Hi, HAProxy 1.7.0 was released on 2016/11/25. It added 107 new commits after version 1.7-dev6. Most of them were late minor bug fixes and code cleanups. Over the last two weeks we finally managed to clean a lot of historical mess, just by splitting some huge code parts into several files, or moving them into the appropriate file. It's better done before than after a release since it will make backports easier for the maintenance branch. To be honnest there's nothing outstanding compared to 1.7-dev6 so I won't comment on these very latest changes.
Haproxy 1.7 now is what I would have liked 1.6 to be, and is what I consider the cleanest version we've ever produced. When 1.6 was released one year ago, I predicted that we'd face one year worth of bug fixes due to the important changes that were brought to the connection management, and it indeed took almost one year to get rid of all of them. Now we mostly focused on fixes, cleanups and modularity, but not on earth-shaking changes. It's interesting to note that among the 706 commits that were produced between 1.6.0 and 1.7.0, no less than 207 were bug fixes (roughly 1/3), around 70 were build fixes and code reorganizations, and around 60 were doc updates, so 1.7 was where the fixes for 1.6 were developped, and that brings it its current level of maturity. We have almost not observed any 1.7-specific regression during its development for now which is a very good sign of the code becoming more modular and much less tricky than what it used to be. We had to emit 1.6.1 only one week after 1.6.0 due to a major bug, I bet we'll be able to wait longer before requiring such an update, time will tell. Despite this it still brings quite some significant improvements over 1.6 : - significant improvements of the CLI : it is now possible to easily register new commands without causing some inter-dependencies between the CLI code and the functional code, so we could already improve a large number of commands with better help and extra arguments. In addition to this, the Lua code can also register CLI commands, pushing the limits as far as your imagination goes. - typed statistics : will make it easier to aggregate statistics over multiple processes. Additionally, all the fields that used to be available in HTML are now also exported in the CSV output, such as the server's address and port, cookie, average response times, etc. - SPOE (stream processing offload engine) : ability to delegate some slow, unreliable or dangerous processing to external processes, ensuring it will be much less necessary to touch the core parts to add new features, and that some parts could possibly work across multiple versions. - filters : these are a new type of internal hooks to many events and around most analysers in order to plug code that can manipulate data and headers. The compression was moved to a filter, and it will be easy to write new code using filters. SPOE was built entirely as a filter. - log-format : the parser now honnors error processing. It's been a huge source of complaints over the last few years where some log fields were empty because improperly typed in the config, but the much more modular architecture now made this possible. - support of directories for config files : now if the argument to -f is a directory, all files found there are loaded in alphabetical order. Additionally, files can be specified after "--" without having to repeat "-f". - config : it is now possible to set/unset/preset environment variables directly in the global section, and even to consult them on the CLI. - init-addr : it is now possible to decide in which order the FQDN should be resolved on "server" lines, and even accept to start with no address, waiting for a run-time resolution. - server update on the CLI : the CLI makes it possible to change a server's address, port, maxconn, check address and port so that it is not required anymore to reload haproxy just to update an address. In conjunction with init-addr, it even allows to pre-populate some server pools that are filled at run time. - state change via the DNS : a valid DNS resolution can now start a server, and repeated failures can stop it (configurable). This is another step in the direction of a more dynamic configuration. - agent-check : an agent can now change the server's maxconn setting. A server may now take its own load into consideration when deciding what its connection limit should be. - support for OpenSSL 1.1.0 : this makes this new version future-proof given that 1.1.0 is about to ship in some future distros. Compatibility with older versions was validated on 0.9.8, 1.0.1 and 1.0.2. - support of multi-certs : different certificates for a same domain so that the best one can be picked according to browser support. The main use is to be able to deliver ECDSA certificates to clients supporting them, without breaking compatibility with older clients. - updates to support OpenBSD 5.7. This brings accept4() and a few other features I've totally forgotten. - WURFL : this is another device detection engine, made by Scientiamobile. Now we have 3 of them (DeviceAtlas and 51Degrees being the two others), users will have a broad choice to compare based on their needs. Nothing technically prevents them from being built in together. - 51Degrees moved to a new API (v3) which is supposedly faster and cleaner, it's different from v2 used in haproxy 1.6 so the lib has to be rebuilt but the databases remain compatible. - performance improvements : version 1.7 is about 10% faster than 1.6 on large requests or responses thanks to some speed ups in the HTTP message parser. - peers v2.1 : a small, backwards compatible, upgrade to the peers protocol has consisted in transmitting expiration dates so that old entries are not constantly refreshed upon reloads. This is important for people who reload often. - stick-tables : now support automatic type casting on the input sample. This avoids a useless conversion to a string which can possibly lose some information sometimes and which is not efficient. Now the tables use the native sample type. It's also faster to perform lookups. - hash-balance-factor : the consistent hash can now improve the balancing to avoid a single node being overloaded. It progressively spreads the excess load to adjacent nodes when the load difference is above a configurable threshold. Very useful for large cache farms. - "tcp-request session" rules : it was often painful not to be able to track an IP address transferred via the proxy protocol without having to pollute the "tcp-request content" rules which are called for each request in case of HTTP keep-alive. This is now possible. It will also be possible to take early decisions based on SSL layer information. - a number of new actions, like "set-src", "set-dst", etc... which make it possible to assign the source and destination addresses to what was found in a HTTP header for example. This can also be used to build an explicit (non-resolving) proxy when running in transparent mode. - on Linux kernels 4.2 and above, IP_BIND_ADDRESS_NO_PORT is used on outgoing