Search filters

Type

Section

Actions

Changelog - HAProxy Enterprise 2.5r1

#2023/06/05 : 2.5r1 (1.0.0-286.791)

  • BUG/MINORspoeOnly skip sending new frame after a receive attempt
  • CONTRIBAdd vi file extensions to .gitignore
  • DOCconfigFix bind/server/peer documentation in the peers section

#2023/05/26 : 2.5r1 (1.0.0-286.788)

  • SCRIPTSpublish-releaseupdate the umask to keep group write access
  • BUG/MINORhluaunsafe hlua_lua2smp() usage
  • DOC/MINORconfigFix typo in description for `ssl_bc` in configuration.txt
  • DOCadd size format section to manual
  • DOCconfigClarify conditions to shorten the inspect-delay for TCP rules
  • BUG/MINORtcp-rulesDon't shortened the inspect-delay when EOI is set
  • CIgithubdon't warn on deprecated openssl functions on windows

#2023/05/17 : 2.5r1 (1.0.0-286.781)

  • BUG/MINORcheckspostpone the startup of health checks by the boot time
  • MINORclockmeasure the total boot time
  • MINORchecksmake sure spread-checks is used also at boot time
  • BUG/MINORlogfix memory error handling in parse_logsrv()
  • BUG/MINORhttp_rulesfix errors paths in http_parse_redirect_rule()
  • MINORproxyadd http_free_redirect_rule() function
  • BUG/MINORproxymissing free in free_proxy for redirect rules
  • BUG/MEDIUMfiltersDon't deinit filters for disabled proxies during startup
  • MINORspoeDon't stop disabled proxies
  • BUILDmjsonFix warning about unused variables
  • BUG/MINORdebugdo not emit empty lines in thread dumps
  • BUG/MEDIUMspoeDon't start new applet if there are enough idle ones
  • BUG/MINORfdalways remove late updates when freeing fd_updt[]
  • BUILDproto_tcpexport the correct names for proto_tcpv[46]
  • BUILDsock_inetforward-declare struct receiver
  • CIcirrus-cibump FreeBSD image to 13-1
  • BUG/MINORserverdon't use date when restoring last_change from state file
  • BUG/MINORserverdon't miss server stats update on server state transitions
  • BUG/MINORserverdon't miss proxy stats update on server state transitions
  • MINORserverexplicitly commit state change in srv_update_status()
  • BUG/MINORserverincorrect report for tracking servers leaving drain

#2023/04/21 : 2.5r1 (1.0.0-286.760)

  • BUG/MINORmux-h2make sure to produce a log on invalid requests
  • BUG/MEDIUMUpdate read expiration date on synchronous send
  • BUG/MEDIUMproxy/sktableprevent watchdog trigger on soft-stop
  • BUG/MEDIUMhluaprevent deadlocks with main lua lock
  • MINORhluasimplify lua locking
  • BUG/MINORhluaprevent function and table reference leaks on errors
  • BUG/MINORhluafix reference leak in hlua_post_init_state()
  • BUG/MINORhluafix reference leak in core.register_task()
  • MINORhluaadd simple hlua reference handling API
  • CLEANUPRemove unused function hlua_get_top_error_string
  • MINORproto_uxability to dump ABNS names in error messages
  • MEDIUMproto_uxproperly suspend named UNIX listeners
  • BUG/MEDIUMlistener/proxyfix listeners notify for proxy resume
  • MINORlistenerpause_listener() becomes suspend_listener()
  • BUG/MEDIUMresume from LI_ASSIGNED in default_resume_listener()
  • BUG/MINORlistenerfix resume_listener() resume return value handling
  • BUG/MEDIUMlistenerfix pause_listener() suspend return value handling
  • MINORlistenermake sure we don't pause/resume bypassed listeners
  • MINORlistenerworkaround for closing a tiny race between resume_listener() and stopping
  • MINORlisteneradd relax_listener() function
  • MINORlistener/apiadd lli hint to listener functions
  • BUG/MINORlistenernull pointer dereference suspected by coverity
  • CLEANUPlistenerfunction comment typo in stop_listener()
  • MINORproto_uxstadd resume method
  • BUG/MINORcfgparsemake sure to include openssl-compat
  • CLEANUPbackendRemove useless debug message in assign_server()
  • BUG/MEDIUMlogProperly handle client aborts in syslog applet
  • REGTESTSfix the race conditions in log_uri.vtc
  • CIbump actions/checkout to v3 for cross zoo matrix
  • BUG/MEDIUMfddon't wait for tmask to stabilize if we're not in it.
  • BUG/MINORstick_tablealert when type len has incorrect characters
  • BUG/MEDIUMresolversForce the connect timeout for DNS resolutions
  • BUG/MINORhttp-anaDon't switch message to DATA when waiting for payload
  • MINORhttp-anaAdd a HTTP_MSGF flag to state the Expect header was checked
  • CLEANUPhluafix conflicting comment in hlua_ctx_destroy()
  • BUG/MINORhluaenforce proper running context for register_x functions
  • BUG/MINORlogfree log forward proxies on deinit()
  • BUG/MINORsinkfree forward_px on deinit()
  • BUG/MEDIUMdnsProperly handle error when a response consumed
  • BUG/MEDIUMchannelImprove reports for shut in co_getblk()
  • DOCconfigstrict-sni allows to start without certificate
  • MINORproxy/poolprevent unnecessary calls to pool_gc()
  • BUILDdaextends CFLAGS to support API v3 from 3.1.7 and onwards.
  • BUG/MEDIUMmux-h1Wakeup H1C on shutw if there is no I/O subscription
  • BUG/MEDIUMmux-h2erase h2c->wait_event.tasklet on error path
  • BUG/MINORsslssl-(min|max)-ver parameter not duplicated for bundles in crt-list

#2023/03/17 : 2.5r1 (1.0.0-286.713)

