#2024/07/18 : 2.2r1 (1.0.0-263.1116)

• BUG/MINORserverDon't warn fallback IP is used during init-addr resolution
• BUG/MINORpollingfix time reporting when using busy polling
• REGTESTSfix random failures with wrong_ip_port_logging.vtc under load
• BUG/MINORtraceautomatically start in waiting mode with "start <evt>"
• BUG/MINORfcgi-apphandle a possible strdup() failure
• BUG/MEDIUMcliAlways release back endpoint between two commands on the mcli
• BUG/MEDIUMstreamPrevent mux upgrades if client connection is no longer ready
• BUG/MINORcliAtomically inc the global request counter between CLI commands
• BUG/MEDIUMspoeBe sure to create a SPOE applet if none on the current thread

#2024/07/03 : 2.2r1 (1.0.0-263.1107)

• CIscriptsfix build of vtest regarding option -C
• CIintroduce scripts/build-vtest.sh for installing VTest
• BUG/MINORhluareport proper context upon error in hlua_cli_io_handler_fct()
• SCRIPTSgit-show-backportsdo not truncate git-show output
• DOCconfigurationfix alphabetical order of bind options
• DOCmanagementrename show stats domain cli dns to resolvers
• DOC/MINORmanagementadd missed -dR and -dv options
• BUG/MINORcfgparseremove the correct option on httpcheck send-state warning
• BUG/MINORhaproxyonly tid 0 must not sleep if got signal
• BUG/MEDIUMhttp_anaignore NTLM for reuse aggressive/always and no H1
• BUG/MEDIUMsslwrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
• CLEANUPhluause hlua_pusherror() where relevant
• BUG/MINORtoolsfix possible null-deref in env_expand() on out-of-memory
• BUG/MINORtcpcheckreport correct error in tcp-check rule parser
• BUG/MINORssl/ocspinit callback func ptr as NULL
• BUILDfderrno is also needed without poll()
• BUG/MINORstatsDon't state the 303 redirect response is chunked
• BUG/MINORhtpp-ana/statsSpecify that HTX redirect messages have a C-L header
• BUG/MEDIUMfdprevent memory waste in fdtab array
• BUG/MEDIUMhtxmark htx_sl as packed since it may be realigned
• BUG/MINORh1fix detection of upper bytes in the URI
• BUG/MINORfdmy_closefrom() on Linux could skip contiguous series of sockets
• BUG/MEDIUMevportsdo not clear returned events list on signal
• BUG/MEDIUMstconnDon't forward channel data if input data must be filtered
• BUG/MEDIUMhttp-anaDeliver 502 on keep-alive for fressh server connection
• BUG/MINORloginvalid snprintf() usage in sess_build_logline()
• BUG/MINORtools/loginvalid encode_{chunk,string} usage
• BUG/MINORlogfix lf_text_len() truncate inconsistency
• DOCconfigurationclarify ciphersuites usage (V2)
• DOCconfigurationclarify ciphersuites usage
• BUG/MEDIUMconnectionreport connection errors even when no mux is installed

#2024/04/04 : 2.2r1 (1.0.0-261.1076)

• BUG/MEDIUMspoeDon't rely on stream's expiration to detect processing timeout
• CLEANUPpoolsremove unused arguments to pool_evict_from_cache()
• BUG/MINORbackendproperly handle redispatch 0
• BUG/MINORserver'source' interface ignored from 'default-server' directive
• BUG/MINORsessionensure conn owner is set after insert into session
• BUG/MEDIUMspoeReturn an invalid frame on recv if size is too small
• BUG/MINORsslfix possible ctx memory leak in sample_conv_aes_gcm()
• BUG/MINORcfgparsereport proper location for log-format-sd errors
• BUG/MINORhluaFix log level to the right value when set via TXN:set_loglevel
• CIUpdate to actions/cache@v4
• DOCinternalupdate missing data types in peers-v2.0.txt
• BUG/MAJORssl_sockAlways clear retry flags in read/write functions
• BUG/MEDIUMh1always reject the NUL character in header values
• BUG/MINORh1-htxproperly initialize the err_pos field
• BUG/MEDIUMpoolfix rare risk of deadlock in pool_flush()
• BUG/MEDIUMclisome err/warn msg dumps add LR into CSV output on stat's CLI

#2024/01/19 : 2.2r1 (1.0.0-260.1060)

• BUG/MEDIUMspoeNever create new spoe applet if there is no server up
• BUG/MEDIUMstconnForward shutdown on write timeout only if it is forwardable
• BUG/MEDIUMmux-h2Report too large HEADERS frame only when rxbuf is empty
• DOCconfigurationtypo req.ssl_hello_type
• BUG/MEDIUMsslfix the gcc-12 broken fix :-(
• BUILDsslwork around bogus warning in gcc 12's -Wformat-truncation
• BUG/MINORstartupset GTUNE_SOCKET_TRANSFER correctly
• DOCClarify the differences between field() and word()
• BUG/MINORsampleMake the `word` converter compatible with `-m found`
• REGTESTSsampleTest the behavior of consecutive delimiters for the field converter
• DOCconfigadd matrix entry for max-session-srv-conns
• DOCconfigspecify supported sections for max-session-srv-conns
• DOC51dupdated 51Degrees repo URL for v3.2.10
• REGTESTShttpadd a test to validate chunked responses delivery
• BUG/MEDIUMmux-fcgifail earlier on malloc in takeover()
• BUG/MEDIUMmux-h1fail earlier on malloc in takeover()
• BUG/MEDIUMmux-h2fail earlier on malloc in takeover()
• BUG/MINORstconnUse HTX-aware channel's functions to get info on buffer
• BUG/MINORstconnFix streamer detection for HTX streams
• MINORchannelAdd functions to get info on buffers and deal with HTX streams
• MINORhtxUse a macro for overhead induced by HTX
• BUG/MEDIUMstreamDon't call mux .ctl() callback if not implemented
• REGTESTShttpImprove script testing abortonclose option
• BUG/MEDIUMstreamProperly handle abortonclose when set on backend only
• MEDIUMmux-h1Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
• MINORconnectionAdd a CTL flag to notify mux it should wait for reads again
• BUG/MINORstconnHandle abortonclose if backend connection was already set up
• DOCconfiguse the word 'backend' instead of 'proxy' in 'track' description
• DOCmanagement-q is quiet all the time
• BUG/MINORstick-table/cliCheck for invalid ipv4 key
• BUG/MINORcfgparse/stktablefix error message on stktable_init() failure
• BUG/MINORstktablemissing free in parse_stick_table()
• BUG/MINORtcpcheckReport hexstring instead of binary one on check failure
• BUG/MEDIUMsslsegfault when cipher is NULL
• BUG/MINORsslsuboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
• BUG/MINORmux-h2commit the current stream ID even on reject
• BUG/MEDIUMpeersBe sure to always refresh recconnect timer in sync task
• BUG/MEDIUMmux-h2Don't report an error on shutr if a shutw is pending
• BUG/MEDIUMactionsalways apply a longest match on prefix lookup
• BUILDsslbuggy -Werror=dangling-pointer since gcc 13.0
• BUG/MINORhlua_fcnpotentially unsafe stktable_data_ptr usage
• BUG/MINORhluafix invalid use of lua_pop on error paths
• MINORpatternfix pat_{parse,match}_ip() function comments
• BUG/MAJORmux-h2Report a protocol error for any DATA frame before headers
• BUG/MINORfreq_ctrfix possible negative rate with the scaled API
• BUG/MEDIUMmux-fcgiDon't swap trash and dbuf when handling STDERR records
• MINORbufAdd b_force_xfer() function
• BUG/MEDIUMhluadon't pass stale nargs argument to lua_resume()
• CIUpdate to actions/checkout@v4
• BUG/MINORhlua/actionincorrect message on E_YIELD error
• BUG/MEDIUMstconn/streamForward shutdown on write timeout
• BUG/MEDIUMstconnWake applets on sending path if there is a pending shutdown
• DOCluafix core.register_action typo
• SCRIPTSgit-show-backportsautomatic ref and base detection with -m
• BUG/MINORstktableallow sc-set-gpt(0) from tcp-request connection

#2023/10/10 : 2.2r1 (1.0.0-258.1005)

#2023/08/16 : 2.2r1 (1.0.0-257.1005)

• BUG/MINORhttpskip leading zeroes in content-length values
• DOCclarify the handling of URL fragments in requests
• REGTESTShttp-rulesverify that we block '#' by default for normalize-uri
• BUG/MINORh2reject more chars from the :path pseudo header
• BUG/MINORh1do not accept '#' as part of the URI component
• MINORh2pass accept-invalid-http-request down the request parser
• MINORhttpadd new function http_path_has_forbidden_char()
• MINORistAdd istend() function to return a pointer to the end of the string
• MINORistadd new function ist_find_range() to find a character range
• BUG/MAJORhttpreject any empty content-length header value
• BUG/MAJORhttp-anaGet a fresh trash buffer for each header value replacement
• BUG/MINORchunkfix chunk_appendf() to not write a zero if buffer is full
• DOCconfigurationdescribe Td in Timing events
• BUG/MINORh1-htxReturn the right reason for 302 FCGI responses
• CIexplicitely highlight VTest result section if there's something
• BUG/MINORhttpReturn the right reason for 302
• BUG/MINORsampleFix wrong overflow detection in add/sub conveters
• BUG/MINORringmaxlen warning reported as alert
• DOCAdd tune.h2.max-frame-size option to table of contents
• BUG/MEDIUMmworkerincrease maxsock with each new worker
• BUG/MINORnamespacemissing free in netns_sig_stop()
• BUG/MINORserverinherit from netns in srv_settings_cpy()
• BUG/MINORproxyadd missing interface bind free in free_proxy
• BUG/MINORcfgparse-tcpleak when re-declaring interface from bind line

#2023/06/09 : 2.2r1 (1.0.0-257.981)

#2023/06/06 : 2.2r1 (1.0.0-255.981)

• BUG/MINORspoeOnly skip sending new frame after a receive attempt
• CONTRIBAdd vi file extensions to .gitignore
• DOCconfigFix bind/server/peer documentation in the peers section