connections so that the kernel knows it can reuse the same source port. This is useful when dealing with hundreds of thousands of concurrent connections. - SO_REUSEPORT is now configurable and can be disabled. Some people indeed prefer a second bind to fail instead of having two processes. - a new completely rewritten and much safer DNS response parser. The original one was fragile and required an extreme care. The new one fills structures that are exploited by the requester, making it less likely to do something wrong. - "%Tq" decomposition : the "%Tq" timer in the logs has became useless with keep-alive, showing large request times which were in fact idle time. And with browsers' pre-connect, it has become even worse given that even the first connection could appear long. Now we have extra fields to separately report the idle and SSL handshake times so that logs become accurate again. - tcp: we now have many new sample fetch functions reporting tcp-level information on the client-to-haproxy connection. This makes it possible for example to collect statistics, or to decide to perform a redirect to another site or to deliver compressed objects when the RTT is too high. - http-response track-sc : it's possible to track some information coming from the response. One example consists in collecting statistics on content-length or HTTP statuses. Another example is a counter to see if a client-provided cookie was already seen on the server side. - accept-netscaler-cip : it's an alternative to the PROXY protocol, implemented in Citrix's NetScaler load balancers. Thanks to this, both HAProxy and NetScaler can cooperate. - Lua: a lot of additions, various classes to access many internal objects like listeners, servers, proxies and I don't know what else. - mailers : various improvements such as timeouts and better SMTP protocol compliance. - maps : support a new type of maps consisting in regex with replacement values (a-la "sed"). And that's about all. This work was contributed by 62 different persons, out of which about 2/3 were new contributors. It's the same progression as we had in 1.6. Do not hesitate to say "thanks" to them when you meet them, and particularly if they contributed a feature which made your life easier. Please see the full log at the bottom of this e-mail for more information. Now enough typing, I still have quite a few instances to upgrade, and the web site to update :-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.7/src/ Git repository : http://git.haproxy.org/git/haproxy-1.7.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog since 1.7-dev6 : - SCRIPTS: make publish-release also copy the new SPOE doc - BUILD: http: include types/sample.h in proto_http.h - BUILD: debug/flags: remove test for SF_COMP_READY - CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT - MINOR: lua: add function which return true if the channel is full. - MINOR: lua: add ip addresses and network manipulation function - CONTRIB: tcploop: scriptable TCP I/O for debugging purposes - CONTRIB: tcploop: implement fork() - CONTRIB: tcploop: implement logging when called with -v - CONTRIB: tcploop: update the usage output - CONTRIB: tcploop: support sending plain strings - CONTRIB: tcploop: don't report failed send() or recv() - CONTRIB: tcploop: add basic loops via a jump instruction - BUG/MEDIUM: channel: bad unlikely macro - CLEANUP: lua: move comment - CLEANUP: lua: control executed twice - BUG/MEDIUM: ssl: Store certificate filename in a variable - BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP - CLEANUP: ssl: Remove goto after return dead code - CLEANUP: ssl: Fix bind keywords name in comments - DOC: ssl: Use correct wording for ca-sign-pass - CLEANUP: lua: avoid directly calling getsockname/getpeername() - BUG/MINOR: stick-table: handle out-of-memory condition gracefully - MINOR: cli: add private pointer and release function - MEDIUM: lua: Add cli handler for Lua - BUG/MEDIUM: connection: check the control layer before stopping polling - DEBUG: connection: mark the closed FDs with a value that is easier to detect - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored - MINOR: filters: Add check_timeouts callback to handle timers expiration on streams - MINOR: spoe: Add 'timeout processing' option to limit time to process an event - MINOR: spoe: Remove useless 'timeout ack' option - MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section - MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements - MINOR: spoe: Add "option set-on-error" statement - MINOR: stats: correct documentation of process ID for typed output - BUILD: contrib: fix ip6range build on Centos 7 - BUILD: fix build on Solaris 10/11 - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn - BUG/MINOR: cli: wake up the CLI's task after a timeout update - MINOR: connection: add a few functions to report the data and xprt layers' names - MINOR: connection: add names for transport and data layers - REORG: cli: split dumpstats.c in src/cli.c and src/stats.c - REORG: cli: split dumpstats.h in stats.h and cli.h - REORG: cli: move ssl CLI functions to ssl_sock.c - REORG: cli: move map and acl code to map.c - REORG: cli: move show stat resolvers to dns.c - MINOR: cli: create new function cli_has_level() to validate permissions - MINOR: server: create new function cli_find_server() to find a server - MINOR: proxy: create new function cli_find_frontend() to find a frontend - REORG: cli: move 'set server' to server.c - REORG: cli: move 'show pools' to memory.c - REORG: cli: move 'show servers' to proxy.c - REORG: cli: move 'show sess' to stream.c - REORG: cli: move 'show backend' to proxy.c - REORG: cli: move get/set weight to server.c - REORG: cli: move "show stat" to stats.c - REORG: cli: move "show info" to stats.c - REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c - REORG: cli: move table dump/clear/set to stick_table.c - REORG: cli: move "show errors" out of cli.c - REORG: cli: make "show env" also use the generic keyword registration - REORG: cli: move "set timeout" to its own handler - REORG: cli: move "clear counters" to stats.c - REORG: cli: move "set maxconn global" to its own handler - REORG: cli: move "set maxconn server" to server.c - REORG: cli: move "set maxconn frontend" to proxy.c - REORG: cli: move "shutdown sessions server" to stream.c - REORG: cli: move "shutdown session" to stream.c - REORG: cli: move "shutdown frontend" to proxy.c - REORG: cli: move "{enable|disable} frontend" to proxy.c - REORG: cli: move "{enable|disable} server" to server.c - REORG: cli: move "{enable|disable} health" to server.c - REORG: cli: move "{enable|disable} agent" to server.c - REORG: cli: move the "set rate-limit" functions to their own parser - CLEANUP: cli: rename STAT_CLI_* to CLI_ST_* - CLEANUP: cli: simplify the request parser a little bit - CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers - BUILD: server: remove a build warning introduced by latest series - BUG/MINOR: log-format: uncatched memory allocation functions - CLEANUP: log-format: useless file and line in json converter - CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var() - CLEANUP: log-format: fix return code of the function parse_logformat_var() - CLEANUP: log-format: fix return code of function parse_logformat_var_args() - CLEANUP: log-format: remove unused arguments - MEDIUM: log-format: strict parsing and enable fail - MEDIUM: log-format/conf: take into account the parse_logformat_string() return code - BUILD: ssl: make the SSL layer build again with openssl 0.9.8 - BUILD: vars: remove a build warning on vars.c - MINOR: lua: add utility function for check boolean argument - MINOR: lua: Add tokenize function. - BUG/MINOR: conf: calloc untested - MINOR: http/conf: store the use_backend configuration file and line for logs - MEDIUM: log-format: Use standard HAProxy log system to report errors - CLEANUP: sample: report "converter" instead of "conv method" in error messages - BUG: spoe: Fix parsing of SPOE actions in ACK frames - MINOR: cli: make "show stat" support a proxy name - MINOR: cli: make "show errors" support a proxy name - MINOR: cli: make "show errors" capable of dumping only request or response - BUG/MINOR: freq-ctr: make swrate_add() support larger values - CLEANUP: counters: move from 3 types to 2 types - CLEANUP: cfgparse: cascade the warnif_misplaced_* rules - REORG: tcp-rules: move tcp rules processing to their own file - REORG: stkctr: move all the stick counters processing to stick-tables.c - DOC: update the roadmap file with the latest changes And full changelog since 1.6.0 : Andreas Seltenreich (5): CLEANUP: stats: Avoid computation with uninitialized bits. CLEANUP: pattern: Ignore unknown samples in pat_match_ip(). CLEANUP: map: Avoid memory leak in out-of-memory condition. BUG/MINOR: standard: Avoid free of non-allocated pointer BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition Andrew Hayworth (2): MEDIUM: dns: Don't use the ANY query type MINOR: cli: ability to set per-server maxconn Andrew Rodland (5): MINOR: proxy: add 'served' field to proxy, equal to total of all servers' MINOR: backend: add hash-balance-factor option for hash-type consistent MINOR: server: compute a "cumulative weight" to allow chash balancing to hit its target MEDIUM: server: Implement bounded-load hash algorithm DOC: fix the entry for hash-balance-factor config option Baptiste Assmann (53): BUG/MINOR: dns: parsing error of some DNS response BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop BUG/MINOR: dns: unable to parse CNAMEs response DOC: typo on capture.res.hdr and capture.req.hdr BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing BUG/MINOR: http rule: http capture 'id' rule points to a non existing id DOC: relation between timeout http-request and option http-buffer-request BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT DOC: mailers: typo in 'hostname' description DOC: compression: missing mention of libslz for compression algorithm MINOR: lru: new function to delete <nb> least recently used keys MINOR: server state: missing LF (\n) on error message printed when parsing server state file BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the nameserver BUG/MAJOR: servers state: server port is erased when dns resolution is enabled on a server MINOR: cfgparse: warn when uid parameter is not a number MINOR: cfgparse: warn when gid parameter is not a number DOC: "addr" parameter applies to both health and agent checks DOC: timeout client: pointers to timeout http-request DOC: typo on stick-store response DOC: stick-table: amend paragraph blaming the loss of table upon reload DOC: typo: ACL subdir match DOC: typo: maxconn paragraph is wrong due to a wrong buffer size DOC: regsub: parser limitation about the inability to use closing square brackets DOC: typo: req.uri is now replaced by capture.req.uri BUG/MINOR: dns: inapropriate way out after a resolution timeout BUG/MINOR: dns: trigger a DNS query type change on resolution timeout BUG/MINOR: DNS: resolution structure change BUILD: make proto_tcp.c compatible with musl library MINOR: standard.c: ipcmp() function to compare 2 IP addresses stored in 2 struct sockaddr_storage MINOR: standard.c: ipcpy() function to copy an IP address from a struct sockaddr_storage into an other one MAJOR: listen section: don't use first bind port anymore when no server ports are provided MINOR: cli: change a server health check port through the stats socket MAJOR: check: find out which port to use for health check at run time MINOR: server: introduction of 3 new server flags MINOR: new update_server_addr_port() function to change both server's ADDR and service PORT MINOR: cli: ability to change a server's port CLEANUP/MINOR dns: comment do not follow up code update MINOR: chunk: new strncat function MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value MINOR: dns: new MAX values MINOR: dns: new macro to compute DNS header size MINOR: dns: new DNS structures to store received packets MEDIUM: dns: new DNS response parser MINOR: dns: query type change when last record is a CNAME MINOR: dns: proper domain name validation when receiving DNS response MINOR: dns: comments in types/dns.h about structures endianness MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK MAJOR: server: postpone address resolution MINOR: new srv_admin flag: SRV_ADMF_RMAINT MINOR: dns: implement extra 'hold' timers. MAJOR: dns: runtime resolution can change server admin state MEDIUM: server: add a new init-addr server line setting Ben Cabot (1): BUG/MEDIUM: config: Adding validation to stick-table expire value. Ben Shillito (8): DOC: Edited 51Degrees section of README/ DOC: add Ben Shillito as the maintainer of 51d BUILD/MAJOR:updated 51d Trie implementation to incorperate latest update to 51Degrees.c BUG/MINOR: 51d: Ensures a unique domain for each configuration BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy best practices. BUG/MINOR: 51d: Releases workset back to pool. BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees. CLEANUP: 51d: Aligned if statements with HAProxy best practices and removed casts from malloc. Benoit GARNIER (2): BUG/MINOR: log: GMT offset not updated when entering/leaving DST BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted Bertrand Jacquin (8): MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4" MINOR: build: Allow linking to device-atlas library file BUG/MEDIUM: ssl: Store certificate filename in a variable BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP CLEANUP: ssl: Remove goto after return dead code CLEANUP: ssl: Fix bind keywords name in comments DOC: ssl: Use correct wording for ca-sign-pass Bertrand Paquet (1): BUG/MINOR : allow to log cookie for tarpit and denied request Chad Lavoie (2): MINOR: cli: allow the semi-colon to be escaped on the CLI MINOR: stats: Escape equals sign on socket dump Chris Short (1): BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg files Christopher Faulet (58): BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0 BUG/MINOR: http: Be sure to process all the data received from a server MINOR: filters/http: Use a wrapper function instead of stream_int_retnclose BUG: stream_interface: Reuse connection even if the output channel is empty BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates MAJOR: filters: Add filters support MINOR: filters: Do not reset stream analyzers if the client is gone REORG: filters: Prepare creation of the HTTP compression filter MAJOR: filters/http: Rewrite the HTTP compression as a filter MEDIUM: filters: Use macros to call filters callbacks to speed-up processing MEDIUM: filters: remove http_start_chunk, http_last_chunk and http_chunk_end MEDIUM: filters: Replace filter_http_headers callback by an analyzer MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated functions MINOR: filters: Add stream_filters structure to hide filters info MAJOR: filters: Require explicit registration to filter HTTP body and TCP data MINOR: filters: Remove unused or useless stuff and do small optimizations MEDIUM: filters: Optimize the HTTP compression for chunk encoded response MINOR: filters/http: Slightly update the parsing of chunks MINOR: filters/http: Forward remaining data when a channel has no "data" filters MINOR: filters: Add an filter example MINOR: filters: Extract proxy stuff from the struct filter MINOR: filters: Print the list of existing filters during HA startup MINOR: filters: Typo in an error message MINOR: filters: Filters must define the callbacks struct during config parsing DOC: filters: Add filters documentation BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in backends stats MEDIUM: filters: Move HTTP headers filtering in its own callback MINOR: filters: Simplify calls to analyzers using 2 new macros MEDIUM: filters: Add pre and post analyzer callbacks DOC: filters: Update the filters documentation accordingly to recent changes BUG/MEDIUM: filters: Fix data filtering when data are modified BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data forwarding BUG/MINOR: Rework slightly commit 9962f8fc to clean code and avoid mistakes BUG/MEDIUM: http/compression: Fix how chunked data are copied during the HTTP body parsing BUG: vars: Fix 'set-var' converter because of a typo CLEANUP: remove last references to 'ruleset' section MEDIUM: filters: Add attch/detach and stream_set_backend callbacks MINOR: filters: Update filters documentation accordingly to recent changes MINOR: filters: Call stream_set_backend callbacks before updating backend stats MINOR: filters: Remove backend filters attached to a stream only for HTTP streams MINOR: flt_trace: Add hexdump option to dump forwarded data MINOR: cfgparse: Add functions to backup and restore registered sections MINOR: cfgparse: Parse scope lines and save the last one parsed REORG: sample: move code to release a sample expression in sample.c MINOR: vars: Allow '.' in variable names MINOR: vars: Add vars_set_by_name_ifexist function MEDIUM: vars: Add a per-process scope for variables MINOR: vars: Add 'unset-var' action/converter MAJOR: spoe: Add an experimental Stream Processing Offload Engine MINOR: spoe: add random ip-reputation service as SPOA example MINOR: spoe/checks: Add support for SPOP health checks MINOR: filters: Add check_timeouts callback to handle timers expiration on streams MINOR: spoe: Add 'timeout processing' option to limit time to process an event MINOR: spoe: Remove useless 'timeout ack' option MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements MINOR: spoe: Add "option set-on-error" statement BUG: spoe: Fix parsing of SPOE actions in ACK frames Coen Rosdorff (1): DOC: fix discrepancy in the example for http-request redirect Conrad Hoffmann (1): BUG/MINOR: dumpstats: fix write to global chunk Cyril Bonté (16): BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week DOC: fix a typo for a "deviceatlas" keyword FIX: small typo in an example using the "Referer" header BUG/MEDIUM: sample: urlp can't match an empty value BUG/MEDIUM: checks: email-alert not working when declared in defaults BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured BUG/MINOR: checks: typo in an email-alert error message BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni" keyword BUG/MINOR: fix maxaccept computation according to the frontend process range BUG/MEDIUM: stats: show servers state may show an empty or incomplete result BUG/MEDIUM: stats: show backend may show an empty or incomplete result MINOR: stats: fix typo in help messages MINOR: stats: show stat resolvers missing in the help message BUG/MEDIUM: stats: show servers state may show an servers from another backend DOC: stats: provide state details for show servers state Dan Lloyd (1): DOC: spelling fixes Daniel Jakots (2): BUILD: check for libressl to be able to build against it BUILD: Make use of accept4() on OpenBSD. Daniel Schneller (3): DOC: Clarify tunes.vars.xxx-max-size settings MINOR: acl: Add predefined METH_DELETE, METH_PUT DOC: Clarify IPv4 address / mask notation rules David Carlier (21): BUILD: Make deviceatlas require PCRE CLEANUP: proxy: calloc call inverted arguments CLEANUP: connection: fix double negation on memcmp() DOC: deviceatlas: more example use cases. BUILD: dumpstats: silencing warning for printf format specifier / time_t MINOR: da: silent logging by default and displaying DeviceAtlas support if built. BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input. CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro. MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. MINOR: da: Using ARG12 macro for the sample fetch and the convertor. CLEANUP: chunk: adding NULL check to chunk_dup allocation. CLEANUP: proto_http: few corrections for gcc warnings. BUG/MINOR: server: risk of over reading the pref_net array. BUG/MINOR: cfgparse: couple of small memory leaks. BUG/MEDIUM: sample: initialize the pointer before parse_binary call. BUG/MEDIUM: lua: protects the upper boundary of the argument list for converters/fetches. MINOR: lua: migrate the argument mask to 64 bits type. CLEANUP: dumpstats: u64 field is an unsigned type. CLEANUP: connection: using internal struct to hold source and dest port. MINOR: cfgparse: few memory leaks fixes. BUILD: fix build on Solaris 10/11 Dinko Korunic (1): BUG/MINOR: Fix OSX compilation errors Dirkjan Bussink (1): MEDIUM: ssl: Add support for OpenSSL 1.1.0 Dragan Dosen (9): BUG/MINOR: server: check return value of fgets() in apply_server_state() MINOR: standard: add function "escape_chunk" MEDIUM: log: add a new log format flag "E" MINOR: stream: export the function 'smp_create_src_stkctr' BUG/MINOR: http: url32+src should use the big endian version of url32 BUG/MINOR: http: url32+src should check cli_conn before using it DOC: http: add documentation for url32 and url32+src MINOR: standard: add function "escape_string" BUG/MEDIUM: log: use function "escape_string" instead of "escape_chunk" Emeric Brun (4): BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay. BUG/MEDIUM: peers: old stick table updates could be repushed. BUG/MINOR: peers: some updates are pushed twice after a resync. BUG/MINOR: peers: empty chunks after a resync. Emmanuel Hocdet (2): MEDIUM: ssl: support SNI filters with multicerts MINOR: ssl: crt-list parsing factor