2020/02/20 : 2.0r1 (1.0.0-213.582) - BUG/MINOR: ssl: clear the SSL errors on DH loading failure 2020/02/12 : 2.0r1 (1.0.0-213.581) - BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init 2020/02/11 : 2.0r1 (1.0.0-213.580) - BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer. - MINOR: http: add a new "replace-path" action - BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit - MINOR: build: add linux-glibc-legacy build TARGET - SCRIPTS: announce-release: allow the user to force to overwrite old files - SCRIPTS: announce-release: place the send command in the mail's header - CONTRIB: debug: also support reading values from stdin - MINOR: acl: Warn when an ACL is named 'or' - CONTRIB: debug: support reporting multiple values at once - CONTRIB: debug: add the possibility to decode the value as certain types only - CONTRIB: debug: add missing flags SF_HTX and SF_MUX - BUG/MINOR: ssl: we may only ignore the first 64 errors - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty. - BUG/MEDIUM: memory: Add a rwlock before freeing memory. - MINOR: memory: Only init the pool spinlock once. - BUG/MEDIUM: memory_pool: Update the seq number in pool_flush(). - BUG/MEDIUM: connections: Don't forget to unlock when killing a connection. - BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2 - BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error - BUG/MINOR: ssl/cli: fix unused variable with openssl < 1.0.2 2020/01/27 : 2.0r1 (1.0.0-211.560) - REGTESTS: make the set_ssl_cert test require version 2.2 - MINOR: ssl: accept 'verify' bind option with 'set ssl cert' - CLEANUP: ssl: remove opendir call in ssl_sock_load_cert - REGTEST: set_ssl_cert.vtc: replace "echo" with "printf" - REGTEST: make the "set ssl cert" require version 2.1 - REGTEST: ssl: test the "set ssl cert" CLI command - BUG/MINOR: ssl/cli: fix build for openssl < 1.0.2 - MINOR: ssl/cli: 'show ssl cert' give information on the certificates - BUG/MINOR: ssl: fix X509 compatibility for openssl < 1.1.0 - MINOR: ssl: deduplicate crl-file - MINOR: ssl: compute ca-list from deduplicate ca-file - MINOR: ssl: deduplicate ca-file - CLEANUP: ssl: Clean up error handling - BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert" - BUG/MINOR: ssl: typo in previous patch - BUG/MINOR: ssl: memory leak w/ the ocsp_issuer - BUG/MINOR: ssl: increment issuer refcount if in chain - BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded - BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent - BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak - BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak - BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak - BUG/MINOR: ssl/cli: don't overwrite the filters variable - BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights - BUG/MINOR: ssl: fix SSL_CTX_set1_chain compatibility for openssl < 1.0.2 - DOC: ssl/cli: set/commit/abort ssl cert - BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack - BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure. - MEDIUM: dns: Add resolve-opts "ignore-weight" - BUG/MINOR: dns: allow srv record weight set to 0 - BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines - BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers" - BUG/MINOR: stktable: report the current proxy name in error messages - BUG/MEDIUM: 0rtt: Only consider the SSL handshake. - BUG/MINOR: http_act: don't check capture id in backend - MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive - BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing - BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing - BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules - BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters - BUILD: pattern: include errno.h - BUG/MINOR: 51d: Fix bug when HTX is enabled - BUG/MINOR: dns: Make dns_query_id_seed unsigned - BUG/MINOR: cache: Fix leak of cache name in error path - BUG/MINOR: pattern: handle errors from fgets when trying to load patterns - BUG/MEDIUM: connection: add a mux flag to indicate splice usability - BUG/MINOR: stream: don't mistake match rules for store-request rules - BUG/MEDIUM: cli: _getsocks must send the peers sockets - REGTEST: add sample_fetches/hashes.vtc to validate hashes - BUG/MAJOR: hashes: fix the signedness of the hash inputs - BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed(). - BUG/MEDIUM: mworker: remain in mworker mode during reload - REGTEST: mcli/mcli_start_progs: start 2 programs - BUG/MINOR: cli/mworker: can't start haproxy with 2 programs - BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary - BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch - BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send() - BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached - BUG/MEDIUM: session: do not report a failure when rejecting a session - BUG/MINOR: channel: inject output data at the end of output - BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied - BUG/MINOR: proxy: Fix input data copy when an error is captured - BUG/MINOR: h1: Report the right error position when a header value is invalid - MINOR: ssl: Remove unused variable "need_out". - MINOR: config: disable busy polling on old processes - BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection. - BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. - BUG/MINOR: checks: refine which errno values are really errors. - BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility - BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream 2019/12/20 : 2.0r1 (1.0.0-208.490) - BUG/MINOR: ssl: openssl-compat: Fix getm_ defines - BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd - MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute - BUG/MEDIUM: ssl: Revamp the way early data are handled. - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing - MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task - BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. - BUG/MINOR: sample: always check converters' arguments - BUG/MINOR: sample: fix the closing bracket and LF in the debug converter - DOC: clarify the fact that replace-uri works on a full URI - DOC: Improve documentation of http-re(quest|sponse) replace-(header|value|uri) 2019/12/11 : 2.0r1 (1.0.0-208.479) - BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() - BUG/MINOR: listener: fix off-by-one in state name check - BUG/MINOR: server: make "agent-addr" work on default-server line - BUG/MINOR: listener: do not immediately resume on transient error - BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers - BUG/MINOR: log: fix minor resource leaks on logformat error path - DOC: remove references to the outdated architecture.txt - BUILD: do not disable -Wformat-truncation anymore - BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset() - DOC: proxies: HAProxy only supports 3 connection modes - BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted - BUG/MINOR: fcgi-app: Make the directive pass-header case insensitive - BUG/MINOR: tasks: only requeue a task if it was already in the queue - DOC: listeners: add a few missing transitions - BUG/MEDIUM: kqueue: Make sure we report read events even when no data. - BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. - BUG/MAJOR: dns: add minimalist error processing on the Rx path - DOC: document the listener state transitions - BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() - BUG/MINOR: listener: also clear the error flag on a paused listener - BUG/MINOR: listener/threads: always use atomic ops to clear the FD events - BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state - BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added 2019/12/06 : 2.0r1 (1.0.0-208.456) - BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting. - BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity(). - BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data - BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN - BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending - BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 - BUG/MEDIUM: listener/thread: fix a race when pausing a listener - BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible - BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data - DOC: move the "group" keyword at the right place - DOC: clarify matching strings on binary fetches - DOC: Clarify behavior of server maxconn in HTTP mode - BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty - CLEANUP: ssl: check if a transaction exists once before setting it - BUG/MINOR: ssl: Stop passing dynamic strings as format arguments - MINOR: ssl: fix possible null dereference in error handling - MINOR: ssl/cli: display warning during 'commit ssl cert' - MEDIUM: ssl/cli: apply SSL configuration on SSL_CTX during commit - MINOR: ssl: ssl_sock_prepare_ctx() return an error code - BUILD/MINOR: ssl: fix compiler warning about useless statement - MINOR: ssl/cli: 'abort ssl cert' deletes an on-going transaction - BUG/MINOR: ssl: ssl_pkey_info_index ex_data can store a dereferenced pointer - MINOR: ssl/cli: replace the default_ctx during 'commit ssl cert' - BUG/MINOR: ssl/cli: fix an error when a file is not found - BUG/MINOR: ssl/cli: unable to update a certificate without bundle extension - BUG/MEDIUM: ssl/cli: don't alloc path when cert not found - MINOR: ssl: BoringSSL ocsp_response does not need issuer - BUG/MEDIUM: ssl/cli: fix dot research in cli_parse_set_cert - BUG/MINOR: ssl: double free on error for ckch->{key,cert} - BUG/MINOR: ssl: ckch->chain must be initialized - BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl - BUG/MINOR: ssl/cli: check trash allocation in cli_io_handler_commit_cert() - CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2) - MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit' - BUILD/MINOR: ssl: shut up a build warning about format truncation - MINOR: ssl/cli: rework the 'set ssl cert' IO handler - BUG/MINOR: ssl/cli: cleanup on cli_parse_set_cert error - BUG/MINOR: ssl: fix build of X509_chain_up_ref() w/ libreSSL - BUG/MINOR: ssl: fix build with openssl < 1.1.0 - BUG/MINOR: ssl/cli: out of bounds when built without ocsp/sctl - BUG/MINOR: ssl/cli: fix build of SCTL and OCSP - MEDIUM: cli/ssl: handle the creation of SSL_CTX in an IO handler - MINOR: ssl/cli: assignate a new ckch_store - MINOR: ssl: new functions duplicate and free a ckch_store - MINOR: ssl: copy a ckch from src to dst - MINOR: ssl: update ssl_sock_free_cert_key_and_chain_contents - MINOR: ssl/cli: update ocsp/issuer/sctl file from the CLI - BUG/MINOR: ssl/cli: fix looking up for a bundle - MINOR: ssl: split ssl_sock_load_crt_file_into_ckch() - MINOR: ssl: load issuer from file or from buffer - MINOR: ssl: load sctl from buf OR from a file - MINOR: ssl: OCSP functions can load from file or buffer - CLEANUP: ssl: fix SNI/CKCH lock labels - CLEANUP: ssl: remove old TODO commentary - BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1 - CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn - CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn - CLEANUP: ssl: make ckch_inst_new_load_(multi_)store handle errcode/warn - CLEANUP: ssl: make cli_parse_set_cert handle errcode and warnings. - CLEANUP: ssl: make ssl_sock_load_ckchs() return a set of ERR_* - CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes - BUG/MINOR: ssl: can't load ocsp files - BUG/MINOR: ssl: fix error messages for OCSP loading - BUG/MINOR: ssl: fix OCSP build with BoringSSL - BUG/MINOR: ssl: fix build without multi-cert bundles - BUG/MINOR: ssl: fix build without SSL - BUG/MEDIUM: ssl: NULL dereference in ssl_sock_load_cert_sni() - MINOR: ssl: load the ocsp in/from the ckch - MINOR: ssl: load the sctl in/from the ckch - MEDIUM: ssl/cli: 'set ssl cert' updates a certificate from the CLI - MINOR: ssl: ssl_sock_load_crt_file_into_ckch() is filling from a BIO - MEDIUM: ssl: ssl_sock_load_ckchs() alloc a ckch_inst - MINOR: ssl: ssl_sock_load_multi_ckchs() can properly fail - MINOR: ssl: ssl_sock_load_ckchn() can properly fail - MEDIUM: ssl: split ssl_sock_add_cert_sni() - MEDIUM: ssl: introduce the ckch instance structure - MINOR: ssl: initialize explicitly the sni_ctx trees - MINOR: ssl: initialize the sni_keytypes_map as EB_ROOT - REORG: ssl: move structures to ssl_sock.h - REORG: ssl: rename ckch_node to ckch_store - MINOR: ssl: crt-list do ckchn_lookup 2019/11/27 : 2.0r1 (1.0.0-208.375) - BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only - BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones - BUG/MINOR: stream: init variables when the list is empty - SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands - SCRIPTS: create-release: show the correct origin name in suggested commands - BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state - BUG/MAJOR: h2: make header field name filtering stronger - BUG/MAJOR: h2: reject header values containing invalid chars - MINOR: ist: add ist_find_ctl() - BUG/MINOR: ssl: fix curve setup with LibreSSL - BUG/MINOR: cli: fix out of bounds in -S parser - DOC: Add documentation about the use-service action - DOC: Add missing stats fields in the management manual - BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message - BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser() - MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps - REGTEST: vtest can now enable mcli with its own flag - MINOR: stats: Report max times in addition of the averages for sessions - BUG/MINOR: stream-int: Fix si_cs_recv() return value - MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance - MINOR: contrib/prometheus-exporter: filter exported metrics by scope - MINOR: contrib/prometheus-exporter: report the number of idle conns per server - BUG/MINOR: contrib/prometheus-exporter: Rename some metrics - MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions - MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time - MINOR: stream: Remove the lock on the proxy to update time stats - MINOR: freq_ctr: Make the sliding window sums thread-safe - BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding - BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path - BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests - BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported - BUG/MINOR: peers: "peer alive" flag not reset when deconnecting. - BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec - BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1 - BUG/MINOR: peers: Wrong null "server_name" data field handling. - MINOR: peers: Add debugging information to "show peers". - MINOR: peers: Add TX/RX heartbeat counters. - MINOR: peers: Alway show the table info for disconnected peers. - BUG/MINOR: init: fix set-dumpable when using uid/gid - BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe - BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams - BUG/MINOR: mux-h1: Properly catch parsing errors on payload and trailers - MINOR: h1-htx: Update h1_copy_msg_data() to ease the traces in the mux-h1 2019/11/15 : 2.0r1 (1.0.0-208.332) - BUG/MINOR: log: limit the size of the startup-logs - BUILD: contrib/da: remove an "unused" warning - MINOR: memory: also poison the area on freeing - BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition - CLEANUP: session: slightly simplify idle connection cleanup logic - BUG/MEDIUM: Make sure we leave the session list in session_free(). 