retrocompatibility for lua mailers script
• BUG/MINORsink/logproperly deinit srv in sink_new_from_logsrv()
• MINORhlua_fcn/mailershandle timeout mail from mailers section
• BUG/MINORserverset rid default value in new_server()
• BUG/MINORsinkfix errors handling in cfg_post_parse_ring()
• BUG/MINORsinkinvalid sft free in sink_deinit()
• BUG/MINORlogfree errmsg on error in cfg_parse_log_forward()
• BUG/MINORlogfix multiple error paths in cfg_parse_log_forward()
• BUG/MINORlogfix missing name error message in cfg_parse_log_forward()
• BUG/MEDIUMlogimproper use of logsrv->maxlen for buffer targets
• MINORsink/apipass explicit maxlen parameter to sink_write()
• BUG/MINORlogLF upsets maxlen for UDP targets
• BUG/MINORringmaxlen warning reported as alert
• BUG/MINORringsize warning incorrectly reported as fatal error
• BUG/MINORsinkmissing sft free in sink_deinit()
• BUG/MINORhttp_extunhandled ERR_ABORT in proxy_http_parse_7239()
• BUG/MEDIUMsinkinvalid server list in sink_new_from_logsrv()
• BUG/MINORcacheA 'max-age=0' cache-control directive can be overriden by a s-maxage
• BUG/MINORtcp_samplebc_{dst,src} return IP not INT
• DOCsslAdd ocsp-update troubleshooting clues and emphasize on crt-list only aspect
• DOCsslFix typo in 'ocsp-update' option
• CLEANUPquicRemove server specific about Initial packet number space
• MINORquicReduce the maximum length of TLS secrets
• MINORquicMove packet number space related functions
• MINORquicMove QUIC encryption level structure definition
• BUILDdebugavoid a build warning related to epoll_wait() in debug code
• MINORcompression/slzadd support for a pure flush of pending bytes
• IMPORTslzimplement a synchronous flush() operation
• BUG/MINORquicWrong endianess for version field in Retry token
• BUG/MINORquicWrong Retry paquet version field endianess
• BUG/MINORquicMissing random bits in Retry packet header
• BUG/MINORconfigfix stick table duplicate name check
• BUG/MEDIUMquicerror checking buffer large enought to receive the retry tag
• BUG/MINORquicPrevent deadlock with CID tree lock
• BUG/MINORmworkerleak of a socketpair during startup failure
• BUG/MINORhttp_extfix if-none regression in forwardfor option
• DOCAttempt to fix dconv parsing error for tune.h2.fe.initial-window-size
• REGTESTSh1_host_normalization : Add a barrier to not mix up log messages
• DOCAdd tune.h2.max-frame-size option to table of contents
• DOCAdd tune.h2.be.* and tune.h2.fe.* options to table of contents
• BUG/MINORquicticks comparison without ticks API use
• BUG/MEDIUMmworkerincrease maxsock with each new worker
• BUG/MINORquicPossible endless loop in quic_lstnr_dghdlr()
• BUG/MINORquicPossible crash in quic_conn_prx_cntrs_update()
• BUG/MINORquicMissing initialization (packet number space probing)
• BUG/MINORnamespacemissing free in netns_sig_stop()
• BUG/MINORserverinherit from netns in srv_settings_cpy()
• BUG/MINORquicAddress inversion in show quic full
• BUG/MINORquicWrong encryption level flags checking
• BUG/MINORssllog message non thread safe in SSL Hanshake failure
• REG-TESTSstickinessDelay haproxys start to properly resolv variables
• BUG/MINORpeersImprove detection of config errors in peers sections
• BUG/MEDIUMhluaUse front SC to detect EOI in HTTP applets' receive functions
• BUG/MINORproxy/serverfree default-server on deinit
• MINORhapee/WURFLtransfer error status from the _wurfl_reload() function
• MINORhapee/WURFLadded live update database function
• MINORhapee/WURFLadded custom API log function
• MINORhapee/WURFLadded function to check correct module initialization
• BUG/MINORhapee/WURFLcorrected version check of used wurfl library
• BUILDhapee/darepaired build in case of using old DeviceAtlas library
• MINORhapee/daadd function that allow data reload
• MINORhapee/daadd spin locking
• MINORhapee/daadd support for loading a precompiled json data
• MEDIUMhapee/daRevert MEDIUM: da: update module to handle schedule mode.
• MINORhapee/51dadd function that returns path to 51Degrees data file
• MINORhapee/51dadd function that allow data reload
• BUG/MINORhapee/51dadd spin locking
• BUILDhapee/51dfix error when building with 51Degrees enabled
• BUG/MEDIUMhapee/51dfix a segfault on exit when 51d configuration is not loaded
• MEDIUMhapee/51duse fiftyoneDegreesProvider to access the pool and dataset
• BUG/MINORproxyadd missing interface bind free in free_proxy
• BUG/MINORcfgparse-tcpleak when re-declaring interface from bind line
• DOCconfigfix rfc7239 converter examples (again)
• DOCconfigfix jwt_verify() example using var()
• DOCquicfix misspelled tune.quic.socket-owner
• BUG/MINORspoeOnly skip sending new frame after a receive attempt
• CONTRIBAdd vi file extensions to .gitignore
• BUG/MINORquicPossible crash when SSL session init fails
• BUG/MINORstreamdo not use client-fin/server-fin with HTX
• BUG/MINORstatsFix Lua's `get_stats` function
• MEDIUMhapeedoes not pass OPTION_LDFLAGS to modules
• MINORhapee/modulescheck if we generate the API hash correctly
• BUG/MINORhapee/modulesadjust include match() in gen-modules-config-h.awk
• BUG/MINORhapee/modulesinitialize the module head list
• BUILDhapee/modulesselect either md5 or md5sum
• MEDIUMhapee/modulesload the STG_REGISTER initcalls
• BUG/MINORhapee/modulesdisplay detailed error message on mod_init() failure
• MINORhapee/modulesadd a new label MODULES_LOCK to the lock_label enum
• MINORhapee/modulesadd the ability to register variable and functions.
• MEDIUMhapee/modules'modules list' on the cli shows currently loaded modules
• MINORhapee/modulesterminate properly loaded modules if possible
• MEDIUMhapee/modulesadd memory reservation support for the modules
• MINORhapeechange URLs for 2.8r1
• BUILDhapee/modulesupdate HAPEE version macro to 2.8r1
• BUILDhapee/modulesadd macros to compute numerical value of a HAPEE version
• BUILDhapee/modulesadd version of the module in the defines
• MEDIUMhapee/modulesadd modules support