#2023/05/26 : 2.2r1 (1.0.0-255.978)

• CIcirrus-cibump FreeBSD image to 13-1
• BUG/MINORserverdon't use date when restoring last_change from state file
• BUG/MINORserverdon't miss server stats update on server state transitions
• BUG/MINORserverdon't miss proxy stats update on server state transitions
• MINORserverexplicitly commit state change in srv_update_status()
• BUG/MINORserverincorrect report for tracking servers leaving drain
• BUILDsslswitch LibreSSL to Fastly CDN
• CIswitch to Fastly CDN to download LibreSSL
• BUG/MEDIUMspoeDon't start new applet if there are enough idle ones
• BUG/MINORdebugdo not emit empty lines in thread dumps
• BUG/MEDIUMfiltersDon't deinit filters for disabled proxies during startup
• MINORspoeDon't stop disabled proxies
• BUG/MINORproxymissing free in free_proxy for redirect rules
• BUG/MINORlogfix memory error handling in parse_logsrv()
• SCRIPTSpublish-releaseupdate the umask to keep group write access
• BUG/MINORhluaunsafe hlua_lua2smp() usage
• DOC/MINORconfigFix typo in description for `ssl_bc` in configuration.txt
• DOCconfigClarify conditions to shorten the inspect-delay for TCP rules
• BUG/MINORtcp-rulesDon't shortened the inspect-delay when EOI is set
• BUG/MEDIUMmux-h1do not refrain from signaling errors after end of input

#2023/05/17 : 2.2r1 (1.0.0-255.958)

• BUILDchecksfix build failure on macos after last fix
• BUG/MINORcheckspostpone the startup of health checks by the boot time
• MINORclockmeasure the total boot time
• MINORchecksmake sure spread-checks is used also at boot time

#2023/04/24 : 2.2r1 (1.0.0-255.954)

• BUG/MINORmux-h2make sure to produce a log on invalid requests
• BUG/MEDIUMUpdate read expiration date on synchronous send
• BUG/MEDIUMproxy/sktableprevent watchdog trigger on soft-stop
• BUG/MINORcfgparsemake sure to include openssl-compat
• CIbump actions/checkout to v3 for cross zoo matrix
• BUG/MINORstick_tablealert when type len has incorrect characters
• DOCconfigstrict-sni allows to start without certificate
• MINORproxy/poolprevent unnecessary calls to pool_gc()
• BUILDdaextends CFLAGS to support API v3 from 3.1.7 and onwards.
• BUG/MEDIUMmux-h1Wakeup H1C on shutw if there is no I/O subscription
• BUG/MEDIUMmux-h2erase h2c->wait_event.tasklet on error path
• BUG/MEDIUMspoeDon't set the default traget for the SPOE agent frontend
• BUG/MINORmux-h2make sure the h2c task exists before refreshing it
• BUG/MINORsslUse 'date' instead of 'now' in ocsp stapling callback
• BUG/MINORhttp-checkSkip C-L header for empty body when it's not mandatory
• BUG/MINORhttp-checkDon't set HTX_SL_F_BODYLESS flag with a log-format body
• DOCconfigClarify the meaning of 'hold' in the 'resolvers' section
• DOCconfigAdd the missing tune.fail-alloc option from global listing
• DOCconfigFix description of options about HTTP connection modes
• BUG/MINORringdo not realign ring contents on resize
• BUG/MINORmworkerprevent incorrect values in uptime
• BUG/MEDIUMmworkerdon't register mworker_accept_wrapper() when master FD is wrong
• BUG/MINORmworkerstop doing strtok directly from the env
• DOC/MINORreformat configuration.txt's quoting and escaping table
• CIgithubdon't warn on deprecated openssl functions on windows

#2023/02/13 : 2.2r1 (1.0.0-254.929)

• BUG/CRITICALhttpproperly reject empty http header field names
• BUG/MEDIUMstconnSchedule a shutw on shutr if data must be sent first
• DOCproxy-protocolfix wrong byte in provided example
• DOCconfig'http-send-name-header' option may be used in default section
• DOCconfigfix option spop-check proxy compatibility
• BUG/MEDIUMcacheuse the correct time reference when comparing dates
• BUG/MEDIUMstick-tabledo not leave entries in end of window during purge
• BUG/MINORssl/crt-listwarn when a line is malformated
• BUG/MEDIUMsslwrong eviction from the session cache tree
• BUG/MEDIUMsinkFix release of sinks during the deinit
• BUG/MINORsinkfree the forwarding task on exit

#2023/02/08 : 2.2r1 (1.0.0-253.918)

#2023/01/20 : 2.2r1 (1.0.0-251.918)

• BUG/MINORsslFix memory leak of find_chain in ssl_sock_load_cert_chain
• BUILDhpackinclude global.h for the trash that is needed in debug mode
• BUG/MINORmux-h2add missing traces on failed headers decoding
• BUG/MINORmux-fcgiCorrectly set pathinfo
• BUG/MINORhttp-anamake set-status also update txn->status
• BUG/MINORhttp-fetchDon't block HTTP sample fetch eval in HTTP_MSG_ERROR state
• BUG/MINORhttp-anaReport SF_FINST_R flag on error waiting the request body
• BUG/MINORpromexDon't forget to consume the request on error
• BUG/MINORresolversWait the resolution execution for a do_resolv action
• CLEANUPhtxfix a typo in an error message of http_str_to_htx
• BUG/MINORhttpMemory leak of http redirect rules' format string
• REGTESTfix the race conditions in hmac.vtc
• REGTESTfix the race conditions in digest.vtc
• BUG/MAJORbufFix copy of wrapping output data when a buffer is realigned
• BUG/MINORhttp-fetchOnly fill txn status during prefetch if not already set
• BUILDmakefilesort the features list
• BUILDmakefilebuild the features list dynamically
• BUG/MINORpool/statsUse ullong to report total pool usage in bytes in stats
• BUG/MEDIUMmux-h2Refuse interim responses with end-stream flag set
• LICENSEwurflclarify the dummy library license.
• BUG/MEDIUMresolversUse tick_first() to update the resolvers task timeout
• REGTESTSstartupcheck maxconn computation
• BUG/MAJORfcgiFix uninitialized reserved bytes
• BUG/MEDIUMmworkerfix segv in early failure of mworker mode with peers
• BUG/MINORsslFix potential overflow
• BUG/MEDIUMsslVerify error codes can exceed 63
• BUG/MINORcfgparseUse the right proxy list during validity check of sinks

#2022/12/27 : 2.2r1 (1.0.0-251.891)

#2022/12/16 : 2.2r1 (1.0.0-250.891)

• BUILDpeerspeers-t.h depends on stick-table-t.h
• BUG/MINORhapee/modulesmake sure generated includes and structs are sorted
• MINORhapee/modulescheck if we generate the API hash correctly

#2022/12/15 : 2.2r1 (1.0.0-250.888)

• BUG/MINORhapee/modulesadjust include match() in gen-modules-config-h.awk

#2022/12/09 : 2.2r1 (1.0.0-250.887)

• CIgithubchange ubuntu-latest to ubuntu-20.04
• BUG/MEDIIMstconnFlush output data before forwarding close to write side
• SCRIPTSannounce-releaseadd a link to the data plane API
• DOCconfigclarify the -m dir and -m dom pattern matching methods
• DOCconfigclarify the fact that retries is not just for connections
• DOCconfigexplain how default matching method for ACL works
• DOCconfigmention that a single monitor-uri rule is supported
• DOCconfigclarify the fact that SNI should not be used in HTTP scenarios
• DOCconfigprovide some configuration hints for http-reuse

#2022/11/29 : 2.2r1 (1.0.0-250.876)

• BUILDlistenerfix build warning on global_listener_rwlock without threads
• BUG/MINORserver/idleat least use atomic stores when updating max_used_conns
• BUILDpeersRemove unused variables
• BUG/MEDIUMpeersmessages about unkown tables not correctly ignored
• BUG/MINORssldon't initialize the keylog callback when not required
• BUG/MINORhttp_ana/txndon't re-initialize txn and req var lists
• BUG/MEDIUMlistenerFix race condition when updating the global mngmt task
• BUG/MINORpool/cliuse ullong to report total pool usage in bytes
• BUG/MEDIUMringfix creation of server in uninitialized ring
• DOCconfigfix alphabetical ordering of global section
• BUG/MINORresolversSet port before IP address when processing SRV records
• BUG/MINORhttp-htxFix error handling during parsing http replies
• CIemit the compiler's version in the build reports
• CIswitch to the latest LibreSSL
• BUG/MINORsslocsp structure not freed properly in case of error
• BUG/MINORsslMemory leak of AUTHORITY_KEYID struct when loading issuer
• CIadd monthly gcc cross compile jobs
• BUG/MEDIUMstick-tablefix a race condition when updating the expiration task

#2022/10/26 : 2.2r1 (1.0.0-250.858)

• BUG/MAJORstick-tabledon't process store-response rules for applets
• DOCmanagementadd forgotten show startup-logs
• CISSLtemporarily stick to LibreSSL=3.5.3
• CISSLuse proper version generating when latest semantic is used
• BUG/MEDIUMcompressionhandle rewrite errors when updating response headers
• CIReplace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition
• CIReplace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py
• BUG/MINORservermake sure show servers state hides private bits
• BUG/MAJORstick-tablesdo not try to index a server name for applets
• DOCconfigurationmissing 'if' in tcp-request content example
• BUG/MINORsmtpchkSMTP Service check should gracefully close SMTP transaction
• MINORsmtpchkUpdate expect rule to fully match replies to EHLO commands
• BUG/MINORmux-h1Account consumed output data on synchronous connection error
• BUILDhttp_fetchsilence an uninitiialized warning with gcc-4/5/6 at -Os
• BUG/MINORhttp-fetchUpdate method after a prefetch in smp_fetch_meth()
• BUG/MEDIUMluahandle stick table implicit arguments right.
• BUG/MEDIUMluaDon't crash in hlua_lua2arg_check on failure
• DOCconfigFix pgsql-check documentation to make user param mandatory
• BUG/MINORchecksupdate pgsql regex on auth packet
• BUG/MEDIUMresolversRemove aborted resolutions from query_ids tree
• REGTESTS4be_1srv_smtpchk_httpchk_layer47errorsReturn valid SMTP replies
• BUILDssl-ckchFix GCC warning about a if statement always true
• BUG/MEDIUMsinkbad init sequence on tcp sink from a ring.
• BUG/MINORlogimproper behavior when escaping log data
• SCRIPTSannounce-releaseupdate some URLs to https
• BUILDfdfix a build warning on the DWCAS
• BUG/MEDIUMcapturesfree() an error capture out of the proxy lock
• REGTESTShealthcheckmailRelax matching on the healthcheck log message
• BUG/MEDIUMproxyensure pause_proxy() and resume_proxy() own PROXY_LOCK
• CIcirrus-cibump FreeBSD image to 13-1
• BUG/MINORsignals/pollerensure wakeup from signals
• BUG/MINORsignals/pollerset the poller timeout to 0 when there are signals
• BUG/MINORh1Support headers case adjustment for TCP proxies
• REGTESTShttp_request_bufferAdd a barrier to not mix up log messages

