HAPEE-LB

Changelog

version 1.7r2



2019/03/12 : 1.7r2 (2.0.0-186.1028) - BUG/MAJOR: stream: avoid double free on unique_id - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded 2019/02/06 : 1.7r2 (2.0.0-186.1026) - BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules - BUG/MINOR: spoe: corrected fragmentation string size - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT. - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key - DOC: http-request cache-use / http-response cache-store expects cache name - BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred - BUG/MINOR: lua: bad args are returned for Lua actions - BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything - BUG/MEDIUM: server: Also copy "check-sni" for server templates. - DOC: refer to check-sni in the documentation of sni - DOC: clarify that check-sni needs an argument. - BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed - BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name - BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer - BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic - BUG/MINOR: only mark connections private if NTLM is detected - DOC: cache: Missing information about "total-max-size" - BUG/MINOR: ssl: Wrong usage of shctx_init(). - BUG/MINOR: cache: Wrong usage of shctx_init(). - BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present - BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). - BUG/MINOR: stream: don't close the front connection when facing a backend error - SCRIPTS: add the issue tracker URL to the announce script - SCRIPTS: add the slack channel URL to the announce script - BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit - DOC: mention the effect of nf_conntrack_tcp_loose on src/dst - BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk() - BUG/MINOR: server: don't always trust srv_check_health when loading a server state - BUG/MINOR: stick_table: Prevent conn_cur from underflowing - BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit - BUG/MINOR: backend: balance uri specific options were lost across defaults - BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file - BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify() - BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error - DOC: restore note about "independant" typo - DOC: Update configuration doc about the maximum number of stick counters. - BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() - BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response() - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() - BUG: dns: Prevent out-of-bounds read in dns_read_name() - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name - MINOR: stats: report the number of active jobs and listeners in "show info" - BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. - BUG/MINOR: config: Copy default error messages when parsing of a backend starts - DOC: fix reference to map files in MAINTAINERS - MINOR: peers: use defines instead of enums to appease clang. - MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. - MINOR: server: Use memcpy() instead of strncpy(). - BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2. - DOC: clarify force-private-cache is an option - BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4 - BUG/MEDIUM: hlua: Make sure we drain the output buffer when done. - BUG/MEDIUM: lua: reset lua transaction between http requests - DOC: Fix spelling error in configuration doc - BUG/MINOR: map: fix map_regm with backref - BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload. - BUG/MEDIUM: cache: don't cache when an Authorization header is present - BUG/MINOR: ssl: empty connections reported as errors. - BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle. - BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers - BUG/MINOR: servers: Don't make "server" in a frontend fatal. - BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections - BUG/MEDIUM: lua: socket timeouts are not applied - BUG/MINOR: lua: Bad HTTP client request duration. - BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error. - BUILD: Generate sha256 checksums in publish-release - BUG/MAJOR: map: fix a segfault when using http-request set-map - SCRIPTS: git-show-backports: add missing quotes to "echo" - BUG/MINOR: config: stick-table is not supported in defaults section - BUG/MEDIUM: stats: don't ask for more data as long as we're responding - BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full - BUG/MINOR: lua: Segfaults with wrong usage of types. - BUG/MAJOR: lua: Dead lock with sockets - MINOR: task/notification: Is notifications registered ? - BUG/MEDIUM: lua/socket: Length required read doesn't work - BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation - BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments. 2018/05/18 : 1.7r2 (2.0.0-183.944) - BUG/MINOR: spoe: Mistake in error message about SPOE configuration - BUG/MINOR: lua: ensure large proxy IDs can be represented - BUG/MINOR: map: correctly track reference to the last ref_elt being dumped - BUG/MINOR: checks: Fix check->health computation for flapping servers 2018/04/30 : 1.7r2 (2.0.0-183.940) - BUG/MINOR: spoe: Fix parsing of dontlog-normal option - BUG/MINOR: spoe: Fix counters update when processing is interrupted - BUG/MINOR: config: disable http-reuse on TCP proxies - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers - CLEANUP: ssl: Remove a duplicated #include - BUILD/MINOR: fix Lua build on Mac OS X (again) - MINOR/BUILD: fix Lua build on Mac OS X - CLEANUP: Fix typo in ARGT_MSK6 comment - CLEANUP: sample: Fix outdated comment about sample casts functions - CLEANUP: sample: Fix comment encoding of sample.c - BUG/MINOR: poll: too large size allocation for FD events - DOC: clarify the scope of ssl_fc_is_resumed 2018/04/19 : 1.7r2 (2.0.0-183.927) - DOC: lua: update the links to the config and Lua API - BUILD: sample: avoid build warning in sample.c - MEDIUM: sample: Extend functionality for field/word converters - MINOR: proxy: Add fe_defbe fetcher - MINOR: cli: Ensure the CLI always outputs an error when it should - BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE - BUG/MINOR: http: Return an error in proxy mode when url2sa fails - BUG/MAJOR: cache: always initialize newly created objects - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks - BUG/MINOR: cache: fix "show cache" output - BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values - BUG/MINOR: lua: the function returns anything - BUG/MINOR: cli: Ensure all command outputs end with a LF - DOC: don't suggest using http-server-close - DOC: log: more than 2 log servers are allowed - BUILD/BUG: enable -fno-strict-overflow by default - MINOR: log: stop emitting alerts when it's not possible to write on the socket - BUG/MINOR: email-alert: Set the mailer port during alert initialization - BUG/MINOR: tcp-check: use the server's service port as a fallback - BUG/MINOR: lua: return bad error messages - BUG/MINOR: spoa-example: unexpected behavior for more than 127 args - BUG/MINOR: cli: Fix a crash when sending a command with too many arguments - BUG/MINOR: seemless reload: Fix crash when an interface is specified. - BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically - BUG/MINOR: force-persist and ignore-persist only apply to backends - BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage - BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd" - BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs - BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list. - BUG/MINOR: session: Fix tcp-request session failure if handshake. - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk 2018/04/06 : 1.7r2 (2.0.0-183.895) - MINOR: spoe: Add counters to log info about SPOE agents - MINOR: spoe: use agent's logger to log SPOE messages - MINOR: spoe: Add support for option dontlog-normal in the SPOE agent section - MINOR: spoe: Add loggers dedicated to the SPOE agent - MINOR: spoe: Add options to store processing times in variables - MINOR: spoe: Add metrics in to know time spent in the SPOE - BUG/MINOR: spoe: Don't forget to decrement fpa when a processing is interrupted - BUG/MINOR: spoe: Register the variable to set when an error occurred - BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk - BUG/MINOR: spoe: Initialize variables used during conf parsing before any check - CLEANUP: spoe: Remove unused label retry - MINOR: log: move 'log' keyword parsing in dedicated function - BUG/MEDIUM: stream-int: Don't loss write's notifs when a stream is woken up - BUG/MEDIUM: srv-state: always ensure there's a warmup task before manipulating it 2018/03/01 : 1.7r2 (2.0.0-181.881) - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping 2018/02/22 : 1.7r2 (2.0.0-181.880) - MINOR: debug/pools: make DEBUG_UAF also detect underflows - BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF - MINOR: ssl/sample: adds ssl_bc_is_resumed fetch keyword. - MINOR: sample: add a new "concat" converter - DOC: cfgparse: Warn on option (tcp|http)log in backend - DOC: lua: new prototype for function "register_action()" - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible - BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable. - BUG/MINOR: config: don't emit a warning when global stats is incompletely configured - DOC: Mention -Ws in the list of available options - DOC: Describe routing impact of using interface keyword on bind lines - BUG/MEDIUM: standard: Fix memory leak in str2ip2() - MINOR: pools: implement DEBUG_UAF to detect use after free - MINOR: pools: prepare functions to override malloc/free in pools - BUILD: compiler: add a new type modifier __maybe_unused - MINOR: config: Add support for ARGT_MSK6 - MINOR: standard: Add str2mask6 function - BUG/MINOR: sample: Fix output type of c_ipv62ip - CLEANUP: standard: Use len2mask4 in str2mask 2018/02/06 : 1.7r2 (2.0.0-181.860) - MINOR: config: Enable tracking of up to MAX_SESS_STKCTR stick counters. - MINOR: stick-tables: Adds support for new "gpc1" and "gpc1_rate" counters. - MEDIUM: sample: Add IPv6 support to the ipmask converter - MINOR: spoe: Add max-waiting-frames directive in spoe-agent configuration - MEDIUM: spoe: Use an ebtree to manage idle applets - MINOR: spoe: Count the number of frames waiting for an ack for each applet - MINOR: spoe: Replace sending_rate by a frequency counter - MINOR: spoe: Always link a SPOE context with the applet processing it - MINOR: spoe: Remove check on min_applets number when a SPOE context is queued - BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side - BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns - MINOR: sample: add date_us sample - BUG/MINOR: mworker: only write to pidfile if it exists - BUG/MEDIUM: mworker: execvp failure depending on argv[0] - BUG/MEDIUM: ssl: cache doesn't release shctx blocks - BUG/MAJOR: netscaler: address truncated CIP header detection - BUG/MEDIUM: netscaler: use the appropriate IPv6 header size - BUG: MINOR: http: don't check http-request capture id when len is provided 2018/01/15 : 1.7r2 (2.0.0-181.842) - MINOR: sample: rename the "len" converter to "length" - MINOR: sample: add len converter - BUG/MEDIUM: stream: properly handle client aborts during redispatch - BUG/MINOR: lua: Fix return value of Socket.settimeout - DOC: lua: Fix typos in comments of hlua_socket_receive - BUG/MINOR: lua: Fix default value for pattern in Socket.receive - BUG/MEDIUM: http: don't automatically forward request close - BUG/MEDIUM: lua: fix crash when using bogus mode in register_service() - BUG/MEDIUM: http: don't disable lingering on requests with tunnelled responses - CONTRIB: iprange: Fix compiler warning in iprange.c - DOC: 1.7 is stable - MINOR: checks: don't create then kill a dummy connection before tcp-checks - MINOR: tcp-check: make tcpcheck_main() take a check, not a connection - MINOR: spoe: Don't queue a SPOE context if nothing is sent - MINOR: spoe: add register-var-names directive in spoe-agent configuration - MINOR: spoe: add force-set-var option in spoe-agent configuration - MINOR: don't close stdio anymore - BUG/MEDIUM: mworker: don't close stdio several time - DOC/MINOR: configuration: typo, formatting fixes - BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie" - BUG/MEDIUM: cache: respect the request cache-control header - BUG/MEDIUM: cache: replace old object on store - BUG/MEDIUM: cache: do not try to retrieve host-less requests from the cache - MINOR: http: add a function to check request's cache-control header field - BUG/MINOR: cache: do not force the TX_CACHEABLE flag before checking cacheability - BUG/MINOR: http: properly detect max-age=0 and s-maxage=0 in responses - BUG/MINOR: http: do not ignore cache-control: public - MINOR: http: start to compute the transaction's cacheability from the request - MINOR: http: update the list of cacheable status codes as per RFC7231 - MINOR: http: adjust the list of supposedly cacheable methods - CONTRIB: halog: Fix compiler warnings in halog.c - DOC/MINOR: intro: typo, wording, formatting fixes - BUG/MEDIUM: mworker: Set FD_CLOEXEC flag on log fd - MINOR: modules: Add the ability to register variable and functions. 2017/12/13 : 1.7r2 (2.0.0-181.808) - CONTRIB: halog: Add help text for -s switch in halog program - MINOR: mworker: Improve wording in `void mworker_wait()` - MINOR: mworker: Update messages referencing exit-on-failure - BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface - BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically. - BUG/MEDIUM: mworker: also close peers sockets in the master - CLEANUP: cache: more efficiently pack the struct cache 2017/12/11 : 1.7r2 (2.0.0-181.801) - MEDIUM: 51d: use fiftyoneDegreesProvider to access the pool and dataset 2017/12/05 : 1.7r2 (2.0.0-181.800) - Revert "BUG/MINOR: checks: Don't forget to release the connection on error case." - BUG/MINOR: ssl: support tune.ssl.cachesize 0 again - BUG/MINOR: action: Don't check http capture rules when no id is defined - BUG/MINOR: mworker: detach from tty when in daemon mode - BUG/MINOR: mworker: fix validity check for the pipe FDs - BUILD: config: fix accidental ha_warning() in cfgparse.c - MINOR: config: report when "monitor fail" rules are misplaced - BUILD: checks: don't include server.h - MAJOR: mworker: exits the master on failure - BUG/MINOR: systemd: ignore daemon mode - MEDIUM: mworker: Add systemd `Type=notify` support - MINOR: http: implement the "http-request reject" rule - BUG/MEDIUM: cache: bad computation of the remaining size - DOC: cache: update sections and fix some typos - DOC: cache: configuration and management - MEDIUM: cache: max-age configuration keyword - MINOR: cache: replace a fprint() by an abort() - MINOR: cache: move the refcount decrease in the applet release - BUG/MEDIUM: cache: free ressources in chn_end_analyze - MEDIUM: cache: store sha1 for hashing the cache key - BUG/MINOR: stream: fix tv_request calculation for applets - BUG/MEDIUM: cache fix cli_kws structure - BUG/MEDIUM: cache: refcount forbids to free the objects - BUG/MEDIUM: cache: use key=0 as a condition for freeing - MEDIUM: