Haproxy 1.7 now is what I would have liked 1.6 to be, and is what I
consider the cleanest version we've ever produced. When 1.6 was
released
one year ago, I predicted that we'd face one year worth of bug fixes
due
to the important changes that were brought to the connection
management,
and it indeed took almost one year to get rid of all of them. Now we
mostly focused on fixes, cleanups and modularity, but not on
earth-shaking
changes.
It's interesting to note that among the 706 commits that were produced
between 1.6.0 and 1.7.0, no less than 207 were bug fixes (roughly 1/3),
around 70 were build fixes and code reorganizations, and around 60 were
doc updates, so 1.7 was where the fixes for 1.6 were developped, and
that
brings it its current level of maturity. We have almost not observed
any
1.7-specific regression during its development for now which is a very
good sign of the code becoming more modular and much less tricky than
what it used to be. We had to emit 1.6.1 only one week after 1.6.0 due
to a major bug, I bet we'll be able to wait longer before requiring
such
an update, time will tell.
Despite this it still brings quite some significant improvements over
1.6 :
- significant improvements of the CLI : it is now possible to easily
register new commands without causing some inter-dependencies
between
the CLI code and the functional code, so we could already improve a
large number of commands with better help and extra arguments. In
addition to this, the Lua code can also register CLI commands,
pushing
the limits as far as your imagination goes.
- typed statistics : will make it easier to aggregate statistics over
multiple processes. Additionally, all the fields that used to be
available in HTML are now also exported in the CSV output, such as
the server's address and port, cookie, average response times, etc.
- SPOE (stream processing offload engine) : ability to delegate some
slow, unreliable or dangerous processing to external processes,
ensuring it will be much less necessary to touch the core parts to
add new features, and that some parts could possibly work across
multiple versions.
- filters : these are a new type of internal hooks to many events and
around most analysers in order to plug code that can manipulate
data
and headers. The compression was moved to a filter, and it will be
easy to write new code using filters. SPOE was built entirely as a
filter.
- log-format : the parser now honnors error processing. It's been a
huge source of complaints over the last few years where some log
fields were empty because improperly typed in the config, but the
much more modular architecture now made this possible.
- support of directories for config files : now if the argument to -f
is a directory, all files found there are loaded in alphabetical
order. Additionally, files can be specified after "--" without
having
to repeat "-f".
- config : it is now possible to set/unset/preset environment
variables
directly in the global section, and even to consult them on the
CLI.
- init-addr : it is now possible to decide in which order the FQDN
should be resolved on "server" lines, and even accept to start with
no address, waiting for a run-time resolution.
- server update on the CLI : the CLI makes it possible to change a
server's address, port, maxconn, check address and port so that it
is not required anymore to reload haproxy just to update an
address.
In conjunction with init-addr, it even allows to pre-populate some
server pools that are filled at run time.
- state change via the DNS : a valid DNS resolution can now start a
server, and repeated failures can stop it (configurable). This is
another step in the direction of a more dynamic configuration.
- agent-check : an agent can now change the server's maxconn setting.
A
server may now take its own load into consideration when deciding
what
its connection limit should be.
- support for OpenSSL 1.1.0 : this makes this new version
future-proof
given that 1.1.0 is about to ship in some future distros.
Compatibility
with older versions was validated on 0.9.8, 1.0.1 and 1.0.2.
- support of multi-certs : different certificates for a same domain
so
that the best one can be picked according to browser support. The
main
use is to be able to deliver ECDSA certificates to clients
supporting
them, without breaking compatibility with older clients.
- updates to support OpenBSD 5.7. This brings accept4() and a few
other
features I've totally forgotten.
- WURFL : this is another device detection engine, made by
Scientiamobile.
Now we have 3 of them (DeviceAtlas and 51Degrees being the two
others),
users will have a broad choice to compare based on their needs.
Nothing
technically prevents them from being built in together.
- 51Degrees moved to a new API (v3) which is supposedly faster and
cleaner,
it's different from v2 used in haproxy 1.6 so the lib has to be
rebuilt
but the databases remain compatible.
