Summary
2024/04/25 : 2.9r1 (1.0.0-321.332)
- REGTESTS: cache: Add test on 'vary' other than accept-encoding
- BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding
2024/04/19 : 2.9r1 (1.0.0-320.330)
- BUG/MINOR: server: fix slowstart behavior
- BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached
- BUG/MEDIUM: spoe: Always retry when an applet fails to send a frame
- BUG/MEDIUM: applet: Fix applet API to put input data in a buffer
- BUG/MEDIUM: evports: do not clear returned events list on signal
- BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered
- BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses
- MINOR: net_helper: Add support for floats/doubles.
- CI: revert kernel addr randomization introduced in 3a0fc864
- BUG/MAJOR: stick-tables: fix race with peers in entry expiration
- BUG/MEDIUM: peers/trace: fix crash when listing event types
- BUILD: cache: fix non-inline vs inline declaration mismatch to silence a warning
- BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented
- BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values
- BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection
- CLEANUP: log: lf_text_len() returns a pointer not an integer
- BUG/MINOR: log: invalid snprintf() usage in sess_build_logline()
- BUG/MINOR: tools/log: invalid encode_{chunk,string} usage
- BUG/MINOR: log: fix lf_text_len() truncate inconsistency
- BUG/MINOR: listener: always assign distinct IDs to shards
- BUG/MEDIUM: quic: don't blindly rely on unaligned accesses
- BUG/MINOR: cli: Report an error to user if command or payload is too big
- BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe
- BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
- BUG/MAJOR: server: do not delete srv referenced by session
- MINOR: session: rename private conns elements
- BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
- BUG/MAJOR: ocsp: Separate refcount per instance and per store
- MEDIUM: ssl: initialize the SSL stack explicitely
- BUG/MEDIUM: quic: fix connection freeze on post handshake
- MEDIUM: htx/http-ana: No longer close connection on early HAProxy response
- MAJOR: mux-h1: Drain requests on client side before shut a stream down
- MINOR: mux-h1: Move all stuff to detach a stream in an internal function
- MINOR: mux-h1: Move checks performed before a shutdown in a dedicated function
- BUG/MEDIUM: server: fix dynamic servers initial settings
- BUG/MINOR: init: relax LSTCHK_NETADM checks for non root
- BUG/MINOR: proxy: fix logformat expression leak in use_backend rules
2024/04/04 : 2.9r1 (1.0.0-320.293)
- MINOR: hapee: Update list of dropped commits
- BUG/MEDIUM: stick-table: use the update lock when reading tables from peers
- BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty
- BUG/MINOR: backend: properly handle redispatch 0
- BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task
- BUG/MINOR: log/balance: detect if user tries to use unsupported algo
- DOC: config: balance 'first' not usable in LOG mode
- BUG/MINOR: server: ignore 'enabled' for dynamic servers
- MINOR: server: allow cookie for dynamic servers
- BUG/MINOR: server: fix persistence cookie for dynamic servers
- BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities
- BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
- BUILD: ssl: fix build error on older compilers with openssl-3.2
- BUG/MINOR: server: 'source' interface ignored from 'default-server' directive
- OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
- BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block
- BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet
- BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
- BUG/MINOR: session: ensure conn owner is set after insert into session
- BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
- CI: temporarily adjust kernel entropy to work with ASAN/clang
- BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop
- BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout
- BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
- BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release
- BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
- MINOR: hlua: use accessors for stream hlua ctx
- DEBUG: lua: precisely identify if stream is stuck inside lua or not
- BUG/MINOR: hlua: fix missing lock in hlua_filter_delete()
- BUG/MINOR: hlua: missing lock in hlua_filter_new()
- BUG/MINOR: hlua: segfault when loading the same filter from different contexts
- CI: github: add -DDEBUG_LIST to the default builds
- BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()
- DOC: configuration: clarify ciphersuites usage (V2)
- BUILD: solaris: fix compilation errors
- MINOR: quic: always use ncbuf for rx CRYPTO
- BUG/MEDIUM: quic: fix handshake freeze under high traffic
- BUG/MINOR: cfgparse: report proper location for log-format-sd errors
- BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description
- CI: skip scheduled builds on forks
- BUG/MINOR: sink: fix a race condition in the TCP log forwarding code
- BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe()
- BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume()
- BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()
- BUG/MINOR: hlua: improper lock usage in hlua_filter_new()
- BUG/MINOR: hlua: improper lock usage in hlua_filter_callback()
- BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load
- BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts
- BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack
- BUG/MINOR: tools: seed the statistical PRNG slightly better
- MINOR: hlua: Be able to disable logging from lua
- BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel
- BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener
- DOC: configuration: clarify ciphersuites usage
- BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego
- LICENSE: http_ext: fix GPL license version
- LICENSE: event_hdl: fix GPL license version
- BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
- BUG/MINOR: ist: only store NUL byte on succeeded alloc
- BUG/MINOR: quic: fix output of show quic
- BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
- MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
- BUG/MAJOR: server: fix stream crash due to deleted server
- BUG/MINOR: stats: drop srv refcount on early release
- BUG/MINOR: ist: allocate nul byte on istdup
- MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support
- DOC: quic: fix recommandation for bind on multiple address
- BUG/MEDIUM: quic: fix transient send error with listener socket
- BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data
- BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets
- BUG/MEDIUM: applet: Immediately free appctx on early error
- DOC: quic: Missing tuning setting in "Global parameters"
- BUG/MINOR: qpack: reject invalid dynamic table capacity
- BUG/MINOR: qpack: reject invalid increment count decoding
- BUG/MINOR: quic: reject HANDSHAKE_DONE as server
- BUG/MINOR: quic: reject unknown frame type
- MINOR: connection: add sample fetches to report per-connection glitches
- MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
- MINOR: connection: add a new mux_ctl to report number of connection glitches
- MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection
- MINOR: mux-h2: always use h2c_report_glitch()
- MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch
- MINOR: mux-h2: count excess of CONTINUATION frames as a glitch
- BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control
- MINOR: mux-h2: add a counter of "glitches" on a connection
- BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
- BUG/MAJOR: promex: fix crash on deleted server
- BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
- BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
- BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
- BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
- MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
- BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
- MINOR: muxes: Announce support for zero-copy forwarding on consumer side
- MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
- MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
- CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
- BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
- BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
- MINOR: quic: Add a counter for reordered packets
- MINOR: quic: Dynamic packet reordering threshold
- MINOR: quic: Update K CUBIC calculation (RFC 9438)
- BUG/MEDIUM: quic: Wrong K CUBIC calculation.
- BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
- BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
- BUILD: address a few remaining calloc(size, n) cases
- CI: Update to actions/cache@v4
- BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
- BUG/MINOR: vars/cli: fix missing LF after "get var" output
- DOC: internal: update missing data types in peers-v2.0.txt
- DOC: config: fix misplaced "bytes_{in,out}"
- DOC: config: fix typos for "bytes_{in,out}"
- DOC: config: fix misplaced "txn.conn_retries"
- DOC: install: recommend pcre2
- REGTESTS: ssl: Add OCSP related tests
- REGTESTS: ssl: Fix empty line in cli command input
- BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
- BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
- BUG/MEDIUM: ocsp: Separate refcount per instance and per store
- MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
- BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
- BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
2024/04/04 : 2.9r1 (1.0.0-319.171)
- MINOR: ssl: Call callback function after loading SSL CRL data
2024/02/27 : 2.9r1 (1.0.0-315.170)
- MINOR: hapee: add a .hapee directory to list backporting notes
- MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
- BUILD: debug: remove leftover parentheses in ABORT_NOW()
- MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
- MINOR: debug: make sure calls to ha_crash_now() are never merged
- MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
- MINOR: quic: Stop using 1024th of a second.
- BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
- CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
- BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
- BUILD: quic: Variable name typo inside a BUG_ON().
- BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
- BUG/MINOR: diag: run the final diags before quitting when using -c
- BUG/MINOR: diag: always show the version before dumping a diag warning
- REGTESTS: promex: Adapt script to be less verbose
- MEDIUM: promex: Add support for filters on metric names
- MINOR: promex: Always pass the final name and description to promex_dmp_ts()
- MINOR: promex: Rename dump functions to use the right wording
- MEDIUM: promex/resolvers: Dump resolvers metrics via a promex module
- MEDIUM: promex/stick-table: Dump stick-table metrics via a promex module
- MEDIUM: promex: Dump metrics of registered modules with a way to filter them
- MEDIUM: promex: Add a registration mechanism to support modules
- MINOR: promex: Remove unsued htx parameter when a metric is dumped
- MEDIUM: promex: Simplify the context using generic pointers for restart points
- MINOR: promex: Always limit the number of labels dumped for each metric
- DOC: promex: Add documentation about extra-counters
- MEDIUM: promex: Dump listeners extra counters if requested
- MEDIUM: promex: Dump servers extra counters if requested
- MEDIUM: promex: Dump backends extra counters if requested
- MEDIUM: promex: Dump frontends extra counters if requested
- MINOR: promex: Add info in the promex context to dump extra counters
- MINOR: promex: Add a param to override the description when a metric is dumped
- MEDIUM: stats: Be able to access a specific field into a stats module
- MINOR: stats: Be able to access to registered stats modules from anywhere
- MINOR: promex: Export active/backup metrics per-server
- MINOR: promex: Add support for specialized front/back/li/srv metric names
- MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions
- MEDIUM: tcp-act: <expr> support for set-fc-{mark,tos} actions
- MINOR: hlua: Rename set_{tos, mark} to set_fc_{tos, mark}
- MINOR: tcp-act: Rename "set-{mark,tos}" to "set-fc-{mark,tos}"
- MINOR: tcp_act: fix alphabetical ordering of tcp request content actions
- OPTIM: connection: progressive hash for conn_calculate_hash()
- CLEANUP: connection: remove obsolete comment in header file
- BUG/MEDIUM: h1: always reject the NUL character in header values
- BUG/MINOR: h1-htx: properly initialize the err_pos field
- DOC: httpclient: add dedicated httpclient section
- BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
- BUG/MINOR: h1: Don't support LF only at the end of chunks
- BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
- BUG/MEDIUM: qpack: allow 6xx..9xx status codes
- BUG/MEDIUM: h3: do not crash on invalid response status code
- MINOR: h3: add traces for stream sending function
- BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
- DOC: configuration: clarify http-request wait-for-body
- BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
- MINOR: quic: extract qc_stream_buf free in a dedicated function
- MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
- CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
- BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
- BUG/MEDIUM: cache: Fix crash when deleting secondary entry
- BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
- BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
- BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
- MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
- BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
- DOC: configuration: fix set-dst in actions keywords matrix
- BUG/MINOR: h3: fix checking on NULL Tx buffer
- BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
- BUG/MINOR: mux-h2: also count streams for refused ones
- BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
- BUILD: quic: missing include for quic_tp
- DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
- REGTESTS: add a test to ensure map-ordering is preserved
- BUG/MINOR: map: list-based matching potential ordering regression
- CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
- MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
- MINOR: ot: logsrv struct becomes logger
- MINOR: mux-h2: support limiting the total number of H2 streams per connection
- BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
- BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego
- BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable
- BUG/MEDIUM: h3: fix incorrect snd_buf return value
- BUILD: quic: Missing quic_ssl.h header protection
- CLEANUP: quic: Remaining useless code into server part
- REGTESTS: check attach-srv out of order declaration
- MINOR: debug: add features and build options to "show dev"
- MINOR: global: export a way to list build options
- CI: use semantic version compare for determing "latest" OpenSSL
- BUG/MINOR: h3: disable fast-forward on buffer alloc failure
- BUG/MINOR: h3: close connection on sending alloc errors
- BUG/MINOR: h3: properly handle alloc failure on finalize
- MINOR: h3: add traces for connection init stage
- BUG/MINOR: h3: close connection on header list too big
- MINOR: h3: check connection error during sending
- BUG/MINOR: quic: Missing call to TLS message callbacks
- BUG/MINOR: quic: Wrong keylog callback setting.
