Hi, HAProxy 2.9-dev1 was released on 2023/07/02. It added 77 new commits after version 2.9-dev0.
Whatever we say each time about our intent to emit dev1 earlier, it always takes one month after the release. That's probably the time it takes to restart on new stuff. The good point is that the period has been quite calm on 2.8, so there aren't that many fixes and it seems everyone is busy starting long developments again. >From what I've seen, most of the fixes for now are for tiny or very unlikely issues (e.g. assertion failures upon reload when there are so many older workers that maxsock is reached, occasional openssl error code 0 in failed handshake logs, Lua's get_stats() function not working anymore), so I won't try to summarize all of them here. The H1 mux got splicing working again for chunked message. Last time was probably around 1.6 but there has always been limited interest in this due to TLS being omnipresent. However the day we start supporting KTLS, it may become quite interesting again. In any case it's nice to know that the data path is becoming more uniform. QUIC's diet has started. Fred managed to release from the quic_conn some elements that only serve during the handshake. At first glance, it should roughly save around 1 kB of RAM per connection! Despite extreme care, Fred doesn't completely rule out the possibility that there could be a few issues left in this first patch set which is always to be expected when trying to refine memory allocations. If you face any QUIC-related crash or memory leak, please report it. The SSL sigalgs are now configurable on the server lines, the SLZ compressor received a new ->flush() operation allowing small interactive data to pass through instantly, some doc was incomplete or incorrect and was fixed, and as usual, a few cleanups and regtests were included. That's about all for this version. Really nothing outstanding, but deployed, up and running nevertheless :-) Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.9/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/2.9/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Artur Pydo (1): DOC: quic: fix misspelled tune.quic.socket-owner Aurelien DARRAGON (9): DOC: config: fix jwt_verify() example using var() DOC: config: fix rfc7239 converter examples (again) BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line BUG/MINOR: proxy: add missing interface bind free in free_proxy BUG/MINOR: proxy/server: free default-server on deinit BUG/MINOR: server: inherit from netns in srv_settings_cpy() BUG/MINOR: namespace: missing free in netns_sig_stop() BUG/MINOR: http_ext: fix if-none regression in forwardfor option REGTEST: add an extra testcase for ifnone-forwardfor Christopher Faulet (13): BUG/MINOR: spoe: Only skip sending new frame after a receive attempt BUG/MINOR: peers: Improve detection of config errors in peers sections REG-TESTS: stickiness: Delay haproxys start to properly resolv variables BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages MEDIUM: mux-h1: Split h1_process_mux() to make code more readable REORG: mux-h1: Rename functions to emit chunk size/crlf in the output buffer MINOR: mux-h1: Add function to append the chunk size to the output buffer MINOR: mux-h1: Add function to prepend the chunk crlf to the output buffer MEDIUM: filters/htx: Don't rely on HTX extra field if payload is filtered MEDIIM: mux-h1: Add splicing support for chunked messages REGTESTS: Add a script to test the kernel splicing with chunked messages CLEANUP: mux-h1: Remove useless __maybe_unused statement Emeric Brun (1): BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag Frédéric Lécaille (35): BUG/MINOR: quic: Possible crash when SSL session init fails CONTRIB: Add vi file extensions to .gitignore BUG/MINOR: quic: Wrong encryption level flags checking BUG/MINOR: quic: Address inversion in "show quic full" BUG/MINOR: quic: Missing initialization (packet number space probing) BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update() BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr() MINOR: quic: Remove pool_zalloc() from qc_new_conn() MINOR: quic: Remove pool_zalloc() from qc_conn_alloc_ssl_ctx() MINOR: quic: Remove pool_zalloc() from quic_dgram_parse() BUG/MINOR: quic: Missing transport parameters initializations BUG/MINOR: quic: ticks comparison without ticks API use BUG/MINOR: quic: Missing TLS secret context initialization BUG/MINOR: quic: Prevent deadlock with CID tree lock BUG/MINOR: quic: Missing random bits in Retry packet header BUG/MINOR: quic: Wrong Retry paquet version field endianess BUG/MINOR: quic: Wrong endianess for version field in Retry token MINOR: quic: Move QUIC TLS encryption level related code (quic_conn_enc_level_init()) MINOR: quic: Move QUIC encryption level structure definition MINOR: quic: Implement a packet number space identification function MINOR: quic: Move packet number space related functions MEDIUM: quic: Dynamic allocations of packet number spaces CLEANUP: quic: Remove qc_list_all_rx_pkts() defined but not used MINOR: quic: Add a pool for the QUIC TLS encryption levels MEDIUM: quic: Dynamic allocations of QUIC TLS encryption levels MINOR: quic: Reduce the maximum length of TLS secrets CLEANUP: quic: Remove two useless pools a low QUIC connection level MEDIUM: quic: Handle the RX in one pass MINOR: quic: Remove call to qc_rm_hp_pkts() from I/O callback CLEANUP: quic: Remove server specific about Initial packet number space MEDIUM: quic: Release encryption levels and packet number spaces asap CLEANUP: quic: Remove a useless test about discarded pktns (qc_handle_crypto_frm()) MINOR: quic: Move the packet number space status at quic_conn level MINOR: quic: Drop packet with type for discarded packet number space. BUILD: quic: Add a DISGUISE() to please some compiler to qc_prep_hpkts() 1st parameter Patrick Hemmer (1): BUG/MINOR: config: fix stick table duplicate name check Tim Duesterhus (4): BUG/MINOR: stats: Fix Lua's `get_stats` function DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents DOC: Add tune.h2.max-frame-size option to table of contents DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size William Lallemand (7): BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure BUG/MEDIUM: mworker: increase maxsock with each new worker BUG/MINOR: mworker: leak of a socketpair during startup failure MEDIUM: ssl: handle the SSL_ERROR_ZERO_RETURN during the handshake BUG/MINOR: ssl: SSL_ERROR_ZERO_RETURN returns CO_ER_SSL_EMPTY MINOR: ssl: allow to change the server signature algorithm on server lines MINOR: ssl: allow to change the client-sigalgs on server lines Willy Tarreau (6): MINOR: stats: protect against future stats fields omissions BUG/MINOR: stream: do not use client-fin/server-fin with HTX BUILD: mux-h1: silence a harmless fallthrough warning IMPORT: slz: implement a synchronous flush() operation MINOR: compression/slz: add support for a pure flush of pending bytes BUILD: debug: avoid a build warning related to epoll_wait() in debug code ---