2019/11/14 : 2.0r1 (1.0.0-208.326) - DOC: management: fix typo on "cache_lookups" stats output - BUG: dns: timeout resolve not applied for valid resolutions - BUG/MINOR: action: do-resolve now use cached response - BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams - MINOR: doc: http-reuse connection pool fix - BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it - BUG/MEDIUM: mux-h1: Disable splicing for chunked messages - BUG/MEDIUM: mux-h2: immediately report connection errors on streams - BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list - BUG/MEDIUM: mux-h2: report no available stream on a connection having errors - BUG/MINOR: config: Update cookie domain warn to RFC6265 - BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready. - BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready. - MINOR: mux: Add a new method to get informations about a mux. - BUG/MINOR: spoe: fix off-by-one length in UUID format string - BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached - BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent - BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed - MINOR: tcp: avoid confusion in time parsing init - BUG/MINOR: mux-h2: do not emit logs on backend connections - MINOR: config: warn on presence of "\n" in header values/replacements - BUG/MEDIUM: http: unbreak redirects in legacy mode - BUG/MINOR: queue/threads: make the queue unlinking atomic - BUG/MINOR: server: check return value of fopen() in apply_server_state() 2019/10/23 : 2.0r1 (1.0.0-207.302) - BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless - BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion 2019/10/22 : 2.0r1 (1.0.0-207.300) - BUG/MINOR: ssl: fix memcpy overlap without consequences. - BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire - BUG/MINOR: sample: Make the `field` converter compatible with `-m found` - BUG/MINOR: cache: alloc shctx after check config - BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr - BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed - BUG/MINOR: mworker/cli: reload fail with inherited FD - REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI - BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive. - BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached. - Revert e8826ded5fea3593d89da2be5c2d81c522070995. - BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads - BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing. - BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers - BUG/MINOR: mworker/ssl: close openssl FDs unconditionally - MINOR: mux-h2: also support emitting CONTINUATION on trailers - MEDIUM: mux-h2: support emitting CONTINUATION frames after HEADERS - BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive - MINOR: version: make the version strings variables, not constants - BUG/MINOR: WURFL: fix send_log() function arguments - BUG/MINOR: mux-h1: Capture ignored parsing errors - BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted - BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data - BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1 - BUILD: ssl: wrong #ifdef for SSL engines code - BUG/MINOR: ssl: abort on sni_keytypes allocation failure - BUG/MINOR: ssl: free the sni_keytype nodes - BUG/MINOR: ssl: abort on sni allocation failure 2019/10/11 : 2.0r1 (1.0.0-207.272) - BUG/MEDIUM: applet: always check a fast running applet's activity before killing - MINOR: stats: mention in the help message support for "json" and "typed" - DOC: fix typo in Prometheus exporter doc - DOC: clarify some points around http-send-name-header's behavior - BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri - BUG/MINOR: peers: crash on reload without local peer. - BUG/MEDIUM: mux-h2: do not enforce timeout on long connections - BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const - MINOR: mux-h2: add a per-connection list of blocked streams - BUG/MINOR: action: do-resolve does not yield on requests with body - BUG/MEDIUM: lua: Store stick tables into the sample's `t` field - BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg) 2019/10/04 : 2.0r1 (1.0.0-207.260) 2019/09/30 : 