Erwan Velu (3): CLEANUP: proto_http: Removing useless variable assignation CLEANUP: dumpstats: Removing useless variables allocation CLEANUP: dns: Removing usless variable & assignation Frederik Deweerdt (1): OPTIM/MINOR: session: abort if possible before connecting to the backend Frédéric Lécaille (2): BUG/MINOR: peers: Fix peers data decoding issue MEDIUM: peers: Fix a peer stick-tables synchronization issue. Godbach (1): DOC: LUA: fix some typos and syntax errors Grant (1): MINOR: examples: Update haproxy.spec URLs to haproxy.org Herve COMMOWICK (1): DOC: fix json converter example and error message Hubert Verstraete (2): MINOR: new function my_realloc2 = realloc + free upon failure CLEANUP: fixed some usages of realloc leading to memory leak Ian Miell (1): CLEANUP: cfgparse: Very minor spelling correction James Brown (1): MINOR: check: add agent-send server parameter Jerome Duval (2): BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. BUILD: add Haiku as supported target. Joe Williams (1): MINOR: tcp: add further tcp info fetchers Jorrit Schippers (1): DOC: Fix typo in description of `-st` parameter in man page Kevin Decherf (1): DOC: specify that stats socket doc (section 9.2) is in management Lukas Tribus (10): BUG/MINOR: acl: don't use record layer in req_ssl_ver BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket MINOR: unix: don't mention free ports on EAGAIN DOC: remove old tunnel mode assumptions BUG/MEDIUM: dns: unbreak DNS resolver after header fix BUG/MINOR: displayed PCRE version is running release MINOR: show Built with PCRE version MINOR: show Running on zlib version MEDIUM: make SO_REUSEPORT configurable MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections Mac Browning (1): DOC: add encoding to json converter example Marcoen Hirschberg (1): BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation Maxime de Roucy (4): MINOR: add list_append_word function MEDIUM: init: use list_append_word in haproxy.c MEDIUM: init: allow directory as argument of -f BUG/MEDIUM: init: don't use environment locale Nenad Merdanovic (8): BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are present BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers MINOR: Add ability for agent-check to set server maxconn CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI updates BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ> DOC: Fix typo so fetch is properly parsed by Cyril's converter BUG/MINOR: Fix endiness issue in DNS header creation code MINOR: Add fe_req_rate sample fetch Olivier Doucet (1): DOC: minor typo fixes to improve HTML parsing by haproxy-dconv Panagiotis Panagiotopoulos (1): DOC: add server name at rate-limit sessions example Pavlos Parissis (2): MINOR: systemd: Use variable for config and pidfile paths MINOR: systemd: Perform sanity check on config before reload Pieter Baauw (5): DOC: lua-api/index.rst small example fixes, spelling correction. MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in resolvers MINOR: mailers: increase default timeout to 10 seconds MINOR: mailers: use <CRLF> for all line endings MINOR: mailers: make it possible to configure the connection timeout Raghu Udiyar (1): BUG/MINOR: stats: fix missing comma in stats on agent drain Remi Gacogne (1): BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() Roberto Guimaraes (1): BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() Ruoshan Huang (3): DOC: prefer using http-request/response over reqXXX/rspXXX directives BUG/MINOR: fix http-response set-log-level parsing error MEDIUM: http: implement http-response track-sc* directive Simon Horman (1): MINOR: stats: correct documentation of process ID for typed output Thiago Farina (2): MINOR: fix the return type for dns_response_get_query_id() function DOC: fix "needed" typo Thierry FOURNIER (100): CLEANUP: use direction names in place of numeric values BUG/MEDIUM: lua: sample fetches based on response doesn't work BUILD: freebsd: double declaration BUG/MEDIUM: lua: clean output buffer DOC: lua: architecture and first steps MINOR: lua: service/applet can have access to the HTTP headers when a POST is received REORG/MINOR: lua: convert boolean "int" to bitfield BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn BUG/MINOR: lua: Lua applets must not use http_txn BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets BUG/MAJOR: lua: Do not force the HTTP analysers in use-services CLEANUP: lua: bad error messages DOC: lua: fix lua API BUILD/MINOR: regex: missing header BUG/MINOR: stream: bad return code DOC: lua: fix somme errors and add implicit types MINOR: lua: add set/get priv for applets DOC: lua: fix somme errors BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash DOC: lua: remove old functions BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests MEDIUM: log: Decompose %Tq in %Th %Ti %TR MINOR: ssl: add debug traces BUILD/CLEANUP: ssl: Check BIO_reset() return code BUG/MINOR: ssl: Check malloc return code BUG/MINOR: ssl: prevent multiple entries for the same certificate MINOR: lua: add function which return true if the channel is full. MINOR: lua: add ip addresses and network manipulation function BUG/MEDIUM: channel: bad unlikely macro CLEANUP: lua: move comment CLEANUP: lua: control executed twice MINOR: cli: add private pointer and release function MEDIUM: lua: Add cli handler for Lua BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored BUG/MINOR: log-format: uncatched memory allocation functions CLEANUP: log-format: useless file and line in json converter CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args() and parse_logformat_var() CLEANUP: log-format: fix return code of the function parse_logformat_var() CLEANUP: log-format: fix return code of function parse_logformat_var_args() CLEANUP: log-format: remove unused arguments MEDIUM: log-format: strict parsing and enable fail MEDIUM: log-format/conf: take into account the parse_logformat_string() return code MINOR: lua: add utility function for check boolean argument MINOR: lua: Add tokenize function. BUG/MINOR: conf: calloc untested MINOR: http/conf: store the use_backend configuration file and line for logs MEDIUM: log-format: Use standard HAProxy log system to report errors MINOR: map: Add regex matching replacement BUG/MINOR: lua: unsafe initialization MINOR: lua: file dedicated to unsafe functions MINOR: lua: add "now" time function MINOR: standard: add RFC HTTP date parser MINOR: lua: Add date functions MINOR: lua: move common function MINOR: lua: merge function MINOR: lua: Add concat class BUG/MAJOR: lua: segfault using Concat object DOC: lua: copyrights MINOR: common: mask conversion MEDIUM: dns: extract options MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a network BUG/MAJOR: lua: applets can't sleep. BUG/MINOR: server: some prototypes are renamed BUG/MINOR: lua: Useless copy BUG/MINOR: server: fix the format of the warning on address change CLEANUP: server: add "const" to some message strings MINOR: server: generalize the "updater" source BUG/MINOR: conf: "listener id" expects integer, but its not checked BUG/MINOR: lua: can't load external libraries BUG/MINOR: prevent the dump of uninitialized vars CLEANUP: map: it seems that the map were planed to be chained MINOR: lua: move class registration facilities MINOR: lua: remove some useless checks CLEANUP: lua: Remove two same functions MINOR: lua: refactor the Lua object registration MINOR: lua: precise message when a critical error is catched MINOR: lua: post initialization MINOR: lua: Add internal function which strip spaces MINOR: lua: convert field to lua type DOC: name set-gpt0 mismatch with the expected keyword MINOR: http: sample fetch which returns unique-id MINOR: dumpstats: extract stats fields enum and names MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts MINOR: dumpstats: split stats_dump_fe_stats() in two parts MINOR: dumpstats: split stats_dump_li_stats() in two parts MINOR: dumpstats: split stats_dump_sv_stats() in two parts MINOR: dumpstats: split stats_dump_be_stats() in two parts MINOR: lua: dump general info MINOR: lua: add class proxy MINOR: lua: add class server MINOR: lua: add class listener BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the connection state. DOC: http: rename the unique-id sample and add the documentation MINOR: filters: add opaque data BUG/MEDIUM: sticktables: segfault in some configuration error cases BUG/MEDIUM: lua: converters doesn't work BUG/MINOR: http: add-header: header name copied twice BUG/MEDIUM: http: add-header: buffer overwritten MINOR: tcp: Return TCP statistics like RTT and RTT variance Vincent Bernat (10): BUILD: install only relevant and existing documentation CLEANUP: don't ignore debian/ directory if present CLEANUP: remove unneeded casts CLEANUP: uniformize last argument of malloc/calloc CLEANUP: .gitignore cleanup BUG/MINOR: dns: fix DNS header definition BUG/MEDIUM: dns: fix alignment issue when building DNS queries BUG/MAJOR: fix listening IP address storage for frontends BUG/MINOR: fix listening IP address storage for frontends (cont) BUG/MINOR: stick-table: handle out-of-memory condition gracefully William Lallemand (23): MINOR: rename master process name in -Ds (systemd mode) BUG/MEDIUM: trace.c: rdtsc() is defined in two files BUG/MEDIUM: fix risk of segfault with "show tls-keys" MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets DOC: update doc about tls-tickets-keys dump MEDIUM: tcp: add 'set-src' to 'tcp-request connection' MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src' MEDIUM: tcp/http: add 'set-src-port' action MEDIUM: tcp/http: new set-dst/set-dst-port actions BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list() MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump MEDIUM: cli: register CLI keywords with cli_register_kw() REORG: cli: split dumpstats.c in src/cli.c and src/stats.c REORG: cli: split dumpstats.h in stats.h and cli.h REORG: cli: move ssl CLI functions to ssl_sock.c REORG: cli: move map and acl code to map.c REORG: cli: move show stat resolvers to dns.c REORG: cli: move 'set server' to server.c REORG: cli: move 'show pools' to memory.c REORG: cli: move 'show servers' to proxy.c REORG: cli: move 'show sess' to stream.c REORG: cli: move 'show backend' to proxy.c REORG: cli: move get/set weight to server.c Willy Tarreau (292): [RELEASE] Released version 1.7-dev0 BUG/MEDIUM: namespaces: don't fail if no namespace is used BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled DEBUG/MINOR: memory: add a build option to disable memory pools sharing DEBUG/MEDIUM: memory: optionally protect free data in pools DEBUG/MEDIUM: memory: add optional control pool memory operations MEDIUM: memory: add accounting for failed allocations BUG/MEDIUM: config: count memory limits on 64 bits, not 32 BUG/MAJOR: http: don't requeue an idle connection that is already queued BUG/MEDIUM: http: switch the request channel to no-delay once done. BUILD/MINOR: http: proto_http.h needs sample.h BUG/MEDIUM: http: don't enable auto-close on the response side BUG/MEDIUM: stream: fix half-closed timeout handling CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB BUG/MEDIUM: cli: changing compression rate-limiting must require admin level BUG/MEDIUM: http: fix http-reuse when frontend and backend differ BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2 MINOR: config: make tune.recv_enough configurable BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced CONTRIB: initiate a debugging suite to make debugging easier [RELEASE] Released version 1.7-dev1 BUG/MINOR: http: fix several off-by-one errors in the url_param parser BUG/MINOR: chunk: make chunk_dup() always check and set dst->size MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero MINOR: chunks: add chunk_strcat() and chunk_newstr() MINOR: chunk: make chunk_initstr() take a const string MEDIUM: tools: add csv_enc_append() to preserve the original chunk MINOR: tools: make csv_enc_append() always start at the first byte of the chunk DOC: fix "workaround" spelling BUG/MEDIUM: servers state: server port is used uninitialized BUG/MEDIUM: channel: fix miscalculation of available buffer space. MEDIUM: pools: add a new flag to avoid rounding pool size up BUG/MEDIUM: buffers: do not round up buffer size during allocation BUG/MINOR: stream: don't force retries if the server is DOWN BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch the table BUG/CLEANUP: CLI: report the proper field states in "show sess" MINOR: stats: send content-length with the redirect to allow keep-alive BUG/MAJOR: http-reuse: fix risk of orphaned connections BUG/MEDIUM: http-reuse: do not share private connections across backends BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation MINOR: cli: add a new "show env" command MEDIUM: config: allow to manipulate environment variables in the global section BUG/MEDIUM: chunks: always reject negative-length chunks BUG/MINOR: systemd: ensure we don't miss signals BUG/MINOR: systemd: report the correct signal in debug message output BUG/MINOR: systemd: propagate the correct signal to haproxy MINOR: systemd: ensure a reload doesn't mask a stop BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs BUG/MAJOR: samples: check smp->strm before using it MINOR: sample: add a new helper to initialize the owner of a sample MINOR: sample: always set a new sample's owner before evaluating it BUG/MAJOR: vars: always retrieve the stream and session from the sample CLEANUP: payload: remove useless and confusing nullity checks for channel buffer BUG/MINOR: ssl: fix usage of the various sample fetch functions MINOR: stats: create fields types suitable for all CSV output data MINOR: stats: add all the "show info" fields in a table MEDIUM: stats: fill all the show info elements prior to displaying them MINOR: stats: add a function to emit fields into a chunk MINOR: stats: add stats_dump_info_fields() to dump one field per line MEDIUM: stats: make use of stats_dump_info_fields() for "show info" MINOR: stats: add a declaration of all stats fields MINOR: stats: don't hard-code the CSV fields list anymore MINOR: stats: create stats fields storage and CSV dump function MEDIUM: stats: convert