Hi, HAProxy 2.8.1 was released on 2023/07/03. It added 43 new commits after version 2.8.0.
One month after the 2.8.0, there is no major fixes to announce. It's nice to see that our current development model pays off. This is the quietest major release I've ever seen. It is encouraging ! However, nothing is perfect, thus there are some fixes shipped in this release: * In the lua, receive functions for HTTP applets were fixed to properly detect the end of messages. This was broken during the stream-connector refactoring. It was possible to hang on received because the wrong SC was tested. Still in the lua, the get_stat() function was fixed. It stopped working because the "proto" field definition was missing. * A leak of sockpair during startup failure was fixed in the master/worker. In addition, the global maxsock counter is now incremented for each remaining worker. Each worker has a socketpair which is a FD in the master. When reloading, this FD still exists until the process leaves. The global maxsock counter was not incremented for each of these FDs. With too much workers, the number of FD was able to reached the maxconn limit, leading to a crash in a BUG_ON() on the next FD allocation. * The "if-none" parameter for forwardfor option was fixed. It stopped working properly when RFC7239 support was added. To be effective, the option had to be defined both on the frontend and the backend, while defining it on only one of the two should be enough. * In the SPOE, a flaw in the way synchronous frames were handled, leading to a raise of the message processing latency, was fixed. To do so, in synchronous mode, a SPOE applet will now systematically try to send a frame when it is woken up, except if it is still waiting for a ACK frame after a receive attempt. * The SLZ compressor received a new ->flush() operation allowing small interactive data to pass through instantly. * Finally, in bulk, several minor bugs was fixed in the QUIC part, some doc was incomplete or incorrect and was fixed, a memory leak when re-declaring interface from bind line was fixed, the "namespace" keyword is now properly inherited from a default-server directive. And as usual, a few cleanups and regtests were included. If you are running the 2.8.0, you can deploy it. This should be pretty safe. Thanks everyone for you help and your contributions ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.8/src/ Git repository : https://git.haproxy.org/git/haproxy-2.8.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.8.git Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Artur Pydo (1): DOC: quic: fix misspelled tune.quic.socket-owner Aurelien DARRAGON (8): DOC: config: fix jwt_verify() example using var() DOC: config: fix rfc7239 converter examples (again) BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line BUG/MINOR: proxy: add missing interface bind free in free_proxy BUG/MINOR: proxy/server: free default-server on deinit BUG/MINOR: server: inherit from netns in srv_settings_cpy() BUG/MINOR: namespace: missing free in netns_sig_stop() BUG/MINOR: http_ext: fix if-none regression in forwardfor option Christopher Faulet (5): BUG/MINOR: spoe: Only skip sending new frame after a receive attempt BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions BUG/MINOR: peers: Improve detection of config errors in peers sections REG-TESTS: stickiness: Delay haproxys start to properly resolv variables REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages Emeric Brun (1): BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag Frédéric Lécaille (16): BUG/MINOR: quic: Possible crash when SSL session init fails CONTRIB: Add vi file extensions to .gitignore BUG/MINOR: quic: Wrong encryption level flags checking BUG/MINOR: quic: Address inversion in "show quic full" BUG/MINOR: quic: Missing initialization (packet number space probing) BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update() BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr() BUG/MINOR: quic: ticks comparison without ticks API use BUG/MINOR: quic: Prevent deadlock with CID tree lock BUG/MINOR: quic: Missing random bits in Retry packet header BUG/MINOR: quic: Wrong Retry paquet version field endianess BUG/MINOR: quic: Wrong endianess for version field in Retry token MINOR: quic: Move QUIC encryption level structure definition MINOR: quic: Move packet number space related functions MINOR: quic: Reduce the maximum length of TLS secrets CLEANUP: quic: Remove server specific about Initial packet number space Patrick Hemmer (1): BUG/MINOR: config: fix stick table duplicate name check Tim Duesterhus (4): BUG/MINOR: stats: Fix Lua's `get_stats` function DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents DOC: Add tune.h2.max-frame-size option to table of contents DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size William Lallemand (3): BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure BUG/MEDIUM: mworker: increase maxsock with each new worker BUG/MINOR: mworker: leak of a socketpair during startup failure Willy Tarreau (4): BUG/MINOR: stream: do not use client-fin/server-fin with HTX IMPORT: slz: implement a synchronous flush() operation MINOR: compression/slz: add support for a pure flush of pending bytes BUILD: debug: avoid a build warning related to epoll_wait() in debug code -- Christopher Faulet