Hi,
HAProxy 2.8.1 was released on 2023/07/03. It added 43 new commits
after version 2.8.0.
One month after the 2.8.0, there is no major fixes to announce. It's nice to
see that our current development model pays off. This is the quietest major
release I've ever seen. It is encouraging !
However, nothing is perfect, thus there are some fixes shipped in this
release:
* In the lua, receive functions for HTTP applets were fixed to properly
detect the end of messages. This was broken during the stream-connector
refactoring. It was possible to hang on received because the wrong SC
was tested. Still in the lua, the get_stat() function was fixed. It
stopped working because the "proto" field definition was missing.
* A leak of sockpair during startup failure was fixed in the
master/worker. In addition, the global maxsock counter is now
incremented for each remaining worker. Each worker has a socketpair
which is a FD in the master. When reloading, this FD still exists until
the process leaves. The global maxsock counter was not incremented for
each of these FDs. With too much workers, the number of FD was able to
reached the maxconn limit, leading to a crash in a BUG_ON() on the next
FD allocation.
* The "if-none" parameter for forwardfor option was fixed. It stopped
working properly when RFC7239 support was added. To be effective, the
option had to be defined both on the frontend and the backend, while
defining it on only one of the two should be enough.
* In the SPOE, a flaw in the way synchronous frames were handled, leading
to a raise of the message processing latency, was fixed. To do so, in
synchronous mode, a SPOE applet will now systematically try to send a
frame when it is woken up, except if it is still waiting for a ACK frame
after a receive attempt.
* The SLZ compressor received a new ->flush() operation allowing small
interactive data to pass through instantly.
* Finally, in bulk, several minor bugs was fixed in the QUIC part, some
doc was incomplete or incorrect and was fixed, a memory leak when
re-declaring interface from bind line was fixed, the "namespace" keyword
is now properly inherited from a default-server directive. And as usual,
a few cleanups and regtests were included.
If you are running the 2.8.0, you can deploy it. This should be pretty
safe. Thanks everyone for you help and your contributions !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.8/src/
Git repository : https://git.haproxy.org/git/haproxy-2.8.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.8.git
Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Artur Pydo (1):
DOC: quic: fix misspelled tune.quic.socket-owner
Aurelien DARRAGON (8):
DOC: config: fix jwt_verify() example using var()
DOC: config: fix rfc7239 converter examples (again)
BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
BUG/MINOR: proxy: add missing interface bind free in free_proxy
BUG/MINOR: proxy/server: free default-server on deinit
BUG/MINOR: server: inherit from netns in srv_settings_cpy()
BUG/MINOR: namespace: missing free in netns_sig_stop()
BUG/MINOR: http_ext: fix if-none regression in forwardfor option
Christopher Faulet (5):
BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive
functions
BUG/MINOR: peers: Improve detection of config errors in peers sections
REG-TESTS: stickiness: Delay haproxys start to properly resolv variables
REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages
Emeric Brun (1):
BUG/MEDIUM: quic: error checking buffer large enought to receive the
retry tag
Frédéric Lécaille (16):
BUG/MINOR: quic: Possible crash when SSL session init fails
CONTRIB: Add vi file extensions to .gitignore
BUG/MINOR: quic: Wrong encryption level flags checking
BUG/MINOR: quic: Address inversion in "show quic full"
BUG/MINOR: quic: Missing initialization (packet number space probing)
BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()
BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr()
BUG/MINOR: quic: ticks comparison without ticks API use
BUG/MINOR: quic: Prevent deadlock with CID tree lock
BUG/MINOR: quic: Missing random bits in Retry packet header
BUG/MINOR: quic: Wrong Retry paquet version field endianess
BUG/MINOR: quic: Wrong endianess for version field in Retry token
MINOR: quic: Move QUIC encryption level structure definition
MINOR: quic: Move packet number space related functions
MINOR: quic: Reduce the maximum length of TLS secrets
CLEANUP: quic: Remove server specific about Initial packet number space
Patrick Hemmer (1):
BUG/MINOR: config: fix stick table duplicate name check
Tim Duesterhus (4):
BUG/MINOR: stats: Fix Lua's `get_stats` function
DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents
DOC: Add tune.h2.max-frame-size option to table of contents
DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size
William Lallemand (3):
BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure
BUG/MEDIUM: mworker: increase maxsock with each new worker
BUG/MINOR: mworker: leak of a socketpair during startup failure
Willy Tarreau (4):
BUG/MINOR: stream: do not use client-fin/server-fin with HTX
IMPORT: slz: implement a synchronous flush() operation
MINOR: compression/slz: add support for a pure flush of pending bytes
BUILD: debug: avoid a build warning related to epoll_wait() in debug code
--
Christopher Faulet