2.0r1 (1.0.0-204.260) - DOC: replace utf-8 quotes by ascii ones - BUILD: ssl: fix a warning when built with openssl < 1.0.2 - BUG/MINOR: stats: Add a missing break in a switch statement - BUG/MEDIUM: fcgi: fix missing list tail in sample fetch registration - BUG/MEDIUM: namespace: fix fd leak in master-worker mode - DOC: Fix documentation about the cli command to get resolver stats - BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds - MINOR: stats: Add the support of float fields in stats - MINOR: spoe: Support the async mode with several threads - MINOR: spoe: Improve generation of the engine-id - BUG/MEDIUM: spoe: Use a different engine-id per process - BUG/MINOR: mux-h1: Do h2 upgrade only on the first request - BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames - BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream - BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams - BUG/MEDIUM: namespace: close open namespaces during soft shutdown - BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready - MINOR: backend: Add srv_queue converter - BUG/MINOR: build: Fix compilation of mux_fcgi.c when compiled without SSL - BUG/MINOR: mux-fcgi: silence a gcc warning about null dereference - MINOR: mux-h1: Report a processing error during output processing - BUG/MINOR: mux-fcgi: Use a literal string as format in app_log() - CLEANUP: mux-fcgi: Remove the unused function fcgi_strm_id() - BUG/MINOR: mux-fcgi: Don't compare the filter name in its parsing callback - CLEANUP: fcgi-app: Remove useless test on fcgi_conf pointer - BUG/MINOR: mux-fcgi: Be sure to have a connection to unsubcribe - MINOR: doc: Add documentation about the FastCGI support - MEDIUM: mux-fcgi: Add the FCGI multiplexer - MINOR: connection: add conn_get_src() and conn_get_dst() - MEDIUM: fcgi-app: Add FCGI application and filter - MINOR: fcgi: Add code related to FCGI protocol - MINOR: muxes/htx: Ignore pseudo header during message formatting - MINOR: htx: Add a flag on HTX message to report processing errors - MINOR: http-ana: Handle HTX errors first during message analysis - MINOR: h1-htx: Use the same function to copy message payload in all cases - MEDIUM: mux-h1/h1-htx: move HTX convertion of H1 messages in dedicated file - MINOR: http: Add function to parse value of the header Status - MINOR: log: Provide a function to emit a log for an application - MINOR: istbuf: Add the function b_isteqi() - MINOR: http_fetch: Add sample fetches to get auth method/user/pass - MINOR: stats: Add JSON export from the stats page - MEDIUM: log: add support for logging to a ring buffer - MEDIUM: log: use the new generic fd_write_frag_line() function - MINOR: log: add a target type instead of hacking the address family - MINOR: fd/log/sink: make the non-blocking initialization depend on the initialized bit - MINOR: fd: add a new "initialized" bit in the fdtab struct - MEDIUM: ring: implement a wait mode for watchers - MINOR: sink: now report the number of dropped events on output - MINOR: sink: implement "show events" to show supported sinks and dump the rings - MINOR: sink: add support for ring buffers - MINOR: sink: now call the generic fd write function - MINOR: fd: add fd_write_frag_line() to send a fragmented line to an fd - MINOR: sink: set the fd-type sinks to non-blocking - MINOR: sink: add a support for file descriptors - MINOR: sink: create definitions a minimal code for event sinks - BUG/MINOR: ring: b_peek_varint() returns a uint64_t, not a size_t - BUG/MINOR: ring: fix the way watchers are counted - MINOR: ring: add a generic CLI io_handler to dump a ring buffer - MINOR: ring: add a ring_write() function - MINOR: ring: add a new mechanism for retrieving/storing ring data in buffers - MINOR: buffer: add functions to read/write varints from/to buffers - MINOR: tools: add a function varint_bytes() to report the size of a varint - MINOR: cli: extend the CLI context with a list and two offsets - MINOR: cli: add cli_msg(), cli_err(), cli_dynmsg(), cli_dynerr() - MINOR: cli: add two new states to print messages on the CLI - BUG/MEDIUM: ssl: open the right path for multi-cert bundle - BUG/MINOR: ssl: fix ressource leaks on error - BUG/MEDIUM: ssl: don't free the ckch in multi-cert bundle - BUILD: ssl: BoringSSL add EVP_PKEY_base_id - BUG/MEDIUM: ssl: does not try to free a DH in a ckch - BUG/BUILD: ssl: fix build with openssl < 1.0.2 - MINOR: ssl: clean ret variable in ssl_sock_load_ckchn - CLEANUP: ssl: ssl_sock_load_crt_file_into_ckch - MINOR: ssl: do not look at DHparam with OPENSSL_NO_DH - MINOR: ssl: check private key consistency in loading - MINOR: ssl: add extra chain compatibility - MINOR: ssl: use STACK_OF for chain certs - MEDIUM: ssl: load DH param in struct cert_key_and_chain - MEDIUM: ssl: lookup and store in a ckch_node tree - MEDIUM: ssl: split the loading of the certificates - MEDIUM: ssl: use cert_key_and_chain struct in