#2022/08/30 : 2.2r1 (1.0.0-250.824)

• BUG/MINORtcpcheckDisable QUICKACK for default tcp-check (with no rule)
• BUG/MEDIUMpeersDon't start resync on reload if local peer is not up-to-date
• BUG/MEDIUMpeersDon't use resync timer when local resync is in progress
• BUG/MEDIUMpeersAdd connect and server timeut to peers proxy
• BUG/MEDIUMspoeProperly update streams waiting for a ACK in async mode
• DOCconfigurationdo-resolve doesn't work with a port in the string
• BUG/MINORtcpcheckDisable QUICKACK only if data should be sent after connect
• BUG/MINORresolversreturn the correct value in resolvers_finalize_config()
• BUG/MEDIUMmux-h2do not fiddle with ->dsi to indicate demux is idle
• BUG/MEDIUMhttp-anafix crash or wrong header deletion by http-restrict-req-hdr-names
• BUILDhttpsilence an uninitialized warning affecting gcc-5
• BUG/MINORsinkfix a race condition between the writer and the reader
• BUG/MINORring/clifix a race condition between the writer and the reader
• BUG/MEDIUMproxyPerform a custom copy for default server settings
• REORGserverExport srv_settings_cpy() function
• MINORserverConstify source server to copy its settings
• BUG/MINORpeersUse right channel flag to consider the peer as connected
• BUG/MEDIUMpeerslimit reconnect attempts of the old process on reload
• MINORpeersUse a dedicated reconnect timeout when stopping the local peer

#2022/07/29 : 2.2r1 (1.0.0-249.805)

• BUG/MINORsockpairwrong return value for fd_send_uxst()
• BUG/MINORbackendFallback on RR algo if balance on source is impossible
• REGTESTSFix some scripts to be compatible with 2.4 and prior
• BUG/MEDIUMmux-h1Handle connection error after a synchronous send
• BUG/MEDIUMhttp-anaDon't wait to have an empty buf to switch in TUNNEL state
• BUG/MINORpeersfix possible NULL dereferences at config parsing
• BUG/MINORhttp-actProperly generate 103 responses when several rules are used
• BUG/MINORhttp-checkPreserve headers if not redefined by an implicit rule
• BUG/MINORpeers/configalways fill the bind_conf's argument
• CIre-enable gcc asan builds
• BUG/MINORhttp-fetchUse integer value when possible in method sample fetch
• BUG/MINORhttp-anaSet method to HTTP_METH_OTHER when an HTTP txn is created
• BUG/MINORsslDo not look for key in extra files if already in pem
• MEDIUMmux-h2try to coalesce outgoing WINDOW_UPDATE frames
• BUG/MEDIUMssl/clicrash when crt inserted into a crt-list
• BUG/MINORtcp-rulesMake action call final on read error and delay expiration
• BUG/MINORcli/statsadd missing trailing LF after show info json
• BUG/MINORserverdo not enable DNS resolution on disabled proxies
• BUG/MINORcli/statsadd missing trailing LF after JSON outputs
• REGTESTShealthcheckmailRelax health-check failure condition
• REGTESTShealthcheckmailUpdate the test to be functionnal again
• BUG/MEDIUMmailersSet the object type for check attached to an email alert
• BUILDcompilerimplement unreachable for older compilers too
• REGTESTSrestrict_req_hdr_namesExtend supported versions
• BUG/MINORssl_ckchFix possible uninitialized value in show_cert I/O handler
• BUG/MINORssl_ckchDump cert transaction only once if show command yield
• REGTESTShttp_request_bufferIncrease client timeout to wait slow clients
• REGTESTSabortoncloseAdd a barrier to not mix up log messages
• MEDIUMhttp-anaAlways report rewrite failures as PRXCOND in logs
• BUG/MEDIUMssl/crt-listRework 'add ssl crt-list' to handle full buffer cases
• BUG/MEDIUMssl_ckchRework 'commit ssl cert' to handle full buffer cases
• BUG/MINORssl_ckchDon't duplicate path when replacing a cert entry
• BUG/MEDIUMssl_ckchDon't delete a cert entry if it is being modified
• BUG/MINORssl_ckchFree error msg if commit changes on a cert entry fails
• BUG/MEDIUMdnsKeep the right count of active nameservers for a resolver
• BUG/MINORconn_streamdo not confirm a connection from the frontend path

#2022/06/10 : 2.2r1 (1.0.0-247.769)

• BUG/MINORsslFix crash when no private key is found in pem
• DOCpeersfix port number and addresses on new peers section format
• DOCpeersclarify when entry expiration date is renewed.
• DOCpeersindicate that some server settings are not usable
• SCRIPTSmake publish-release try to launch make-releases-json
• SCRIPTSadd make-releases-json to recreate a releases.json file in download dirs
• REGTESTSDo not use REQUIRE_VERSION for HAProxy 2.5+ (2)
• BUG/MEDIUMsampleFix adjusting size in word converter
• BUG/MEDIUMpeersprevent unitialized multiple listeners on peers section
• BUG/MEDIUMpeersfix segfault using multiple bind on peers sections
• BUG/MEDIUMresolversDon't defer resolutions release in deinit function
• BUG/MEDIUMhttpProperly reject non-HTTP/1.x protocols
• CIdetermine actual OpenSSL version dynamically
• BUG/MINORpeersfix error reporting of bind lines
• BUG/MINORcfgparseabort earlier in case of allocation error
• BUG/MINORcheckReinit the buffer wait list at the end of a check
• BUG/MEDIUMconfigReset outline buffer size on realloc error in readcfgfile()
• REGTESTSabortoncloseFix some race conditions
• BUILDfix build warning on solaris based systems with __maybe_unused.
• MEDIUMhttp-anaAdd a proxy option to restrict chars in request header names
• CIdetermine actual LibreSSL version dynamically

#2022/05/13 : 2.2r1 (1.0.0-247.748)

• CLEANUPmux-h1Fix comments and error messages for global options
• BUG/MEDIUMwdtdon't trigger the watchdog when p is unitialized
• BUG/MINORserverMake SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
• DOCfix typo ant for and in INSTALL
• BUG/MINORmap/climake sure patterns don't vanish under show map's init
• BUG/MINORmap/cliprotect the backref list during show map errors
• BUG/MEDIUMclimake show cli sockets really yield
• BUG/MINORtcp/httprelease the expr of set-{src,dst}[-port]
• DOCconfigUpdate doc for PR/PH session states to warn about rewrite failures
• BUG/MINORmux-h2mark the stream as open before processing it not after
• BUG/MAJORdnsmulti-thread concurrency issue on UDP socket

#2022/05/05 : 2.2r1 (1.0.0-247.737)

• SCRIPTSannounce-releaseadd URL of dev packages
• CIgithub actions: update LibreSSL to 3.5.2
• BUILDproto_uxstdo not set unused flag
• BUILDsockpairdo not set unused flag
• BUILDfdremove unused variable totlen in fd_write_frag_line()
• BUG/MINORpoolsmake sure to also destroy shared pools in pool_destroy_all()
• REGTESTSfix the race conditions in be2dec.vtc ad field.vtc
• BUG/MINORrulesFix check_capture() function to use the right rule arguments
• DOCremove my name from the config doc
• BUG/MINORcacheDisable cache if applet creation fails
• SCRIPTSannounce-releaseadd shortened links to pending issues
• DOCluaupdate a few doc URLs
• SCRIPTSannounce-releaseupdate the doc's URL
• BUG/MEDIUMcompressionDon't forget to update htx_sl and http_msg flags
• BUG/MEDIUMfcgi-appUse http_msg flags to know if C-L header can be added
• BUG/MEDIUMmux-h1Don't request more room on partial trailers
• BUG/MINORmux-h2use timeout http-request as a fallback for http-keep-alive
• BUG/MINORmux-h2do not use timeout http-keep-alive on backend side
• BUG/MINORcachedo not display expired entries in show cache
• BUG/MINORmux-h2do not send GOAWAY if SETTINGS were not sent
• CIcirrusswitch to FreeBSD-13.0
• CIUpdate to actions/cache@v3
• CIUpdate to actions/checkout@v3
• BUG/MEDIUMhttp-actDon't replace URI if path is not found or invalid
• BUG/MEDIUMhttp-convFix url_enc() to not crush const samples
• BUG/MINORfcgi-appDon't add C-L header on response to HEAD requests
• CIgithub actions: update OpenSSL to 3.0.2
• BUG/MAJORmux_ptalways report the connection error to the conn_stream
• DOCreflect H2 timeout changes
• BUG/MEDIUMmux-h2make use of http-request and keep-alive timeouts
• MEDIUMmux-h2slightly relax timeout management rules
• BUG/MEDIUMstream-intdo not rely on the connection error once established

#2022/03/29 : 2.2r1 (1.0.0-246.705)

