Changelog

version 2.2r1



2024/01/17 : 2.2r1 (1.0.0-260.1060) - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - DOC: configuration: typo req.ssl_hello_type - BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( - BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation - BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly - DOC: Clarify the differences between field() and word() - BUG/MINOR: sample: Make the `word` converter compatible with `-m found` - REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter - DOC: config: add matrix entry for "max-session-srv-conns" - DOC: config: specify supported sections for "max-session-srv-conns" - DOC: 51d: updated 51Degrees repo URL for v3.2.10 - REGTESTS: http: add a test to validate chunked responses delivery - BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() - BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer - BUG/MINOR: stconn: Fix streamer detection for HTX streams - MINOR: channel: Add functions to get info on buffers and deal with HTX streams - MINOR: htx: Use a macro for overhead induced by HTX - BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented - REGTESTS: http: Improve script testing abortonclose option - BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only - MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads - MINOR: connection: Add a CTL flag to notify mux it should wait for reads again - BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up - DOC: config: use the word 'backend' instead of 'proxy' in 'track' description - DOC: management: -q is quiet all the time - BUG/MINOR: stick-table/cli: Check for invalid ipv4 key - BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure - BUG/MINOR: stktable: missing free in parse_stick_table() - BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure - BUG/MEDIUM: ssl: segfault when cipher is NULL - BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA - BUG/MINOR: mux-h2: commit the current stream ID even on reject - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending - BUG/MEDIUM: actions: always apply a longest match on prefix lookup - BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths - MINOR: pattern: fix pat_{parse,match}_ip() function comments - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records - MINOR: buf: Add b_force_xfer() function - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() - CI: Update to actions/checkout@v4 - BUG/MINOR: hlua/action: incorrect message on E_YIELD error - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown - DOC: lua: fix core.register_action typo - SCRIPTS: git-show-backports: automatic ref and base detection with -m - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection 2023/10/10 : 2.2r1 (1.0.0-258.1005) 2023/08/16 : 2.2r1 (1.0.0-257.1005) - BUG/MINOR: http: skip leading zeroes in content-length values - DOC: clarify the handling of URL fragments in requests - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h1: do not accept '#' as part of the URI component - MINOR: h2: pass accept-invalid-http-request down the request parser - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: ist: Add istend() function to return a pointer to the end of the string - MINOR: ist: add new function ist_find_range() to find a character range - BUG/MAJOR: http: reject any empty content-length header value - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - DOC: configuration: describe Td in Timing events - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses - CI: explicitely highlight VTest result section if there's something - BUG/MINOR: http: Return the right reason for 302 - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters - BUG/MINOR: ring: maxlen warning reported as alert - DOC: Add tune.h2.max-frame-size option to table of contents - BUG/MEDIUM: mworker: increase maxsock with each new worker - BUG/MINOR: namespace: missing free in netns_sig_stop() - BUG/MINOR: server: inherit from netns in srv_settings_cpy() - BUG/MINOR: proxy: add missing interface bind free in free_proxy - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line 2023/06/09 : 2.2r1 (1.0.0-257.981) 2023/06/06 : 2.2r1 (1.0.0-255.981) - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - CONTRIB: Add vi file extensions to .gitignore - DOC: config: Fix bind/server/peer documentation in the peers section 2023/05/26 : 2.2r1 (1.0.0-255.978) - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: server: don't use date when restoring last_change from state file - BUG/MINOR: server: don't miss server stats update on server state transitions - BUG/MINOR: server: don't miss proxy stats update on server state transitions - MINOR: server: explicitly commit state change in srv_update_status() - BUG/MINOR: server: incorrect report for tracking servers leaving drain - BUILD: ssl: switch LibreSSL to Fastly CDN - CI: switch to Fastly CDN to download LibreSSL - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones - BUG/MINOR: debug: do not emit empty lines in thread dumps - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup - MINOR: spoe: Don't stop disabled proxies - BUG/MINOR: proxy: missing free in free_proxy for redirect rules - BUG/MINOR: log: fix memory error handling in parse_logsrv() - SCRIPTS: publish-release: update the umask to keep group write access - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input 2023/05/17 : 2.2r1 (1.0.0-255.958) - BUILD: checks: fix build failure on macos after last fix - BUG/MINOR: checks: postpone the startup of health checks by the boot time - MINOR: clock: measure the total boot time - MINOR: checks: make sure spread-checks is used also at boot time 2023/04/24 : 2.2r1 (1.0.0-255.954) - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests - BUG/MEDIUM: Update read expiration date on synchronous send - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop - BUG/MINOR: cfgparse: make sure to include openssl-compat - CI: bump "actions/checkout" to v3 for cross zoo matrix - BUG/MINOR: stick_table: alert when type len has incorrect characters - DOC: config: strict-sni allows to start without certificate - MINOR: proxy/pool: prevent unnecessary calls to pool_gc() - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section - DOC: config: Add the missing tune.fail-alloc option from global listing - DOC: config: Fix description of options about HTTP connection modes - BUG/MINOR: ring: do not realign ring contents on resize - BUG/MINOR: mworker: prevent incorrect values in uptime - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong - BUG/MINOR: mworker: stop doing strtok