version 2.3r1

2021/11/17 : 2.3r1 (1.0.0-245.457) - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 - MINOR: shctx: add a few BUG_ON() for consistency checks - BUG/MINOR: shctx: do not look for available blocks when the first one is enough - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found - BUG/MEDIUM: mux-h2: always process a pending shut read - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found - MINOR: mux-h2: perform a full cycle shutdown+drain on close - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value - BUG/MINOR: mworker: doesn't launch the program postparser - BUG/MEDIUM: conn-stream: Don't reset CS flags on close - DOC: lua: Be explicit with the Reply object limits - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules - DOC: config: Fix typo in ssl_fc_unique_id description - BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value - HAPEE: update backported, hapee and dropped - BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data - SCRIPTS: git-show-backports: re-enable file-based filtering - DOC/peers: some grammar fixes for peers 2.1 spec - MINOR: stream: Improve dump of bogus streams - MINOR: halog: Add support for extracting captures using -hdr - BUG/MINOR: halog: Add missing newlines in die() messages - CLEANUP: halog: Use consistent indentation in help() - MINOR: halog: Rename -qry to -query - DOC: halog: Move the `-qry` parameter into the correct section in help text - MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX - DOC: config: Fix alphabetical order of fc_* samples - BUG/MINOR: sample: fix backend direction flags consecutive to last fix - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags - BUG/MINOR: vars: properly set the argument parsing context in the expression - MINOR: sample: add missing ARGC_ entries - BUG/MINOR: vars: improve accuracy of the rules used to check expression validity - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink - MEDIUM: resolvers: remove the last occurrences of the "safe" argument - MEDIUM: resolvers: use a kill list to preserve the list consistency - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters - CLEANUP: always initialize the answer_list - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed - BUILD: fix compilation on NetBSD - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame - BUG/MAJOR: buf: fix varint API post- vs pre- increment - BUG/MEDIUM: resolvers: always check a valid item in query_list - BUILD: resolvers: avoid a possible warning on null-deref - BUG/MAJOR: resolvers: add other missing references during resolution removal - MINOR: resolvers: merge address and target into a union "data" - BUG/MEDIUM: resolvers: use correct storage for the target address - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records - BUG/MEDIUM: resolver: make sure to always use the correct hostname length - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors 2021/10/19 : 2.3r1 (1.0.0-245.395) - BUG/MEDIUM: sample: properly verify that variables cast to sample - MINOR: sample: provide a generic var-to-sample conversion function - CLEANUP: sample: uninline sample_conv_var2smp_str() - CLEANUP: sample: rename sample_conv_var2smp() to *_sint - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back - MINOR: initcall: Rename __GLOBL and __GLOBL1. - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary - MINOR: htx: Add a function to know if the free space wraps - MINOR: htx: Add an HTX flag to know when a message is fragmented - BUILD: hapee/modules: select either md5 or md5sum 2021/10/08 : 2.3r1 (1.0.0-243.383) - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing - MINOR: arg: Be able to forbid unresolved args when building an argument list - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - BUG/MEDIUM: lua: fix wakeup condition from sleep() - DOC: peers: fix doc "enable" statement on "peers" sections - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer - BUG/MINOR: http-ana: increment internal_errors counter on response error - BUG/MINOR: h1-htx: Fix a typo when request parser is reset - BUG/MINOR: server: allow 'enable health' only if check configured 2021/09/20 : 2.3r1 (1.0.0-243.366) - BUG/MINOR: cli/payload: do not search for args inside payload - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc - DOC: management: certificate files must be sanitized before injection - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check - MINOR: pools: use mallinfo2() when available instead of mallinfo() - MINOR: pools: automatically disable malloc_trim() with external allocators - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() - BUG/MINOR: compat: make sure __WORDSIZE is always defined - Revert "REGTESTS: mark http_abortonclose as broken" - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached - BUG/MINOR: systemd: ExecStartPre must use -Ws - BUG/MINOR: filters: Set right FLT_END analyser depending on channel - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered - BUG/MINOR: lua: Don't yield in channel.append() and channel.set() - BUG/MINOR: lua: Yield in channel functions only if lua context can yield - MINOR: lua: Add a flag on lua context to know the yield capability at run time - REGTESTS: mark http_abortonclose