cache: "show cache" on the cli - CLEANUP: cache: reorder includes - CLEANUP: cache: remove wrong comment - MEDIUM: cache: enable the HTTP analysers - CLEANUP: cache: remove unused struct - BUG/MEDIUM: cache: free callback to remove from tree - BUG/MEDIUM: ssl: don't allocate shctx several time - MEDIUM: shctx: use unsigned int for len and block_count - MINOR: ssl: Handle early data with BoringSSL - MINOR: ssl: Handle reading early data after writing better. - MINOR: ssl: Don't disable early data handling if we could not write. - BUG/MINOR: ssl: Always start the handshake if we can't send early data. - MINOR: ssl: Make sure we don't shutw the connection before the handshake. - MINOR: SSL: Store the ASN1 representation of client sessions. - MINOR: config: Support partial ranges in cpu-map directive - MINOR: config: Add auto-increment feature for cpu-map - MINOR: standard: Add my_ffsl function to get the position of the bit set to one - MINOR: config: Export parse_process_number and use it wherever it's applicable - MINOR: config: Slightly change how parse_process_number works - MINOR: config: Support a range to specify processes in "cpu-map" parameter - MINOR: config: backport the new cpu-map parser - CONTRIB: spoa_example: remove SPOE enums that are useless for clients - CONTRIB: spoa_example: remove last dependencies on type "sample" - CONTRIB: spoa_example: remove bref, wordlist, cond_wordlist - CONTRIB: spoa_example: allow to compile outside HAProxy. - BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork. - BUG/MEDIUM: stream: always release the stream-interface on abort - BUG/MINOR: Use crt_base instead of ca_base when crt is parsed on a server line - BUG/MEDIUM: deinit: correctly deinitialize the proxy and global listener tasks - BUG/MINOR: listener: Allow multiple "process" options on "bind" lines - BUG/MAJOR: stream: ensure analysers are always called upon close - BUG/MEDIUM: deviceatlas: ignore not valuable HTTP request data - BUG/MEDIUM: stream: don't ignore res.analyse_exp anymore - MINOR: tests: add a python wrapper to test inherited fd - BUG/MEDIUM: mworker: does not close inherited FD - MINOR: cache: disable cache if shctx_row_data_append fail - MINOR: cache: forward data with headers - BUG/MEDIUM: cache: use msg->sov to forward header - BUG/MEDIUM: mworker: Fix re-exec when haproxy is started from PATH - MINOR: listeners: make listeners count consistent with reality - MINOR: listeners: new function create_listeners - MINOR: unix: remove the now unused proto_uxst.h file - MINOR: protocols: register the ->add function and stop calling them directly - MINOR: protocols: always pass a "port" argument to the listener creation - BUG/MEDIUM: mworker: does not deinit anymore - BUG/MEDIUM: mworker: wait again for signals when execvp fail - MINOR: mworker: display an accurate error when the reexec fail - CONTRIB: Wireshark dissector for HAProxy Peer Protocol. - DOC: peers: Add a first version of peers protocol v2.1. - BUG/MINOR: spoe: check buffer size before acquiring or releasing it - BUG/MEDIUM: cache: does not cache if no Content-Length - MEDIUM: http: always reject the "PRI" method - MINOR: peers: don't reference the incoming listener on outgoing connections - BUG/MAJOR: stream: in stream_free(), close the front endpoint and not the origin - CLEANUP: task: remove all initializations to TICK_ETERNITY after task_new() - DOC: Add note about encrypted password CPU usage - BUILD: use MAXPATHLEN instead of NAME_MAX. - MINOR: standard: Add memvprintf function - BUG/MINOR: mailers: Fix a memory leak when email alerts are released - MAJOR: dns: Refactor the DNS code - BUG/MINOR: lua: const attribute of a string is overridden - BUG/MINOR: tools: fix my_htonll() on x86_64 - MINOR: tools: make my_htonll() more efficient on x86_64 - MINOR: server: Handle weight increase in consistent hash. - BUG/MINOR: stream-int: don't set MSG_MORE on closed request path - BUG/MINOR: stream-int: don't set MSG_MORE on SHUTW_NOW without AUTO_CLOSE - CLEANUUP: checks: don't set conn->handle.fd to -1 - MINOR: connection: ensure conn_ctrl_close() also resets the fd - BUILD: shctx: do not depend on openssl anymore - BUILD: ssl: fix build of backend without ssl - MINOR: ssl: Handle sending early data to server. - MINOR: ssl: Spell 0x10101000L correctly. - MINOR: ssl: Handle session resumption with TLS 1.3 - BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched. - MINOR: ssl: Remove the global allow-0rtt option. - MINOR: ssl: Don't abuse ssl_options. - MINOR: ssl/proto_http: Add keywords to take care of early data. - BUILD: Makefile: disable -Wunused-label - BUG/MINOR: checks: Don't forget to release the connection on error case. - MEDIUM: ssl: Handle early data with OpenSSL 1.1.1 - MINOR: http: Mark the 425 code as "Too Early". - REORG: http: move the HTTP/1 header block parser to h1.c - REORG: http: move the HTTP/1 chunk parser to h1.{c,h} - REORG: http: move some very http1-specific parts to h1.{c,h} - MINOR: http: export some of the HTTP parser macros - BUILD: modules: update HAPEE version macro to 1.7r2 - MINOR: action: Add a functions to check http capture rules - MINOR: mworker: do not store child pid anymore in the pidfile - MINOR: mworker: write parent pid in the pidfile - MINOR: mworker: allow pidfile in mworker + foreground - MINOR: add master-worker in the warning about nbproc - BUG/MINOR: cli: add severity in "set server addr" parser - BUG/MINOR: cli: do not perform an invalid action on "set server check-port" - BUG/MAJOR: buffers: fix get_buffer_nc() for data at end of buffer - BUG/MEDIUM: cache: don't try to resolve wrong filters - BUILD: shctx: allow to be built without openssl - MINOR: cache: Don't confuse act_return and act_parse_ret. - MINOR: cache: Remove useless test for nonzero. - MEDIUM: cache: deliver objects from cache - MEDIUM: cache: store objects in cache - MEDIUM: cache: configuration parsing and initialization - MEDIUM: shctx: forbid shctx to read more than expected - BUG/MINOR: dns: Fix CLI keyword declaration - MEDIUM: spoe/rules: Process "send-spoe-group" action - MINOR: spoe: Add a generic function to encode a list of SPOE message - MINOR: spoe: Add a type to qualify the message list during encoding - MINOR: spoe: Move message encoding in its own function - MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules - MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file - MINOR: spoe: Check uniqness of SPOE engine names during config parsing - MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages - MINOR: acl: Pass the ACLs as an explicit parameter of build_acl_cond - MINOR: action: Factorize checks on rules calling check_ptr if defined - MINOR: action: Add function to check rules using an action ACT_ACTION_TRK_* - MINOR: action: Add a function pointer in act_rule struct to check its validity - MINOR: action: Use trk_idx instead of tcp/http_trk_idx - MINOR: action: Add trk_idx inline function - BUG/MINOR: spoa: Update pointer on the end of the frame when a reply is encoded - BUG/MINOR: spoe: Don't compare engine name and SPOE scope when both are NULL - MINOR: shctx: rename lock functions - MEDIUM: shctx: separate ssl and shctx - REORG: shctx: move ssl functions to ssl_sock.c - MEDIUM: shctx: allow the use of multiple shctx - REORG: shctx: move lock functions and struct - MEDIUM: lists: list_for_each_entry{_safe}_from functions - CLEANUP: shctx: get ride of the shsess_packet{_hdr} structures - MINOR: ssl: generated certificate is missing in switchctx early callback - MINOR: ssl: support Openssl 1.1.1 early callback for switchctx - MINOR: buffer: add the buffer input manipulation functions - MEDIUM: ssl: convert CBS (BoringSSL api) usage to neutral code - MINOR: hlua: Add regex class - MINOR: lua: add uuid to the Class Proxy - BUG/MEDIUM: prevent buffers being overwritten during build_logline() execution - MINOR: ssl: don't abort after sending 16kB - MEDIUM: cfgparse: post parsing registration - MEDIUM: cfgparse: post section callback - MINOR: sample: add the hex2i converter - MINOR: sample: add the sha1 converter - BUG/MINOR: unix: properly check for octal digits in the "mode" argument - BUILD: Makefile: improve detection of support for compiler warnings - BUILD: Makefile: shut certain gcc/clang stupid warnings - BUILD: Makefile: add a function to detect support by the compiler of certain options - TESTS: ist: add a test file for the functions - IMPORT: sha1: import SHA1 functions - BUG/MINOR: cli: restore "set ssl tls-key" command - BUG/MINOR: ssl: OCSP_single_get0_status can return -1 - BUG/MINOR: ssl: ocsp response with 'revoked' status is correct - MINOR: ssl: build with recent BoringSSL library - BUILD: ssl: support OPENSSL_NO_ASYNC #define - CONTRIB: trace: report the base name only for file names - CONTRIB: trace: try to display the function's return value on exit - CONTRIB: trace: add the possibility to place trace calls in the code - MINOR: channel: make the channel be a const in all {ci,co}_get* functions - MINOR: channel: make use of bo_getblk{,_nc} for their channel equivalents - REORG: channel: finally rename the last bi_* / bo_* functions - MINOR: buffer: make bo_getblk_nc() not return 2 for a full buffer - MINOR: buffer: add bo_getblk() and bo_getblk_nc() - MINOR: buffer: add buffer_space_wraps() - MINOR: buffer: add two functions to inject data into buffers - MINOR: buffer: add a function to match against string patterns - MINOR: buffer: add bo_del() to delete a number of characters from output - MINOR: buffer: add b_end() and b_to_end() - MINOR: buffer: add b_del() to delete a number of characters - MINOR: ist: implement very simple indirect strings - MINOR: chunks: add chunk_memcpy() and chunk_memcat() - MINOR: check: Fix checks when using SRV records. - BUG/MINOR: stats: Clear a bit more counters with in cli_parse_clear_counters(). - MINOR: checks: Add a new keyword to specify a SNI when doing SSL checks. - BUG/MEDIUM: ssl: fix OCSP expiry calculation - MINOR: server: add the srv_queue() sample fetch method - MINOR: compiler: restore the likely() wrapper for gcc 5.x - TESTS: checks: add a simple test config for tcp-checks - TESTS: checks: add a simple test config for external checks - BUG/MINOR: contrib/modsecurity: close the va_list ap before return - BUG/MINOR: contrib/mod_defender: close the va_list argp before return - MINOR: ssl: Remove useless checks on bind_conf or bind_conf->is_ssl - BUG/MINOR: dns: Fix check on nameserver in snr_resolution_cb - BUG/MINOR: spoe: Don't rely on SPOE ctx in debug message when its creation failed - MINOR: add severity information to cli feedback messages - MINOR: cli: add socket commands and config to prepend informational messages with severity - MINOR: net_helper: Inline functions meant to be inlined. - MINOR: ssl: rework smp_fetch_ssl_fc_cl_str without internal ssl use - CLEANUP: memory: Remove unused function pool_destroy - DOC: Add note about "* " prefix in CSV stats - MINOR: ssl: remove duplicate ssl_methods in struct bind_conf - DOC: Refer to Mozilla TLS info / config generator - DOC: add CLI info on privilege levels - BUG/MINOR: stream-int: don't check the CO_FL_CURR_WR_ENA flag - OPTIM: lua: don't add "Connection: close" on the response - OPTIM: lua: don't use expensive functions to parse headers in the HTTP applet - MINOR: lua: properly process the contents of the content-length field - BUG/MEDIUM: dns: fix accepted_payload_size parser to avoid integer overflow - BUG/MINOR: dns: wrong resolution interval lead to 100% CPU - CLEANUP: dns: remove duplicated code in dns_validate_dns_response() - CLEANUP: dns: remove duplicated code in dns_resolve_recv() - MINOR: dns: make SRV record processing more verbose - MINOR: dns: automatic reduction of DNS accpeted payload size - MINOR: dns: Maximum DNS udp payload set to 8192 - BUG/MINOR: dns: server set by SRV records stay in "no resolution" status - BUG/MINOR: Wrong type used as argument for spoe_decode_buffer(). - MINOR: dns: default "hold obsolete" timeout set to 0 - MINOR: dns: enabled edns0 extension and make accpeted payload size tunable - MINOR: dns: new dns record type (RTYPE) for OPT - MINOR: dns: enable caching of responses for server set by a SRV record - MINOR: dns: ability to use a SRV resolution for multiple backends - MINOR: dns: make debugging function dump_dns_config() compatible with SRV records - MINOR: dns: duplicate entries in resolution wait queue for SRV records - MINOR: dns: update dns response buffer reading pointer due to SRV record - MINOR: dns: update record dname matching for SRV query types - MINOR: dns: Update analysis of TRUNCATED response for SRV records - MINOR: init: Fix CPU affinity setting on FreeBSD. - CLEANUP: raw_sock: Use a better name for the constructor than __ssl_sock_deinit() - BUILD/MINOR: build without openssl still broken - BUILD: ssl: replace SSL_CTX_get0_privatekey for openssl < 1.0.2 - MINOR: doc: Document SRV label usage. - MINOR: dns: Handle SRV records. - Add a few functions to do unaligned access. - MINOR: obj: Add a new type of object, OBJ_TYPE_SRVRQ. - MINOR: dns: Cache previous DNS answers. - MINOR: ssl: allow to start without certificate if strict-sni is set - MINOR: Add server port field to server state file. - BUG/MEDIUM: ssl: Fix regression about certificates generation - MINOR: ssl: add "no-ca-names" parameter for bind - BUG/MEDIUM: stream: don't retry SSL connections which fail the SNI name check - MINOR: ssl: add a new error codes for wrong server certificates - BUG/MINOR: ssl: make use of the name in SNI before verifyhost - BUG/MINOR: ssl: Fix check against SNI during server certificate verification - MINOR: task: always preinitialize the task's timeout in task_init() - MINOR: samples: Don't allocate memory for SMP_T_METH sample when method is known - MINOR: samples: Handle the type SMP_T_METH in smp_is_safe and smp_is_rw - MINOR: samples: Handle the type SMP_T_METH when we duplicate a sample in smp_dup - MINOR: memory: remove macros - BUILD: ssl: fix compatibility with openssl without TLSEXT_signature_* - MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy - BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3 - BUG/MINOR: contrib/mod_defender: build fix - BUG/MINOR: contrib/modsecurity: BSD build fix - BUG/MINOR: http: Fix bug introduced in previous patch in http_resync_states - MINOR: http: Rely on analyzers mask to end processing in forward_body functions - BUG/MINOR: Lua: variable already initialized - BUG/MINOR: Prevent a use-after-free on error scenario on option "-x". - OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer - MINOR: ssl: compare server certificate names to the SNI on outgoing connections - BUG/MAJOR: http: fix buffer overflow on loguri buffer. - MINOR: compression: Use a memory pool to allocate compression states - BUG/MEDIUM: mworker: don't reuse PIDs passed to the master - MINOR: mworker: don't copy -x argument anymore in copy_argv() - BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0 - CONTRIB: plug qdiscs: Plug queuing disciplines mini HOWTO. - BUILD: scripts: add a "quiet" mode to publish-release - BUILD: scripts: add an automatic mode for publish-release - BUILD: scripts: make