  • BUG/MAJORqpackfix possible read out of bounds in static table
  • DEBUGssl-sock/show_fdDisplay SSL error code
  • DEBUGcli/show_fdDisplay connection error code
  • BUG/MAJORfd/threadsclose a race on closing connections after takeover
  • BUG/MAJORfd/threadfix race between updates and closing FD
  • MEDIUMfdsupport broadcasting updates for foreign groups in updt_fd_polling
  • MAJORpolleronly touch/inspect the update_mask under tgid protection
  • MEDIUMfdquit fd_update_events() when FD is closed
  • BUG/MINORfdProperly init the fd state in fd_insert()
  • MEDIUMfdmake fd_insert/fd_delete atomically update fd.tgid
  • MINORfdmake fd_clr_running() return the previous value instead
  • MAJORfdgrab the tgid before manipulating running
  • MINORfdadd fd_get_running() to atomically return the running mask
  • MINORfdadd functions to manipulate the FD's tgid
  • MINORcli/fdshow fd's tgid and refcount in show fd
  • MINORfd/clireport the polling mask in show fd
  • MEDIUMfdadd the tgid to the fd and pass it to fd_insert()
  • MINORfddelete unused updates on close()
  • MAJORfdremove pending updates upon real close
  • MEDIUMpollerprogram the update in fd_update_events() for a migrated FD
  • MEDIUMepolldon't synchronously delete migrated FDs
  • BUG/MEDIUMconnectionPreserve flags when a conn is removed from an idle list
  • BUG/MEDIUMconnectionClear flags when a conn is removed from an idle list
  • BUG/MINORsock_unixmatch finalname with tempname in sock_unix_addrcmp()
  • BUG/MINORprotocolfix minor memory leak in protocol_bind_all()
  • BUG/MINORproto_uxreport correct error when bind_listener fails
  • BUG/MEDIUMspoeDon't set the default traget for the SPOE agent frontend
  • BUG/MEDIUMlistenerduplicate inherited FDs if needed
  • BUG/MINORmux-h2make sure the h2c task exists before refreshing it
  • BUG/MINORtcp_samplefix a bug in fc_dst_port and fc_dst_is_local sample fetches
  • BUG/MEDIUMproxyproperly stop backends on soft-stop
  • DOC/CLEANUPfix typos
  • BUG/MINORmworkeruse MASTER_MAXCONN as default maxconn value
  • BUG/MINORinitmake sure to always limit the total number of threads
  • BUG/MEDIUMmasterforce the thread count earlier
  • BUG/MINORinitproperly detect NUMA bindings on large systems
  • BUG/MINORsslUse 'date' instead of 'now' in ocsp stapling callback
  • BUG/MINORhttp-anaDo a L7 retry on read error if there is no response
  • BUG/MINORhttp-checkSkip C-L header for empty body when it's not mandatory
  • BUG/MINORhttp-checkDon't set HTX_SL_F_BODYLESS flag with a log-format body
  • DOCconfigClarify the meaning of 'hold' in the 'resolvers' section
  • DOCconfigAdd the missing tune.fail-alloc option from global listing
  • DOCconfigFix description of options about HTTP connection modes
  • BUG/MEDIUMh1-htxNever copy more than the max data allowed during parsing
  • BUILDtheadFix several 32 bits compilation issues with uint64_t variables
  • BUG/MINORringdo not realign ring contents on resize
  • BUG/MINORcacheCheck cache entry is complete in case of Vary
  • BUG/MINORcacheCache response even if request has no-cache directive
  • REGTESTSFix ssl_errors.vtc script to wait for connections close
  • BUG/MINORmworkerprevent incorrect values in uptime
  • BUG/MEDIUMschedallow a bit more TASK_HEAVY to be processed when needed
  • BUG/MINORschedproperly report long_rq when tasks remain in the queue
  • BUG/MEDIUMstconnDon't rearm the read expiration date if EOI was reached
  • BUG/MEDIUMhttpclient/luafix a race between lua GC and hlua_ctx_destroy
  • BUG/MINORlua/httpclientmissing free in hlua_httpclient_send()

#2023/02/21 : 2.5r1 (1.0.0-285.658)

  • MINORstartupHAPROXY_STARTUP_VERSION contains the version used to start
  • BUG/MEDIUMmworkerdon't register mworker_accept_wrapper() when master FD is wrong
  • BUG/MEDIUMmworkerprevent inconsistent reload when upgrading from old versions
  • BUG/MINORmworkerstop doing strtok directly from the env
  • DEVhpackfix `trash` build regression

#2023/02/13 : 2.5r1 (1.0.0-285.653)

  • BUG/CRITICALhttpproperly reject empty http header field names
  • BUG/MEDIUMstconnSchedule a shutw on shutr if data must be sent first
  • DOCproxy-protocolfix wrong byte in provided example
  • DOCconfig'http-send-name-header' option may be used in default section
  • DOCconfigfix option spop-check proxy compatibility
  • BUG/MEDIUMcacheuse the correct time reference when comparing dates
  • BUG/MEDIUMstick-tabledo not leave entries in end of window during purge
  • BUG/MINORssl/crt-listwarn when a line is malformated
  • BUG/MEDIUMsslwrong eviction from the session cache tree
  • BUG/MINORfcgi-appprevent 'use-fcgi-app' in default section
  • BUG/MINORsinkfree the forwarding task on exit
  • BUG/MINORhttp-htxNormalized absolute URIs with an empty port
  • REG-TESTShttpAdd more tests about authority/host matching
  • BUG/MINORh1Replace authority validation to conform RFC3986
  • MINORhttpConsidere empty ports as valid default ports
  • MINORh1Consider empty port as invalid in authority for CONNECT
  • CIgithubchange ubuntu-latest to ubuntu-20.04

#2023/02/08 : 2.5r1 (1.0.0-284.636)

#2023/01/21 : 2.5r1 (1.0.0-282.636)

  • BUG/MINORjwtWrong return value checked
  • BUILDhpackinclude global.h for the trash that is needed in debug mode
  • BUG/MINORmux-h2add missing traces on failed headers decoding
  • BUG/MINORlistenerclose tiny race between resume_listener() and stopping
  • BUG/MINORsslFix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)
  • BUG/MEDIUMjwtProperly process ecdsa signatures (concatenated R and S params)
  • DOCconfigfix Address formats chapter syntax
  • BUG/MINORmux-fcgiCorrectly set pathinfo
  • DOCconfigfix aliases for protocol prefixes udp4@ and udp6@
  • DOCconfigfix wrong section number for protocol prefixes
  • BUG/MINORlistenersfix suspend/resume of inherited FDs
  • BUG/MINORhttp-anamake set-status also update txn->status
  • BUG/MINORhttp-fetchDon't block HTTP sample fetch eval in HTTP_MSG_ERROR state
  • BUG/MINORhttp-anaReport SF_FINST_R flag on error waiting the request body
  • BUG/MINORpromexDon't forget to consume the request on error
  • BUG/MINORresolversWait the resolution execution for a do_resolv action
  • BUG/MINORhluaFix Channel.line and Channel.data behavior regarding the doc
  • BUG/MINORh1-htxRemove flags about protocol upgrade on non-101 responses
  • DOCmanagementadd details on Used status
  • CLEANUPhtxfix a typo in an error message of http_str_to_htx
  • BUG/MINORhttpMemory leak of http redirect rules' format string
  • REGTESTfix the race conditions in hmac.vtc
  • REGTESTfix the race conditions in digest.vtc
  • REGTESTfix the race conditions in json_query.vtc
  • DOCconfigremove duplicated http-response sc-set-gpt0 directive
  • DOCconfigfix alphabetical ordering of http-after-response rules
  • BUG/MAJORbufFix copy of wrapping output data when a buffer is realigned
  • BUG/MINORhttp-fetchOnly fill txn status during prefetch if not already set
  • BUG/MINORstick-tablereport the correct action name in error message
  • BUILDmakefilesort the features list
  • BUILDmakefilebuild the features list dynamically
  • BUG/MINORpool/statsUse ullong to report total pool usage in bytes in stats
  • BUG/MEDIUMmux-h2Refuse interim responses with end-stream flag set
  • REGTESTSstartupdisable automatic_maxconn.vtc
  • BUG/MINORsslFix memory leak of find_chain in ssl_sock_load_cert_chain
  • LICENSEwurflclarify the dummy library license.
  • REGTESTSstartupadd alternatives values in automatic_maxconn.vtc
  • REGTESTSstartupchange the expected maxconn to 11000
  • BUG/MEDIUMresolversUse tick_first() to update the resolvers task timeout
  • REGTESTSstartupactivate automatic_maxconn.vtc
  • CIgithubset ulimit -n to a greater value
  • BUG/MINORstartupdon't use internal proxies to compute the maxconn
  • REGTESTSstartupcheck maxconn computation
  • REGTESTSfix the race conditions in iff.vtc
  • BUG/MAJORfcgiFix uninitialized reserved bytes
  • DOCpromexAdd missing backend metrics
  • MINORpromexintroduce haproxy_backend_agg_check_status
  • BUG/MINORpromexcreate haproxy_backend_agg_server_status
  • BUG/MEDIUMhttpclient/luadouble LIST_DELETE on end of lua task
  • BUG/MEDIUMmworkerfix segv in early failure of mworker mode with peers
  • MINORmworkerdisplay an alert upon a wait-mode exit
  • BUG/MINORsslFix potential overflow
  • BUG/MEDIUMsslVerify error codes can exceed 63