as broken - MINOR: action: Use a generic function to check validity of an action rule list - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" 2021/09/07 : 2.3r1 (1.0.0-243.345) 2021/09/03 : 2.3r1 (1.0.0-242.345) - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - DOC: configuration: remove wrong tcp-request examples in tcp-response - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser - CLEANUP: Add missing include guard to signal.h - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions - REGTESTS: abortonclose: after retries, 503 is expected, not close - BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- 2021/08/20 : 2.3r1 (1.0.0-242.330) - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path 2021/08/13 : 2.3r1 (1.0.0-241.329) - REGTESTS: add a test to prevent h2 desync attacks - BUG/MEDIUM: h2: give :authority precedence over Host - BUG/MAJOR: h2: enforce checks on the method syntax before translating to HTX - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax - MINOR: http: add a new function http_validate_scheme() to validate a scheme - BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check - MINOR: hapee: update list of patches backported from 2.4 - BUILD/MINOR: memprof fix macOs build. - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - DOC: config: Fix 'http-response send-spoe-group' documentation - DOC: Improve the lua documentation - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer - BUG/MINOR: buffer: fix buffer_dump() formatting - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: pollers: always program an update for migrated FDs - BUG/MINOR: poll: fix abnormally high skip_fd counter - BUG/MINOR: select: fix excess number of dead/skip reported - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree - BUG/MINOR: check: fix the condition to validate a port-less server - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUILD: lua: silence a build warning with TCC - BUILD: add detection of missing important CFLAGS 2021/07/09 : 2.3r1 (1.0.0-239.297) - MINOR: hapee: .hapee/backports renamed to .hapee/backported - MINOR: hapee: Update the list of backported patches - BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header - BUG/MINOR: mqtt: Support empty client ID in CONNECT message - BUG/MINOR: mqtt: Fix parser for string with more than 127 characters - BUG/MAJOR: pools: second fix for incomplete backport of lockless pool fix - BUG/MAJOR: pools: fix incomplete backport of lockless pool fix - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - BUG/MINOR: resolvers: Always attach server on matching record on resolution - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MINOR: server-state: load SRV resolution only if params match the config - DOC: config: use CREATE USER for mysql-check - DOC: peers: fix the protocol tag name in the doc - DOC: stick-table: add missing documentation about gpt0 stored type - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - BUG/MINOR: cli: fix server name output in "show fd" - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules - BUG/MINOR: checks: return correct error code for srv_parse_agent_check - DOC: config: Add missing actions in "tcp-request session" documentation - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - REGTESTS: fix maxconn update with agent-check - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item - BUG/MINOR: resolvers: answser item list was randomly purged or errors 2021/06/21 : 2.3r1 (1.0.0-239.260) - BUILD: cfgparse-ssl: Remove const from defpx param in keylog parsing function - BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MINOR: stats: make "show stat typed desc" work again - MINOR: backend: only skip LB when there are actual connections - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - BUG/MINOR: mworker: fix typo in chroot error message - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - DOC: lua: Add a warning about buffers modification in HTTP - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded - CLEANUP: pools: remove now unused seq and pool_free_list - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - MEDIUM: pools: use a single pool_gc() function for locked and lockless - MINOR: pools: call malloc_trim() under thread isolation - MINOR: pools: do not maintain the lock during pool_flush() - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - BUILD: make tune.ssl.keylog available again - DOC: use the req.ssl_sni in examples - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry - DOC/MINOR: move uuid in the configuration to the right alphabetical order - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - REGTESTS: Add script to test abortonclose option - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set - MEDIUM: mux-h1: Don't block reads when waiting for the other side - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() 2021/05/11 : 2.3r1 (1.0.0-239.210) - MINOR: memprof: also report the totals and delta alloc-free - MINOR: memprof: also report the method used by each call - BUG/MINOR: memprof: properly account for differences for realloc() - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD - BUILD: memprof: make the old caller pointer a const in get_prof_bin() - DOC: ssl: Add information about crl-file option - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MEDIUM: dns: reset file descriptor if send returns an error 2021/05/07 : 2.3r1 (1.0.0-239.197) - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() - BUILD: activity: do not include malloc.h - MINOR: hapee: Update the list of backported patches - BUILD: makefile: add new option USE_MEMORY_PROFILING - MINOR: activity: add the profiling.memory global setting - MINOR: activity: make "show profiling" also dump the memoery usage - MINOR: activity: make "show profiling" support a few arguments - MINOR: activity: clean up the show profiling io_handler a little bit - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING - MINOR: activity: declare the storage for memory usage statistics - MINOR: activity: add a "memory" entry to "profiling" - MINOR: tools: add functions to retrieve the address of a symbol 2021/05/05 : 2.3r1 (1.0.0-239.185) - MINOR: debug: add a new "debug dev sym" command in expert mode - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - MEDIUM: pools: call malloc_trim() from pool_gc() - MINOR: compat: automatically include malloc.h on glibc - BUG/MINOR: ssl/cli: fix a lock leak when no memory available - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - REGTESTS: add minimal CLI "add map" tests 2021/04/29 : 2.3r1 (1.0.0-239.177) - MINOR: hapee: Update the list of backported/hapee patches - DOC: general: fix example in set-timeout - REGTESTS: add regtest for http-request set-timeout - MINOR: stream: add timeout sample fetches - MINOR: stream: add sample fetches - MINOR: backend: add timeout sample fetches - MINOR: frontend: add client timeout sample fetch - MEDIUM: http_act: define set-timeout server/tunnel action - MEDIUM: stream: support a dynamic tunnel timeout - MEDIUM: stream: support a dynamic server timeout - MINOR: stream: prepare the hot refresh of timeouts - MINOR: action: define enum for timeout type of the set-timeout rule 2021/04/28 : 2.3r1 (1.0.0-239.165) - MINOR: peers: add informative flags about resync process for debugging - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - MINOR: hapee: Update the list of backported/hapee patches - BUG/MINOR: ssl: ssl_sock_prepare_ssl_ctx does not return an error code - BUG/MINOR: applet: Notify the other side if data were consumed by an applet - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message - BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MINOR: peers: remove useless table check if initial resync is finished - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data - BUG/MINOR: mworker: don't use oldpids[] anymore for reload - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MEDIUM: config: fix cpu-map notation with both process and threads - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers - BUG/MINOR: server: free srv.lb_nodes in free_server - BUG/MINOR: mux-h1: Release idle server H1 connection if data are received - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded - BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check - MINOR: connection: Make bc_http_major compatible with tcp-checks - BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections - MINOR: logs: Add support of checks as session origin to format lf strings - BUG/MINOR: checks: Set missing id to the dummy checks frontend - BUG/MEDIUM: threads: Ignore current thread to end its harmless period - DOC: ssl: Certificate hot update only works on fronted certificates - BUG/MEDIUM: sample: Fix adjusting size in field converter - MINOR: No longer rely on deprecated sample fetches for predefined ACLs - DOC: clarify that compression works for HTTP/2 - BUG/MINOR: tools: fix parsing "us" unit for timers - CONTRIB: halog: fix issue with array of type char - REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken - DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options 2021/04/02 : 2.3r1 (1.0.0-239.124) - MINOR: hapee: Update list of dropped/hapee patches - REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021/04/01 : 2.3r1 (1.0.0-239.122) - MINOR: hapee: fix the backports command line - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields - BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one - BUG/MINOR: ssl: Fix update of default certificate - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUILD: backend: fix build breakage in idle conn locking fix - BUG/MEDIUM: time: make sure to always initialize the global tick - BUG/MINOR: stats: Apply proper styles in HTML status page. - BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv - MEDIUM: backend: use a trylock to grab a connection on high FD counts as well - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless - BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. 