publish-release support bare repositories - BUG/MEDIUM: misplaced exit and wrong exit code - BUG/MINOR: warning: need_resend may be used uninitialized - BUG/MEDIUM: build without openssl broken - BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler - BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine - BUG/MAJOR: ssl: fix segfault on connection close using async engines. - MEDIUM: ssl: disable SSLv3 per default for bind - MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list - MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table - REORG: ssl: move defines and methodVersions table upper - CLEANUP: connection: remove unused CO_FL_WAIT_DATA - MINOR: tools: make debug_hexdump() take a string prefix - MINOR: tools: make debug_hexdump() use a const char for the string - CLEANUP: str2mask return code comment: non-zero -> zero. - MINOR: Add Mod Defender integration as contrib - BUILD: ssl: fix build with OPENSSL_NO_ENGINE - MEDIUM: systemd: Type=forking in unit file - DOC: add documentation for the master-worker mode - MAJOR/REORG: dns: DNS resolution task and requester queues - MINOR: dns: introduce roundrobin into the internal cache (WIP) - MINOR: dns: make 'ancount' field to match the number of saved records - MINOR: dns: implement a LRU cache for DNS resolutions - MAJOR: dns: save a copy of the DNS response in struct resolution - MINOR: dns: new snr_check_ip_callback function - REORG: dns: dns_option structure, storage of hostname_dn - MINOR: dns: parse_server() now uses srv_alloc_dns_resolution() - MINOR: dns: functions to manage memory for a DNS resolution structure - MINOR: dns: smallest DNS fqdn size - CLEANUP: server.c: missing prototype of srv_free_dns_resolution - MAJOR: systemd-wrapper: get rid of the wrapper - MEDIUM: mworker: workers exit when the master leaves - MEDIUM: mworker: exit-on-failure option - MEDIUM: mworker: try to guess the next stats socket to use with -x - MEDIUM: mworker: wait mode on reload failure - MEDIUM: mworker: handle reload and signals - MEDIUM: mworker: replace systemd mode by master worker mode - MINOR: boringssl: basic support for OCSP Stapling - MEDIUM: ssl: handle multiple async engines - MAJOR: ssl: add openssl async mode support - MEDIUM: ssl: add basic support for OpenSSL crypto engine - CLEANUP: retire obsoleted USE_GETSOCKNAME build option - MEDIUM: ssl: ssl-min-ver and ssl-max-ver compatibility. - MEDIUM: ssl: add ssl-min-ver and ssl-max-ver parameters for bind and server - MINOR: ssl: show methods supported by openssl - MINOR: ssl: support TLSv1.3 for bind and server - MEDIUM: ssl: calculate the real min/max TLS version and find holes - MEDIUM: ssl: ssl_methods implementation is reworked and factored for min/max tlsxx - MEDIUM: ssl: revert ssl/tls version settings relative to default-server. - MINOR: ssl: add prefer-client-ciphers - BUG/MINOR: contrib/mod_security: fix build on FreeBSD - CONTRIB: tcploop: add action "X" to execute a command - BUG/MINOR: ssl: fix warnings about methods for opensslv1.1. - MINOR: Add ModSecurity wrapper as contrib - MINOR: proto-http: Add sample fetch wich returns all HTTP headers - MINOR: Add binary encoding request header sample fetch - REORG: spoe: move spoe_encode_varint / spoe_decode_varint from spoe to common - BUG/MINOR: change header-declared function to static inline - CLEANUP: lua: remove test - BUILD/MINOR: tools: fix build warning in debug_hexdump() - CLEANUP: server: moving netinet/tcp.h inclusion - MINOR: http: Add debug messages when HTTP body analyzers are called - MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request - CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions - CLEANUP: buffers: Remove buffer_bounce_realign function - CLEANUP: http: Remove channel_congested function - CLEANUP: time: curr_sec_ms doesn't need to be exported - MEDIUM: kqueue: only set FD_POLL_IN when there are pending data - MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy - MINOR: kqueue: exclusively rely on the kqueue returned status - BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl - BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility - CLEANUP: connection: completely remove CO_FL_WAKE_DATA - MEDIUM: connection: don't test for CO_FL_WAKE_DATA - TESTS: add a test configuration to stress handshake combinations - CLEANUP: http: make http_server_error() not set the status anymore - MINOR: http-request tarpit deny_status. - MEDIUM: http_error_message: txn->status / http_get_status_idx. - CLEANUP: Remove comment that's no longer valid - DOC: spoe: Update SPOE documentation to reflect recent changes - MINOR: spoe: Add "max-frame-size" statement in spoe-agent section - MINOR: spoe: Add "send-frag-payload" option in spoe-agent section - MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing - MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section - MINOR: spoe: Add support of negation for options in SPOE configuration file - MINOR: spoe: Improve implementation of the payload fragmentation - REORG: spoe: Move low-level encoding/decoding functions in dedicated header file - REORG: spoe: Move struct and enum definitions in dedicated header file - MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames - MAJOR: spoe: refactor the filter to clean up the code - MINOR: spoe: Add support for fragmentation capability in the SPOA example - MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames - MINOR: spoe: Use the min of all known max_frame_size to encode messages - MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer - MINOR: spoe: Check the scope of sample fetches used in SPOE messages - MINOR: spoe: Send a log message when an error occurred during event processing - MINOR: spoe: Add status code in error variable instead of hardcoded value - MINOR: spoe: Remove SPOE details from the appctx structure - MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example - MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents - MINOR: ssl: improved cipherlist captures - BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls - MEDIUM: ssl: add new sample-fetch which captures the cipherlist - BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored. - MEDIUM: ssl: remove ssl-options from crt-list - BUILD: ssl: fix build with -DOPENSSL_NO_DH - MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation. - BUG/MEDIUM: ssl: fix verify/ca-file per certificate - MEDIUM: boringssl: support native multi-cert selection without bundling - BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw() - BUILD: ssl: kill a build warning introduced by BoringSSL compatibility - BUILD: ssl: fix to build (again) with boringssl - MINOR: ssl: add curve suite for ECDHE negotiation - MAJOR: ssl: bind configuration per certificat - MINOR: ssl: don't show prefer-server-ciphers output - MINOR: compression: fix -vv output without zlib/slz - BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL - MINOR: tools: add a generic hexdump function for debugging - MEDIUM: regex: pcre2 support - CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c - CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback - MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() - MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops - CLEANUP: connection: unexport raw_sock and ssl_sock - CLEANUP: connection: remove all direct references to raw_sock and ssl_sock - MINOR: connection: add a minimal transport layer registration system - MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() - MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops - MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf() - MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops - MEDIUM: ssl: remote the proxy argument from most functions - MEDIUM: move listener->frontend to bind_conf->frontend - MINOR: listener: move the transport layer pointer to the bind_conf - MEDIUM: spoe: don't create a dummy listener for outgoing connections - MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock - MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock - MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock - MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock - Revert "MEDIUM: ssl: add new sample-fetch which captures the cipherlist" - MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock - CLEANUP: da: move global settings out of the global section - CLEANUP: 51d: move global settings out of the global section - CLEANUP: da: register the deinitialization function - CLEANUP: 51d: register the deinitialization function - CLEANUP: wurfl: register the deinit function via the dedicated list - CLEANUP: auth: use the build options list to report its support - MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c - CLEANUP: compression: use the build options list to report the algos - CLEANUP: wurfl: move global settings out of the global section - CLEANUP: da: make use of the late init registration code - CLEANUP: 51d: make use of the late init registration - CLEANUP: wurfl: make use of the late init registration - CLEANUP: filters: use the function registration to initialize all proxies - CLEANUP: checks: make use of the post-init registration to start checks - CLEANUP: ssl: use the build options list to report the SSL details - CLEANUP: regex: use the build options list to report the regex type - CLEANUP: lua: use the build options list to report it - CLEANUP: tcp: use the build options list to report transparent modes - CLEANUP: namespaces: use the build options list to report it - CLEANUP: da: use the build options list to report it - CLEANUP: 51d: use the build options list to report it - CLEANUP: wurfl: use the build options list to report it - MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools - BUG/MINOR: lua: memleak when Lua/cli fails - MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union - MINOR: appctx/cli: remove the "server_state" entry from the appctx union - MINOR: appctx/cli: remove the "dns" entry from the appctx union - MINOR: appctx/cli: remove the "be" entry from the appctx union - MINOR: appctx/cli: remove the env entry from the appctx union - MINOR: appctx/cli: remove the cli_socket entry from the appctx union - CLEANUP: stats: move a misplaced stats context initialization - CLEANUP: applet: group all CLI contexts together - MINOR: lua/signals: Remove Lua part from signals. - MEDIUM: lua: use memory pool for hlua struct in applets - CLEANUP: lua: rename one of the lua appctx union - CLEANUP: applet: remove the now unused appctx->private field - CLEANUP: applet/table: add an "action" entry in ->table context - CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context - MINOR: cli: Remove useless call to bi_putchk - MINOR: dns: improve DNS response parsing to use as many available records as possible - MINOR: log: Add logurilen tunable. - MEDIUM: proxy: zombify proxies only when the expose-fd socket is bound - MINOR: sample: Add b64dec sample converter - MINOR: server: cli: Add server FQDNs to server-state file and stats socket. - BUG/MINOR: server: Fix a wrong error message during 'usesrc' keyword parsing. - BUILD/MINOR: stats: remove unexpected argument to stats_dump_json_header() - MEDIUM: stats: Add show json schema - MEDIUM: stats: Add JSON output option to show (info|stat) - BUILD/MINOR: 51d: fix warning when building with 51Degrees release version 3.2.12.12 - DOC: fix some typos - DOC: 51d: Updated git URL and instructions for getting Hash Trie data files. - DOC: 51d: add 51Degrees git URL that points to release version 3.2.12.12 - BUG/MAJOR: stream-int: don't re-arm recv if send fails - BUG/MEDIUM: http: Return an error when url_dec sample converter failed - BUG/MINOR: tcp-check: don't initialize then break a connection starting with a comment - BUG/MEDIUM: tcp-check: don't call tcpcheck_main() from the I/O handlers! - BUG/MINOR: tcp-check: don't quit with pending data in the send buffer - BUG/MEDIUM: tcp-check: properly indicate polling state before performing I/O - BUG/MEDIUM: tcp/http: set-dst-port action broken - BUG/MINOR: contrib/halog: fixing small memory leak - BUG/MINOR: log: fixing small memory leak in error code path. - BUG/MINOR: compression: Check response headers before http-response rules eval - BUG/MEDIUM: compression: Fix check on txn in smp_fetch_res_comp_algo - BUG/MINOR: Lua: The socket may be destroyed when we try to access. - BUG/MEDIUM: http: Close streams for connections closed before a redirect - BUG/MEDIUM: epoll: ensure we always consider HUP and ERR - BUG/MEDIUM: http: Fix a regression bug when a HTTP response is in TUNNEL mode - BUG/MEDIUM: stream: properly set the required HTTP analysers on use-service - BUG/MEDIUM: lua: HTTP services must take care of body-less status codes - BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions. - BUG/MEDIUM: connection: remove useless flag CO_FL_DATA_RD_SH - BUG/MEDIUM: cli: fix "show fd" crash when dumping closed FDs - BUILD/MINOR: cli: shut a minor gcc warning in "show fd" - MINOR: peers: Add additional information to stick-table definition messages. - MINOR: cli: add a new "show fd" command - MINOR: listener: add a function to return a listener's state as a string - DOC: fix alphabetical order of "show commands" in management.txt - MINOR: cli: add two general purpose pointers and integers in the CLI struct - MINOR: lua: Add lists of frontends and backends - DOC: lua: Proxy class doc update - MINOR: lua: Add proxy as member of proxy object. - BUG/MINOR: lua: always detach the tcp/http tasks before freeing them - BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr() - BUG/MINOR: lua: Fix Server.get_addr() port values - BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state - BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined - MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags - MINOR: http: Reorder/rewrite checks in http_resync_states - BUG/MINOR: http: Set the response error state in http_sync_res_state - DOC: Updated 51Degrees git URL to point to a stable version. - BUILD: lua: replace timegm() with my_timegm() to fix build on Solaris 10 - MINOR: tools: add a portable timegm() alternative - DOC: update the list of OpenSSL versions in the README - DOC: update CONTRIBUTING regarding optional parts and message format - BUG/MEDIUM: lua: bad memory access - BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted - BUG/MINOR: lua: executes the function destroying the Lua session in safe mode - BUG/MINOR: lua: In error case, the safe mode is not removed - BUG/MINOR: peers: peer synchronization issue (with several peers sections). - BUG/MINOR: http: properly handle all 1xx informational responses - BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels - BUG/MINOR: http: Don't reset the transaction if there are still data to send - BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel - BUG/MEDIUM: map/acl: fix unwanted flags inheritance. - DOC: fix references to the section about time format. - BUG/MAJOR: compression: Be sure to release the compression state in all cases - BUG/MAJOR: map: fix segfault during 'show map/acl' on cli. - BUG/MAJOR: cli: fix custom io_release was crushed by