#2022/12/27 : 2.5r1 (1.0.0-281.583)

#2022/12/16 : 2.5r1 (1.0.0-280.583)

  • BUILDpeerspeers-t.h depends on stick-table-t.h
  • BUG/MINORhapee/modulesmake sure generated includes and structs are sorted
  • MINORhapee/modulescheck if we generate the API hash correctly

#2022/12/15 : 2.5r1 (1.0.0-280.580)

  • BUG/MINORhapee/modulesadjust include match() in gen-modules-config-h.awk

#2022/12/06 : 2.5r1 (1.0.0-280.579)

  • BUG/MEDIIMstconnFlush output data before forwarding close to write side
  • SCRIPTSannounce-releaseadd a link to the data plane API
  • DOCconfigclarify the -m dir and -m dom pattern matching methods
  • DOCconfigclarify the fact that retries is not just for connections
  • DOCconfigexplain how default matching method for ACL works
  • DOCconfigmention that a single monitor-uri rule is supported
  • DOCconfigclarify the fact that SNI should not be used in HTTP scenarios
  • DOCconfigprovide some configuration hints for http-reuse

#2022/11/29 : 2.5r1 (1.0.0-280.567)

  • BUG/MINORmux-h1Fix handling of 408-Request-Time-Out
  • BUILDhttp-htxSilent build error about a possible NULL start-line
  • BUG/MINORhttp-htxDon't consider an URI as normalized after a set-uri action
  • BUG/MINORlogfix parse_log_message rfc5424 size check
  • BUG/MINORcfgparse-listenfix ebpt_next_dup pointer dereference on proxy from inheritance
  • BUILDlistenerfix build warning on global_listener_rwlock without threads
  • BUG/MINORserver/idleat least use atomic stores when updating max_used_conns
  • BUILDpeersRemove unused variables
  • BUG/MEDIUMpeersmessages about unkown tables not correctly ignored
  • BUG/MINORssldon't initialize the keylog callback when not required
  • BUG/MINORhttp_ana/txndon't re-initialize txn and req var lists
  • BUG/MEDIUMlistenerFix race condition when updating the global mngmt task
  • BUG/MINORpool/cliuse ullong to report total pool usage in bytes
  • BUG/MEDIUMringfix creation of server in uninitialized ring
  • DOCconfigfix alphabetical ordering of global section
  • REG-TESTScacheRemove T-E header for 304-Not-Modified responses
  • BUG/MINORmux-h1Do not send a last null chunk on body-less answers
  • BUG/MEDIUMmux-fcgiAvoid value length overflow when it doesn't fit at once
  • BUG/MINORmux-fcgiBe sure to send empty STDING record in case of zero-copy
  • BUG/MINORresolversSet port before IP address when processing SRV records
  • BUG/MINORresolversDon't wait periodic resolution on healthcheck failure
  • BUG/MINORhttp-htxFix error handling during parsing http replies
  • BUG/MEDIUMwdt/clockproperly handle early task hangs
  • CIemit the compiler's version in the build reports
  • CIenable QUIC for LibreSSL builds
  • CIswitch to the latest LibreSSL
  • BUG/MINORsslocsp structure not freed properly in case of error
  • BUG/MINORsslMemory leak of AUTHORITY_KEYID struct when loading issuer
  • CIadd monthly gcc cross compile jobs
  • BUG/MINORlogfixing bug in tcp syslog_io_handler Octet-Counting
  • BUG/MEDIUMstick-tablefix a race condition when updating the expiration task

#2022/10/26 : 2.5r1 (1.0.0-280.536)

  • BUG/MAJORstick-tabledon't process store-response rules for applets
  • DOCluaadd a note about compression w/ httpclient
  • DOCmanagementadd forgotten show startup-logs
  • CISSLtemporarily stick to LibreSSL=3.5.3
  • CISSLuse proper version generating when latest semantic is used
  • BUG/MINORsinkSet default connect/server timeout for implicit ring buffers
  • BUG/MINORsinkOnly use backend capability for the sink proxies
  • BUG/MEDIUMcompressionhandle rewrite errors when updating response headers
  • BUILDMakefileadd USE_SHM_OPEN on the linux-musl target
  • CIgithubdump the backtrace of coredumps in the alpine container
  • REGTESTShttpclient/luatest the lua task timeout with the httpclient
  • BUG/MEDIUMhttpclientcheck if the httpclient was released in the IO handler
  • BUG/MEDIUMhttpclient/luacrash when the lua task timeout before the httpclient
  • BUG/MINORringProperly parse connect timeout
  • BUG/MINORlogPreserve message facility when the log target is a ring buffer
  • CIReplace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition
  • CIReplace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py
  • MINORhttpclient/luaDon't set req_payload callback if body is empty
  • BUG/MINORservermake sure show servers state hides private bits
  • BUG/MAJORstick-tablesdo not try to index a server name for applets
  • DOCconfigurationmissing 'if' in tcp-request content example
  • BUG/MEDIUMconfigcount line arguments without dereferencing the output
  • BUG/MINORconfigdon't count trailing spaces as empty arg (v2)
  • BUG/MINORbackendonly enforce turn-around state when not redispatching
  • BUG/MINORsmtpchkSMTP Service check should gracefully close SMTP transaction
  • MINORsmtpchkUpdate expect rule to fully match replies to EHLO commands
  • BUG/MINORmux-h1Account consumed output data on synchronous connection error
  • BUG/MINORhluahlua_channel_insert_data() behavior conflicts with documentation
  • BUILDhttp_fetchsilence an uninitiialized warning with gcc-4/5/6 at -Os
  • BUG/MINORhttp-fetchUpdate method after a prefetch in smp_fetch_meth()
  • BUILDh1silence an initiialized warning with gcc-4.7 and -Os
  • BUG/MEDIUMluahandle stick table implicit arguments right.
  • BUG/MEDIUMluaDon't crash in hlua_lua2arg_check on failure
  • DOCconfigFix pgsql-check documentation to make user param mandatory
  • BUG/MINORchecksupdate pgsql regex on auth packet
  • BUG/MAJORconn-idlefix hash indexing issues on idle conns
  • BUG/MINORhlua_hlua_http_msg_delete incorrect behavior when offset is used
  • BUG/MINORhluafixing hlua_http_msg_insert_data behavior
  • BUG/MINORhluafixing hlua_http_msg_del_data behavior
  • BUG/MEDIUMresolversRemove aborted resolutions from query_ids tree
  • REGTESTS4be_1srv_smtpchk_httpchk_layer47errorsReturn valid SMTP replies

#2022/09/20 : 2.5r1 (1.0.0-280.495)