• BUG/MEDIUMmux-h1Properly detect full buffer cases when adding EOM block
• BUG/MEDIUMmux-h1Properly detect full buffer cases during message parsing
• BUG/MEDIUMmux-fcgiProperly handle return value of headers/trailers parsing
• BUG/MINORtoolsurl2sa reads too far when no port nor path
• BUG/MEDIUMtraceavoid race condition when retrieving session from conn->owner
• BUG/MEDIUMmux-h1only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
• CIgithub actions: switch to LibreSSL-3.5.1

#2022/03/25 : 2.2r1 (1.0.0-245.698)

• BUG/MINORtoolsfix url2sa return value with IPv4

#2022/03/17 : 2.2r1 (1.0.0-245.697)

#2022/03/14 : 2.2r1 (1.0.0-244.697)

• BUILDtree-widemark a few numeric constants as explicitly long long
• DOCFix usage/examples of deprecated ACLs
• BUG/MINORstreammake the call_rate only count the no-progress calls
• BUG/MAJORmux-ptAlways destroy the backend connection on detach
• DEBUGstreamFix stream trace message to print response buffer state
• DEBUGstreamAdd the missing descriptions for stream trace events
• BUG/MEDIUMmcliProperly handle errors and timeouts during reponse processing
• DEBUGcacheUpdate underlying buffer when loading HTX message in cache applet
• BUG/MINORpromexSet conn-stream/channel EOI flags at the end of request
• BUG/MINORcacheSet conn-stream/channel EOI flags at the end of request
• BUG/MINORstatsSet conn-stream/channel EOI flags at the end of request
• BUG/MINORhluaSet conn-stream/channel EOI flags at the end of request
• BUG/MINORclishows correct mode in show sess

#2022/03/01 : 2.2r1 (1.0.0-244.684)

• CIgithub actions: use cache for SSL libs
• CIgithub actions: add the output of $CC -dM -E-
• BUG/MAJORschedprevent rare concurrent wakeup of multi-threaded tasks
• CLEANUPatomicadd a fetch-and-xxx variant for common operations
• REORGatomicreimplement pl_cpu_relax() from atomic-ops.h
• REGTESTSfix the race conditions in secure_memcmp.vtc
• BUILD/MINORfix solaris build with clang.
• BUG/MEDIUMstreamAbort processing if response buffer allocation fails
• BUG/MAJORmux-h2Be sure to always report HTX parsing error to the app layer
• BUG/MEDIUMmux-h1Don't wake h1s if mux is blocked on lack of output buffer
• BUG/MINORtoolsurl2sa reads ipv4 too far
• BUG/MINORmailersnegotiate SMTP, not ESMTP
• CIgithub actions: update OpenSSL to 3.0.1
• CIgithubswitch to OpenSSL 3.0.0
• CIgithub actions: relax OpenSSL-3.0.0 version comparision
• CIgithub actions: -Wno-deprecated-declarations with OpenSSL 3.0.0
• CIgithub actions: add OpenSSL-3.0.0 builds
• BUILDadopt script/build-ssl.sh for OpenSSL-3.0.0beta2
• BUILDfix compilation for OpenSSL-3.0.0-alpha17
• CIsslkeep the old method for ancient OpenSSL versions
• CIssldo not needlessly build the OpenSSL docs
• CIsslenable parallel builds for OpenSSL on Linux
• BUG/MEDIUMfdalways align fdtab[] to 64 bytes
• BUG/MEDIUMresolversReally ignore trailing dot in domain names
• BUG/MINORsinkUse the right field in appctx context in release callback
• BUG/MINORmworkerfix a FD leak of a sockpair upon a failed reload
• BUG/MEDIUMmworkerclose unused transferred FDs on load failure
• MINORsockmove the unused socket cleaning code into its own function
• BUG/MAJORspoeproperly detach all agents when releasing the applet
• BUG/MAJORhttp/htxprevent unbounded loop in http_manage_server_side_cookies
• BUG/MINORmworkerdoes not erase the pidfile upon reload
• BUG/MEDIUMmworkerdon't lose the stats socket on failed reload
• BUG/MEDIUMmclialways realign wrapping buffers before parsing them
• BUG/MEDIUMmclido not try to parse empty buffers
• BUG/MEDIUMcliNever wait for more data on client shutdown
• BUG/MINORcliavoid O(bufsize) parsing cost on pipelined commands
• MINORchanneladd new function co_getdelim() to support multiple delimiters
• MEDIUMcliyield between each pipelined command
• BUG/MEDIUMhtxAdjust length to add DATA block in an empty HTX buffer

#2022/01/13 : 2.2r1 (1.0.0-244.645)

• BUG/MEDIUMmworkerdon't use _getsocks in wait mode
• BUG/MEDIUMhttp-anaPreserve response's FLT_END analyser on L7 retry
• BUG/MINORclifix _getsocks with musl libc
• BUILD/MINORtoolssolaris build fix on dladdr.
• BUG/MINORsslfree the fields in srv->ssl_ctx
• CLEANUPsslmake ssl_sock_free_srv_ctx() zero the pointers after free
• BUILDmakefileadd -Wno-atomic-alignment to work around clang abusive warning
• DOCfix misspelled keyword resolve_retries in resolvers
• BUILDsslunbreak the build with newer libressl
• BUILDcliclear a maybe-unused warning on some older compilers
• BUG/MINORpoolsdon't mark ourselves as harmless in DEBUG_UAF mode
• BUG/MINORbackendrestore the SF_SRV_REUSED flag original purpose
• BUG/MINORbackenddo not set sni on connection reuse
• BUG/MEDIUMmworker/clicrash when trying to access an old PID in prompt mode
• DOCconfigretry-on list is space-delimited
• DOCconfigSpecify %Ta is only available in HTTP mode
• DOCspoeClarify use of the event directive in spoe-message section
• BUILDtree-wideavoid warnings caused by redundant checks of obj_types
• MINORsslmake tlskeys_list_get_next() take a list element
• CLEANUPsslRemove useless local variable in tlskeys_list_get_next()
• CLEANUPsslRemove useless loop in tlskeys_list_get_next()
• BUG/MEDIUMresolversDetach query item on response error
• BUG/MEDIUMcliProperly set stream analyzers to process one command at a time
• MINORclishow version displays the current process version
• REGTESTSmark the abns test as broken again
• BUILDmakefileadd entries to build common debugging tools
• CIGithub Actions: temporarily disable BoringSSL builds
• CIGithub Actions: switch to LibreSSL-3.3.3
• CIgithub actions: update LibreSSL to 3.2.5
• CIgithub actions: switch to stable LibreSSL release
• CIFix the coverity builds
• CIFix DEBUG_STRICT definition for Coverity
• CIPin VTest to a known good commit
• CIgithub actions: build several popular contrib tools
• CIGitHub Actions: enable daily Coverity scan
• CIgithub actions: enable 51degrees feature
• CIgithub actions: update LibreSSL to 3.3.0
• CIClean up Windows CI
• CIPass the github.event_name to matrix.py
• CIGithub Action: run apt-get update before packages restore
• CIGithub Actions: enable BoringSSL builds
• CIGithub Actions: remove LibreSSL-3.0.2 builds
• CIGithub Actions: enable prometheus exporter
• CIStop hijacking the hosts file
• CIExpand use of GitHub Actions for CI
• DOCconfigurationissuers-chain-path only applies to bind lines

#2021/12/02 : 2.2r1 (1.0.0-244.598)

• BUG/MEDIUMsslabort with the correct SSL error when SNI not found

#2021/11/25 : 2.2r1 (1.0.0-244.597)

• BUG/MINORshctxdo not look for available blocks when the first one is enough
• BUG/MEDIUMshctxleave the block allocator when enough blocks are found
• BUG/MEDIUMmux-h2always process a pending shut read
• BUG/MEDIUMsslbackend TLS resumption with sni and TLSv1.3
• CLEANUPsslRelease cached SSL sessions on deinit
• MINORmux-h2perform a full cycle shutdown+drain on close
• MINORconnectionadd a new CO_FL_WANT_DRAIN flag to force drain on close
• BUG/MINORstick-table/cliCheck for invalid ipv6 key
• BUG/MEDIUMconnectionmake cs_shutr/cs_shutw//cs_close() idempotent
• BUG/MINORmux-h2Fix H2_CF_DEM_SHORT_READ value
• BUG/MINORmworkerdoesn't launch the program postparser
• BUG/MEDIUMconn-streamDon't reset CS flags on close
• DOCluaBe explicit with the Reply object limits
• BUG/MINORhttp-anaApply stop to the current section for http-response rules
• DOCconfigFix typo in ssl_fc_unique_id description
• BUG/MEDIUMmux-h1Fix H1C_F_ST_SILENT_SHUT value
• BUG/MINORsamplefix backend direction flags consecutive to last fix
• BUG/MEDIUMsampleCumulate frontend and backend sample validity flags
• BUG/MEDIUMstream-intBlock reads if channel cannot receive more data
• MINORstreamImprove dump of bogus streams
• DOCconfigFix alphabetical order of fc_* samples
• BUG/MINORhttpAuthorization value can have multiple spaces after the scheme
• BUG/MEDIUMhttp-anaDrain request data waiting the tarpit timeout expiration
• BUG/MEDIUMresolversTrack api calls with a counter to free resolutions
• BUG/MEDIUMresolversDon't recursively perform requester unlink
• MEDIUMresolversremove the last occurrences of the safe argument
• MEDIUMresolversuse a kill list to preserve the list consistency
• CLEANUPresolversreplace all LIST_DELETE with LIST_DEL_INIT
• CLEANUPresolverssimplify resolv_link_resolution() regarding requesters
• CLEANUPalways initialize the answer_list
• CLEANUPresolversdo not export resolv_purge_resolution_answer_records()
• BUG/MEDIUMmux-h1Perform a connection shutdown when the h1c is released
• BUG/MINORmux-h1Save shutdown mode if the shutdown is delayed
• BUILDfix compilation on NetBSD
• BUG/MINORmux-h2do not prevent from sending a final GOAWAY frame
• BUG/MAJORbuffix varint API post- vs pre- increment
• BUG/MEDIUMresolversalways check a valid item in query_list
• BUILDresolversavoid a possible warning on null-deref
• BUG/MAJORresolversadd other missing references during resolution removal
• MINORresolversmerge address and target into a union data
• BUG/MEDIUMresolversuse correct storage for the target address
• BUG/MEDIUMresolversfix truncated TLD consecutive to the API fix
• MINORresolversfix the resolv_dn_label_to_str() API about trailing zero
• BUG/MINORresolversdo not reject host names of length 255 in SRV records
• BUG/MEDIUMresolvermake sure to always use the correct hostname length
• MINORresolversfix the resolv_str_to_dn_label() API about trailing zero
• BUG/MEDIUMtcpcheckProperly catch early HTTP parsing errors
• BUG/MEDIUMsampleproperly verify that variables cast to sample
• MINORsampleprovide a generic var-to-sample conversion function
• CLEANUPsampleuninline sample_conv_var2smp_str()
• CLEANUPsamplerename sample_conv_var2smp() to *_sint
• BUG/MEDIUMstreamKeep FLT_END analyzers if a stream detects a channel error
• BUG/MINORhttp-anaDon't eval front after-response rules if stopped on back
• MINORinitcallRename __GLOBL and __GLOBL1.
• BUG/MEDIUMmux_h2Handle others remaining read0 cases on partial frames
• BUG/MEDIUMstream-intDefrag HTX message in si_cs_recv() if necessary
• MINORhtxAdd a function to know if the free space wraps
• MINORhtxAdd an HTX flag to know when a message is fragmented

