Hi,
This is a friendly bot that watches fixes pending for the next haproxy-stable
release! One such e-mail is sent periodically once patches are waiting in the
last maintenance branch, and an ideal release date is computed based on the
severity of these fixes and their merge date. Responses to this mail must be
sent to the mailing list.
Last release 3.0.4 was issued on 2024-09-03. There are currently 38
patches in the queue cut down this way:
- 1 MAJOR, first one merged on 2024-09-09
- 16 MEDIUM, first one merged on 2024-09-03
- 21 MINOR, first one merged on 2024-09-03
Thus the computed ideal release date for 3.0.5 would be 2024-09-23, which is in
one week or less.
Last release 2.9.10 was issued on 2024-09-03. There are currently 35
patches in the queue cut down this way:
- 1 MAJOR, first one merged on 2024-09-09
- 13 MEDIUM, first one merged on 2024-09-04
- 21 MINOR, first one merged on 2024-09-04
Thus the computed ideal release date for 2.9.11 would be 2024-09-23, which is
in one week or less.
Last release 2.8.10 was issued on 2024-06-14. There are currently 65
patches in the queue cut down this way:
- 1 MAJOR, first one merged on 2024-09-10
- 26 MEDIUM, first one merged on 2024-07-03
- 38 MINOR, first one merged on 2024-07-03
Thus the computed ideal release date for 2.8.11 would be 2024-08-28, which was
two weeks ago.
Last release 2.6.18 was issued on 2024-06-18. There are currently 20
patches in the queue cut down this way:
- 8 MEDIUM, first one merged on 2024-06-19
- 12 MINOR, first one merged on 2024-07-03
Thus the computed ideal release date for 2.6.19 would be 2024-09-17, which was
within the last week.
The current list of patches in the queue is:
- 2.8, 2.9, 3.0 - MAJOR : mux-h1: Wake SC to perform 0-copy
forwarding in CLOSING state
- 2.8 - MEDIUM : quic: fix possible exit from
qc_check_dcid() without unlocking
- 2.6, 2.8 - MEDIUM : init: fix fd_hard_limit default in
compute_ideal_maxconn
- 2.8, 2.9, 3.0 - MEDIUM : mworker/cli: fix pipelined modes on
master CLI
- 2.8 - MEDIUM : stream: Prevent mux upgrades if client
connection is no longer ready
- 2.6, 2.8 - MEDIUM : spoe: Be sure to create a SPOE applet
if none on the current thread
- 2.8, 2.9, 3.0 - MEDIUM : stconn: Report error on SC on send if
a previous SE error was set
- 3.0 - MEDIUM : ssl: reactivate 0-RTT for AWS-LC
- 2.8, 2.9, 3.0 - MEDIUM : http-ana: Report error on write error
waiting for the response
- 2.8 - MEDIUM : ssl_sock: fix deadlock in
ssl_sock_load_ocsp() on error path
- 2.6 - MEDIUM : cli: fix cli_output_msg() regression
- 2.8, 2.9, 3.0 - MEDIUM : trace: fix null deref in lockon
mechanism since TRACE_ENABLED()
- 2.8 - MEDIUM : debug/cli: fix "show threads" crashing
with low thread counts
- 2.6, 2.8 - MEDIUM : jwt: Clear SSL error queue on error
when checking the signature
- 2.6, 2.8 - MEDIUM : queue: deal with a rare TOCTOU in
assign_server_and_queue()
- 2.8, 2.9, 3.0 - MEDIUM : mux-pt/mux-h1: Release the pipe on
connection error on sending path
- 2.6, 2.8 - MEDIUM : h3: ensure the ":method" pseudo header
is totally valid
- 2.8, 2.9, 3.0 - MEDIUM : clock: detect and cover jumps during
execution
- 3.0 - MEDIUM : peer: Notify the applet won't consume
data when it waits for sync
- 2.8 - MEDIUM : quic: fix race-condition in
quic_get_cid_tid()
- 2.8 - MEDIUM : mux-h1: Properly handle empty message
when an error is triggered
- 3.0 - MEDIUM : ssl: 0-RTT initialized at the wrong
place for AWS-LC
- 2.8, 2.9, 3.0 - MEDIUM : mux-h2: Propagate term flags to SE on
error in h2s_wake_one_stream
- 2.8, 2.9, 3.0 - MEDIUM : quic: prevent conn freeze on 0RTT
undeciphered content
- 2.9, 3.0 - MEDIUM : quic: always validate sender address
on 0-RTT
- 2.8, 2.9, 3.0 - MEDIUM : clock: also update the date offset on
time jumps
- 2.6, 2.8 - MEDIUM : h1: Reject empty Transfer-encoding
header
- 2.8 - MEDIUM : bwlim: Be sure to never set the
analyze expiration date in past
- 2.6, 2.8 - MEDIUM : h3: ensure the ":scheme" pseudo header