  • BUG/MINORlogimproper behavior when escaping log data
  • SCRIPTSannounce-releaseupdate some URLs to https
  • BUILDfdfix a build warning on the DWCAS
  • BUG/MEDIUMcapturesfree() an error capture out of the proxy lock
  • BUG/MEDIUMserversegv when adding server with hostname from CLI
  • DOCfix TOC in starter guide for subsection 3.3.8. Statistics
  • REGTESTSssl/logtest the log-forward with SSL
  • BUG/MEDIUMsinkbad init sequence on tcp sink from a ring.
  • REGTESTSlogtest the log-forward feature
  • REGTESTShealthcheckmailRelax matching on the healthcheck log message
  • BUG/MINORstatsfixing stat shows disabled frontend status as 'OPEN'
  • MINORproxy/listenersupport for additional PAUSED state
  • MINORlistenersmall API change
  • BUG/MEDIUMproxyensure pause_proxy() and resume_proxy() own PROXY_LOCK
  • CIcirrus-cibump FreeBSD image to 13-1
  • BUG/MINORsignals/pollerensure wakeup from signals
  • BUG/MINORsignals/pollerset the poller timeout to 0 when there are signals
  • BUG/MINORtaskalways reset a new tasklet's call date
  • BUG/MINORh1Support headers case adjustment for TCP proxies
  • BUILDmakefileenable crypt(3) for NetBSD

#2022/09/15 : 2.5r1 (1.0.0-280.475)

  • BUG/MINORregexProperly handle PCRE2 lib compiled without JIT support
  • BUG/MINORmux-fcgifix the show fd dest buffer for the subscriber
  • BUG/MINORmux-h1fix the show fd dest buffer for the subscriber
  • BUG/MINORmux-h2fix the show fd dest buffer for the subscriber
  • BUG/MEDIUMmux-h1always use RST to kill idle connections in pools
  • REGTESTShttp_request_bufferAdd a barrier to not mix up log messages
  • BUG/MINORsslleak of ckch_inst_link in ckch_inst_free() v2
  • BUG/MEDIUMmux-h1do not refrain from signaling errors after end of input
  • BUG/MINORsslrevert two wrong fixes with ckhi_link
  • BUG/MEDIUMsslFix a UAF when old ckch instances are released
  • BUG/MINORsslleak of ckch_inst_link in ckch_inst_free()

#2022/08/30 : 2.5r1 (1.0.0-280.464)

  • BUG/MINORtcpcheckDisable QUICKACK for default tcp-check (with no rule)
  • BUG/MINORhluaRely on CF_EOI to detect end of message in HTTP applets
  • BUG/MEDIUMpeersDon't start resync on reload if local peer is not up-to-date
  • BUG/MEDIUMpeersDon't use resync timer when local resync is in progress
  • BUG/MEDIUMpeersAdd connect and server timeut to peers proxy
  • BUG/MEDIUMspoeProperly update streams waiting for a ACK in async mode
  • DOCconfigurationdo-resolve doesn't work with a port in the string
  • REGTESTSFix prometheus script to perform HTTP health-checks
  • BUG/MINORtcpcheckDisable QUICKACK only if data should be sent after connect
  • BUG/MINORresolversreturn the correct value in resolvers_finalize_config()
  • BUG/MAJORmworkerfix infinite loop on master with no proxies.
  • BUG/MINORssl/clierror when the ca-file is empty
  • BUG/MAJORlog-forwardFix log-forward proxies not fully initialized
  • BUG/MEDIUMmux-h2do not fiddle with ->dsi to indicate demux is idle
  • BUG/MEDIUMhttp-anafix crash or wrong header deletion by http-restrict-req-hdr-names

#2022/08/17 : 2.5r1 (1.0.0-279.449)

  • MINORhapeeupdate backported file with pool-related stuff
  • MINORchunkinline alloc_trash_chunk()
  • MINORpools/memprofstore and report the pool's name in each bin
  • MINORpool/memprofreport pool alloc/free in memory profiling
  • MINORmemprofexport the minimum definitions for memory profiling
  • MINORpoolspartially uninline pool_alloc()
  • MINORpoolspartially uninline pool_free()

#2022/08/12 : 2.5r1 (1.0.0-278.442)

  • BUILDhttpsilence an uninitialized warning affecting gcc-5
  • BUG/MEDIUMringfix too lax 'size' parser
  • BUILDdebugsilence warning on gcc-5
  • BUG/MEDIUMtaskrelax one thread consistency check in task_unlink_wq()
  • BUG/MEDIUMpolleruse fd_delete() to release the poller pipes
  • BUILDcfgparsealways defined _GNU_SOURCE for sched.h and crypt.h
  • BUG/MINORsinkfix a race condition between the writer and the reader
  • BUG/MINORring/clifix a race condition between the writer and the reader
  • BUG/MEDIUMproxyPerform a custom copy for default server settings
  • REORGserverExport srv_settings_cpy() function
  • MINORserverConstify source server to copy its settings
  • BUG/MEDIUMdnsProperly initialize new DNS session
  • BUG/MINORpeersUse right channel flag to consider the peer as connected
  • BUG/MEDIUMpeerslimit reconnect attempts of the old process on reload
  • MINORpeersUse a dedicated reconnect timeout when stopping the local peer
  • BUG/MEDIUMpatternonly visit equivalent nodes when skipping versions
  • MINORebtreeadd ebmb_lookup_shorter() to pursue lookups
  • BUG/MEDIUMqueue/threadslimit the number of entries dequeued at once
  • DEBUGfdsplit the fd check

#2022/07/29 : 2.5r1 (1.0.0-278.423)