stats_dump_fe_stats() to use stats_dump_fields_csv() MEDIUM: stats: make stats_dump_fe_stats() use stats fields for HTML dump MEDIUM: stats: convert stats_dump_li_stats() to use stats_dump_fields_csv() MEDIUM: stats: make stats_dump_li_stats() use stats fields for HTML dump MEDIUM: stats: convert stats_dump_be_stats() to use stats_dump_fields_csv() MEDIUM: stats: make stats_dump_be_stats() use stats fields for HTML dump MEDIUM: stats: convert stats_dump_sv_stats() to use stats_dump_fields_csv() MEDIUM: stats: make stats_dump_sv_stats() use the stats field for HTML MEDIUM: stats: move the server state coloring logic to the server dump function MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML dumps MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML dumps MINOR: stats: make CSV report server check status only when enabled MINOR: stats: only report backend's down time if it has servers MINOR: stats: prepend '*' in front of the check status when in progress MINOR: stats: make HTML stats dump rely on the table for the check status MINOR: stats: add agent_status, agent_code, agent_duration to output MINOR: stats: add check_desc and agent_desc to the output fields MINOR: stats: add check and agent's health values in the output MEDIUM: stats: make the HTML server state dump use the CSV states MEDIUM: stats: only report observe errors when observe is set MEDIUM: stats: expose the same flags for CLI and HTTP accesses MEDIUM: stats: report server's address in the CSV output MEDIUM: stats: report the cookie value in the server & backend CSV dumps MEDIUM: stats: compute the color code only in the HTML form MEDIUM: stats: report the listeners' address in the CSV output MEDIUM: stats: make it possible to report the WAITING state for listeners REORG: stats: dump the frontend's HTML stats via a generic function REORG: stats: dump the socket stats via the generic function REORG: stats: dump the server stats via the generic function REORG: stats: dump the backend stats via the generic function MEDIUM: stats: add a new "mode" column to report the proxy mode MINOR: stats: report the load balancing algorithm in CSV output MINOR: stats: add 3 fields to report the frontend-specific connection stats MINOR: stats: report number of intercepted requests for frontend and backends MINOR: stats: introduce stats_dump_one_line() to dump one stats line CLEANUP: stats: make stats_dump_fields_html() not rely on proxy anymore MINOR: stats: add ST_SHOWADMIN to pass the admin info in the regular flags MINOR: stats: make stats_dump_fields_html() not use &trash by default MINOR: stats: add functions to emit typed fields into a chunk MEDIUM: stats: support "show info typed" on the CLI MEDIUM: stats: implement a typed output format for stats DOC: document the "show info typed" and "show stat typed" output formats CLEANUP: http: fix a build warning introduced by a recent fix [RELEASE] Released version 1.7-dev2 BUILD: namespaces: fix a potential build warning in namespaces.c BUG/MEDIUM: peers: fix incorrect age in frequency counters MEDIUM: proxy: use dynamic allocation for error dumps BUG/MEDIUM: ssl: rewind the BIO when reading certificates BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd try) CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() BUG/MEDIUM: fix maxaccept computation on per-process listeners BUG/MINOR: listener: stop unbound listeners on startup TESTS: add blocksig.c to run tests with all signals blocked MEDIUM: unblock signals on startup. BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected BUG/MEDIUM: channel: incorrect polling condition may delay event delivery BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try) BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode BUG/MEDIUM: http: fix incorrect reporting of server errors MINOR: channel: add new function channel_congested() BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try) BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers CLEANUP: don't ignore scripts in .gitignore BUILD: add a few release and backport scripts in scripts/ [RELEASE] Released version 1.7-dev3 CLEANUP: config: detect double registration of a config section MINOR: log: add the %Td log-format specifier SCRIPTS: teach git-show-backports how to report upstream commits SCRIPTS: make git-show-backports capable of limiting its history BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes BUG/MEDIUM: stick-tables: fix breakage in table converters MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY BUILD: fix build on Solaris 11 BUG/MEDIUM: config: fix multiple declaration of section parsers BUILD/MEDIUM: rebuild everything when an include file is changed BUILD/MEDIUM: force a full rebuild if some build options change BUILD: ssl: fix typo causing a build failure in the multicert patch BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits BUG/MINOR: init: ensure that FD limit is raised to the max allowed BUG/MEDIUM: external-checks: close all FDs right after the fork() BUG/MAJOR: external-checks: use asynchronous signal delivery BUG/MINOR: external-checks: do not unblock undesired signals CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating the list BUG/MINOR: srv-state: fix incorrect output of state file BUG/MINOR: http: fix misleading error message for response captures BUG/BUILD: don't automatically run "make" on "make install" DOC: add missing doc for http-request deny [deny_status <status>] BUG/MEDIUM: http: unbreak uri/header/url_param hashing Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()" BUG/MEDIUM: dns: fix alignment issues in the DNS response parser BUG/MINOR: peers: don't count track-sc multiple times on errors BUG/MEDIUM: stream-int: completely detach connection on connect error BUG/MAJOR: compression: initialize avail_in/next_in even during flush BUG/MEDIUM: samples: make smp_dup() always duplicate the sample MINOR: sample: implement smp_is_safe() and smp_make_safe() MINOR: sample: provide smp_is_rw() and smp_make_rw() BUG/MAJOR: server: the "sni" directive could randomly cause trouble BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size BUG/MEDIUM: stick-table: properly convert binary samples to keys MINOR: sample: use smp_make_rw() in upper/lower converters MINOR: tcp: add dst_is_local and src_is_local BUILD: protocol: fix some build errors on OpenBSD BUILD: log: iovec requires to include sys/uio.h on OpenBSD BUILD: tcp: do not include netinet/ip.h for IP_TTL BUILD: connection: fix build breakage on openbsd due to missing in_systm.h BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists BUILD: compression: remove a warning when no compression lib is used BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table [RELEASE] Released version 1.7-dev4 CLEANUP: logs: remove unused log format field definitions BUG/MAJOR: stream: properly mark the server address as unset on connect retry BUG/MINOR: payload: fix SSLv2 version parser BUG/MINOR: stats: report the correct conn_time in backend's html output BUG/MEDIUM: dns: don't randomly crash on out-of-memory MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port