- BUG/MINOR: mux-quic: disable fast-fwd if connection on error
- BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
- DOC: fix typo for fastfwd QUIC option
- BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event
- MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype
- MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage
- BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
- MINOR: stats: store the parent proxy in stats ctx (http)
- BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error
- BUG/MINOR: server: Use the configured address family for the initial resolution
2024/01/17 : 2.9r1 (1.0.0-311.64)
- HAPEE: udp: update structs and functions required for the UDP module
- MEDIUM: udp: allow to retrieve the frontend destination address
- MINOR: tcpcheck: export proxy_parse_tcpcheck()
- MINOR: backend: export get_server_*() functions
- BUILD: hapee/addons: fix build without USE_QUIC=1
- HAPEE: makefile: automatically build objects in addons/hapee_*
- HAPEE: makefile: update the cleanup rule to also remove *.i from addons
- HAPEE: addons: quic CID in -vv
- HAPEE: addons: adds quic CID generator to interop with packetshield
- MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function
- MINOR: hapee/WURFL: added live update database function
- MINOR: hapee/WURFL: added custom API log function
- MINOR: hapee/WURFL: added function to check correct module initialization
- BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library
- BUILD: hapee/da: repaired build in case of using old DeviceAtlas library
- MINOR: hapee/da: add function that allow data reload
- MINOR: hapee/da: add spin locking
- MINOR: hapee/da: add support for loading a precompiled json data
- MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode."
- MINOR: hapee/51d: add function that returns path to 51Degrees data file
- MINOR: hapee/51d: add function that allow data reload
- BUG/MINOR: hapee/51d: add spin locking
- BUILD: hapee/51d: fix error when building with 51Degrees enabled
- BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded
- MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset
- DOC: config: Update documentation about local haproxy response
- BUG/MINOR: resolvers: default resolvers fails when network not configured
- DOC: config: also add arguments to the converters in the table
- DOC: config: add arguments to sample fetch methods in the table
- BUG/MEDIUM: mux-quic: report early error on stream
- BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
- CLEANUP: mux-h1: Fix a trace message about C-L header addition
- BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally
- BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
- BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side
- BUG/MEDIUM: quic: QUIC CID removed from tree without locking
- BUG/MINOR: ext-check: cannot use without preserve-env
- BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
- BUILD: ssl: update types in wolfssl cert selection callback
- BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
- BUG/MINOR: mworker/cli: fix set severity-output support
- DOC: configuration: typo req.ssl_hello_type
- BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
- BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
- MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
- BUG/MINOR: ssl: Double free of OCSP Certificate ID
- MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules
- MINOR: hapee/modules: check if we generate the API hash correctly
- BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk
- BUG/MINOR: hapee/modules: initialize the module head list
- BUILD: hapee/modules: select either md5 or md5sum
- MEDIUM: hapee/modules: load the STG_REGISTER initcalls
- BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure
- MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum
- MINOR: hapee/modules: add the ability to register variable and functions.
- MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules
- MINOR: hapee/modules: terminate properly loaded modules if possible
- MEDIUM: hapee/modules: add memory reservation support for the modules
- MINOR: hapee: change URLs for 2.9r1
- BUILD: hapee/modules: update HAPEE version macro to 2.9r1
- BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version
- BUILD: hapee/modules: add version of the module in the defines
- MEDIUM: hapee/modules: add modules support
- MINOR: version: mention that it's stable now
HAPEE-LB 2.9r1 – Changelog