directly from the env - DOC/MINOR: reformat configuration.txt's "quoting and escaping" table - CI: github: don't warn on deprecated openssl functions on windows 2023/02/13 : 2.2r1 (1.0.0-254.929) - BUG/CRITICAL: http: properly reject empty http header field names - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first - DOC: proxy-protocol: fix wrong byte in provided example - DOC: config: 'http-send-name-header' option may be used in default section - DOC: config: fix option spop-check proxy compatibility - BUG/MEDIUM: cache: use the correct time reference when comparing dates - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge - BUG/MINOR: ssl/crt-list: warn when a line is malformated - BUG/MEDIUM: ssl: wrong eviction from the session cache tree - BUG/MEDIUM: sink: Fix release of sinks during the deinit - BUG/MINOR: sink: free the forwarding task on exit 2023/02/08 : 2.2r1 (1.0.0-253.918) 2023/01/20 : 2.2r1 (1.0.0-251.918) - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain - BUILD: hpack: include global.h for the trash that is needed in debug mode - BUG/MINOR: mux-h2: add missing traces on failed headers decoding - BUG/MINOR: mux-fcgi: Correctly set pathinfo - BUG/MINOR: http-ana: make set-status also update txn->status - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body - BUG/MINOR: promex: Don't forget to consume the request on error - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action - CLEANUP: htx: fix a typo in an error message of http_str_to_htx - BUG/MINOR: http: Memory leak of http redirect rules' format string - REGTEST: fix the race conditions in hmac.vtc - REGTEST: fix the race conditions in digest.vtc - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set - BUILD: makefile: sort the features list - BUILD: makefile: build the features list dynamically - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set - LICENSE: wurfl: clarify the dummy library license. - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout - REGTESTS: startup: check maxconn computation - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers - BUG/MINOR: ssl: Fix potential overflow - BUG/MEDIUM: ssl: Verify error codes can exceed 63 - BUG/MINOR: cfgparse: Use the right proxy list during validity check of sinks 2022/12/27 : 2.2r1 (1.0.0-251.891) 2022/12/16 : 2.2r1 (1.0.0-250.891) - BUILD: peers: peers-t.h depends on stick-table-t.h - BUG/MINOR: hapee/modules: make sure generated includes and structs are sorted - MINOR: hapee/modules: check if we generate the API hash correctly 2022/12/15 : 2.2r1 (1.0.0-250.888) - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk 2022/12/09 : 2.2r1 (1.0.0-250.887) - CI: github: change "ubuntu-latest" to "ubuntu-20.04" - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side - Revert "CI: determine actual OpenSSL version dynamically" - Revert "CI: switch to the "latest" LibreSSL" - SCRIPTS: announce-release: add a link to the data plane API - DOC: config: clarify the -m dir and -m dom pattern matching methods - DOC: config: clarify the fact that "retries" is not just for connections - DOC: config: explain how default matching method for ACL works - DOC: config: mention that a single monitor-uri rule is supported - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios - DOC: config: provide some configuration hints for "http-reuse" 2022/11/29 : 2.2r1 (1.0.0-250.876) - BUILD: listener: fix build warning on global_listener_rwlock without threads - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns - BUILD: peers: Remove unused variables - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored - BUG/MINOR: ssl: don't initialize the keylog callback when not required - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes - BUG/MEDIUM: ring: fix creation of server in uninitialized ring - DOC: config: fix alphabetical ordering of global section - BUG/MINOR: resolvers: Set port before IP address when processing SRV records - BUG/MINOR: http-htx: Fix error handling during parsing http replies - CI: emit the compiler's version in the build reports - CI: switch to the "latest" LibreSSL - BUG/MINOR: ssl: ocsp structure not freed properly in case of error - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer - CI: add monthly gcc cross compile jobs - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task 2022/10/26 : 2.2r1 (1.0.0-250.858) - BUG/MAJOR: stick-table: don't process store-response rules for applets - DOC: management: add forgotten "show startup-logs" - CI: SSL: temporarily stick to LibreSSL=3.5.3 - CI: SSL: use proper version generating when "latest" semantic is used - BUG/MEDIUM: compression: handle rewrite errors when updating response headers - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py - BUG/MINOR: server: make sure "show servers state" hides private bits - BUG/MAJOR: stick-tables: do not try to index a server name for applets - DOC: configuration: missing 'if' in tcp-request content example - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() - BUG/MEDIUM: lua: handle stick table implicit arguments right. - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure - DOC: config: Fix pgsql-check documentation to make user param mandatory - BUG/MINOR: checks: update pgsql regex on auth packet - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies - BUILD: ssl-ckch: Fix GCC warning about a if statement always true - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. - BUG/MINOR: log: improper behavior when escaping log data - SCRIPTS: announce-release: update some URLs to https - BUILD: fd: fix a build warning on the DWCAS - BUG/MEDIUM: captures: free() an error capture out of the proxy lock - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK - CI: cirrus-ci: bump FreeBSD image to 13-1 - BUG/MINOR: signals/poller: ensure wakeup from signals - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals - BUG/MINOR: h1: Support headers case adjustment for TCP proxies - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages 2022/08/30 : 2.2r1 (1.0.0-250.824) - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode - DOC: configuration: do-resolve doesn't work with a port in the string - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names - BUILD: http: silence an uninitialized warning affecting gcc-5 - BUG/MINOR: sink: fix a race condition between the writer and the reader - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader - BUG/MEDIUM: proxy: Perform a custom copy for default server settings - REORG: server: Export srv_settings_cpy() function - MINOR: server: Constify source server to copy its settings - BUG/MINOR: peers: Use right channel flag to consider the peer as connected - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer 2022/07/29 : 2.2r1 (1.0.0-249.805) - BUG/MINOR: sockpair: wrong return value for fd_send_uxst() - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible - REGTESTS: Fix some scripts to be compatible with 2.4 and prior - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state - BUG/MINOR: peers: fix possible NULL dereferences at config parsing - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule - BUG/MINOR: peers/config: always fill the bind_conf's argument - CI: re-enable gcc asan builds - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created - BUG/MINOR: ssl: Do not look for key in extra files if already in pem - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration - BUG/MINOR: cli/stats: add missing trailing LF after "show info json" - BUG/MINOR: server: do not enable DNS resolution on disabled proxies - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs - REGTESTS: healthcheckmail: Relax health-check failure condition - REGTESTS: healthcheckmail: Update the test to be functionnal again - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert - BUILD: compiler: implement unreachable for older compilers too - REGTESTS: restrict_req_hdr_names: Extend supported versions - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients - REGTESTS: abortonclose: Add a barrier to not mix up log messages - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails - BUG/MEDIUM: dns: Keep the right count of active nameservers for a resolver - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path 2022/06/10 : 2.2r1 (1.0.0-247.769) - BUG/MINOR: ssl: Fix crash when no private key is found in pem - DOC: peers: fix port number and addresses on new peers section format - DOC: peers: clarify when entry expiration date is renewed. - DOC: peers: indicate that some server settings are not usable - SCRIPTS: make publish-release try to launch make-releases-json - SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) - BUG/MEDIUM: sample: Fix adjusting size in word converter - BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section - BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections - BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function - BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols - CI: determine actual OpenSSL version dynamically - BUG/MINOR: peers: fix error reporting of "bind" lines - BUG/MINOR: cfgparse: abort earlier in case of allocation error - BUG/MINOR: check: Reinit the buffer wait list at the end of a check - BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() - REGTESTS: abortonclose: Fix some race conditions - BUILD: fix build warning on solaris based systems with __maybe_unused. - MEDIUM: http-ana: Add a proxy option to restrict chars in request header names - CI: determine actual LibreSSL version dynamically 2022/05/13 : 2.2r1 (1.0.0-247.748) - CLEANUP: mux-h1: Fix comments and error messages for global options - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). - DOC: fix typo "ant" for "and" in INSTALL - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init - BUG/MINOR: map/cli: protect the backref list during "show map" errors - BUG/MEDIUM: cli: make "show cli sockets" really yield - BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] - DOC: config: Update doc for PR/PH session states to warn about rewrite failures - BUG/MINOR: mux-h2: mark the stream as open before processing it not after - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket 2022/05/05 : 2.2r1 (1.0.0-247.737) - SCRIPTS: announce-release: add URL of dev packages - CI: github actions: update LibreSSL to 3.5.2 - BUILD: proto_uxst: do not set unused flag - BUILD: sockpair: do not set unused flag - BUILD: fd: remove unused variable totlen in fd_write_frag_line() - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments - DOC: remove my name from the config doc - BUG/MINOR: cache: Disable cache if applet creation fails - SCRIPTS: announce-release: add shortened links to pending issues - DOC: lua: update a few doc URLs - SCRIPTS: announce-release: update the doc's URL - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side - BUG/MINOR: cache: do not display expired entries in "show cache" - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent - CI: cirrus: switch to FreeBSD-13.0 - CI: Update to actions/cache@v3 - CI: Update to actions/checkout@v3 - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests - CI: github actions: update OpenSSL to 3.0.2 - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream - DOC: reflect H2 timeout changes - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts - MEDIUM: mux-h2: slightly relax timeout management rules - BUG/MEDIUM: stream-int: do not rely on the connection error once established 2022/03/29 : 2.2r1 (1.0.0-246.705) - BUG/MEDIUM: mux-h1: Properly detect full buffer cases when adding EOM block - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing - BUG/MINOR: tools: url2sa reads too far when no port nor path - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf - CI: github actions: switch to LibreSSL-3.5.1 2022/03/25 : 2.2r1 (1.0.0-245.698) - BUG/MINOR: tools: fix url2sa return value with IPv4 2022/03/17 : 2.2r1 (1.0.0-245.697) 2022/03/14 : 2.2r1 (1.0.0-244.697) - BUILD: tree-wide: mark a few numeric constants as explicitly long long - DOC: Fix usage/examples of deprecated ACLs - BUG/MINOR: stream: make the call_rate only count the no-progress calls - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - DEBUG: stream: Fix stream trace message to print response buffer state - DEBUG: stream: Add the missing descriptions for stream trace events - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cli: shows correct mode in "show sess" 2022/03/01 : 2.2r1 (1.0.0-244.684) - CI: github actions: use cache for SSL libs - CI: github actions: add the output of $CC -dM -E- - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks - CLEANUP: atomic: add a fetch-and-xxx variant for common operations - REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h - REGTESTS: fix the race conditions in secure_memcmp.vtc - BUILD/MINOR: fix solaris build with clang. - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer - BUG/MINOR: tools: url2sa reads ipv4 too far - BUG/MINOR: mailers: negotiate SMTP, not ESMTP - CI: github actions: update OpenSSL to 3.0.1 - CI: github: switch to OpenSSL 3.0.0 - CI: github actions: relax OpenSSL-3.0.0 version comparision - CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 - CI: github actions: add OpenSSL-3.0.0 builds - BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 - BUILD: fix compilation for OpenSSL-3.0.0-alpha17 - CI: ssl: keep the old method for ancient OpenSSL versions - CI: ssl: do not needlessly build the OpenSSL docs - CI: ssl: enable parallel builds for OpenSSL on Linux - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names - BUG/MINOR: sink: Use the right field in appctx context in release callback - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies - BUG/MINOR: mworker: does not erase the pidfile upon reload - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them - BUG/MEDIUM: mcli: do not try to parse empty buffers - BUG/MEDIUM: cli: Never wait for more data on client shutdown - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands - MINOR: channel: add new function co_getdelim() to support multiple delimiters - MEDIUM: cli: yield between each pipelined command - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer 2022/01/13 : 2.2r1 (1.0.0-244.645) - BUG/MEDIUM: mworker: don't use _getsocks in wait mode - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry - BUG/MINOR: cli: fix _getsocks with musl libc - BUILD/MINOR: tools: solaris build fix on dladdr. - BUG/MINOR: ssl: free the fields in srv->ssl_ctx - CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - DOC: fix misspelled keyword "resolve_retries" in resolvers - BUILD: ssl: unbreak the build with newer libressl - BUILD: cli: clear a maybe-unused warning on some older compilers - BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode - BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose - BUG/MINOR: backend: do not set sni on connection reuse - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode - DOC: config: retry-on list is space-delimited - DOC: config: Specify %Ta is only available in HTTP mode - DOC: spoe: Clarify use of the event directive in spoe-message section - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types - MINOR: ssl: make tlskeys_list_get_next() take a list element - CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() - CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() - BUG/MEDIUM: resolvers: Detach query item on response error - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time - MINOR: cli: "show version" displays the current process version - REGTESTS: mark the abns test as broken again - BUILD: makefile: add entries to build common debugging tools - CI: Github Actions: temporarily disable BoringSSL builds - CI: Github Actions: switch to LibreSSL-3.3.3 - CI: github actions: update LibreSSL to 3.2.5 - Revert "CI: Pin VTest to a known good commit" - CI: github actions: switch to stable LibreSSL release - CI: Fix the coverity builds - CI: Fix DEBUG_STRICT definition for Coverity - CI: Pin VTest to a known good commit - CI: github actions: build several popular "contrib" tools - CI: GitHub Actions: enable daily Coverity scan - CI: github actions: enable 51degrees feature - CI: github actions: update LibreSSL to 3.3.0 - CI: Clean up Windows CI - CI: Pass the github.event_name to matrix.py - CI: Github Action: run "apt-get update" before packages restore - CI: Github Actions: enable BoringSSL builds - CI: Github Actions: remove LibreSSL-3.0.2 builds - CI: Github Actions: enable prometheus exporter - CI: Stop hijacking the hosts file - CI: Expand use of GitHub Actions for CI - DOC: configuration: issuers-chain-path only applies to bind lines 2021/12/02 : 2.2r1 (1.0.0-244.598) - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found 2021/11/25 : 2.2r1 (1.0.0-244.597) - BUG/MINOR: shctx: do not look for available blocks when the first one is enough - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found - BUG/MEDIUM: mux-h2: always process a pending shut read - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 - CLEANUP: ssl: Release cached SSL sessions on deinit - MINOR: mux-h2: perform a full cycle shutdown+drain on close - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value - BUG/MINOR: mworker: doesn't launch the program postparser - BUG/MEDIUM: conn-stream: Don't reset CS flags on close - DOC: lua: Be explicit with the Reply object limits - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules - DOC: config: Fix typo in ssl_fc_unique_id description - BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value - BUG/MINOR: sample: fix backend direction flags consecutive to last fix - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data - MINOR: stream: Improve dump of bogus streams - DOC: config: Fix alphabetical order of fc_* samples - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink - MEDIUM: resolvers: remove the last occurrences of the "safe" argument - MEDIUM: resolvers: use a kill list to preserve the list consistency - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters - CLEANUP: always initialize the answer_list - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed - BUILD: fix compilation on NetBSD - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame - BUG/MAJOR: buf: fix varint API post- vs pre- increment - BUG/MEDIUM: resolvers: always check a valid item in query_list - BUILD: resolvers: avoid a possible warning on null-deref - BUG/MAJOR: resolvers: add other missing references during resolution removal - MINOR: resolvers: merge address and target into a union "data" - BUG/MEDIUM: resolvers: use correct storage for the target address - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records - BUG/MEDIUM: resolver: make sure to always use the correct hostname length - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors - BUG/MEDIUM: sample: properly verify that variables cast to sample - MINOR: sample: provide a generic var-to-sample conversion function - CLEANUP: sample: uninline sample_conv_var2smp_str() - CLEANUP: sample: rename sample_conv_var2smp() to *_sint - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back - MINOR: initcall: Rename __GLOBL and __GLOBL1. - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary - MINOR: htx: Add a function to know if the free space wraps - MINOR: htx: Add an HTX flag to know when a message is fragmented 2021/10/11 : 2.2r1 (1.0.0-244.538) - BUILD: hapee/modules: select either md5 or md5sum 2021/10/08 : 2.2r1 (1.0.0-242.537) - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release - BUG/MINOR: filters: Set right FLT_END analyser depending on channel - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing - MINOR: arg: Be able to forbid unresolved args when building an argument list - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - BUG/MEDIUM: lua: fix wakeup condition from sleep() - DOC: peers: fix doc "enable" statement on "peers" sections - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer - BUG/MINOR: http-ana: increment internal_errors counter on response error - BUG/MINOR: h1-htx: Fix a typo when request parser is reset - BUG/MINOR: server: allow 'enable health' only if check configured 2021/09/20 : 2.2r1 (1.0.0-242.518) - MINOR: hapee: update .hapee files - BUG/MINOR: cli/payload: do not search for args inside payload - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc - DOC: management: certificate files must be sanitized before injection - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check - BUG/MINOR: compat: make sure __WORDSIZE is always defined - Revert "REGTESTS: mark http_abortonclose as broken" - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached - BUG/MINOR: systemd: ExecStartPre must use -Ws - REGTESTS: mark http_abortonclose as broken - MINOR: action: Use a generic function to check validity of an action rule list - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" - DOC/MINOR: fix typo in management document 2021/09/07 : 2.2r1 (1.0.0-242.505) 2021/09/03 : 2.2r1 (1.0.0-241.505) - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - DOC: configuration: remove wrong tcp-request examples in tcp-response - CLEANUP: Add missing include guard to signal.h - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions - REGTESTS: abortonclose: after retries, 503 is expected, not close - BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- 2021/08/20 : 2.2r1 (1.0.0-241.491) - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path 2021/08/13 : 2.2r1 (1.0.0-240.490) - REGTESTS: add a test to prevent h2 desync attacks - BUG/MEDIUM: h2: give :authority precedence over Host - BUG/MAJOR: h2: enforce checks on the method syntax before translating to HTX - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax - MINOR: http: add a new function http_validate_scheme() to validate a scheme - BUILD/MINOR: memprof fix macOs build. - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - DOC: config: Fix 'http-response send-spoe-group' documentation - DOC: Improve the lua documentation - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer - BUG/MINOR: buffer: fix buffer_dump() formatting - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: pollers: always program an update for migrated FDs - BUG/MINOR: poll: fix abnormally high skip_fd counter - BUG/MINOR: select: fix excess number of dead/skip reported - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree - BUG/MINOR: check: fix the condition to validate a port-less server - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUILD: add detection of missing important CFLAGS - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MINOR: server-state: load SRV resolution only if params match the config 2021/08/09 : 2.2r1 (1.0.0-240.455) 2021/07/09 : 2.2r1 (1.0.0-238.455) - BUG/MAJOR: pools: second fix for incomplete backport of lockless pool fix - BUG/MAJOR: pools: fix incomplete backport of lockless pool fix - CLEANUP: pools: remove now unused seq and pool_free_list - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - MEDIUM: pools: use a single pool_gc() function for locked and lockless - MINOR: pools: do not maintain the lock during pool_flush() - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - BUG/MINOR: resolvers: Always attach server on matching record on resolution - DOC: config: use CREATE USER for mysql-check - DOC: peers: fix the protocol tag name in the doc - DOC: stick-table: add missing documentation about gpt0 stored type - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - BUG/MINOR: cli: fix server name output in "show fd" - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item - BUG/MINOR: resolvers: answser item list was randomly purged or errors - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules - BUG/MINOR: checks: return correct error code for srv_parse_agent_check - DOC: config: Add missing actions in "tcp-request session" documentation - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - REGTESTS: fix maxconn update with agent-check - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check 2021/06/18 : 2.2r1 (1.0.0-238.424) - BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - BUG/MINOR: mworker: fix typo in chroot error message - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - DOC: lua: Add a warning about buffers modification in HTTP - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded 2021/06/17 : 2.2r1 (1.0.0-238.414) - MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - DOC: use the req.ssl_sni in examples - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry - DOC/MINOR: move uuid in the configuration to the right alphabetical order - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - REGTESTS: Add script to test abortonclose option - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set - MEDIUM: mux-h1: Don't block reads when waiting for the other side - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() 2021/05/11 : 2.2r1 (1.0.0-238.383) - MINOR: memprof: also report the totals and delta alloc-free - MINOR: memprof: also report the method used by each call - BUG/MINOR: memprof: properly account for differences for realloc() - BUILD: memprof: make the old caller pointer a const in get_prof_bin() - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MEDIUM: dns: reset file descriptor if send returns an error - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD - MINOR: compat: automatically include malloc.h on glibc 2021/05/07 : 2.2r1 (1.0.0-238.370) - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() - BUILD: activity: do not include malloc.h - MINOR: hapee: update backported patches and notes - BUILD: makefile: add new option USE_MEMORY_PROFILING - MINOR: activity: add the profiling.memory global setting - MINOR: activity: make "show profiling" also dump the memoery usage - MINOR: activity: make "show profiling" support a few arguments - MINOR: activity: clean up the show profiling io_handler a little bit - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING - MINOR: activity: declare the storage for memory usage statistics - MINOR: activity: add a "memory" entry to "profiling" - MINOR: tools: add functions to retrieve the address of a symbol 2021/05/05 : 2.2r1 (1.0.0-238.358) - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - BUG/MINOR: ssl/cli: fix a lock leak when no memory available - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - REGTESTS: add minimal