NULL. - BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue - BUG/MINOR: log: pin the front connection when front ip/ports are logged - BUG/MINOR: haproxy/cli : fix for solaris/illumos distros for CMSG* macros - SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity - scripts: create-release pass -n to tail - BUG/MAJOR: server: Segfault after parsing server state file. - BUG/MEDIUM: peers: Peers CLOSE_WAIT issue. - BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING - BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map - BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers - DOC: fix references to the section about the unix socket - BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767 - BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed - BUG/MINOR: Wrong peer task expiration handling during synchronization processing. - BUG/MEDIUM: unix: never unlink a unix socket from the file system - MINOR: warning on multiple -x - BUG/MEDIUM: fix segfault when no argument to -x option - DOC: Add documentation for new "server-template" keyword. - MINOR: server: Add server_template_init() function to initialize servers from a templates. - MINOR: server: Add 'server-template' new keyword supported in backend sections. - MINOR: server: Extract the code which finalizes server initializations after 'server' lines parsing. - MINOR: server: Extract the code responsible of copying default-server settings. - BUG/MAJOR: Broken parsing for valid keywords provided after 'source' setting. - BUG/MEDIUM: server: Wrong server default CRT filenames initialization. - DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings. - MINOR: server: Add 'no-agent-check' server keyword. - MINOR: server: Make 'default-server' support 'disabled' keyword. - MINOR: server: Make 'default-server' support 'addr' keyword. - MINOR: server: Make 'default-server' support 'sni' keyword. - MINOR: server: Make 'default-server' support 'source' keyword. - MINOR: server: Make 'default-server' support 'namespace' keyword. - MINOR: server: Make 'default-server' support 'tcp-ut' keyword. - MINOR: server: Make 'default-server' support 'ciphers' keyword. - MINOR: server: Make 'default-server' support 'cookie' keyword. - MINOR server: Restrict dynamic cookie check to the same proxy. - CLEANUP: config: Typo in comment. - BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided. - MINOR: cli: Let configure the dynamic cookies from the cli. - MINOR: server: Add dynamic session cookies. - MINOR: server: Make 'default-server' support 'observe' keyword. - MINOR: server: Make 'default-server' support 'redir' keyword. - MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings. - MINOR: server: Make 'default-server' support 'track' setting. - MINOR: server: Make 'default-server' support 'check' keyword. - MINOR: server: Make 'default-server' support 'verifyhost' setting. - MINOR: server: Make 'default-server' support 'verify' keyword. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords. - MINOR: server: Make 'default-server' support 'ssl' keyword. - MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords. - MINOR: server: Make 'default-server' support 'check-ssl' keyword. - MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords. - MINOR: server: Make 'default-server' support 'non-stick' keyword. - CLEANUP: server: code alignement. - MINOR: server: Make 'default-server' support 'check-send-proxy' keyword. - MINOR: server: Make 'default-server' support 'backup' keyword. - MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL - MINOR: cli: add 'expose-fd listeners' to pass listeners FDs - MINOR: cli: add ACCESS_LVL_MASK to store the access level - MINOR: systemd wrapper: add support for passing the -x option. - MINOR: socket transfer: Set a timeout on the socket. - MINOR: proxy: Don't close FDs if not our proxy. - MINOR: doc: document the -x flag - MINOR: tcp: When binding socket, attempt to reuse one from the old proc. - MINOR: global: Add an option to get the old listening sockets. - MINOR: cli: Add a command to send listening sockets. - BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer - BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04 - BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything - BUG/MAJOR: dns: Broken kqueue events handling (BSD systems). - BUG/MINOR: checks: don't send proxy protocol with agent checks - DOC: update RFC references - BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request - MINOR/DOC: lua: just precise one thing - BUG/MINOR: hash-balance-factor isn't effective in certain circumstances - MEDIUM: config: don't check config validity when there are fatal errors - BUG/MEDIUM: lua: memory leak - DOC: errloc/errorloc302/errorloc303 missing status codes. - DOC: add layer 4 links/cross reference to "block" keyword. - BUG/MINOR: server: missing default server 'resolvers' setting duplication. - BUG/MINOR: server: don't use "proxy" when px is really meant. - BUG/MAJOR: Use -fwrapv. - BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr() - CLEANUP: logs: typo: simgle => single - MINOR: lua: ensure the memory allocator is used all the time - BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr() - BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error - BUG/MINOR: arg: don't try to add an argument on failed memory allocation - BUG/MINOR: config: missing goto out after parsing an incorrect ACL character - BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets. - DOC: stick-table is available in frontend sections - DOC: mention lighttpd 1.4.46 implements PROXY - DOC: update sample code for PROXY protocol - DOC: add few comments to examples. - DOC: changed "block"(deprecated) examples to http-request deny - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections - DOC: log-format/tcplog/httplog update - DOC: update the contributing file - DOC: fix parenthesis and add missing "Example" tags - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers - BUG/MEDIUM: peers: fix buffer overflow control in intdecode. - BUILD: scripts: fix typo in announce-release error message - BUILD: make the release script use shortlog for the final changelog - MINOR: Add hostname sample fetch - CLEANUP: Replace repeated code to count usable servers with be_usable_srv() - MINOR: Add nbsrv sample converter - BUG/MEDIUM: tcp: don't require privileges to bind to device - MINOR: doc: fix use-server example (imap vs mail) - MINOR: server: irrelevant error message with 'default-server' config file keyword. - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity(). - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time - DOC: Protocol doc: add noop TLV - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM - DOC: Protocol doc: add checksum, TLV type ranges - DOC/MINOR: Fix typos in proxy protocol doc - OPTIM: poll: enable support for POLLRDHUP - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller - BUG/MEDIUM: stream: fix client-fin/server-fin handling - MINOR: doc: 2.4. Examples should be 2.5. Examples - BUG/MAJOR: http: fix typo in http_apply_redirect_rule - BUG: payload: fix payload not retrieving arbitrary lengths - BUG/MEDIUM: connection: ensure to always report the end of handshakes - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze - BUG/MEDIUM: listener: do not try to rebind another process' socket - CONTRIB: tcploop: use the trash instead of NULL for recv() - CONTRIB: tcploop: fix connect's address length - CONTRIB: tcploop: report action 'K' (kill) in usage message - CONTRIB: tcploop: fix time format to silence build warnings - CONTRIB: tcploop: make it build on FreeBSD - CONTRIB: tcploop: add limits.h to fix build issue with some compilers - BUG/MINOR: checks: attempt clean shutw for SSL check - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer - BUG/MINOR: Fix "get map <map> <value>" CLI command - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters - MINOR: config: warn when some HTTP rules are used in a TCP proxy - MINOR: http: don't close when redirect location doesn't start with "/" - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule - MEDIUM: ssl: add new sample-fetch which captures the cipherlist - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1' - MINOR: server: extend the flags to 32 bits - MINOR: doc: Add docs for agent-addr and agent-send CLI commands - MINOR: doc: Add docs for agent-addr configuration variable - MINOR: cli: Add possiblity to change agent config via CLI/socket - MINOR: checks: Add agent-addr config directive - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested - BUG/MINOR: http: Return an error when a replace-header rule failed on the response - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined - BUG/MEDIUM: http: prevent redirect from overwriting a buffer - MINOR: chunks: implement a simple dynamic allocator for trash buffers - BUG/MAJOR: dns: restart sockets after fork() - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword - DOC: lua: improve links - BUG/MINOR: unix: fix connect's polling in case no data are scheduled - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() - BUILD: ssl: silence a warning reported for ERR_remove_state() - BUILD: ssl: fix build on OpenSSL 1.0.0 - MINOR: modules: report more precise errors about module API mismatch - MINOR: modules: Remove Gcc warnings about unused variables - BUILD: modules: Remove modules-config.h from DEP variable to generate .i file - BUILD: modules: Add macors to compute numerical value of a HAPEE version - BUILD: modules: Only define the all target if MODULES isn't defined. - MINOR: Use "500 Internal Server Error" for 500 error/status code message. - MINOR: samples: add xx-hash functions - DOC: lua: Add documentation about variable manipulation from applet - MINOR: lua: give HAProxy variable access to the applets - MINOR: lua: Allow argument for actions - OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration - OPTIM: stream-int: don't disable polling anymore on DONT_READ - CLEANUP: memory: remove the now unused cli_parse_show_pools() function - MINOR: cli: automatically enable a CLI I/O handler when there's no parser - DOC: cli: show cli sockets - BUG/MINOR: cli: "show cli sockets" would always report process 64 - BUG/MINOR: cli: "show cli sockets" wouldn't list all processes - MEDIUM: cli: 'show cli sockets' list the CLI sockets - MINOR: tcp-rules: check that the listener exists before updating its counters - MINOR: cfgparse: add two new functions to check arguments count - MINOR: haproxy: add a registration for post-deinit functions - MINOR: haproxy: add a registration for post-check functions - MINOR: haproxy: add a registration for build options - CLEANUP: haproxy: statify unexported functions - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream - MEDIUM: modules: 'modules list' on the cli shows currently loaded modules - BUILD: modules: strip the MODULE_COPTS before hashing them - BUILD: modules: add make module-copts to show module options - BUILD: modules: take pkg-config out of install-inc - MINOR: modules: fix incorrect API HASH generation with certain awk versions - MODULES: BUILD: modules: Add version of the module in the defines - BUILD: modules: use gawk insteads of awk - BUILD: modules: make modules support optional - MINOR: modules: Don't use constructor/destructor anymore... - MINOR: modules: Terminate properly loaded modules if possible - MINOR: modules: Keep a list of loaded modules to unload them when HAProxy is stopped - MINOR: modules: Register function called after the main config check - MEDIUM: modules: modules: Add memory reservation support for the modules - MEDIUM: modules: modules: Add modules support - BUG/MINOR: Reset errno variable before calling strtol(3) - DOC: add deprecation notice to "block" - MINOR: proto_http.c 502 error txt typo. - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 - MEDIUM: server: disable protocol validations when the server doesn't resolve - MINOR: server: take the destination port from the port field, not the addr - MINOR: tools: make str2sa_range() return the port in a separate argument - MEDIUM: server: split the address and the port into two different fields - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family - BUG/MINOR: tools: fix off-by-one in port size check - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options - MINOR: connection: add sample fetch "fc_rcvd_proxy" - MINOR: http: custom status reason. - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests - BUILD: scripts: automatically update the branch in version.h when releasing - BUG/MINOR: http: report real parser state in error captures - BUG/MAJOR: channel: Fix the definition order of channel analyzers - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 - MINOR: stats: Support "select all" for backend actions - BUG/MINOR: option prefer-last-server must be ignored in some case - BUILD: lua: build failed on FreeBSD. - DOC: Add timings events schemas - BUG/MINOR: systemd: potential zombie processes - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled - BUG/MINOR: stats: fix be/sessions/current out in typed stats - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake - BUG/MINOR: lua: bad return code - BUG/MINOR: lua: memory leak executing tasks - BUG/MINOR: Fix the sending function in Lua's cosocket - DOC: fix small typo in fe_id (backend instead of frontend) - BUG/MINOR: lua/cli: bad error message - DOC: lua: section declared twice - DOC: lua: documentation about time parser functions - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW - SCRIPTS: git-show-backports: add -H to use the hash of the commit message - SCRIPTS: git-show-backports: fix a harmless typo - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) - BUILD/MEDIUM: Fixing the build using LibreSSL - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled - BUG/MEDIUM: stream: Save unprocessed events for a stream - MINOR: task: Rename run_queue and run_queue_cur counters - MINOR: applet: Count number of (active) applets - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full - DOC: Fix some typo in SPOE documentation - DOC: Add undocumented argument of the trace filter - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set - DOC: lua: Documentation about some entry missing - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id - BUG/MINOR: stats: fix be/sessions/max output in html stats - BUG/MEDIUM: variables: some variable name can hide another ones - DOC: mention that req_tot is for both frontends and backends - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect - DOC: Added 51Degrees conv and fetch functions to documentation. - DOC: Fix map table's format - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys" - BUG/MINOR: cli: allow the backslash to be escaped on the CLI - BUG/MAJOR: stream: fix session abort on resource shortage - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used - DOC: Spelling fixes - BUG/MINOR: stats: make field_str() return an empty string on NULL - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos - BUILD: fix the reported version number


HAPEE-LB 1.7r2 – Changelog
English French German