  • BUG/MINORsockpairwrong return value for fd_send_uxst()
  • BUG/MINORbackendFallback on RR algo if balance on source is impossible
  • BUILDadd detection for unsupported compiler models
  • BUG/MEDIUMmworkerproc_self incorrectly set crashes upon reload
  • BUG/MINORmworker/clirelative pid prefix not validated anymore
  • BUG/MINORtoolsfix statistical_prng_range()'s output range
  • BUG/MEDIUMtoolsavoid calling dlsym() in static builds (try 2)
  • BUILDmakefileFix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
  • BUG/MEDIUMtoolsavoid calling dlsym() in static builds
  • MEDIUMmworkerset the iocb of the socketpair without using fd_insert()
  • BUG/MEDIUMmux-h1Handle connection error after a synchronous send
  • BUG/MEDIUMhttp-anaDon't wait to have an empty buf to switch in TUNNEL state
  • BUG/MINORmux-h1Be sure to commit htx changes in the demux buffer
  • REGTEESTSfiltersFix CONNECT request in random-forwarding script
  • BUG/MEDIUMhttp-fetchDon't fetch the method if there is no stream
  • MINORhttp-htxUse new HTTP functions for the scheme based normalization
  • BUG/MEDIUMh1Improve authority validation for CONNCET request
  • MINORhttpAdd function to detect default port
  • MINORhttpAdd function to get port part of a host
  • BUG/MINORhttp-htxFix scheme based normalization for URIs wih userinfo
  • BUG/MINORpeersfix possible NULL dereferences at config parsing
  • BUG/MINORhttp-actProperly generate 103 responses when several rules are used
  • BUG/MINORhttp-checkPreserve headers if not redefined by an implicit rule
  • BUG/MINORpeers/configalways fill the bind_conf's argument
  • MINORfdAdd BUG_ON checks on fd_insert()
  • CIre-enable gcc asan builds
  • BUILDMakefileAdd Lua 5.4 autodetect
  • BUG/MEDIUMssl/fdunexpected fd close using async engine
  • MINORfdadd a new FD_DISOWN flag to prevent from closing a deleted FD
  • BUG/MINORhttp-fetchUse integer value when possible in method sample fetch
  • BUG/MINORhttp-anaSet method to HTTP_METH_OTHER when an HTTP txn is created
  • BUG/MINORsslDo not look for key in extra files if already in pem
  • MEDIUMmux-h2try to coalesce outgoing WINDOW_UPDATE frames
  • REGTESTSssladd the same cert for client/server
  • BUG/MEDIUMmworkeruse default maxconn in wait mode
  • BUG/MEDIUMssl/clicrash when crt inserted into a crt-list
  • BUG/MINORtaskfix thread assignment in tasklet_kill()
  • BUG/MINORtcp-rulesMake action call final on read error and delay expiration
  • BUG/MINORcli/statsadd missing trailing LF after show info json
  • BUG/MINORserverdo not enable DNS resolution on disabled proxies
  • BUG/MINORcli/statsadd missing trailing LF after JSON outputs
  • REGTESTShealthcheckmailRelax health-check failure condition
  • REGTESTShealthcheckmailUpdate the test to be functionnal again
  • BUG/MINORchecksProperly handle email alerts in trace messages
  • BUG/MINORtraceTest server existence for health-checks to get proxy
  • BUG/MEDIUMmailersSet the object type for check attached to an email alert
  • BUILDcompilerimplement unreachable for older compilers too
  • REGTESTSrestrict_req_hdr_namesExtend supported versions
  • REGTESTShttp_abortoncloseExtend supported versions
  • BUG/MINORssl_ckchFix possible uninitialized value in show_crlfile I/O handler
  • BUG/MINORssl_ckchFix possible uninitialized value in show_cafile I/O handler
  • BUG/MINORssl_ckchFix possible uninitialized value in show_cert I/O handler
  • BUG/MINORssl_ckchInit right field when parsing commit ssl crl-file cmd
  • BUG/MINORssl_ckchDump cert transaction only once if show command yield
  • BUG/MINORssl_ckchDump CA transaction only once if show command yield
  • BUG/MINORssl_ckchDump CRL transaction only once if show command yield
  • REGTESTShttp_request_bufferIncrease client timeout to wait slow clients
  • REGTESTSabortoncloseAdd a barrier to not mix up log messages
  • MEDIUMhttpclientDon't close CLI applet at the end of a response
  • MEDIUMhttp-anaAlways report rewrite failures as PRXCOND in logs
  • BUG/MEDIUMhttpclientRework CLI I/O handler to handle full buffer cases
  • BUG/MEDIUMhttpclientDon't remove HTX header blocks before duplicating them
  • BUG/MEDIUMssl/crt-listRework 'add ssl crt-list' to handle full buffer cases
  • BUG/MEDIUMssl_ckchRework 'commit ssl ca-file' to handle full buffer cases
  • BUG/MEDIUMssl_ckchRework 'commit ssl cert' to handle full buffer cases
  • BUG/MINORssl_ckchDon't duplicate path when replacing a CA/CRL entry
  • BUG/MINORssl_ckchDon't duplicate path when replacing a cert entry
  • BUG/MEDIUMssl_ckchDon't delete CA/CRL entry if it is being modified
  • BUG/MEDIUMssl_ckchDon't delete a cert entry if it is being modified
  • BUG/MINORssl_ckchFree error msg if commit changes on a CA/CRL entry fails
  • BUG/MINORssl_ckchFree error msg if commit changes on a cert entry fails
  • DOCintroadjust the numbering of paragrams to keep the output ordered

#2022/07/13 : 2.5r1 (1.0.0-277.350)

#2022/06/10 : 2.5r1 (1.0.0-275.350)

  • DOCgpc/gptadd commments of gpc/gpt array definitions on stick tables.
  • DOCpeersfix port number and addresses on new peers section format
  • DOCpeersclarify when entry expiration date is renewed.
  • DOCpeersindicate that some server settings are not usable
  • BUG/MINORpeersdetect and warn on init_addr/resolvers/check/agent-check
  • BUG/MINORpeersset the proxy's name to the peers section name
  • SCRIPTSmake publish-release try to launch make-releases-json
  • SCRIPTSadd make-releases-json to recreate a releases.json file in download dirs
  • REGTESTSDo not use REQUIRE_VERSION for HAProxy 2.5+ (2)
  • BUG/MEDIUMsampleFix adjusting size in word converter
  • BUG/MEDIUMpeersprevent unitialized multiple listeners on peers section
  • BUG/MEDIUMpeersfix segfault using multiple bind on peers sections
  • BUG/MEDIUMresolversDon't defer resolutions release in deinit function
  • BUG/MEDIUMhttpProperly reject non-HTTP/1.x protocols
  • BUG/MEDIUMtoolsFix `inet_ntop` usage in sa2str
  • CIdetermine actual OpenSSL version dynamically
  • BUILD/MINORcpuset fix build for FreeBSD 13.1
  • BUG/MINORpeersfix error reporting of bind lines
  • BUG/MINORcfgparseabort earlier in case of allocation error
  • BUG/MINORcheckReinit the buffer wait list at the end of a check
  • BUG/MEDIUMconfigReset outline buffer size on realloc error in readcfgfile()
  • REGTESTSabortoncloseFix some race conditions
  • BUG/MINORsslFix crash when no private key is found in pem
  • MINORtoolsadd get_exec_path implementation for solaris based systems.
  • BUILDfix build warning on solaris based systems with __maybe_unused.
  • MEDIUMhttp-anaAdd a proxy option to restrict chars in request header names
  • CIdetermine actual LibreSSL version dynamically
  • BUILDhapee/modulesselect either md5 or md5sum

#2022/05/13 : 2.5r1 (1.0.0-273.322)

  • CLEANUPmux-h1Fix comments and error messages for global options
  • MINORmux-h1Add global option accpet payload for any HTTP/1.0 requests
  • BUG/MEDIUMwdtdon't trigger the watchdog when p is unitialized
  • CLEANUPappletmake appctx_new() initialize the whole appctx
  • BUG/MINORconn_streamdo not confirm a connection from the frontend path
  • DOC/MINORfix typos in the lua-api document
  • BUG/MEDIUMluafix argument handling in data removal functions
  • BUG/MINORserverMake SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
  • DOCinstallupdate gcc version requirements
  • BUG/MEDIUMsslfix the gcc-12 broken fix :-(
  • BUILDlistenershut report of possible null-deref in listener_accept()
  • BUILDdebugwork around gcc-12 excessive -Warray-bounds warnings
  • BUILDsslwork around bogus warning in gcc 12's -Wformat-truncation
  • BUG/MINORsslFix typos in crl-file related CLI commands
  • CIdynamically determine actual version of h2spec
  • DOCfix typo ant for and in INSTALL
  • BUG/MINORssl/clifix show ssl cert not to mix cli+ssl contexts
  • BUG/MINORssl/clifix show ssl crl-file not to mix cli+ssl contexts
  • BUG/MINORssl/clifix "show ssl ca-file <name>" not to mix cli+ssl contexts
  • BUG/MINORssl/clifix show ssl ca-file/crl-file not to mix cli+ssl contexts
  • BUG/MEDIUMssl/clifix yielding in show_cafile_detail
  • BUG/MINORmap/climake sure patterns don't vanish under show map's init
  • BUG/MINORmap/cliprotect the backref list during show map errors
  • BUG/MINORproxy/clidon't enumerate internal proxies on show backend
  • BUG/MEDIUMclimake show cli sockets really yield
  • BUG/MEDIUMresolversmake show resolvers properly yield
  • BUG/MINORstartupusage() when no -cc arguments
  • BUG/MINORtcp/httprelease the expr of set-{src,dst}[-port]
  • DOCconfigUpdate doc for PR/PH session states to warn about rewrite failures