- performance improvements : version 1.7 is about 10% faster than 1.6
on large requests or responses thanks to some speed ups in the HTTP
message parser.
- peers v2.1 : a small, backwards compatible, upgrade to the peers
protocol has consisted in transmitting expiration dates so that old
entries are not constantly refreshed upon reloads. This is
important
for people who reload often.
- stick-tables : now support automatic type casting on the input
sample.
This avoids a useless conversion to a string which can possibly
lose
some information sometimes and which is not efficient. Now the
tables
use the native sample type. It's also faster to perform lookups.
- hash-balance-factor : the consistent hash can now improve the
balancing
to avoid a single node being overloaded. It progressively spreads
the
excess load to adjacent nodes when the load difference is above a
configurable threshold. Very useful for large cache farms.
- "tcp-request session" rules : it was often painful not to be able
to
track an IP address transferred via the proxy protocol without
having
to pollute the "tcp-request content" rules which are called for
each
request in case of HTTP keep-alive. This is now possible. It will
also
be possible to take early decisions based on SSL layer information.
- a number of new actions, like "set-src", "set-dst", etc... which
make
it possible to assign the source and destination addresses to what
was
found in a HTTP header for example. This can also be used to build
an
explicit (non-resolving) proxy when running in transparent mode.
- on Linux kernels 4.2 and above, IP_BIND_ADDRESS_NO_PORT is used on
outgoing connections so that the kernel knows it can reuse the same
source port. This is useful when dealing with hundreds of thousands
of concurrent connections.
- SO_REUSEPORT is now configurable and can be disabled. Some people
indeed prefer a second bind to fail instead of having two
processes.
- a new completely rewritten and much safer DNS response parser. The
original one was fragile and required an extreme care. The new one
fills structures that are exploited by the requester, making it
less
likely to do something wrong.
- "%Tq" decomposition : the "%Tq" timer in the logs has became
useless
with keep-alive, showing large request times which were in fact
idle
time. And with browsers' pre-connect, it has become even worse
given
that even the first connection could appear long. Now we have extra
fields to separately report the idle and SSL handshake times so
that
logs become accurate again.
- tcp: we now have many new sample fetch functions reporting
tcp-level
information on the client-to-haproxy connection. This makes it
possible
for example to collect statistics, or to decide to perform a
redirect
to another site or to deliver compressed objects when the RTT is
too
high.
- http-response track-sc : it's possible to track some information
coming
from the response. One example consists in collecting statistics on
content-length or HTTP statuses. Another example is a counter to
see if
a client-provided cookie was already seen on the server side.
- accept-netscaler-cip : it's an alternative to the PROXY protocol,
implemented in Citrix's NetScaler load balancers. Thanks to this,
both
HAProxy and NetScaler can cooperate.
- Lua: a lot of additions, various classes to access many internal
objects like listeners, servers, proxies and I don't know what
else.
- mailers : various improvements such as timeouts and better SMTP
protocol
compliance.
- maps : support a new type of maps consisting in regex with
replacement
values (a-la "sed").
And that's about all. This work was contributed by 62 different
persons,
out of which about 2/3 were new contributors. It's the same progression
as we had in 1.6. Do not hesitate to say "thanks" to them when you meet
them, and particularly if they contributed a feature which made your
life
easier. Please see the full log at the bottom of this e-mail for more
information.
Now enough typing, I still have quite a few instances to upgrade, and
the
web site to update :-)
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog since 1.7-dev6 :
- SCRIPTS: make publish-release also copy the new SPOE doc
- BUILD: http: include types/sample.h in proto_http.h
- BUILD: debug/flags: remove test for SF_COMP_READY
- CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT
- MINOR: lua: add function which return true if the channel is full.