#2021/10/11 : 2.2r1 (1.0.0-244.538)

• BUILDhapee/modulesselect either md5 or md5sum

#2021/10/08 : 2.2r1 (1.0.0-242.537)

• BUG/MEDIUMhttp-anaClear request analyzers when applying redirect rule
• BUG/MEDIUMfiltersFix a typo when a filter is attached blocking the release
• BUG/MINORfiltersSet right FLT_END analyser depending on channel
• BUG/MINORfiltersAlways set FLT_END analyser when CF_FLT_ANALYZE flag is set
• BUG/MEDIUMhttp-anaReset channels analysers when returning an error
• BUG/MINORstreamDon't release a stream if FLT_END is still registered
• BUG/MINORtcp-rulesStop content rules eval on read error and end-of-input
• BUG/MINORtcpcheckDon't use arg list for default proxies during parsing
• MINORargBe able to forbid unresolved args when building an argument list
• BUG/MAJORluause task_wakeup() to properly run a task once
• BUG/MEDIUMluafix wakeup condition from sleep()
• DOCpeersfix doc enable statement on peers sections
• BUG/MINORmux-h1/mux-fcgiSanitize TE header to only send trailers
• BUG/MEDIUMstreamStop waiting for more data if SI is blocked on RXBLK_ROOM
• BUG/MEDIUMstream-intNotify stream that the mux wants more room to xfer data
• BUG/MEDIUMmux-h1Adjust conditions to ask more space in the channel buffer
• BUG/MINORhttp-anaincrement internal_errors counter on response error
• BUG/MINORh1-htxFix a typo when request parser is reset
• BUG/MINORserverallow 'enable health' only if check configured

#2021/09/20 : 2.2r1 (1.0.0-242.518)

• MINORhapeeupdate .hapee files
• BUG/MINORcli/payloaddo not search for args inside payload
• BUILDistprevent gcc11 maybe-uninitialized warning on istalloc
• DOCmanagementcertificate files must be sanitized before injection
• BUG/MINORtcpcheckImprove LDAP response parsing to fix LDAP check
• BUG/MINORcompatmake sure __WORDSIZE is always defined
• BUG/MEDIUMstream-intDon't block SI on a channel policy if EOI is reached
• BUG/MINORsystemdExecStartPre must use -Ws
• REGTESTSmark http_abortonclose as broken
• MINORactionUse a generic function to check validity of an action rule list
• DOC/MINORfix typo in management document

#2021/09/07 : 2.2r1 (1.0.0-242.505)

#2021/09/03 : 2.2r1 (1.0.0-241.505)

• BUG/MAJORhtxfix missing header name length check in htx_add_header/trailer
• CLEANUPhtxremove comments about "must be < 256 MB"
• BUG/MINORconfigreject configs using HTTP with bufsize >= 256 MB
• DOCconfigurationremove wrong tcp-request examples in tcp-response
• CLEANUPAdd missing include guard to signal.h
• BUG/MINORtoolsFix loop condition in dump_text()
• BUG/MINORebtreeremove dependency on incorrect macro for bits per long
• BUG/MINORluause strlcpy2() not strncpy() to copy sample keywords
• MINORcompilerimplement an ONLY_ONCE() macro
• BUG/MEDIUMbase64check output boundaries within base64{dec,urldec}
• BUG/MINORstick-tablefix the sc-set-gpt* parser when using expressions
• REGTESTSabortoncloseafter retries, 503 is expected, not close
• BUG/MEDIUMsockreally fix detection of early connection failures in for 2.3-

#2021/08/20 : 2.2r1 (1.0.0-241.491)

• BUG/MEDIUMh2match absolute-path not path-absolute for :path

#2021/08/13 : 2.2r1 (1.0.0-240.490)

• REGTESTSadd a test to prevent h2 desync attacks
• BUG/MEDIUMh2give :authority precedence over Host
• BUG/MAJORh2enforce checks on the method syntax before translating to HTX
• BUG/MAJORh2verify that :path starts with a '/' before concatenating it
• BUG/MAJORh2verify early that non-http/https schemes match the valid syntax
• MINORhttpadd a new function http_validate_scheme() to validate a scheme
• BUILD/MINORmemprof fix macOs build.
• BUG/MEDIUMspoeFix policy to close applets when SPOE connections are queued
• DOCconfigFix 'http-response send-spoe-group' documentation
• DOCImprove the lua documentation
• BUG/MINORtcpcheckProperly detect pending HTTP data in output buffer
• BUG/MINORbufferfix buffer_dump() formatting
• BUG/MEDIUMspoeCreate a SPOE applet if necessary when the last one is released
• MINORspoeAdd a pointer on the filter config in the spoe_agent structure
• BUG/MINORserverupdate last_change on maint->ready transitions too
• BUG/MINORpollersalways program an update for migrated FDs
• BUG/MINORpollfix abnormally high skip_fd counter
• BUG/MINORselectfix excess number of dead/skip reported
• BUG/MEDIUMpollersclear the sleeping bit after waking up, not before
• BUG/MINORconnectionAdd missing error labels to conn_err_code_str
• BUG/MEDIUMmux-h2Handle remaining read0 cases on partial frames
• BUG/MINORmux-h2Obey dontlognull option during the preface
• BUG/MINORsystemdmust check the configuration using -Ws
• BUG/MINORresolversUse a null-terminated string to lookup in servers tree
• BUG/MINORcheckfix the condition to validate a port-less server
• BUG/MEDIUMssl_samplefix segfault for srv samples on invalid request
• BUG/MINORmworkerdo not export HAPROXY_MWORKER_REEXEC across programs
• BUG/MEDIUMmworkerdo not register an exit handler if exit is expected
• BUILDadd detection of missing important CFLAGS
• BUG/MINORresolversUse resolver's lock in resolv_srvrq_expire_task()
• BUG/MEDIUMresolversAdd a task on servers to check SRV resolution status
• MINORresolversRemove server from named_servers tree when removing a SRV item
• MINORresolversClean server in a dedicated function when removing a SRV item
• BUG/MINORserverForbid to set fqdn on the CLI if SRV resolution is enabled
• BUG/MINORserver-stateload SRV resolution only if params match the config

#2021/08/09 : 2.2r1 (1.0.0-240.455)

#2021/07/09 : 2.2r1 (1.0.0-238.455)

• BUG/MAJORpoolssecond fix for incomplete backport of lockless pool fix
• BUG/MAJORpoolsfix incomplete backport of lockless pool fix
• CLEANUPpoolsremove now unused seq and pool_free_list
• BUG/MAJORpoolsfix possible race with free() in the lockless variant
• MEDIUMpoolsuse a single pool_gc() function for locked and lockless
• MINORpoolsdo not maintain the lock during pool_flush()
• BUG/MINORpoolsfix a possible memory leak in the lockless pool_flush()
• BUG/MINORpeersfix data_type bit computation more than 32 data_types
• BUG/MEDIUMresolversMake 1st server of a template take part to SRV resolution
• MINORresolversReset server IP on error in resolv_get_ip_from_response()
• BUG/MINORresolversReset server IP when no ip is found in the response
• BUG/MINORresolversAlways attach server on matching record on resolution
• DOCconfiguse CREATE USER for mysql-check
• DOCpeersfix the protocol tag name in the doc
• DOCstick-tableadd missing documentation about gpt0 stored type
• BUG/MINORstick-tablefix several printf sign errors dumping tables
• BUG/MINORclifix server name output in show fd
• BUG/MEDIUMsockmake sure to never miss early connection failures
• BUG/MINORserver/cliFix locking in function processing set server command
• BUG/MEDIUMserver/cliFix ABBA deadlock when fqdn is set from the CLI
• BUG/MAJORresolverssegfault using server template without SRV RECORDs
• MEDIUMresolversadd a ref between servers and srv request or used SRV record
• MEDIUMresolversadd a ref on server to the used A/AAAA answer item
• BUG/MINORresolversanswser item list was randomly purged or errors
• BUG/MINORtcpcheckFix numbering of implicit HTTP send/expect rules
• BUG/MINORchecksreturn correct error code for srv_parse_agent_check
• DOCconfigAdd missing actions in tcp-request session documentation
• MINORtcp-actAdd set-src/set-src-port for tcp-request content rules
• REGTESTSfix maxconn update with agent-check
• BUG/MAJORserverfix deadlock when changing maxconn via agent-check

#2021/06/18 : 2.2r1 (1.0.0-238.424)

• BUG/MEDIUMdnssend messages on closed/reused fd if fd was detected broken
• MINORmux-h2obey http-ignore-probes during the preface
• BUG/MAJORqueueset SF_ASSIGNED when setting strm->target on dequeue
• BUG/MINORmworkerfix typo in chroot error message
• BUG/MINORssluse atomic ops to update global shctx stats
• BUG/MEDIUMshctxuse at least thread-based locking on USE_PRIVATE_CACHE
• BUG/MINORstick-tableinsert srv in used_name tree even with fixed id
• DOCluaAdd a warning about buffers modification in HTTP
• BUG/MINORmux-fcgiExpose SERVER_SOFTWARE parameter by default
• BUG/MAJORhtxFix htx_defrag() when an HTX block is expanded