#2022/05/12 : 2.5r1 (1.0.0-273.293)

  • MINORmux-h2report a trace event when failing to create a new stream
  • BUG/MINORmux-h2mark the stream as open before processing it not after
  • BUG/MAJORdnsmulti-thread concurrency issue on UDP socket

#2022/05/05 : 2.5r1 (1.0.0-273.290)

  • BUG/MEDIUMmux-h1Be able to handle trailers when C-L header was specified
  • BUG/MEDIUMmux-fcgiBe sure to never set EOM flag on an empty HTX message
  • SCRIPTSannounce-releaseadd URL of dev packages
  • CIgithub actions: update LibreSSL to 3.5.2

#2022/04/29 : 2.5r1 (1.0.0-272.286)

  • BUG/MEDIUMhttpclientFix loop consuming HTX blocks from the response channel
  • MINORssladd a new global option tune.ssl.hard-maxrecord
  • BUG/MINORpoolsmake sure to also destroy shared pools in pool_destroy_all()

#2022/04/27 : 2.5r1 (1.0.0-272.283)

  • BUG/MINORresolversFix memory leak in resolvers_deinit()
  • BUG/MEDIUMhttp-anaFix memleak in redirect rules with ignore-empty option
  • MINORconnectionAdd way to disable active connection closing during soft-stop

#2022/04/26 : 2.5r1 (1.0.0-272.280)

  • BUILDcompilerproperly distinguish weak and global symbols
  • MINORhapeeadd a .hapee directory to list backporting notes
  • REGTESTSfix the race conditions in be2dec.vtc ad field.vtc
  • BUG/MINORconnectionconnection:close header added despite 'close-spread-time'
  • BUG/MINORsampleadd missing use_backend/use-server contexts in smp_resolve_args
  • BUG/MINORrulesFix check_capture() function to use the right rule arguments
  • BUG/MEDIUMrulesBe able to use captures defined in defaults section
  • BUG/MINORrulesForbid captures in defaults section if used by a backend
  • DOCremove my name from the config doc
  • MEDIUMqueueuse tasklet_instant_wakeup() to wake tasks
  • MINORtaskadd a new task_instant_wakeup() function
  • BUG/MAJORconnectionNever remove connection from idle lists outside the lock
  • BUG/MINORcacheDisable cache if applet creation fails
  • BUILDcalltracefix wrong include when building with TRACE=1
  • SCRIPTSannounce-releaseadd shortened links to pending issues
  • DOCluaupdate a few doc URLs
  • SCRIPTSannounce-releaseupdate the doc's URL
  • BUG/MEDIUMcompressionDon't forget to update htx_sl and http_msg flags
  • BUG/MEDIUMfcgi-appUse http_msg flags to know if C-L header can be added
  • BUG/MEDIUMstreamdo not abort connection setup too early
  • BUILDcompileruse a more portable set of asm(.weak) statements
  • BUILDschedworkaround crazy and dangerous warning in Clang 14
  • BUG/MEDIUMmux-h1Don't request more room on partial trailers
  • BUG/MINORmux-h2use timeout http-request as a fallback for http-keep-alive
  • BUG/MINORmux-h2do not use timeout http-keep-alive on backend side
  • BUILDdebugmark the __start_mem_stats/__stop_mem_stats symbols as weak
  • BUG/MINORcachedo not display expired entries in show cache
  • BUG/MINORmux-h2do not send GOAWAY if SETTINGS were not sent
  • CIcirrusswitch to FreeBSD-13.0
  • CIgithub actions: disable -Wno-deprecated
  • BUG/MINORstatsdefine the description' background color in dark color scheme
  • CIUpdate to actions/cache@v3
  • CIUpdate to actions/checkout@v3
  • MEDIUMglobalAdd a close-spread-time option to spread soft-stop on time window
  • MAJORopentracingreenable usage of vars to transmit opentracing context
  • DEBUGopentracingdisplay the contents of the err variable after setting
  • CLEANUPopentracingadded FLT_OT_PARSE_INVALID_enum enum
  • DEBUGopentracingshow return values of all functions in the debug output
  • MINORopentracingimproved normalization of context variable names
  • CLEANUPopentracingadded variable to store variable length
  • CLEANUPopentracingadded flt_ot_smp_init() function
  • MINORopentracingonly takes the variables lock on shared entries
  • CLEANUPopentracingremoved unused function flt_ot_var_get()
  • CLEANUPopentracingremoved unused function flt_ot_var_unset()
  • DOCopentracingcorrected comments in function descriptions
  • EXAMPLESopentracingrefined shell scripts for testing filter performance
  • BUG/BUILDopentracingfixed OT_DEFINE variable setting
  • BUG/MINORopentracingsetting the return value in function flt_ot_var_set()
  • BUG/MEDIUMhttp-actDon't replace URI if path is not found or invalid
  • BUG/MEDIUMhttp-convFix url_enc() to not crush const samples
  • BUG/MEDIUMmux-h1Set outgoing message to DONE when payload length is reached
  • BUG/MEDIUMpromexBe sure to never set EOM flag on an empty HTX message
  • BUG/MEDIUMhluaDon't set EOM flag on an empty HTX message in HTTP applet
  • BUG/MEDIUMstatsBe sure to never set EOM flag on an empty HTX message
  • BUG/MINORfcgi-appDon't add C-L header on response to HEAD requests
  • BUG/MINORhttpclientend callback in applet release
  • BUG/MINORssl/cliRemove empty lines from CLI output
  • CIgithub actions: update OpenSSL to 3.0.2
  • DOCremove double blanks in configuration.txt
  • BUG/MAJORmux_ptalways report the connection error to the conn_stream
  • BUG/MINORcli/streamfix shutdown session to iterate over all threads
  • BUG/MINORsamplesadd missing context names for sample fetch functions

#2022/03/29 : 2.5r1 (1.0.0-271.215)

  • REGTESTSssluse X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
  • BUG/MEDIUMmux-h1Properly detect full buffer cases during message parsing
  • BUG/MEDIUMmux-fcgiProperly handle return value of headers/trailers parsing
  • DOCreflect H2 timeout changes
  • BUG/MINORtoolsurl2sa reads too far when no port nor path
  • DOCconfigExplictly add supported MQTT versions
  • MEDIUMmqttsupport mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
  • BUG/MINORrulesInitialize the list element when allocating a new rule
  • BUG/MEDIUMmux-h2make use of http-request and keep-alive timeouts
  • MEDIUMmux-h2slightly relax timeout management rules
  • BUG/MEDIUMtraceavoid race condition when retrieving session from conn->owner
  • BUG/MEDIUMstream-intdo not rely on the connection error once established
  • BUG/MEDIUMmux-h1only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
  • CIgithub actions: switch to LibreSSL-3.5.1
  • BUG/MINORhttpclientCF_SHUTW_NOW should be tested with channel_is_empty()
  • BUG/MINORhttpclientprocess the response when received before the end of the request
  • BUG/MINORhttpclientonly check co_data() instead of HTTP_MSG_DATA
  • BUG/MINORserver/sslfree the SNI sample expression
  • BUILDhttpclientfix build without SSL
  • BUG/MINORhttpclientsend the SNI using the host header
  • MINORserverexport server_parse_sni_expr() function
  • BUG/MINORhttpclient/luastuck when closing without data