ssl_sock_load_cert_file() - MINOR: ssl: merge ssl_sock_load_cert_file() and ssl_sock_load_cert_chain_file() - MINOR: global: Preset tune.max_http_hdr to its default value - DOC: management: document cache_hits and cache_lookups in the CSV format - DOC: management: document reuse and connect counters in the CSV format - MEDIUM: server: server-state global file stored in a tree - MINOR: sample: Add sha2([<bits>]) converter - BUG/MEDIUM: checks: make sure the connection is ready before trying to recv - BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends - BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send() - BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1 - BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame - BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe - BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument - MINOR: sample: Add UUID-fetch - BUG/MINOR: Missing stat_field_names (since f21d17bb) - BUG/MINOR: backend: Fix a possible null pointer dereference - BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed - BUG/MINOR: filters: Properly set the HTTP status code on analysis error - BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context - BUG/MINOR: listener: Fix a possible null pointer dereference - MINOR: stats: report the number of idle connections for each server - BUG/MEDIUM: connection: don't keep more idle connections than ever needed - BUG/MAJOR: ssl: ssl_sock was not fully initialized. - BUG/MINOR: lb/leastconn: ignore the server weights for empty servers - MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers - BUG/MINOR: checks: do not uselessly poll for reads before the connection is up - BUG/MINOR: checks: make __event_chk_srv_r() report success before closing - BUG/MINOR: checks: start sending the request right after connect() - BUG/MINOR: checks: stop polling for write when we have nothing left to send - BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big - BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks - BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers - BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached - BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing - BUG/MINOR: h1: Properly reset h1m when parsing is restarted - BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled - BUG/MEDIUM: peers: local peer socket not bound. - BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data - BUG/MEDIUM: url32 does not take the path part into account in the returned hash. - BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener() - BUG/MINOR: mworker: disable SIGPROF on re-exec - DOC: fixed typo in management.txt - BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full - BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary - MEDIUM: debug: make the thread dump code show Lua backtraces - MINOR: lua: export applet and task handlers - MINOR: tools: add append_prefixed_str() - MINOR: debug: indicate the applet name when the task is task_run_applet() - BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe. - MINOR: fd: make sure to mark the thread as not stuck in fd_update_events() - BUG/MINOR: stats: Wait the body before processing POST requests - BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout - BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected. - BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers - BUG/MINOR: lua: fix setting netfilter mark - BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream. - BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX. - BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it - MINOR: ssl: ssl_fc_has_early should work for BoringSSL - BUG/MINOR: ssl: fix 0-RTT for BoringSSL - BUG/MEDIUM: stick-table: Wrong stick-table backends parsing. - BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak - BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame - BUG/MINOR: mux-h2: always send stream window update before connection's - BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition - BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads - BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() - BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one - BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). - BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2 - BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes - BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames - BUG/MINOR: stream-int: also update analysers timeouts on activity - BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion - BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased - MINOR: wdt: also consider that waiting in the thread dumper is normal - BUG/MINOR: debug: fix a small race in the thread dumping code - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() - BUG/MINOR: htx: Fix free space addresses calculation during a block expansion - BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready - MINOR: hlua: Add a flag on the lua txn to know in which context it can be used - MINOR: hlua: Don't set request analyzers on response channel for lua actions - BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class - BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called - DOC: improve the wording in CONTRIBUTING about how to document a bug fix - BUG/MINOR: log: make sure writev() is not interrupted on a file output - BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send. - BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased - BUILD: threads: add the definition of PROTO_LOCK - BUG/MINOR: proxy: always lock stop_proxy() - BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff - BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter - BUG/MINOR: http_htx: Support empty errorfiles - BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream - BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach() - BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction - BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop - BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket - BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection - BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA - DOC: htx: Update comments in HTX files - BUG/MINOR: hlua: Make the function txn:done() HTX aware - BUG/MINOR: cache/htx: Make maxage calculation HTX aware - BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies - BUG/MINOR: http_fetch: Fix http_auth/http_auth_group when called from TCP rules - BUG/MINOR: backend: do not try to install a mux when the connection failed - BUG/MEDIUM: http/htx: unbreak option http_proxy - BUG/MEDIUM: checks: Don't attempt to receive data if we already subscribed. - BUG/MINOR: dns: remove irrelevant dependency on a client connection - BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored - BUG/MEDIUM: tcp-check: unbreak multiple connect rules again - BUG/MINOR: mux-pt: do not pretend there's more data after a read0 - BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set. - BUG/MEDIUM: streams: Don't give up if we couldn't send the request. - BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are used - BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to send - BUG/MAJOR: listener: fix thread safety in resume_listener() - MINOR: task: introduce work lists - BUG/MEDIUM: servers: Fix a race condition with idle connections. - DOC: Fix typos and grammer in configuration.txt - BUG/MEDIUM: da: cast the chunk to string. - BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection. - BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections - BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept - BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2 - BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it. - BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si - MINOR: stream-int: Factorize processing done after sending data in si_cs_send() - BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred - BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted - BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock - BUG/MEDIUM: http/applet: Finish request processing when a service is registered - MINOR: action: Add the return code ACT_RET_DONE for actions - BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks - MINOR: server: Add "no-tfo" option. - BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions. - BUG/MEDIUM: servers: Authorize tfo in default-server. - BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux. - BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent - BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent - BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit() - BUG/MINOR: hlua: Don't use channel_htx_recv_max() - BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max() - BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed. - BUG/MEDIUM: connections: Always call shutdown, with no linger. - BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses - BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages - BUG/MEDIUM: checks: unblock signals in external checks - BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported - BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL. - BUG/MINOR: mworker/cli: don't output a \n before the response - BUILD: hapee/51d: fix error when building with 51Degrees enabled - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - BUILD: hapee/modules: clean(up) the copts-hash file not copts_hash - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MINOR: hapee/modules: register function called after the main config check - MEDIUM: hapee/modules: add memory reservation support for the modules - BUILD: hapee/modules: update HAPEE version macro to 2.0r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support