CLI "add map" tests 2021/04/29 : 2.2r1 (1.0.0-238.353) - MINOR: peers: add informative flags about resync process for debugging - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - BUG/MINOR: applet: Notify the other side if data were consumed by an applet - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message - BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MINOR: peers: remove useless table check if initial resync is finished - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data - BUG/MINOR: mworker: don't use oldpids[] anymore for reload - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MEDIUM: config: fix cpu-map notation with both process and threads - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers - BUG/MINOR: server: free srv.lb_nodes in free_server - BUG/MINOR: mux-h1: Release idle server H1 connection if data are received - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded - BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check - MINOR: connection: Make bc_http_major compatible with tcp-checks - BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections - MINOR: logs: Add support of checks as session origin to format lf strings - BUG/MINOR: checks: Set missing id to the dummy checks frontend - BUG/MEDIUM: threads: Ignore current thread to end its harmless period - DOC: ssl: Certificate hot update only works on fronted certificates - BUG/MEDIUM: sample: Fix adjusting size in field converter - MINOR: No longer rely on deprecated sample fetches for predefined ACLs - DOC: clarify that compression works for HTTP/2 - BUG/MINOR: tools: fix parsing "us" unit for timers - CONTRIB: halog: fix issue with array of type char - REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken 2021/04/09 : 2.2r1 (1.0.0-238.315) - DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options - REGTESTS: ssl: "set ssl cert" and multi-certificates bundle - BUG/MEDIUM: ssl: ckch_inst->ctx not assigned with multi-bundle certificates 2021/04/01 : 2.2r1 (1.0.0-238.312) - REGTESTS: ssl: add missing file simple.crt-list from previous SSL fix - BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields - BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one - BUG/MINOR: ssl: Fix update of default certificate - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUG/MEDIUM: time: make sure to always initialize the global tick - BUG/MINOR: stats: Apply proper styles in HTML status page. - BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless - BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. 2021/03/26 : 2.2r1 (1.0.0-238.297) 2021/03/24 : 2.2r1 (1.0.0-237.297) - CLEANUP: fd: remove unused fd_set_running_excl() - BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() - MINOR: fd: remove the unneeded running bit from fd_insert() - MINOR: fd: make fd_clr_running() return the remaining running mask - BUG/MEDIUM: lua: Always init the lua stack before referencing the context - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback - MINOR: lua: Slightly improve function dumping the lua traceback - BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro - BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" - BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable - MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - MINOR: time: also provide a global, monotonic global_now_ms timer 2021/03/18 : 2.2r1 (1.0.0-237.283) - BUG/MINOR: freq_ctr/threads: make use of the last updated global time - MINOR: time: export the global_now variable - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - MINOR: resolvers: Don't try to match immediatly renewed ADD items - MINOR: resolvers: Use milliseconds for cached items in resolver responses - BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible - MINOR: resolvers: Add function to change the srv status based on SRV resolution - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error - MINOR: resolvers: Use a function to remove answers attached to a resolution - BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete - BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item - MINOR: resolvers: new function find_srvrq_answer_record() - BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item - BUG/MEDIUM: resolvers: Don't set an address-less server as UP - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution - BUG/MINOR: resolvers: Reset server address on DNS error only on status change - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check - BUG/MINOR: session: Add some forgotten tests on session's listener - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ(). - BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust() - BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout - BUG/MINOR: mux-h2: Fix typo in scheme adjustment - DOC: spoe: Add a note about fragmentation support in HAProxy - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: http-ana: Only consider dst address to process originalto option - BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() - CLEANUP: muxes: Remove useless if condition in show_fd function - BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup() - BUG/MEDIUM: resolvers: Reset address for unresolved servers - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records - BUG/MINOR: resolvers: new callback to properly handle SRV record errors - BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record - BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned - BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe - BUG/MINOR: sample: secure convs that accept base64 string and var name as args - MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes - BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" - BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok - BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line - BUG/MINOR: server: Init params before parsing a new server-state line - BUG/MINOR: http-rules: Always replace the response status on a return action - BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer - DOC: explain the relation between pool-low-conn and tune.idle-pool.shared - BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions - BUG/MINOR: sample: Always consider zero size string samples as unsafe - BUG/MINOR: checks: properly handle wrapping time in __health_adjust() - BUG/MINOR: session: atomically increment the tracked sessions counter - BUG/MINOR: server: Remove RMAINT from admin state when loading server state - CLEANUP: channel: fix comment in ci_putblk. - DOC: tune: explain the origin of block size for ssl.cachesize - BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL - BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines - BUG/MINOR: stats: revert the change on ST_CONVDONE - BUG/MEDIUM: config: don't pick unset values from last defaults section - CLEANUP: deinit: release global and per-proxy server-state variables on deinit - BUG/MINOR: server: Fix server-state-file-name directive - BUG/MINOR: backend: hold correctly lock when killing idle conn - BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() - BUG/MINOR: server: re-align state file fields number - BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state - BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors - BUG/MINOR: intops: fix mul32hi()'s off-by-one - BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro - BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro - BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro - MINOR: check: do not ignore a connection header for http-check send - BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context - DOC: fix "smp_size" vs "sample_size" in "log" directive arguments - BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link - MINOR: task: remove __tasklet_remove_from_tasklet_list() - BUG/MEDIUM: lists: Lock the element while we check if it is in a list. - BUG/MAJOR: connection: reset conn->owner when detaching from session list - MINOR: config: Deprecate and ignore tune.chksize global option 2021/03/16 : 2.2r1 (1.0.0-237.192) 2021/02/05 : 2.2r1 (1.0.0-235.192) - MINOR: cli/show_fd: report local and report ports when known - BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED - BUG/MEDIUM: mux-h2: handle remaining read0 cases - BUILD: Makefile: move REGTESTST_TYPE default setting - BUG/MINOR: xxhash: make sure armv6 uses memcpy() - BUG/MEDIUM: ssl: check a connection's status before computing a handshake - BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list - DOC: management: fix "show resolvers" alphabetical ordering - MINOR: h1: Raise the chunk size limit up to (2^52 - 1) - MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls - MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls - MINOR: ssl/show_fd: report some FDs as suspicious when possible - MINOR: cli/show_fd: report some easily detectable suspicious states - MINOR: cli: give the show_fd helpers the ability to report a suspicious entry - MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known - MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known - MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known - MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them - MINOR: ssl: provide a "show fd" helper to report important SSL information - MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. - MINOR: cli: make "show fd" also report the xprt and xprt_ctx - CLEANUP: cli: make "show fd" use a const connection to access other fields - CLEANUP: tools: make resolve_sym_name() take a const pointer - MINOR: contrib: Make the wireshark peers dissector compile for more distribs. - BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name 2021/01/26 : 2.2r1 (1.0.0-234.165) - BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown - DOC: Improve documentation of the various hdr() fetches - BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX - BUG/MEDIUM: mux-h2: fix read0 handling on partial frames - BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() - BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper - BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. - MINOR: build: discard echoing in help target - BUG/MINOR: peers: Possible appctx pointer dereference. - BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition - BUILD: peers: fix build warning about unused variable - BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) - MINOR: peers: Add traces for peer control messages. - BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. - MINOR: server: Forbid server definitions in frontend sections - MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities - BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable - MINOR: contrib/prometheus-exporter: use fill_info for process dump - MINOR: contrib/prometheus-exporter: avoid connection close header - BUG/MINOR: init: enforce strict-limits when using master-worker - BUG/MINOR: check: Don't perform any check on servers defined in a frontend - BUG/MINOR: sample: Memory leak of sample_expr structure in case of error - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" - MINOR: reg-tests: add base prometheus test - BUG/MINOR: reg-tests: fix service dependency script - BUG/MINOR: sample: check alloc_trash_chunk return value in concat() - MINOR: reg-tests: add a way to add service dependency 2021/01/08 : 2.2r1 (1.0.0-234.138) - BUG/MINOR: sample: fix concat() converter's corruption with non-string variables - DOC: Add maintainers for the Prometheus exporter - SCRIPTS: announce-release: fix typo in help message - DOC: fix some spelling issues over multiple files - MINOR: contrib/prometheus-exporter: export build_info - CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error - BUILD: Makefile: exclude broken tests by default - MINOR: converter: adding support for url_enc - BUG/MINOR: srv: do not cleanup idle conns if pool max is null - BUG/MINOR: srv: do not init address if backend is disabled - SCRIPTS: make announce release support preparing announces before tag exists - SCRIPTS: improve announce-release to support different tag and versions - BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule - BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails - BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails - MINOR: atomic: don't use ; to separate instruction on aarch64. - BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h - BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup - BUG/MINOR: dns: SRV records ignores duplicated AR records - BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call - BUILD: plock: remove dead code that causes a warning in gcc 11 - CONTRIB: debug: address "poll" utility build on non-linux platforms - CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps - CONTRIB: halog: mark the has_zero* functions unused - CONTRIB: halog: fix build issue caused by %L printf format - BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request - BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode - BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests - BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well - BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call - REGTESTS: make use of HAPROXY_ARGS and pass -dM by default - BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert" - CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric 2020/12/14 : 2.2r1 (1.0.0-233.105) - BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight - BUG/MINOR: tools: Reject size format not starting by a digit - BUG/MINOR: tools: make parse_time_err() more strict on the timer validity - MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules - BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read - BUG/MINOR: http-check: Use right condition to consider HTX message as full - DOC: email change of the DeviceAtlas maintainer - BUG/MEDIUM: spoa/python: Fixing references to None - BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments - BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails - BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations - DOC: spoa/python: Fixing typos in comments - DOC: spoa/python: Rephrasing memory related error messages - DOC: spoa/python: Fixing typo in IP related error messages - BUG/MAJOR: spoa/python: Fixing return None - BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections - DOC/MINOR: Fix formatting in Management Guide - BUILD/MINOR: haproxy DragonFlyBSD affinity build update. - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times - MINOR: cli: add a function to look up a CLI service description - MINOR: actions: add a function returning a service pointer from its name - MINOR: actions: Export actions lookup functions - BUG/MINOR: lua: Some lua init operation are processed unsafe - BUG/MINOR: lua: Post init register function are not executed beyond the first one - BUG/MINOR: lua: lua-load doesn't check its parameters - BUG/MINOR: lua: missing "\n" in error message - MINOR: plock: use an ARMv8 instruction barrier for the pause instruction - BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check - DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool - MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main - BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check - DOC: Clarify %HP description in log-format - DOC: better document the config file format and escaping/quoting rules - BUG/MAJOR: peers: fix partial message decoding - BUG/MEDIUM: http_act: Restore init of log-format list - BUILD: Show the value of DEBUG= in haproxy -vv - BUILD: Make DEBUG part of .build_opts - MINOR: http_act: Add -m flag for del-header name matching method - REGTESTS: converter: add url_dec test - REGTESTS: Add sample_fetches/cook.vtc 2020/11/24 : 2.2r1 (1.0.0-232.63) - BUG/MAJOR: filters: Always keep all offsets up to date during data filtering - DOC: better describes how to configure a fallback crt - BUG/MINOR: http_htx: Fix searching headers by substring - DOC: clarify how to create a fallback crt 2020/11/20 : 2.2r1 (1.0.0-232.59) - BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages - BUG/MINOR: ssl: segv on startup when AKID but no keyid 2020/11/18 : 2.2r1 (1.0.0-232.57) - MINOR: hapee: Update the list of hapee patches - BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests - BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering - BUILD: http-htx: fix build warning regarding long type in printf - MINOR: peers: Add traces to peer_treat_updatemsg(). - REGTEST: make ssl_client_samples and ssl_server_samples require to 2.2 - MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. - MINOR: config/mux-h2: Return ERR_ flags from init_h2() instead of a status - MINOR: init: Fix the prototype for per-thread free callbacks - BUG/MINOR: tcpcheck: Don't warn on unused rules if check option is after - MINOR: spoe: Don't close connection in sync mode on processing timeout - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet - BUG/MINOR: http-htx: Handle warnings when parsing http-error and http-errors - MINOR: check: report error on incompatible connect proto - MINOR: check: report error on incompatible proto - BUG/MEDIUM: check: reuse srv proto only if using same mode - BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches - BUG/MINOR: http-fetch: Extract cookie value even when no cookie name - BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages - BUG/MINOR: peers: Missing TX cache entries reset. - BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. - BUG/MINOR: lua: set buffer size during map lookups - BUG/MINOR: pattern: a sample marked as const could be written - DOC: config: Fix a typo on ssl_c_chain_der - BUG/MINOR: ssl: double free w/ smp_fetch_ssl_x_chain_der() - MINOR: ssl: add ssl_{c,s}_chain_der fetch methods - BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L - MINOR: http-htx: Add understandable errors for the errorfiles parsing - BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher - BUG/MEDIUM: server: make it possible to kill last idle connections 2020/11/04 : 2.2r1 (1.0.0-231.27) - MINOR: hapee: the EXTRAVERSION patch was also backported - BUILD: makefile: add an EXTRAVERSION variable to ease local naming - CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream - BUG/MEDIUM: stick-table: limit the time spent purging old entries - BUG/MINOR: filters: Skip disabled proxies during startup only - BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade - MINOR: server: Copy configuration file and line for server templates - BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup - BUG/MINOR: checks: Report a socket error before any connection attempt - BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies - BUG/MEDIUM: filters: Don't try to init filters for disabled proxies - BUG/MINOR: cache: Inverted variables in http_calc_maxage function - BUG/MINOR: cache: Manage multiple values in cache-control header value - MINOR: ist: Add a case insensitive istmatch function - BUG/MINOR: lua: initialize sample before using it - BUG/MINOR: server: fix down_time report for stats - BUG/MINOR: server: fix srv downtime calcul on starting - BUG/MINOR: log: fix risk of null deref on error path - BUG/MINOR: log: fix memory leak on logsrv parse error - BUG/MINOR: extcheck: add missing checks on extchk_setenv() - BUG/MEDIUM: ssl: OCSP must work with BoringSSL - Revert "MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension" - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible - BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests - BUG/MEDIUM: server: support changing the slowstart value from state-file - BUG/MINOR: queue: properly report redistributed connections - MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension 2020/10/22 : 2.2r1 (1.0.0-230.0)


HAPEE-LB 2.2r1 – Changelog