#2022/03/25 : 2.5r1 (1.0.0-270.193)

  • BUG/MINORtoolsfix url2sa return value with IPv4
  • REGTESTSfix the race conditions in be2hex.vtc

#2022/03/17 : 2.5r1 (1.0.0-270.191)

#2022/03/14 : 2.5r1 (1.0.0-269.191)

  • BUG/MEDIUMhttpclientmust manipulate head, not first
  • BUG/MINORhttpclientremove the UNUSED block when parsing headers
  • BUG/MINORhttpclientconsume partly the blocks when necessary
  • CLEANUPhtxremove unused co_htx_remove_blk()
  • BUG/MEDIUMhttpclientdon't consume data before it was analyzed
  • BUG/MINORsessionfix theoretical risk of memleak in session_accept_fd()
  • BUG/MAJORmux-ptAlways destroy the backend connection on detach
  • DEBUGstreamFix stream trace message to print response buffer state
  • DEBUGstreamAdd the missing descriptions for stream trace events
  • BUG/MEDIUMmcliProperly handle errors and timeouts during reponse processing
  • DEBUGcacheUpdate underlying buffer when loading HTX message in cache applet
  • BUG/MEDIUMstreamUse the front analyzers for new listener-less streams
  • BUG/MINORpromexSet conn-stream/channel EOI flags at the end of request
  • BUG/MINORcacheSet conn-stream/channel EOI flags at the end of request
  • BUG/MINORstatsSet conn-stream/channel EOI flags at the end of request
  • BUG/MINORhluaSet conn-stream/channel EOI flags at the end of request
  • BUG/MINORhttpclientSet conn-stream/channel EOI flags at the end of request
  • BUG/MINORclishows correct mode in show sess
  • BUG/MINORadd missing modes in proxy_mode_str()

#2022/03/08 : 2.5r1 (1.0.0-269.172)

  • BUILDfix recent build breakage of freebsd caused by kFreeBSD build fix
  • BUILDpoolsfix backport of no-memory-trimming on non-linux OS
  • MINORstatsAdd dark mode support for socket rows
  • MINORpoolsadd a new global option no-memory-trimming
  • BUILDfix kFreeBSD build.
  • BUG/MEDIUMpoolsfix ha_free() on area in the process of being freed
  • BUG/MINORpoolalways align pool_heads to 64 bytes
  • BUG/MEDIUMhttpclient/luainfinite appctx loop with POST

#2022/03/01 : 2.5r1 (1.0.0-268.164)

  • REGTESTSfix the race conditions in secure_memcmp.vtc
  • REGTESTSfix the race conditions in normalize_uri.vtc
  • BUG/MEDIUMhtxFix a possible null derefs in htx_xfer_blks()
  • BUG/MEDIUMmux-fcgiDon't rely on SI src/dst addresses for FCGI health-checks
  • BUILDtree-widemark a few numeric constants as explicitly long long
  • BUILDatomicmake the old HA_ATOMIC_LOAD() support const pointers
  • CIConsistently use actions/checkout@v2
  • CIgithub actions: use cache for SSL libs
  • CIrefactor OpenTracing build script
  • CIgithub actions: use cache for OpenTracing
  • CIgithub actions: add the output of $CC -dM -E-
  • BUG/MEDIUMstreamAbort processing if response buffer allocation fails
  • CIgithubenable pool debugging by default
  • REGTESTSfix the race conditions in 40be_2srv_odd_health_checks
  • BUG/MINORproxypreset the error message pointer to NULL in parse_new_proxy()
  • DOCFix usage/examples of deprecated ACLs
  • BUG/MAJORmux-h2Be sure to always report HTX parsing error to the app layer
  • BUG/MEDIUMmux-h1Don't wake h1s if mux is blocked on lack of output buffer
  • BUG/MEDIUMhtxBe sure to have a buffer to perform a raw copy of a message
  • DEBUGbuffercheck in __b_put_blk() whether the buffer room is respected
  • BUG/MEDIUMhttpclientlimit transfers to the maximum available room
  • BUG/MINORtoolsurl2sa reads ipv4 too far
  • CLEANUPhttpclient/clifix indentation alignment of the help message
  • BUG/MINORsslMissing return value check in ssl_ocsp_response_print
  • BUG/MINORsslFix leak in show ssl ocsp-response CLI command
  • BUG/MINORsslAdd missing return value check in ssl_ocsp_response_print
  • BUG/MINORmailersnegotiate SMTP, not ESMTP
  • BUG/MINORhttpclientreinit flags in httpclient_start()
  • MINORhttpclientDon't limit data transfer to 1024 bytes
  • BUG/MAJORcompilerrelax alignment constraints on certain structures
  • BUG/MEDIUMfdalways align fdtab[] to 64 bytes
  • BUG/MEDIUMresolversReally ignore trailing dot in domain names
  • BUG/MINORsinkUse the right field in appctx context in release callback
  • BUG/MINORmworkerfix a FD leak of a sockpair upon a failed reload
  • BUG/MEDIUMmworkerclose unused transferred FDs on load failure
  • MINORsockmove the unused socket cleaning code into its own function
  • BUG/MINORmux-h2update the session's idle delay before creating the stream
  • BUG/MEDIUMh2/hpackfix emission of HPACK DTSU after settings change
  • REGTESTSpeersleave a bit more time to peers to synchronize
  • REGTESTSserverclose an occasional race on dynamic_server_ssl.vtc
  • BUG/MAJORspoeproperly detach all agents when releasing the applet
  • BUG/MAJORhttp/htxprevent unbounded loop in http_manage_server_side_cookies
  • BUG/MINORhttpclient/clidisplay junk characters in vsn
  • BUG/MINORjwtMemory leak if same key is used in multiple jwt_verify calls
  • BUG/MINORjwtMissing pkey free during cleanup
  • BUG/MINORjwtDouble free in deinit function
  • BUG/MINORsslRemove empty lines from "show ssl ocsp-response <id>" output
  • BUG/MEDIUMhttpclientXfer the request when the stream is created
  • BUG/MINORhttpclientRevisit HC request and response buffers allocation
  • BUG/MEDIUMlistenerread-lock the listener during accept()
  • MINORlistenerreplace the listener's spinlock with an rwlock
  • DEBUGfdmake sure we never try to insert/delete an impossible FD number

#2022/02/15 : 2.5r1 (1.0.0-268.112)