#2021/06/17 : 2.2r1 (1.0.0-238.414)

• MINORhluaAdd error message relative to the Channel manipulation and HTTP mode
• BUG/MEDIUMcompressionAdd a flag to know the filter is still processing data
• BUG/MINORsslOCSP stapling does not work if expire too far in the future
• DOCuse the req.ssl_sni in examples
• BUG/MAJORstream-intRelease SI endpoint on server side ASAP on retry
• DOC/MINORmove uuid in the configuration to the right alphabetical order
• BUG/MINORlua/varsprevent get_var() from allocating a new name
• BUG/MINORproxyMissing calloc return value check in chash_init_server_tree
• BUG/MINORhttpMissing calloc return value check in make_arg_list
• BUG/MINORhttpMissing calloc return value check while parsing redirect rule
• BUG/MINORworkerMissing calloc return value check in mworker_env_to_proc_list
• BUG/MINORcompressionMissing calloc return value check in comp_append_type/algo
• BUG/MINORhttpMissing calloc return value check while parsing tcp-request rule
• BUG/MINORhttpMissing calloc return value check while parsing tcp-request/tcp-response
• BUG/MINORproxyMissing calloc return value check in proxy_defproxy_cpy
• BUG/MINORproxyMissing calloc return value check in proxy_parse_declare
• BUG/MINORhttpMissing calloc return value check in parse_http_req_capture
• BUG/MINORsslMissing calloc return value check in ssl_init_single_engine
• BUG/MINORpeersMissing calloc return value check in peers_register_table
• BUG/MINORserverMissing calloc return value check in srv_parse_source
• BUG/MINORhttp-anaHandle L7 retries on refused early data before K/A aborts
• BUG/MINORhttp-compPreserve HTTP_MSGF_COMPRESSIONG flag on the response
• BUG/MEDIUMfiltersExec pre/post analysers only one time per filter
• BUG/MAJORserverprevent deadlock when using 'set maxconn server'
• BUG/MEDIUMebtreeInvalid read when looking for dup entry
• REGTESTSAdd script to test abortonclose option
• BUG/MEDIUMmux-h1Properly report client close if abortonclose option is set
• MEDIUMmux-h1Don't block reads when waiting for the other side
• MINORconn-streamForce mux to wait for read events if abortonclose is set
• BUG/MINORstream-intDon't block reads in si_update_rx() if chn may receive
• MINORchannelRely on HTX version if appropriate in channel_may_recv()

#2021/05/11 : 2.2r1 (1.0.0-238.383)

• MINORmemprofalso report the totals and delta alloc-free
• MINORmemprofalso report the method used by each call
• BUG/MINORmemprofproperly account for differences for realloc()
• BUILDmemprofmake the old caller pointer a const in get_prof_bin()
• BUG/MINORhttp_fetchfix possible uninit sockaddr in fetch_url_ip/port
• BUG/MINORchecksReschedule check on observe mode only if fastinter is set
• BUG/MINORchecksHandle synchronous connect when a tcpcheck is started
• BUG/MINORstreamReset stream final state and si error type on L7 retry
• BUG/MINORstreamproperly clear the previous error mask on L7 retries
• BUG/MINORstreamDecrement server current session counter on L7 retry
• BUG/MEDIUMdnsreset file descriptor if send returns an error
• BUILDcompatinclude malloc_np.h for USE_MEMORY_PROFILING on FreeBSD
• MINORcompatautomatically include malloc.h on glibc

#2021/05/07 : 2.2r1 (1.0.0-238.370)

• BUG/MINORactivityuse the new pointer to calculate the new size in realloc()
• BUILDactivitydo not include malloc.h
• MINORhapeeupdate backported patches and notes
• BUILDmakefileadd new option USE_MEMORY_PROFILING
• MINORactivityadd the profiling.memory global setting
• MINORactivitymake show profiling also dump the memoery usage
• MINORactivitymake show profiling support a few arguments
• MINORactivityclean up the show profiling io_handler a little bit
• MEDIUMactivitycollect memory allocator statistics with USE_MEMORY_PROFILING
• MINORactivitydeclare the storage for memory usage statistics
• MINORactivityadd a memory entry to profiling
• MINORtoolsadd functions to retrieve the address of a symbol

#2021/05/05 : 2.2r1 (1.0.0-238.358)

• MINORpools/debugslightly relax DEBUG_DONT_SHARE_POOLS
• BUG/MINORssl/clifix a lock leak when no memory available
• BUG/MEDIUMcliprevent memory leak on write errors
• BUG/MINORhluaDon't rely on top of the stack when using Lua buffers
• REGTESTSadd minimal CLI add map tests

#2021/04/29 : 2.2r1 (1.0.0-238.353)

• MINORpeersadd informative flags about resync process for debugging
• BUG/MEDIUMpeersreset tables stage flags stages on new conns
• BUG/MEDIUMpeersre-work updates lookup during the sync on the fly
• BUG/MEDIUMpeersreset commitupdate value in new conns
• BUG/MEDIUMpeersreset starting point if peers appears longly disconnected
• BUG/MEDIUMpeersstop considering ack messages teaching a full resync
• BUG/MEDIUMpeersregister last acked value as origin receiving a resync req
• BUG/MEDIUMpeersinitialize resync timer to get an initial full resync
• BUG/MINORappletNotify the other side if data were consumed by an applet
• BUG/MINORhtxPreserve HTX flags when draining data from an HTX message
• BUG/MINORmux-fcgiDon't send normalized uri to FCGI application
• BUG/MEDIUMpeersre-work refcnt on table to protect against flush
• BUG/MEDIUMpeersre-work connection to new process during reload.
• BUG/MINORpeersremove useless table check if initial resync is finished
• BUG/MEDIUMmux-h2Properly handle shutdowns when received with data
• BUG/MINORmworkerdon't use oldpids[] anymore for reload
• BUG/MINORmworker/initdon't reset nb_oldpids in non-mworker cases
• BUG/MEDIUMconfigfix cpu-map notation with both process and threads
• BUG/MEDIUMmux-h2Fix dfl calculation when merging CONTINUATION frames
• BUG/MAJORmux-h2Properly detect too large frames when decoding headers
• BUG/MINORserverfree srv.lb_nodes in free_server
• BUG/MINORmux-h1Release idle server H1 connection if data are received
• BUG/MINORlogsReport the true number of retries if there was no connection
• BUG/MINORhttp_htxRemove BUG_ON() from http_get_stline() function
• BUG/MINORhttp-fetchMake method smp safe if headers were already forwarded
• BUG/MINORssl-samplesFix ssl_bc_* samples when called from a health-check
• MINORconnectionMake bc_http_major compatible with tcp-checks
• BUG/MINORconnectionFix fc_http_major and bc_http_major for TCP connections
• MINORlogsAdd support of checks as session origin to format lf strings
• BUG/MINORchecksSet missing id to the dummy checks frontend
• BUG/MEDIUMthreadsIgnore current thread to end its harmless period
• DOCsslCertificate hot update only works on fronted certificates
• BUG/MEDIUMsampleFix adjusting size in field converter
• MINORNo longer rely on deprecated sample fetches for predefined ACLs
• DOCclarify that compression works for HTTP/2
• BUG/MINORtoolsfix parsing us unit for timers
• CONTRIBhalogfix issue with array of type char
• REGTESTSsslmark set_ssl_cert_bundle.vtc as broken

#2021/04/09 : 2.2r1 (1.0.0-238.315)

• DOCExplicitly state only IPv4 are supported by forwardfor/originalto options
• REGTESTSsslset ssl cert and multi-certificates bundle
• BUG/MEDIUMsslckch_inst->ctx not assigned with multi-bundle certificates

#2021/04/01 : 2.2r1 (1.0.0-238.312)

• REGTESTSssladd missing file simple.crt-list from previous SSL fix
• BUG/MINORsslAdd missing free on SSL_CTX in ckch_inst_free
• BUG/MINORhttp_fetchmake hdr_ip() resistant to empty fields
• BUG/MINORsslPrevent removal of crt-list line if the instance is a default one
• BUG/MINORsslFix update of default certificate
• BUILDtcpuse IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
• BUG/MINORtcpfix silent-drop workaround for IPv6
• BUG/MEDIUMtimemake sure to always initialize the global tick
• BUG/MINORstatsApply proper styles in HTML status page.
• BUG/MINORpayloadWait for more data if buffer is empty in payload/payload_lv
• BUG/MEDIUMmux-h1make h1_shutw_conn() idempotent
• BUG/MINORhttp_fetchmake hdr_ip() reject trailing characters
• MINORtoolsmake url2ipv4 return the exact number of bytes parsed
• BUG/MEDIUMthreadFix a deadlock if an isolated thread is marked as harmless
• BUG/MEDIUMfdTake the fd_mig_lock when closing if no DWCAS is available.