2021/03/26 : 2.3r1 (1.0.0-239.106) 2021/03/24 : 2.3r1 (1.0.0-238.106) - CLEANUP: fd: remove unused fd_set_running_excl() - BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() - MINOR: fd: remove the unneeded running bit from fd_insert() - MINOR: fd: make fd_clr_running() return the remaining running mask - MINOR: hapee: Update the list of backported/hapee patches - MINOR: ssl: add SSL_SERVER_LOCK label in threads.h - BUG/MEDIUM: lua: Always init the lua stack before referencing the context - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback - MINOR: lua: Slightly improve function dumping the lua traceback - BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro - BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" - BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable - MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket - BUG/MINOR: protocol: add missing support of dgram unix socket. - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - MINOR: time: also provide a global, monotonic global_now_ms timer - BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback 2021/03/18 : 2.3r1 (1.0.0-238.88) - BUG/MINOR: sample: Rename SenderComID/TargetComID to SenderCompID/TargetCompID - MINOR: hapee: Update list of backports - BUG/MINOR: freq_ctr/threads: make use of the last updated global time - MINOR: time: export the global_now variable - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - MINOR: resolvers: Don't try to match immediatly renewed ADD items - MINOR: resolvers: Use milliseconds for cached items in resolver responses - BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible - MINOR: resolvers: Add function to change the srv status based on SRV resolution - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error - MINOR: resolvers: Use a function to remove answers attached to a resolution - BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete - BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item - MINOR: resolvers: new function find_srvrq_answer_record() - BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item - BUG/MEDIUM: resolvers: Don't set an address-less server as UP - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution - BUG/MINOR: resolvers: Reset server address on DNS error only on status change - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check - BUG/MINOR: session: Add some forgotten tests on session's listener - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw() - BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. - OPTIM: task: automatically adjust the default runqueue-depth to the threads - MINOR: task: give the scheduler a bit more flexibility in the runqueue size - MEDIUM: task: remove the tasks_run_queue counter and have one per thread - MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks - MINOR: xprt: add new xprt_set_idle and xprt_set_used methods - MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1 - MINOR: task: add an application specific flag to the state: TASK_F_USR1 - BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake - MINOR: ssl: mark the SSL handshake tasklet as heavy - MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY - MEDIUM: backend: use a trylock when trying to grab an idle connection - MINOR: pools: double the local pool cache size to 1 MB - MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS - MEDIUM: streams: do not use the streams lock anymore - MINOR: streams: use one list per stream instead of a global one - MINOR: cli/streams: make "show sess" dump all streams till the new epoch - MINOR: stream: add an "epoch" to figure which streams appeared when - MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold - MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait - MINOR: dynbuf: make the buffer wait queue per thread - OPTIM: lb-leastconn: do not unlink the server if it did not change - OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn - OPTIM: lb-first: do not take the server lock on take_conn/drop_conn - MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock - MINOR: server: move actconns to the per-thread structure - OPTIM: server: switch the actconn list to an mt-list - MINOR: listener: refine the default MAX_ACCEPT from 64 to 4 - MINOR: tasks: refine the default run queue depth - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs - MINOR: atomic: add armv8.1-a atomics variant for cas-dw - BUG/MINOR: mt-list: always perform a cpu_relax call on failure - REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MINOR: backend: fix condition for reuse on mode HTTP - BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout - BUG/MINOR: mux-h2: Fix typo in scheme adjustment - DOC: spoe: Add a note about fragmentation support in HAProxy - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: http-ana: Only consider dst address to process originalto option - BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() - BUG/MINOR: stats: fix compare of no-maint url suffix - CLEANUP: muxes: Remove useless if condition in show_fd function - BUG/MEDIUM: resolvers: Reset address for unresolved servers - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records - BUG/MINOR: resolvers: new callback to properly handle SRV record errors - BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record - BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned - BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe - BUG/MINOR: sample: secure convs that accept base64 string and var name as args - MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes 2021/03/16 : 2.3r1 (1.0.0-238.0) 2021/03/01 : 2.3r1 (1.0.0-237.0)

HAPEE-LB 2.3r1 – Changelog
English French German