commutative DOC: fix missed entry for "set-{src,dst}{,-port}" BUG/MINOR: vars: use sess and not s->sess in action_store() BUG/MINOR: vars: make smp_fetch_var() more robust against misuses BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session MINOR: stats: output dcon CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4 MINOR: counters: add new fields for denied_sess MEDIUM: tcp: add registration and processing of TCP L5 rules MINOR: stats: emit dses DOC: document tcp-request session BUG/MINOR: systemd: make the wrapper return a non-null status code on error BUG/MINOR: systemd: always restore signals before execve() BUG/MINOR: systemd: check return value of calloc() MINOR: systemd: report it when execve() fails BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed SCRIPTS: make git-show-backports also dump a "git show" command [RELEASE] Released version 1.7-dev5 BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream BUG/MEDIUM: peers: fix use after free in peer_session_create() MINOR: peers: make peer_session_forceshutdown() use the appctx and not the stream MINOR: peers: remove the pointer to the stream BUG/MEDIUM: systemd-wrapper: return correct exit codes MEDIUM: tools: make str2ip2() preserve existing ports CLEANUP: tools: make ipcpy() preserve the original port OPTIM: http: move all http character classs tables into a single one OPTIM: http: improve parsing performance of long header lines OPTIM: http: improve parsing performance of long URIs OPTIM: http: optimize lookup of comma and quote in header values BUG/MEDIUM: srv-state: properly restore the DRAIN state BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags MINOR: server: do not emit warnings/logs/alerts on server state changes at boot BUG/MEDIUM: servers: properly propagate the maintenance states during startup DOC: move the device detection modules documentation to their own files CLEANUP: wurfl: reduce exposure in the rest of the code MINOR: stream: make option contstats usable again MEDIUM: tools: make str2sa_range() return the FQDN even when not resolving MINOR: server: indicate in the logs when RMAINT is cleared MINOR: stats: indicate it when a server is down due to resolution MINOR: server: make srv_set_admin_state() capable of telling why this happens MEDIUM: cli: leave the RMAINT state when setting an IP address on the CLI MEDIUM: server: make use of init-addr MINOR: server: implement init-addr none MEDIUM: server: make libc resolution failure non-fatal MINOR: server: add support for explicit numeric address in init-addr DOC: add some documentation for the "init-addr" server keyword MINOR: init: add -dr to ignore server address resolution failures MEDIUM: server: do not restrict anymore usage of IP address from the state file DOC: update ROADMAP file [RELEASE] Released version 1.7-dev6 SCRIPTS: make publish-release also copy the new SPOE doc BUILD: http: include types/sample.h in proto_http.h BUILD: debug/flags: remove test for SF_COMP_READY CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT CONTRIB: tcploop: scriptable TCP I/O for debugging purposes CONTRIB: tcploop: implement fork() CONTRIB: tcploop: implement logging when called with -v CONTRIB: tcploop: update the usage output CONTRIB: tcploop: support sending plain strings CONTRIB: tcploop: don't report failed send() or recv() CONTRIB: tcploop: add basic loops via a jump instruction CLEANUP: lua: avoid directly calling getsockname/getpeername() BUG/MEDIUM: connection: check the control layer before stopping polling DEBUG: connection: mark the closed FDs with a value that is easier to detect BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory BUG/MINOR: cli: properly decrement ref count on tables during failed dumps BUILD: contrib: fix ip6range build on Centos 7 BUG/MINOR: cli: fix pointer size when reporting data/transport layer name BUG/MINOR: cli: dequeue from the proxy when changing a maxconn BUG/MINOR: cli: wake up the CLI's task after a timeout update MINOR: connection: add a few functions to report the data and xprt layers' names MINOR: connection: add names for transport and data layers MINOR: cli: create new function cli_has_level() to validate permissions MINOR: server: create new function cli_find_server() to find a server MINOR: proxy: create new function cli_find_frontend() to find a frontend REORG: cli: move "show stat" to stats.c REORG: cli: move "show info" to stats.c REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to standard.c REORG: cli: move table dump/clear/set to stick_table.c REORG: cli: move "show errors" out of cli.c REORG: cli: make "show env" also use the generic keyword registration REORG: cli: move "set timeout" to its own handler REORG: cli: move "clear counters" to stats.c REORG: cli: move "set maxconn global" to its own handler REORG: cli: move "set maxconn server" to server.c REORG: cli: move "set maxconn frontend" to proxy.c REORG: cli: move "shutdown sessions server" to stream.c REORG: cli: move "shutdown session" to stream.c REORG: cli: move "shutdown frontend" to proxy.c REORG: cli: move "{enable|disable} frontend" to proxy.c REORG: cli: move "{enable|disable} server" to server.c REORG: cli: move "{enable|disable} health" to server.c REORG: cli: move "{enable|disable} agent" to server.c REORG: cli: move the "set rate-limit" functions to their own parser CLEANUP: cli: rename STAT_CLI_* to CLI_ST_* CLEANUP: cli: simplify the request parser a little bit CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers BUILD: server: remove a build warning introduced by latest series BUILD: ssl: make the SSL layer build again with openssl 0.9.8 BUILD: vars: remove a build warning on vars.c CLEANUP: sample: report "converter" instead of "conv method" in error messages MINOR: cli: make "show stat" support a proxy name MINOR: cli: make "show errors" support a proxy name MINOR: cli: make "show errors" capable of dumping only request or response BUG/MINOR: freq-ctr: make swrate_add() support larger values CLEANUP: counters: move from 3 types to 2 types CLEANUP: cfgparse: cascade the warnif_misplaced_* rules REORG: tcp-rules: move tcp rules processing to their own file REORG: stkctr: move all the stick counters processing to stick-tables.c DOC: update the roadmap file with the latest changes [RELEASE] Released version 1.7.0 fengpeiyuan (1): DOC: fix a few spelling mistakes jesse.de...@asu.edu (1): BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() lsenta (1): BUG: http: do not abort keep-alive connections on server timeout mildis (2): MINOR: config: allow IPv6 bracketed literals BUG/MINOR: ssl: close ssl key file on error scientiamobile (1): MEDIUM: wurfl: add Scientiamobile WURFL device detection module yanbzhu (7): MINOR: ssl: Added cert_key_and_chain struct MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs MINOR: ssl: Added multi cert support for crt-list config keyword MEDIUM: ssl: Added multi cert support for loading crt directories MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling DOC: ssl: Adding docs for Multi-Cert bundling DOC: ssl: fixed some formatting errors in crt tag ---