  • BUG/MINORmworkerdoes not erase the pidfile upon reload
  • BUG/MAJORschedprevent rare concurrent wakeup of multi-threaded tasks
  • DEBUGpoolsreplace the link pointer with the caller's address on pool_free()
  • DEBUGpoolslet's add reverse mapping from cache heads to thread and pool
  • DEBUGpoolsadd extra sanity checks when picking objects from a local cache
  • BUG/MINORpoolsalways flush pools about to be destroyed
  • BUG/MINORmworkerdoes not add the -sf in wait mode
  • BUG/MEDIUMmworkerdon't lose the stats socket on failed reload
  • REGTESTSsslFix ssl_errors regtest with OpenSSL 1.0.2
  • DEBUGpoolsadd new build option DEBUG_POOL_INTEGRITY
  • BUILDdebug/clicondition test of O_ASYNC to its existence
  • DEBUGcliadd a new debug dev fd expert command
  • BUG/MINORstreammake the call_rate only count the no-progress calls
  • BUG/MEDIUMmclialways realign wrapping buffers before parsing them
  • BUG/MEDIUMmclido not try to parse empty buffers
  • BUG/MEDIUMcliNever wait for more data on client shutdown
  • MEDIUMh2/hpackemit a Dynamic Table Size Update after settings change
  • BUG/MINORcliavoid O(bufsize) parsing cost on pipelined commands
  • MINORchanneladd new function co_getdelim() to support multiple delimiters
  • MEDIUMcliyield between each pipelined command
  • DOCmanagementmark set server ssl as deprecated
  • BUG/MEDIUMserveravoid changing healthcheck ctx with set server ssl
  • BUILD/MINORfix solaris build with clang.
  • BUG/MINORhttpclient/luadon't pop the lua stack when getting headers
  • BUG/MINORhttpclientset default Accept and User-Agent headers
  • BUG/MINORhttpclientdon't send an empty body
  • BUG/MEDIUMhtxAdjust length to add DATA block in an empty HTX buffer
  • BUG/MEDIUMconnectionproperly leave stopping list on error
  • CIgithub actions: clean default step conditions
  • BUILDcpusetfix build issue on macos introduced by previous change
  • BUG/MAJORmux-h1Don't decrement .curr_len for unsent data
  • BUG/MINORsslStore client SNI in SSL context in case of ClientHello error
  • BUG/MEDIUMmworkerdon't use _getsocks in wait mode
  • BUG/MEDIUMhttp-anaPreserve response's FLT_END analyser on L7 retry
  • BUG/MINORclifix _getsocks with musl libc
  • BUILD/MINORtoolssolaris build fix on dladdr.
  • CIgithub actions: update OpenSSL to 3.0.1
  • BUILD/MINORcpuset FreeBSD 14 build fix.
  • REGTESTSsslupdate of a crt with server deletion
  • BUG/MEDIUMsslfree the ckch instance linked to a server
  • BUG/MINORsslfree the fields in srv->ssl_ctx
  • CIGithub Actions: do not show VTest failures if build failed
  • BUILDmakefileadd -Wno-atomic-alignment to work around clang abusive warning
  • MINORcpusetswitch to sched_setaffinity for FreeBSD 14 and above.
  • MINORproxyadd option idle-close-on-response
  • MINORdebugadd support for -dL to dump library names at boot
  • MINORdebugadd ability to dump loaded shared libraries
  • MINORcompatdetect support for dl_iterate_phdr()
  • REGTESTSsslfix ssl_default_server.vtc
  • BUG/MEDIUMsslinitialize correctly ssl w/ default-server
  • BUILDopentracingdisplay warning in case of using OT_USE_VARS at compile time
  • DEBUGsslmake sure we never change a servername on established connections
  • DOCfix misspelled keyword resolve_retries in resolvers
  • BUILDsslunbreak the build with newer libressl
  • BUG/MINORmux-h1Fix splicing for messages with unknown length
  • BUG/MEDIUMmux-h1Fix splicing by properly detecting end of message
  • BUG/MEDIUMpeersproperly skip conn_cur from incoming messages
  • BUG/MEDIUMbackendfix possible sockaddr leak on redispatch
  • MINORpoolswork around possibly slow malloc_trim() during gc
  • MINORsslRemove empty lines from show ssl ocsp-response output
  • BUG/MEDIUMmworker/clicrash when trying to access an old PID in prompt mode
  • DOCconfigfix error-log-format example
  • DOCconfigretry-on list is space-delimited
  • DOCconfigSpecify %Ta is only available in HTTP mode
  • DOCspoeClarify use of the event directive in spoe-message section
  • BUG/MINORcli/serverDon't crash when a server is added with a custom id
  • MINORhttp-rulesAdd capture action to http-after-response ruleset
  • IMPORTslzuse the correct CRC32 instruction when running in 32-bit mode
  • BUILDtree-wideavoid warnings caused by redundant checks of obj_types
  • MINORclishow version displays the current process version
  • BUG/MEDIUMsampleFix memory leak in sample_conv_jwt_member_query
  • BUILDbugFix error when compiling with -DDEBUG_STRICT_NOCRASH
  • MINORmux-h1Improve H1 traces by adding info about http parsers
  • BUG/MINORmworkerdeinit of thread poller was called when not initialized
  • BUG/MEDIUMmworkerFD leak of the eventpoll in wait mode
  • BUG/MEDIUMh1Properly reset h1m flags when headers parsing is restarted
  • BUG/MAJORsegfault using multiple log forward sections.
  • BUG/MEDIUMresolversDetach query item on response error
  • BUG/MINORserverDon't rely on last default-server to init server SSL context
  • BUG/MINORvarsFix the set-var and unset-var converters
  • BUILDevportsremove a leftover from the dead_fd cleanup
  • BUG/MEDIUMcliProperly set stream analyzers to process one command at a time
  • BUG/MINORluaremove loop initial declarations
  • BUG/MINORluadon't expose internal proxies
  • BUG/MINORhttpclientallow to replace the host header
  • BUG/MINORcacheFix loop on cache entries in show cache
  • MINORhapee/WURFLtransfer error status from the _wurfl_reload() function
  • MINORhapee/WURFLadded live update database function
  • MINORhapee/WURFLadded custom API log function
  • MINORhapee/WURFLadded function to check correct module initialization
  • BUG/MINORhapee/WURFLcorrected version check of used wurfl library
  • BUILDhapee/darepaired build in case of using old DeviceAtlas library
  • MINORhapee/daadd function that allow data reload
  • MINORhapee/daadd spin locking
  • MINORhapee/daadd support for loading a precompiled json data
  • MINORhapee/51dadd function that allow data reload
  • BUG/MINORhapee/51dadd spin locking
  • BUILDhapee/51dfix error when building with 51Degrees enabled
  • BUG/MEDIUMhapee/51dfix a segfault on exit when 51d configuration is not loaded
  • MEDIUMhapee/51duse fiftyoneDegreesProvider to access the pool and dataset
  • MEDIUMhapee/modulesload the STG_REGISTER initcalls
  • BUG/MINORhapee/modulesdisplay detailed error message on mod_init() failure
  • MINORhapee/modulesadd a new label MODULES_LOCK to the lock_label enum
  • MINORhapee/modulesadd the ability to register variable and functions.
  • MEDIUMhapee/modules'modules list' on the cli shows currently loaded modules
  • MINORhapee/modulesterminate properly loaded modules if possible
  • MEDIUMhapee/modulesadd memory reservation support for the modules
  • MINORhapeechange URLs and EOL date for 2.4r1
  • BUILDhapee/modulesupdate HAPEE version macro to 2.5r1
  • BUILDhapee/modulesadd macros to compute numerical value of a HAPEE version
  • BUILDhapee/modulesadd version of the module in the defines
  • MEDIUMhapee/modulesadd modules support
×

About the new layout

For 2025, we're happy to introduce a redesigned HAProxy Configuration Manual!

The new manual enhances the user experience by providing more help for keywords, including more details about context, usage, and syntax. New search filters help you find keywords faster, with separate coverage for each variant.

If you would prefer to use the older layout click here.