is totally valid
- 2.9, 3.0 - MEDIUM : server/addr: fix
tune.events.max-events-at-once event miss and leak
- 2.8, 2.9, 3.0 - MEDIUM : pattern: prevent UAF on reused pattern
expr
- 2.8, 2.9, 3.0 - MEDIUM : h2: Only report early HTX EOM for
tunneled streams
- 2.8 - MEDIUM : cli: Always release back endpoint
between two commands on the mcli
- 2.6, 2.8 - MINOR : h1: Fail to parse empty transfer
coding names
- 2.9, 3.0 - MINOR : quic: Crash from trace dumping SSL
eary data status (AWS-LC)
- 2.6, 2.8 - MINOR : cli: Atomically inc the global request
counter between CLI commands
- 2.6, 2.8 - MINOR : quic: Lack of precision when computing
K (cubic only cc)
- 2.8, 2.9, 3.0 - MINOR : mux-quic: do not send too big
MAX_STREAMS ID
- 2.6, 2.8 - MINOR : quic: fix computed length of emitted
STREAM frames
- 2.6, 2.8 - MINOR : jwt: fix variable initialisation
- 2.6, 2.8 - MINOR : quic: fix BUG_ON() on Tx pkt alloc
failure
- 2.6, 2.8 - MINOR : server: Don't warn fallback IP is used
during init-addr resolution
- 2.8 - MINOR : proxy: fix dyncookie_key leak on
deinit()
- 2.9, 3.0 - MINOR : stconn: bs.id and fs.id had their
dependencies incorrect
- 2.8, 2.9, 3.0 - MINOR : proto_uxst: delete fd from fdtab if
listen() fails
- 2.8 - MINOR : stconn: Request to send something to
be woken up when the pipe is full
- 2.8, 2.9, 3.0 - MINOR : proto_tcp: keep error msg if listen()
fails
- 2.9, 3.0 - MINOR : cfgparse-global: remove
tune.fast-forward from common_kw_list
- 2.6, 2.8 - MINOR : jwt: don't try to load files with HMAC
algorithm
- 2.8, 2.9, 3.0 - MINOR : trace/quic: make "qconn" selectable as
a lockon criterion
- 2.8, 2.9, 3.0 - MINOR : pattern: do not leave a leading comma
on "set" error messages
- 2.8, 2.9, 3.0 - MINOR : trace: automatically start in waiting
mode with "start
- 2.8, 2.9, 3.0 - MINOR : trace/quic: enable conn/session
pointer recovery from quic_conn
- 2.8, 2.9, 3.0 - MINOR : trace/quic: permit to lock on
frontend/connect/session etc
- 2.8 - MINOR : proxy: fix source interface and usesrc
leaks on deinit()
- 2.6, 2.8 - MINOR : hlua: report proper context upon error
in hlua_cli_io_handler_fct()
- 2.8 - MINOR : proxy: fix check_{command,path} leak
on deinit()
- 2.6, 2.8 - MINOR : h1: Reject empty coding name as last
transfer-encoding value
- 2.8, 2.9, 3.0 - MINOR : quic/trace: make
quic_conn_enc_level_init() emit NEW not CLOSE
- 2.8, 2.9, 3.0 - MINOR : fcgi-app: handle a possible strdup()
failure
- 2.9, 3.0 - MINOR : quic: Missing incrementation in
NEW_TOKEN frame builder
- 2.8 - MINOR : h3: fix crash on STOP_SENDING receive
after GOAWAY emission
- 2.8, 2.9, 3.0 - MINOR : proto_tcp: delete fd from fdtab if
listen() fails
- 2.8 - MINOR : quic: fix race-condition on trace for
CID retrieval
- 2.8, 2.9, 3.0 - MINOR : pattern: pat_ref_set: return 0 if err
was found
- 2.9, 3.0 - MINOR : quic: Too short datagram during packet
building failures (aws-lc only)
- 2.8 - MINOR : session: Eval L4/L5 rules defined in
the default section
- 2.9, 3.0 - MINOR : h1-htx: Don't flag response as
bodyless when a tunnel is established
- 2.8 - MINOR : proxy: fix header_unique_id leak on
deinit()
- 2.6, 2.8 - MINOR : stick-table: fix crash for
src_inc_gpc() without stkcounter
- 2.8 - MINOR : proxy: fix server_id_hdr_name leak on
deinit()
- 2.8, 2.9, 3.0 - MINOR : h3: properly reject too long header
responses
- 2.8, 2.9, 3.0 - MINOR : pattern: prevent const sample from
being tampered in pat_match_beg()
- 2.6, 2.8 - MINOR : mux-quic: fix crash on qcs SD alloc
failure
- 2.8, 2.9, 3.0 - MINOR : pattern: pat_ref_set: fix UAF reported
by coverity
- 2.8 - MINOR : quic: fix race condition in
qc_check_dcid()
- 2.8 - MINOR : proxy: fix log_tag leak on deinit()
--
The haproxy stable-bot is freely provided by HAProxy Technologies to help
improve the quality of each HAProxy release. If you have any issue with these
emails or if you want to suggest some improvements, please post them on the
list so that the solutions suiting the most users can be found.