#2021/03/26 : 2.2r1 (1.0.0-238.297)

#2021/03/24 : 2.2r1 (1.0.0-237.297)

• CLEANUPfdremove unused fd_set_running_excl()
• BUG/MEDIUMfddo not wait on FD removal in fd_delete()
• MINORfdremove the unneeded running bit from fd_insert()
• MINORfdmake fd_clr_running() return the remaining running mask
• BUG/MEDIUMluaAlways init the lua stack before referencing the context
• BUG/MEDIUMdebug/luaUse internal hlua function to dump the lua traceback
• MINORluaSlightly improve function dumping the lua traceback
• BUILDsslguard ecdh functions with SSL_CTX_set_tmp_ecdh macro
• BUG/MINORsslPrevent disk access when using add ssl crt-list
• BUG/MEDIUMdebug/luaDon't dump the lua stack if not dumpable
• MEDIUMluaUse a per-thread counter to track some non-reentrant parts of lua
• MINOR/BUGmworker/clido not use the unix_bind prefix for the master CLI socket
• BUG/MEDIUMfreq_ctr/threadsuse the global_now_ms variable
• MINORtimealso provide a global, monotonic global_now_ms timer

#2021/03/18 : 2.2r1 (1.0.0-237.283)

• BUG/MINORfreq_ctr/threadsmake use of the last updated global time
• MINORtimeexport the global_now variable
• BUG/MINORresolversAdd missing case-insensitive comparisons of DNS hostnames
• MINORresolversDon't try to match immediatly renewed ADD items
• MINORresolversUse milliseconds for cached items in resolver responses
• BUG/MEDIUMresolversSkip DNS resolution at startup if SRV resolution is set
• BUG/MEDIUMresolversDon't release resolution from a requester callbacks
• MINORresolversDirectly call srvrq_update_srv_state() when possible
• MINORresolversAdd function to change the srv status based on SRV resolution
• MINORresolversPurge answer items when a SRV resolution triggers an error
• MINORresolversUse a function to remove answers attached to a resolution
• BUG/MEDIUMresolversTrigger a DNS resolution if an ADD item is obsolete
• MINORresolversnew function find_srvrq_answer_record()
• BUG/MEDIUMresolversFix the loop looking for an existing ADD item
• BUG/MEDIUMresolversDon't set an address-less server as UP
• BUG/MINORresolversUnlink DNS resolution to set RMAINT on SRV resolution
• BUG/MINORresolversReset server address on DNS error only on status change
• BUG/MINORresolversConsider server to have no IP on DNS resolution error
• CLEANUPtcp-rulesadd missing actions in the tcp-request error message
• BUG/MINORtcpcheckFix double free on error path when parsing tcp/http-check
• BUG/MINORsessionAdd some forgotten tests on session's listener
• BUG/MINORproxy/sessionBe sure to have a listener to increment its counters
• BUG/MINORtcpcheckUpdate .health threshold of agent inside an agent-check
• BUG/MEDIUMfiltersSet CF_FL_ANALYZE on channels when filters are attached
• BUG/MEDIUMstick-tablesfix ref counter in table entry using multiple http tracksc.
• BUG/MEDIUMsessionNULL dereference possible when accessing the listener
• BUG/MINORssldon't truncate the file descriptor to 16 bits in debug mode
• BUG/MINORhluaDon't strip last non-LWS char in hlua_pushstrippedstring()
• BUG/MEDIUMlistsAvoid an infinite loop in MT_LIST_TRY_ADDQ().
• BUG/MEDIUMchecksdon't needlessly take the server lock in health_adjust()
• BUG/MINORhttp-anaDon't increment HTTP error counter on read error/timeout
• BUG/MINORmux-h2Fix typo in scheme adjustment
• DOCspoeAdd a note about fragmentation support in HAProxy
• BUG/MEDIUMspoeKill applets if there are pending connections and nbthread > 1
• BUG/MINORconnectionUse the client's dst family for adressless servers
• BUG/MINORtcp-actDon't forget to set the original port for IPv4 set-dst rule
• BUG/MINORhttp-anaOnly consider dst address to process originalto option
• BUG/MINORmux-h1Immediately report H1C errors from h1_snd_buf()
• CLEANUPmuxesRemove useless if condition in show_fd function
• BUG/MINORsslpotential null pointer dereference in ckchs_dup()
• BUG/MEDIUMresolversReset address for unresolved servers
• BUG/MEDIUMresolversReset server address and port for obselete SRV records
• BUG/MINORresolversnew callback to properly handle SRV record errors
• BUG/MINORresolversOnly renew TTL for SRV records with an additional record
• BUG/MINORresolversFix condition to release received ARs if not assigned
• BUG/MINORfdproperly wait for !running_mask in fd_set_running_excl()
• BUG/MINORproxywake up all threads when sending the hard-stop signal
• BUG/MEDIUMcli/shutdown sessions: make it thread-safe
• BUG/MEDIUMproxyuse thread-safe stream killing on hard-stop
• BUG/MEDIUMvarsmake functions vars_get_by_{name,desc} thread-safe
• BUG/MINORsamplesecure convs that accept base64 string and var name as args
• MINORConfigure the `cpp` userdiff driver for *.[ch] in .gitattributes
• BUG/MINORssl/clipotential null pointer dereference in set ssl cert
• BUG/MEDIUMmux-h1Fix handling of responses to CONNECT other than 200-ok
• BUG/MINORserverBe sure to cut the last parsed field of a server-state line
• BUG/MINORserverInit params before parsing a new server-state line
• BUG/MINORhttp-rulesAlways replace the response status on a return action
• BUG/MEDIUMspoeResolve the sink if a SPOE logs in a ring buffer
• DOCexplain the relation between pool-low-conn and tune.idle-pool.shared
• BUILDsslintroduce fine guard for OpenSSL specific SCTL functions
• BUG/MINORsampleAlways consider zero size string samples as unsafe
• BUG/MINORchecksproperly handle wrapping time in __health_adjust()
• BUG/MINORsessionatomically increment the tracked sessions counter
• BUG/MINORserverRemove RMAINT from admin state when loading server state
• CLEANUPchannelfix comment in ci_putblk.
• DOCtuneexplain the origin of block size for ssl.cachesize
• BUG/MINORserverDon't call fopen() with server-state filepath set to NULL
• BUG/MINORcfgparsedo not mention addr:port as supported on proxy lines
• BUG/MINORstatsrevert the change on ST_CONVDONE
• BUG/MEDIUMconfigdon't pick unset values from last defaults section
• CLEANUPdeinitrelease global and per-proxy server-state variables on deinit
• BUG/MINORserverFix server-state-file-name directive
• BUG/MINORbackendhold correctly lock when killing idle conn
• BUG/MINORtoolsFix a memory leak on error path in parse_dotted_uints()
• BUG/MINORserverre-align state file fields number
• BUG/MEDIUMmux-h1Always set CS_FL_EOI for response in MSG_DONE state
• BUG/MINORhttp-anaDon't increment HTTP error counter on internal errors
• BUG/MINORintopsfix mul32hi()'s off-by-one
• BUILDsslguard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro
• BUILDsslguard SSL_CTX_add_server_custom_ext with special macro
• BUILDsslfix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro
• MINORcheckdo not ignore a connection header for http-check send
• BUG/MEDIUMtcpcheckDon't destroy connection in the wake callback context
• DOCfix smp_size vs sample_size in log directive arguments
• BUG/MEDIUMtaskclose a possible data race condition on a tasklet's list link
• MINORtaskremove __tasklet_remove_from_tasklet_list()
• BUG/MEDIUMlistsLock the element while we check if it is in a list.
• BUG/MAJORconnectionreset conn->owner when detaching from session list
• MINORconfigDeprecate and ignore tune.chksize global option

#2021/03/16 : 2.2r1 (1.0.0-237.192)

#2021/02/05 : 2.2r1 (1.0.0-235.192)

• MINORcli/show_fdreport local and report ports when known
• BUG/MEDIUMmux-h2do not quit the demux loop before setting END_REACHED
• BUG/MEDIUMmux-h2handle remaining read0 cases
• BUILDMakefilemove REGTESTST_TYPE default setting
• BUG/MINORxxhashmake sure armv6 uses memcpy()
• BUG/MEDIUMsslcheck a connection's status before computing a handshake
• BUG/MEDIUMssl/cliabort ssl cert is freeing the old store
• BUG/MINORstick-tableAlways call smp_fetch_src() with a valid arg list
• DOCmanagementfix show resolvers alphabetical ordering
• MINORh1Raise the chunk size limit up to (2^52 - 1)
• MINORmux-h1/show_fdreport as suspicious an entry with too many calls
• MINORmux-h2/show_fdreport as suspicious an entry with too many calls
• MINORssl/show_fdreport some FDs as suspicious when possible
• MINORcli/show_fdreport some easily detectable suspicious states
• MINORcligive the show_fd helpers the ability to report a suspicious entry
• MINORmux-fcgimake the show fd helper also decode the fstrm subscriber when known
• MINORmux-h1make the show fd helper also decode the h1s subscriber when known
• MINORmux-h2make the show fd helper also decode the h2s subscriber when known
• MINORxprt/muxexport all *_io_cb functions so that show fd resolves them
• MINORsslprovide a show fd helper to report important SSL information
• MINORxprtadd a new show_fd() helper to complete some show fd dumps.
• MINORclimake show fd also report the xprt and xprt_ctx
• CLEANUPclimake show fd use a const connection to access other fields
• CLEANUPtoolsmake resolve_sym_name() take a const pointer
• MINORcontribMake the wireshark peers dissector compile for more distribs.
• BUG/MINORsslinit tmp chunk correctly in ssl_sock_load_sctl_from_file()
• BUG/MINORconfigfix leak on proxy.conn_src.bind_hdr_name

#2021/01/26 : 2.2r1 (1.0.0-234.165)

• BUG/MEDIUMfilters/htxFix data forwarding when payload length is unknown
• DOCImprove documentation of the various hdr() fetches
• BUILD/MINORluadefine _GNU_SOURCE for LLONG_MAX
• BUG/MEDIUMmux-h2fix read0 handling on partial frames
• BUG/MINORmworkerdefine _GNU_SOURCE for strsignal()
• BUG/MINORmux_h2missing space between st and .flg in the show fd helper
• BUG/MINORpeersWrong new_conn value for show peers CLI command.
• MINORbuilddiscard echoing in help target
• BUG/MINORpeersPossible appctx pointer dereference.
• BUG/MEDIUMstatsadd missing INF_BUILD_INFO definition
• BUILDpeersfix build warning about unused variable
• BUG/MINORdnsSRV records ignores duplicated AR records (v2)
• MINORpeersAdd traces for peer control messages.
• BUG/MINORthreadsFixes the number of possible cpus report for Mac.
• MINORserverForbid server definitions in frontend sections
• MINORconfigAdd failifnotcap() to emit an alert on proxy capabilities
• BUG/MINORinitUse a dynamic buffer to set HAPROXY_CFGFILES env variable
• MINORcontrib/prometheus-exporteruse fill_info for process dump
• MINORcontrib/prometheus-exporteravoid connection close header
• BUG/MINORinitenforce strict-limits when using master-worker
• BUG/MINORcheckDon't perform any check on servers defined in a frontend
• BUG/MINORsampleMemory leak of sample_expr structure in case of error
• MINORreg-testsadd base prometheus test
• BUG/MINORreg-testsfix service dependency script
• BUG/MINORsamplecheck alloc_trash_chunk return value in concat()
• MINORreg-testsadd a way to add service dependency

