Hi,

HAProxy 2.5.14 was released on 2023/05/02. It added 56 new commits
after version 2.5.13, and is the last version of this branch.

It essentially contains pending fixes to flush the queue, but nobody
should deploy a final version unless they're very late on their migration
to a newer branch.

The fixes here are a subset of those that went into 2.6.13:

  * The read expiration date is now updated on synchronous sends for all
    streams except independent ones. This fixed an old bug when a filter
    is configured. Write activities on synchronous sends were lost. With
    slow clients uploading large object, it was possible to reach the
    server timeout.

  * we now force the connect timeout for the DNS resolution. The "resolve"
    timeout is used to set its value. Have no connect timeout was an issue for
    resolution over TCP. Connection failures might take quite long to report,
    leading to an excess of unusable DNS sessions in connecting state. It was
    especially visible on soft-stop because this prevented the process to
    quickly exit. Still on the DNS, errors are now properly handled when a
    response is consumed. This was an issue for truncated responses followed by
    an abort. The applet could ignore the abort and loop waiting for more data
    until a timeout is triggered. A similar issue was fixed in the syslog
    applet.

  * Several bugs in lua part were fixed. First, except for lua tasks,
    it is no longer possible to register functions at runtime. It was
    clearly stated in the documentation, but nothing forbidden it in
    the code. An error is now triggered if this happens, preventing
    potential segfaults. Memory leaks on references were fixed and the
    lua locking was simplified to be re-entrant to prevent deadlocks.

  * Aurélien fixed several issues on the servers management. The
    "visible" server list consistency was fixed. It was possible, at
    least in theory, to access an invalid server if several dynamic
    server deletions were performed while the list was accessed. For
    instance it might happen when the server list was dumped in the
    stats. He also fixed wrong report for tracking servers leaving
    drain state. Finally, he centralized proxy and server stats
    updates on server state transition to be sure to not miss an
    update on some transitions.

  * Aurélien has extended the internal listener API to better handle
    the resume operation. One noticeable effect is that listeners that
    have an ABNS abstract namespace socket can now support reload
    without crashing haproxy. (Note: this was already merged in 2.7
    prior to 2.7.7, and left under observation for two versions before
    backporting to 2.6).

  * The pool_gc() calls that were made a bit too often on stopping
    proxies were relaxed. Sometimes they were causing excess memory
    contention and were even competing against malloc_trim().

  * It was possible to trigger the watchdog purging stick-tables on
    soft-stop. To not spend too much time purging expired entries, we now
    enforce a budget limitation and the purge is performed in several
    steps. In addition, memory is reclaimed only when entries are
    released. Indeed, this operation involves a call to malloc_trim() on
    glibc, which is rather expensive.

  * It was possible for a thread to wait forever (well, till the watchdog
    notices) to become the exclusive owner of a file descriptor after it
    had lost it; this could happen with synchronous errors met in the
    DNS for example.

  * It was not possible to use the lua filter API if used in conjunction
    with a "wait-for-body" action. Switching the HTTP message in DATA
    state preventing the call to most of lua filter functions. It was
    fixed by keep the HTTP message in BODY state at this stage.

  * The read expiration date is now updated on synchronous sends for all
    streams except independent ones. This fixed an old bug when a filter
    is configured. Write activities on synchronous sends were lost. With
    slow clients uploading large object, it was possible to reach the
    server timeout.

  * ssl-min-ver and ss-max-ver parameters are now duplicated for bundles
    in crt-list.

  * An error is reported during configuration parsing if when the "len"
    argument of a stick table type contains incorrect characters.

  * DeviceAtlas compile options were updated to support the API v3 from
    3.1.7 and onwards.

  * The strict-sni documentation was updated to state it is possible to
    start without certificate on a bind line.

Thanks to all those who helped with these fixes and to Christopher for
dealing with the backports.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.5/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.5.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.5.git
   Changelog        : https://www.haproxy.org/download/2.5/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Willy
---
Complete changelog :
Aurelien DARRAGON (31):
      MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
      BUG/MINOR: sink: free forward_px on deinit()
      BUG/MINOR: log: free log forward proxies on deinit()
      BUG/MINOR: hlua: enforce proper running context for register_x functions
      CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy()
      MINOR: proto_uxst: add resume method
      CLEANUP: listener: function comment typo in stop_listener()
      BUG/MINOR: listener: null pointer dereference suspected by coverity
      MINOR: listener/api: add lli hint to listener functions
      MINOR: listener: add relax_listener() function
      MINOR: listener: workaround for closing a tiny race between 
resume_listener() and stopping
      MINOR: listener: make sure we don't pause/resume bypassed listeners
      BUG/MEDIUM: listener: fix pause_listener() suspend return value handling
      BUG/MINOR: listener: fix resume_listener() resume return value handling
      BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener()
      MINOR: listener: pause_listener() becomes suspend_listener()
      BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume
      MEDIUM: proto_ux: properly suspend named UNIX listeners
      MINOR: proto_ux: ability to dump ABNS names in error messages
      MINOR: hlua: add simple hlua reference handling API
      BUG/MINOR: hlua: fix reference leak in core.register_task()
      BUG/MINOR: hlua: fix reference leak in hlua_post_init_state()
      BUG/MINOR: hlua: prevent function and table reference leaks on errors
      MINOR: hlua: simplify lua locking
      BUG/MEDIUM: hlua: prevent deadlocks with main lua lock
      BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
      BUG/MINOR: server: incorrect report for tracking servers leaving drain
      MINOR: server: explicitly commit state change in srv_update_status()
      BUG/MINOR: server: don't miss proxy stats update on server state 
transitions
      BUG/MINOR: server: don't miss server stats update on server state 
transitions
      BUG/MINOR: server: don't use date when restoring last_change from state 
file

Christopher Faulet (11):
      Revert "BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI 
was reached"
      BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
      BUG/MEDIUM: channel: Improve reports for shut in co_getblk()
      BUG/MEDIUM: dns: Properly handle error when a response consumed
      MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was 
checked
      BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload
      BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
      REGTESTS: fix the race conditions in log_uri.vtc
      BUG/MEDIUM: log: Properly handle client aborts in syslog applet
      CLEANUP: backend: Remove useless debug message in assign_server()
      BUG/MEDIUM: Update read expiration date on synchronous send

David Carlier (1):
      BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.

Ilya Shipitsin (2):
      CI: bump "actions/checkout" to v3 for cross zoo matrix
      CI: cirrus-ci: bump FreeBSD image to 13-1

Olivier Houchard (1):
      BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it.

Remi Tricot-Le Breton (1):
      BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in 
crt-list

Tim Duesterhus (1):
      CLEANUP: Remove unused function hlua_get_top_error_string

William Lallemand (2):
      DOC: config: strict-sni allows to start without certificate
      BUG/MINOR: stick_table: alert when type len has incorrect characters

Willy Tarreau (6):
      BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
      BUG/MINOR: cfgparse: make sure to include openssl-compat
      BUG/MINOR: mux-h2: make sure to produce a log on invalid requests
      BUILD: sock_inet: forward-declare struct receiver
      BUILD: proto_tcp: export the correct names for proto_tcpv[46]
      MINOR: version: Set the EOL of the 2.5 branch

---

Reply via email to