version 2.2r1

2021/10/08 : 2.2r1 (1.0.0-242.537) - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release - BUG/MINOR: filters: Set right FLT_END analyser depending on channel - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing - MINOR: arg: Be able to forbid unresolved args when building an argument list - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - BUG/MEDIUM: lua: fix wakeup condition from sleep() - DOC: peers: fix doc "enable" statement on "peers" sections - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer - BUG/MINOR: http-ana: increment internal_errors counter on response error - BUG/MINOR: h1-htx: Fix a typo when request parser is reset - BUG/MINOR: server: allow 'enable health' only if check configured 2021/09/20 : 2.2r1 (1.0.0-242.518) - MINOR: hapee: update .hapee files - BUG/MINOR: cli/payload: do not search for args inside payload - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc - DOC: management: certificate files must be sanitized before injection - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check - BUG/MINOR: compat: make sure __WORDSIZE is always defined - Revert "REGTESTS: mark http_abortonclose as broken" - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached - BUG/MINOR: systemd: ExecStartPre must use -Ws - REGTESTS: mark http_abortonclose as broken - MINOR: action: Use a generic function to check validity of an action rule list - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" - DOC/MINOR: fix typo in management document 2021/09/07 : 2.2r1 (1.0.0-242.505) 2021/09/03 : 2.2r1 (1.0.0-241.505) - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - DOC: configuration: remove wrong tcp-request examples in tcp-response - CLEANUP: Add missing include guard to signal.h - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions - REGTESTS: abortonclose: after retries, 503 is expected, not close - BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- 2021/08/20 : 2.2r1 (1.0.0-241.491) - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path 2021/08/13 : 2.2r1 (1.0.0-240.490) - REGTESTS: add a test to prevent h2 desync attacks - BUG/MEDIUM: h2: give :authority precedence over Host - BUG/MAJOR: h2: enforce checks on the method syntax before translating to HTX - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax - MINOR: http: add a new function http_validate_scheme() to validate a scheme - BUILD/MINOR: memprof fix macOs build. - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - DOC: config: Fix 'http-response send-spoe-group' documentation - DOC: Improve the lua documentation - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer - BUG/MINOR: buffer: fix buffer_dump() formatting - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: pollers: always program an update for migrated FDs - BUG/MINOR: poll: fix abnormally high skip_fd counter - BUG/MINOR: select: fix excess number of dead/skip reported - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree - BUG/MINOR: check: fix the condition to validate a port-less server - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUILD: add detection of missing important CFLAGS - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MINOR: server-state: load SRV resolution only if params match the config 2021/08/09 : 2.2r1 (1.0.0-240.455) 2021/07/09 : 2.2r1 (1.0.0-238.455) - BUG/MAJOR: pools: second fix for incomplete backport of lockless pool fix - BUG/MAJOR: pools: fix incomplete backport of lockless pool fix - CLEANUP: pools: remove now unused seq and pool_free_list - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - MEDIUM: pools: use a single pool_gc() function for locked and lockless - MINOR: pools: do not maintain the lock during pool_flush() - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - BUG/MINOR: resolvers: Always attach server on matching record on resolution - DOC: config: use CREATE USER for mysql-check - DOC: peers: fix the protocol tag name in the doc - DOC: stick-table: add missing documentation about gpt0 stored type - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - BUG/MINOR: cli: fix server name output in "show fd" - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item - BUG/MINOR: resolvers: answser item list was randomly purged or errors - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules - BUG/MINOR: checks: return correct error code for srv_parse_agent_check - DOC: config: Add missing actions in "tcp-request session" documentation - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - REGTESTS: fix maxconn update with agent-check - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check 2021/06/18 : 2.2r1 (1.0.0-238.424) - BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - BUG/MINOR: mworker: fix typo in chroot error message - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - DOC: lua: Add a warning about buffers modification in HTTP - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded 2021/06/17 : 2.2r1 (1.0.0-238.414) - MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - DOC: use the req.ssl_sni in examples - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry - DOC/MINOR: move uuid in the configuration to the right alphabetical order - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - REGTESTS: Add script to test abortonclose option - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set - MEDIUM: mux-h1: Don't block reads when waiting for the other side - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() 2021/05/11 : 2.2r1 (1.0.0-238.383) - MINOR: memprof: also report the totals and delta alloc-free - MINOR: memprof: also report the method used by each call - BUG/MINOR: memprof: properly account for differences for realloc() - BUILD: memprof: make the old caller pointer a const in get_prof_bin() - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MEDIUM: dns: reset file descriptor if send returns an error - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD - MINOR: compat: automatically include malloc.h on glibc 2021/05/07 : 2.2r1 (1.0.0-238.370) - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() - BUILD: activity: do not include malloc.h - MINOR: hapee: update backported patches and notes - BUILD: makefile: add new option USE_MEMORY_PROFILING - MINOR: activity: add the profiling.memory global setting - MINOR: activity: make "show profiling" also dump the memoery usage - MINOR: activity: make "show profiling" support a few arguments - MINOR: activity: clean up the show profiling io_handler a little bit - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING - MINOR: activity: declare the storage for memory usage statistics - MINOR: activity: add a "memory" entry to "profiling" - MINOR: tools: add functions to retrieve the address of a symbol 2021/05/05 : 2.2r1 (1.0.0-238.358) - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - BUG/MINOR: ssl/cli: fix a lock leak when no memory available - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - REGTESTS: add minimal CLI "add map" tests 2021/04/29 : 2.2r1 (1.0.0-238.353) - MINOR: peers: add informative flags about resync process for debugging - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - BUG/MINOR: applet: Notify the other side if data were consumed by an applet - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message - BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MINOR: peers: remove useless table check if initial resync is finished - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data - BUG/MINOR: mworker: don't use oldpids[] anymore for reload - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MEDIUM: config: fix cpu-map notation with both process and threads - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers - BUG/MINOR: server: free srv.lb_nodes in free_server - BUG/MINOR: mux-h1: Release idle server H1 connection if data are received - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded - BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check - MINOR: connection: Make bc_http_major compatible with tcp-checks - BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections - MINOR: logs: Add support of checks as session origin to format lf strings - BUG/MINOR: checks: Set missing id to the dummy checks frontend - BUG/MEDIUM: threads: Ignore current thread to end its harmless period - DOC: ssl: Certificate hot update only works on fronted certificates - BUG/MEDIUM: sample: Fix adjusting size in field converter - MINOR: No longer rely on deprecated sample fetches for predefined ACLs - DOC: clarify that compression works for HTTP/2 - BUG/MINOR: tools: fix parsing "us" unit for timers - CONTRIB: halog: fix issue with array of type char - REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken 2021/04/09 : 2.2r1 (1.0.0-238.315) - DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options - REGTESTS: ssl: "set ssl cert" and multi-certificates bundle - BUG/MEDIUM: ssl: ckch_inst->ctx not assigned with multi-bundle certificates 2021/04/01 : 2.2r1 (1.0.0-238.312) - REGTESTS: ssl: add missing file simple.crt-list from previous SSL fix - BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields - BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one - BUG/MINOR: ssl: Fix update of default certificate - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUG/MEDIUM: time: make sure to always initialize the global tick - BUG/MINOR: stats: Apply proper styles in HTML status page. - BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless - BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. 2021/03/26 : 2.2r1 (1.0.0-238.297) 2021/03/24 : 2.2r1 (1.0.0-237.297) - CLEANUP: fd: remove unused fd_set_running_excl() - BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() - MINOR: fd: remove the unneeded running bit from fd_insert() - MINOR: fd: make fd_clr_running() return the remaining running mask - BUG/MEDIUM: lua: Always init the lua stack before referencing the context - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback - MINOR: lua: Slightly improve function dumping the lua traceback - BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro - BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" - BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable - MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - MINOR: time: also provide a global, monotonic global_now_ms timer 2021/03/18 : 2.2r1 (1.0.0-237.283) - BUG/MINOR: freq_ctr/threads: make use of the last updated global time - MINOR: time: export the global_now variable - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - MINOR: resolvers: Don't try to match immediatly renewed ADD items - MINOR: resolvers: Use milliseconds for cached items in resolver responses - BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible - MINOR: resolvers: Add function to change the srv status based on SRV resolution - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error - MINOR: resolvers: Use a function to remove answers attached to a resolution - BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete - BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item - MINOR: resolvers: new function find_srvrq_answer_record() - BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item - BUG/MEDIUM: resolvers: Don't set an address-less server as UP - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution - BUG/MINOR: resolvers: Reset server address on DNS error only on status change - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check - BUG/MINOR: session: Add some forgotten tests on session's listener - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ(). - BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust() - BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout - BUG/MINOR: mux-h2: Fix typo in scheme adjustment - DOC: spoe: Add a note about fragmentation support in HAProxy - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: http-ana: Only consider dst address to process originalto option - BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() - CLEANUP: muxes: Remove useless if condition in show_fd function - BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup() - BUG/MEDIUM: resolvers: Reset address for unresolved servers - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records - BUG/MINOR: resolvers: new callback to properly handle SRV record errors - BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record - BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned - BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe - BUG/MINOR: sample: secure convs that accept base64 string and var name as args - MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes - BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" - BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok - BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line - BUG/MINOR: server: Init params before parsing a new server-state line - BUG/MINOR: http-rules: Always replace the response status on a return action - BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer - DOC: explain the relation between pool-low-conn and tune.idle-pool.shared - BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions - BUG/MINOR: sample: Always consider zero size string samples as unsafe - BUG/MINOR: checks: properly handle wrapping time in __health_adjust() - BUG/MINOR: session: atomically increment the tracked sessions counter - BUG/MINOR: server: Remove RMAINT from admin state when loading server state - CLEANUP: channel: fix comment in ci_putblk. - DOC: tune: explain the origin of block size for ssl.cachesize - BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL - BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines - BUG/MINOR: stats: revert the change on ST_CONVDONE - BUG/MEDIUM: config: don't pick unset values from last defaults section - CLEANUP: deinit: release global and per-proxy server-state variables on deinit - BUG/MINOR: server: Fix server-state-file-name directive - BUG/MINOR: backend: hold correctly lock when killing idle conn - BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() - BUG/MINOR: server: re-align state file fields number - BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state - BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors - BUG/MINOR: intops: fix mul32hi()'s off-by-one - BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro - BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro - BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro - MINOR: check: do not ignore a connection header for http-check send - BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context - DOC: fix "smp_size" vs "sample_size" in "log" directive arguments - BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link - MINOR: task: remove __tasklet_remove_from_tasklet_list() - BUG/MEDIUM: lists: Lock the element while we check if it is in a list. - BUG/MAJOR: connection: reset conn->owner when detaching from session list - MINOR: config: Deprecate and ignore tune.chksize global option 2021/03/16 : 2.2r1 (1.0.0-237.192) 2021/02/05 : 2.2r1 (1.0.0-235.192) - MINOR: cli/show_fd: report local and report ports when known - BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED - BUG/MEDIUM: mux-h2: handle remaining read0 cases - BUILD: Makefile: move REGTESTST_TYPE default setting - BUG/MINOR: xxhash: make sure armv6 uses memcpy() - BUG/MEDIUM: ssl: check a connection's status before computing a handshake - BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list - DOC: management: fix "show resolvers" alphabetical ordering - MINOR: h1: Raise the chunk size limit up to (2^52 - 1) - MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls - MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls - MINOR: ssl/show_fd: report some FDs as suspicious when possible - MINOR: cli/show_fd: report some easily detectable suspicious states - MINOR: cli: give the show_fd helpers the ability to report a suspicious entry - MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known - MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known - MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known - MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them - MINOR: ssl: provide a "show fd" helper to report important SSL information - MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. - MINOR: cli: make "show fd" also report the xprt and xprt_ctx - CLEANUP: cli: make "show fd" use a const connection to access other fields - CLEANUP: tools: make resolve_sym_name() take a const pointer - MINOR: contrib: Make the wireshark peers dissector compile for more distribs. - BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name 2021/01/26 : 2.2r1 (1.0.0-234.165) - BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown - DOC: Improve documentation of the various hdr() fetches - BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX - BUG/MEDIUM: mux-h2: fix read0 handling on partial frames - BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() - BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper - BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. - MINOR: build: discard echoing in help target - BUG/MINOR: peers: Possible appctx pointer dereference. - BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition - BUILD: peers: fix build warning about unused variable - BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) - MINOR: peers: Add traces for peer control messages. - BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. - MINOR: server: Forbid server definitions in frontend sections - MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities - BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable - MINOR: contrib/prometheus-exporter: use fill_info for process dump - MINOR: contrib/prometheus-exporter: avoid connection close header - BUG/MINOR: init: enforce strict-limits when using master-worker - BUG/MINOR: check: Don't perform any check on servers defined in a frontend - BUG/MINOR: sample: Memory leak of sample_expr structure in case of error - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" - MINOR: reg-tests: add base prometheus test - BUG/MINOR: reg-tests: fix service dependency script - BUG/MINOR: sample: check alloc_trash_chunk return value in concat() - MINOR: reg-tests: add a way to add service dependency 2021/01/08 : 2.2r1 (1.0.0-234.138) - BUG/MINOR: sample: fix concat() converter's corruption with non-string variables - DOC: Add maintainers for the Prometheus exporter - SCRIPTS: announce-release: fix typo in help message - DOC: fix some spelling issues over multiple files - MINOR: contrib/prometheus-exporter: export build_info - CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error - BUILD: Makefile: exclude broken tests by default - MINOR: converter: adding support for url_enc - BUG/MINOR: srv: do not cleanup idle conns if pool max is null - BUG/MINOR: srv: do not init address if backend is disabled - SCRIPTS: make announce release support preparing announces before tag exists - SCRIPTS: improve announce-release to support different tag and versions - BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule - BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails - BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails - MINOR: atomic: don't use ; to separate instruction on aarch64. - BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h - BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup - BUG/MINOR: dns: SRV records ignores duplicated AR records - BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call - BUILD: plock: remove dead code that causes a warning in gcc 11 - CONTRIB: debug: address "poll" utility build on non-linux platforms - CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps - CONTRIB: halog: mark the has_zero* functions unused - CONTRIB: halog: fix build issue caused by %L printf format - BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request - BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode - BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests - BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well - BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call - REGTESTS: make use of HAPROXY_ARGS and pass -dM by default - BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert" - CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric 2020/12/14 : 2.2r1 (1.0.0-233.105) - BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight - BUG/MINOR: tools: Reject size format not starting by a digit - BUG/MINOR: tools: make parse_time_err() more strict on the timer validity - MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules - BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read - BUG/MINOR: http-check: Use right condition to consider HTX message as full - DOC: email change of the DeviceAtlas maintainer - BUG/MEDIUM: spoa/python: Fixing references to None - BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments - BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails - BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations - DOC: spoa/python: Fixing typos in comments - DOC: spoa/python: Rephrasing memory related error messages - DOC: spoa/python: Fixing typo in IP related error messages - BUG/MAJOR: spoa/python: Fixing return None - BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections - DOC/MINOR: Fix formatting in Management Guide - BUILD/MINOR: haproxy DragonFlyBSD affinity build update. - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times - MINOR: cli: add a function to look up a CLI service description - MINOR: actions: add a function returning a service pointer from its name - MINOR: actions: Export actions lookup functions - BUG/MINOR: lua: Some lua init operation are processed unsafe - BUG/MINOR: lua: Post init register function are not executed beyond the first one - BUG/MINOR: lua: lua-load doesn't check its parameters - BUG/MINOR: lua: missing "\n" in error message - MINOR: plock: use an ARMv8 instruction barrier for the pause instruction - BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check - DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool - MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main - BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check - DOC: Clarify %HP description in log-format - DOC: better document the config file format and escaping/quoting rules - BUG/MAJOR: peers: fix partial message decoding - BUG/MEDIUM: http_act: Restore init of log-format list - BUILD: Show the value of DEBUG= in haproxy -vv - BUILD: Make DEBUG part of .build_opts - MINOR: http_act: Add -m flag for del-header name matching method - REGTESTS: converter: add url_dec test - REGTESTS: Add sample_fetches/cook.vtc 2020/11/24 : 2.2r1 (1.0.0-232.63) - BUG/MAJOR: filters: Always keep all offsets up to date during data filtering - DOC: better describes how to configure a fallback crt - BUG/MINOR: http_htx: Fix searching headers by substring - DOC: clarify how to create a fallback crt 2020/11/20 : 2.2r1 (1.0.0-232.59) - BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages - BUG/MINOR: ssl: segv on startup when AKID but no keyid 2020/11/18 : 2.2r1 (1.0.0-232.57) - MINOR: hapee: Update the list of hapee patches - BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests - BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering - BUILD: http-htx: fix build warning regarding long type in printf - MINOR: peers: Add traces to peer_treat_updatemsg(). - REGTEST: make ssl_client_samples and ssl_server_samples require to 2.2 - MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. - MINOR: config/mux-h2: Return ERR_ flags from init_h2() instead of a status - MINOR: init: Fix the prototype for per-thread free callbacks - BUG/MINOR: tcpcheck: Don't warn on unused rules if check option is after - MINOR: spoe: Don't close connection in sync mode on processing timeout - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet - BUG/MINOR: http-htx: Handle warnings when parsing http-error and http-errors - MINOR: check: report error on incompatible connect proto - MINOR: check: report error on incompatible proto - BUG/MEDIUM: check: reuse srv proto only if using same mode - BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches - BUG/MINOR: http-fetch: Extract cookie value even when no cookie name - BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages - BUG/MINOR: peers: Missing TX cache entries reset. - BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. - BUG/MINOR: lua: set buffer size during map lookups - BUG/MINOR: pattern: a sample marked as const could be written - DOC: config: Fix a typo on ssl_c_chain_der - BUG/MINOR: ssl: double free w/ smp_fetch_ssl_x_chain_der() - MINOR: ssl: add ssl_{c,s}_chain_der fetch methods - BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L - MINOR: http-htx: Add understandable errors for the errorfiles parsing - BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher - BUG/MEDIUM: server: make it possible to kill last idle connections 2020/11/04 : 2.2r1 (1.0.0-231.27) - MINOR: hapee: the EXTRAVERSION patch was also backported - BUILD: makefile: add an EXTRAVERSION variable to ease local naming - CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream - BUG/MEDIUM: stick-table: limit the time spent purging old entries - BUG/MINOR: filters: Skip disabled proxies during startup only - BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade - MINOR: server: Copy configuration file and line for server templates - BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup - BUG/MINOR: checks: Report a socket error before any connection attempt - BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies - BUG/MEDIUM: filters: Don't try to init filters for disabled proxies - BUG/MINOR: cache: Inverted variables in http_calc_maxage function - BUG/MINOR: cache: Manage multiple values in cache-control header value - MINOR: ist: Add a case insensitive istmatch function - BUG/MINOR: lua: initialize sample before using it - BUG/MINOR: server: fix down_time report for stats - BUG/MINOR: server: fix srv downtime calcul on starting - BUG/MINOR: log: fix risk of null deref on error path - BUG/MINOR: log: fix memory leak on logsrv parse error - BUG/MINOR: extcheck: add missing checks on extchk_setenv() - BUG/MEDIUM: ssl: OCSP must work with BoringSSL - Revert "MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension" - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible - BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests - BUG/MEDIUM: server: support changing the slowstart value from state-file - BUG/MINOR: queue: properly report redistributed connections - MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension 2020/10/22 : 2.2r1 (1.0.0-230.0)

HAPEE-LB 2.2r1 – Changelog
English French German