#2021/01/08 : 2.2r1 (1.0.0-234.138)

• BUG/MINORsamplefix concat() converter's corruption with non-string variables
• DOCAdd maintainers for the Prometheus exporter
• SCRIPTSannounce-releasefix typo in help message
• DOCfix some spelling issues over multiple files
• MINORcontrib/prometheus-exporterexport build_info
• CLEANUPcfgparsereplace realloc with my_realloc2 to fix to memory leak on error
• BUILDMakefileexclude broken tests by default
• MINORconverteradding support for url_enc
• BUG/MINORsrvdo not cleanup idle conns if pool max is null
• BUG/MINORsrvdo not init address if backend is disabled
• SCRIPTSmake announce release support preparing announces before tag exists
• SCRIPTSimprove announce-release to support different tag and versions
• BUG/MINORtcpcheckReport a L7OK if the last evaluated rule is a send rule
• BUG/MINORcfgparseFail if the strdup() for `rule->be.name` for `use_backend` fails
• BUG/MINORsinkReturn an allocation failure in __sink_new if strdup() fails
• MINORatomicdon't use ; to separate instruction on aarch64.
• BUILDhpackhpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
• BUG/MEDIUMmux_h2Add missing braces in h2_snd_buf()around trace+wakeup
• BUG/MINORdnsSRV records ignores duplicated AR records
• BUILDsslfine guard for SSL_CTX_get0_privatekey call
• BUILDplockremove dead code that causes a warning in gcc 11
• CONTRIBdebugaddress poll utility build on non-linux platforms
• CONTRIBhalogfix signed/unsigned build warnings on counts and timestamps
• CONTRIBhalogmark the has_zero* functions unused
• CONTRIBhalogfix build issue caused by %L printf format
• BUG/MEDIUMmux-h1Handle h1_process() failures on a pipelined request
• BUG/MEDIUMhttp-anaNever for sending data in TUNNEL mode
• BUG/MINORmux-h1Don't set CS_FL_EOI too early for protocol upgrade requests
• BUILDMakefilehave make clean destroy .o/.a/.s in contrib subdirs as well
• BUILDSSLfine guard for SSL_CTX_add_server_custom_ext call
• REGTESTSmake use of HAPROXY_ARGS and pass -dM by default
• BUG/MEDIUMssl/crt-listbad behavior with commit ssl cert
• CLEANUPcontrib/prometheus-exportertypo fixes for ssl reuse metric

#2020/12/14 : 2.2r1 (1.0.0-233.105)

• BUG/MEDIUMlb-leastconnReposition a server using the right eweight
• BUG/MINORtoolsReject size format not starting by a digit
• BUG/MINORtoolsmake parse_time_err() more strict on the timer validity
• MINORtcpcheckOnly wait for more payload data on HTTP expect rules
• BUG/MINORtcpcheckDon't rearm the check timeout on each read
• BUG/MINORhttp-checkUse right condition to consider HTX message as full
• DOCemail change of the DeviceAtlas maintainer
• BUG/MEDIUMspoa/pythonFixing references to None
• BUG/MEDIUMspoa/pythonFixing PyObject_Call positional arguments
• BUG/MINORspoa/pythonCleanup ipaddress objects if initialization fails
• BUG/MINORspoa/pythonCleanup references for failed Module Addobject operations
• DOCspoa/pythonFixing typos in comments
• DOCspoa/pythonRephrasing memory related error messages
• DOCspoa/pythonFixing typo in IP related error messages
• BUG/MAJORspoa/pythonFixing return None
• BUG/MINORmux-h1Handle keep-alive timeout for idle frontend connections
• DOC/MINORFix formatting in Management Guide
• BUILD/MINORhaproxy DragonFlyBSD affinity build update.
• BUG/MAJORringtcp forward on ring can break the reader counter.
• BUG/MINORluawarn when registering action, conv, sf, cli or applet multiple times
• MINORcliadd a function to look up a CLI service description
• MINORactionsadd a function returning a service pointer from its name
• MINORactionsExport actions lookup functions
• BUG/MINORluaSome lua init operation are processed unsafe
• BUG/MINORluaPost init register function are not executed beyond the first one
• BUG/MINORlualua-load doesn't check its parameters
• BUG/MINORluamissing \n in error message
• MINORplockuse an ARMv8 instruction barrier for the pause instruction
• BUG/MINORhttp-fetchFix smp_fetch_body() when called from a health-check
• DOCconfigMove req.hdrs and req.hdrs_bin in L7 samples fetches section
• BUG/MAJORtcpcheckAllocate input and output buffers from the buffer pool
• MINORtcpcheckDon't handle anymore in-progress send rules in tcpcheck_main
• BUG/MINORtcpcheckDon't forget to reset tcp-check flags on new kind of check
• DOCClarify %HP description in log-format
• DOCbetter document the config file format and escaping/quoting rules
• BUG/MAJORpeersfix partial message decoding
• BUG/MEDIUMhttp_actRestore init of log-format list
• BUILDShow the value of DEBUG= in haproxy -vv
• BUILDMake DEBUG part of .build_opts
• MINORhttp_actAdd -m flag for del-header name matching method
• REGTESTSconverteradd url_dec test
• REGTESTSAdd sample_fetches/cook.vtc

#2020/11/24 : 2.2r1 (1.0.0-232.63)

• BUG/MAJORfiltersAlways keep all offsets up to date during data filtering
• DOCbetter describes how to configure a fallback crt
• BUG/MINORhttp_htxFix searching headers by substring
• DOCclarify how to create a fallback crt

#2020/11/20 : 2.2r1 (1.0.0-232.59)

• BUG/MEDIUMhttp-anaDon't eval http-after-response ruleset on empty messages
• BUG/MINORsslsegv on startup when AKID but no keyid

#2020/11/18 : 2.2r1 (1.0.0-232.57)

• MINORhapeeUpdate the list of hapee patches
• BUG/MINORhttp-anaDon't wait for the body of CONNECT requests
• BUG/MEDIUMfiltersForward all filtered data at the end of http filtering
• BUILDhttp-htxfix build warning regarding long type in printf
• MINORpeersAdd traces to peer_treat_updatemsg().
• REGTESTmake ssl_client_samples and ssl_server_samples require to 2.2
• MINORcfgparsetighten the scope of newnameserver variable, free it on error.
• MINORconfig/mux-h2Return ERR_ flags from init_h2() instead of a status
• MINORinitFix the prototype for per-thread free callbacks
• BUG/MINORtcpcheckDon't warn on unused rules if check option is after
• MINORspoeDon't close connection in sync mode on processing timeout
• BUG/MAJORspoeBe sure to remove all references on a released spoe applet
• BUG/MINORhttp-htxHandle warnings when parsing http-error and http-errors
• MINORcheckreport error on incompatible connect proto
• MINORcheckreport error on incompatible proto
• BUG/MEDIUMcheckreuse srv proto only if using same mode
• BUG/MINORhttp-fetchFix calls w/o parentheses of the cookie sample fetches
• BUG/MINORhttp-fetchExtract cookie value even when no cookie name
• BUG/MEDIUMpeersfix decoding of multi-byte length in stick-table messages
• BUG/MINORpeersMissing TX cache entries reset.
• BUG/MINORpeersDo not ignore a protocol error for dictionary entries.
• BUG/MINORluaset buffer size during map lookups
• BUG/MINORpatterna sample marked as const could be written
• DOCconfigFix a typo on ssl_c_chain_der
• BUG/MINORssldouble free w/ smp_fetch_ssl_x_chain_der()
• MINORssladd ssl_{c,s}_chain_der fetch methods
• BUG/MINORhttp-htxJust warn if payload of an errorfile doesn't match the C-L
• MINORhttp-htxAdd understandable errors for the errorfiles parsing
• BUG/MINORssldon't report 1024 bits DH param load error when it's higher
• BUG/MEDIUMservermake it possible to kill last idle connections

#2020/11/04 : 2.2r1 (1.0.0-231.27)

• MINORhapeethe EXTRAVERSION patch was also backported
• BUILDmakefileadd an EXTRAVERSION variable to ease local naming
• CLEANUPmux-h2Remove the h1 parser state from the h2 stream
• BUG/MEDIUMstick-tablelimit the time spent purging old entries
• BUG/MINORfiltersSkip disabled proxies during startup only
• BUG/MEDIUMmux-ptRelease the tasklet during an HTTP upgrade
• MINORserverCopy configuration file and line for server templates
• BUG/MINORserverSet server without addr but with dns in RMAINT on startup
• BUG/MINORchecksReport a socket error before any connection attempt
• BUG/MINORproxy/serverSkip per-proxy/server post-check for disabled proxies
• BUG/MEDIUMfiltersDon't try to init filters for disabled proxies
• BUG/MINORcacheInverted variables in http_calc_maxage function
• BUG/MINORcacheManage multiple values in cache-control header value
• MINORistAdd a case insensitive istmatch function
• BUG/MINORluainitialize sample before using it
• BUG/MINORserverfix down_time report for stats
• BUG/MINORserverfix srv downtime calcul on starting
• BUG/MINORlogfix risk of null deref on error path
• BUG/MINORlogfix memory leak on logsrv parse error
• BUG/MINORextcheckadd missing checks on extchk_setenv()
• BUG/MEDIUMsslOCSP must work with BoringSSL
• BUG/MAJORmux-h2Don't try to send data if we know it is no longer possible
• BUG/MINORhttp-anaDon't send payload for internal responses to HEAD requests
• BUG/MEDIUMserversupport changing the slowstart value from state-file
• BUG/MINORqueueproperly report redistributed connections
• MINORssl'ssl-load-extra-del-ext' removes the certificate extension

#2020/10/22 : 2.2r1 (1.0.0-230.0)