Hi, HAProxy 2.3.20 was released on 2022/04/29. It added 41 new commits after version 2.3.19.
The 2.3 branch was planned to be EOL last quarter. There are no longer bug reports for this specific branch. Thus, it is probably the last 2.3 release. Except if there are critical bugs in next few weeks, no further release should be expected. You should have no reason to deploy it anymore in a production environment. Use the 2.4 instead. No specific support should no longer be expected on the 2.3. Here are main changes for this release, cut-pasted from 2.4.16 announce: * An internal issue leading to truncated messages was fixed. When data were mixed with an error report, connection errors could be handled too early by the stream-interface. Now connection errors are only considered by the stream-interface during the connection establishment. After that, it relies on the conn-stream to be notified of any error. * An issue in the pass-through multiplexer, exposed by the previous fix, and that may lead to a loop at 100% CPU was fixed. Connection error was not properly reported to the conn-stream on the sending path. * An issue with the FCGI multiplexer when the response is compressed was fixed. The FCGI application was rewriting the response headers modifying HTX flags while the compression filter was doing so by modifying the HTTP message flags. Thus some modification performed on a side were not detected by the other, leading to produce invalid responses. Now, the flags of both structures are systematically updated. * An issue with responses to HEAD requests sent to FCGI servers was fixed. A "Content-Length: 0" header was erroneously added on the bodyless responses while it should not. Indeed, if the expected payload size is not specified by the server, HAProxy must not add this header because it cannot know it. In addition, still in the FCGI multiplexer, the parsing of headers and trailers was fixed to properly handle parsing errors. * Two issues in the H1 multiplexer were fixed. First, Connection error was reported to early, when there were still pending data for the stream. Because of this bug, last pending data could be truncated. Now the connection error is reported only if there is no pending data. The second issue is a problem about full buffer detection during the trailers parsing. Because of this bug, it was possible to block the message parsing till the timeout expiration. The same bug was fixed about processing of EOM block. * Some issues in the H2 multiplexers were fixed. First the GOAWAY frame is no longer sent if SETTINGS were not sent. Then, as announced, the "timeout http-keep-alive" and "timeout http-request" are now respected and work as documented, so that it will finally be possible to force such connections to be closed when no request comes even if they're seeing control traffic such as PING frames. This can typically happen in some server-to-server communications whereby the client application makes use of PING frames to make sure the connection is still alive. * A crash of HAproxy was fixed. It happened when HAproxy was compiled without the PCRE/PCRE2 support if it tried to replace part of the uri while the path is invalid or not specified. * An issue with url_enc() converter was fixed. It was able to crush HTTP headers. It is now fixed. * Expired entries were displayed in "show cache" output. These entries are now evicted instead of being listed. Thanks everyone for your help and your contributions ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation : http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.3/src/ Git repository : http://git.haproxy.org/git/haproxy-2.3.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.3.git Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports --- Complete changelog : Christopher Faulet (14): BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing BUG/MEDIUM: mux-h1: Properly detect full buffer cases when adding EOM block BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid BUG/MEDIUM: mux-h1: Don't request more room on partial trailers BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags BUG/MINOR: cache: Disable cache if applet creation fails BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc CLEANUP: acl: Remove unused variable when releasing an acl expression MINOR: version: Set the EOL of the 2.3 branch Ilya Shipitsin (3): CI: github actions: switch to LibreSSL-3.5.1 CI: github actions: update OpenSSL to 3.0.2 CI: cirrus: switch to FreeBSD-13.0 Lukas Tribus (1): DOC: reflect H2 timeout changes Tim Duesterhus (2): CI: Update to actions/checkout@v3 CI: Update to actions/cache@v3 William Lallemand (2): BUG/MINOR: tools: fix url2sa return value with IPv4 BUG/MINOR: tools: url2sa reads too far when no port nor path Willy Tarreau (19): BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner BUG/MEDIUM: stream-int: do not rely on the connection error once established MEDIUM: mux-h2: slightly relax timeout management rules BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads BUG/MAJOR: mux_pt: always report the connection error to the conn_stream BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent BUG/MINOR: cache: do not display expired entries in "show cache" BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive SCRIPTS: announce-release: update the doc's URL DOC: lua: update a few doc URLs SCRIPTS: announce-release: add shortened links to pending issues DOC: remove my name from the config doc BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() BUILD: fd: remove unused variable totlen in fd_write_frag_line() BUILD: sockpair: do not set unused flag BUILD: proto_uxst: do not set unused flag -- Christopher Faulet