- MINOR: lua: add ip addresses and network manipulation function
- CONTRIB: tcploop: scriptable TCP I/O for debugging purposes
- CONTRIB: tcploop: implement fork()
- CONTRIB: tcploop: implement logging when called with -v
- CONTRIB: tcploop: update the usage output
- CONTRIB: tcploop: support sending plain strings
- CONTRIB: tcploop: don't report failed send() or recv()
- CONTRIB: tcploop: add basic loops via a jump instruction
- BUG/MEDIUM: channel: bad unlikely macro
- CLEANUP: lua: move comment
- CLEANUP: lua: control executed twice
- BUG/MEDIUM: ssl: Store certificate filename in a variable
- BUG/MINOR: ssl: Print correct filename when error occurs reading
OCSP
- CLEANUP: ssl: Remove goto after return dead code
- CLEANUP: ssl: Fix bind keywords name in comments
- DOC: ssl: Use correct wording for ca-sign-pass
- CLEANUP: lua: avoid directly calling getsockname/getpeername()
- BUG/MINOR: stick-table: handle out-of-memory condition gracefully
- MINOR: cli: add private pointer and release function
- MEDIUM: lua: Add cli handler for Lua
- BUG/MEDIUM: connection: check the control layer before stopping
polling
- DEBUG: connection: mark the closed FDs with a value that is easier
to detect
- BUG/MEDIUM: stick-table: fix regression caused by recent fix for
out-of-memory
- BUG/MINOR: cli: properly decrement ref count on tables during
failed dumps
- BUG/MEDIUM: lua: In some case, the return of sample-fetche is
ignored
- MINOR: filters: Add check_timeouts callback to handle timers
expiration on streams
- MINOR: spoe: Add 'timeout processing' option to limit time to
process an event
- MINOR: spoe: Remove useless 'timeout ack' option
- MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent
section
- MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements
- MINOR: spoe: Add "option set-on-error" statement
- MINOR: stats: correct documentation of process ID for typed output
- BUILD: contrib: fix ip6range build on Centos 7
- BUILD: fix build on Solaris 10/11
- BUG/MINOR: cli: fix pointer size when reporting data/transport
layer name
- BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
- BUG/MINOR: cli: wake up the CLI's task after a timeout update
- MINOR: connection: add a few functions to report the data and xprt
layers' names
- MINOR: connection: add names for transport and data layers
- REORG: cli: split dumpstats.c in src/cli.c and src/stats.c
- REORG: cli: split dumpstats.h in stats.h and cli.h
- REORG: cli: move ssl CLI functions to ssl_sock.c
- REORG: cli: move map and acl code to map.c
- REORG: cli: move show stat resolvers to dns.c
- MINOR: cli: create new function cli_has_level() to validate
permissions
- MINOR: server: create new function cli_find_server() to find a
server
- MINOR: proxy: create new function cli_find_frontend() to find a
frontend
- REORG: cli: move 'set server' to server.c
- REORG: cli: move 'show pools' to memory.c
- REORG: cli: move 'show servers' to proxy.c
- REORG: cli: move 'show sess' to stream.c
- REORG: cli: move 'show backend' to proxy.c
- REORG: cli: move get/set weight to server.c
- REORG: cli: move "show stat" to stats.c
- REORG: cli: move "show info" to stats.c
- REORG: cli: move dump_text(), dump_text_line(), and dump_binary()
to standard.c
- REORG: cli: move table dump/clear/set to stick_table.c
- REORG: cli: move "show errors" out of cli.c
- REORG: cli: make "show env" also use the generic keyword
registration
- REORG: cli: move "set timeout" to its own handler
- REORG: cli: move "clear counters" to stats.c
- REORG: cli: move "set maxconn global" to its own handler
- REORG: cli: move "set maxconn server" to server.c
- REORG: cli: move "set maxconn frontend" to proxy.c
- REORG: cli: move "shutdown sessions server" to stream.c
- REORG: cli: move "shutdown session" to stream.c
- REORG: cli: move "shutdown frontend" to proxy.c
- REORG: cli: move "{enable|disable} frontend" to proxy.c
- REORG: cli: move "{enable|disable} server" to server.c
- REORG: cli: move "{enable|disable} health" to server.c
- REORG: cli: move "{enable|disable} agent" to server.c
- REORG: cli: move the "set rate-limit" functions to their own parser
- CLEANUP: cli: rename STAT_CLI_* to CLI_ST_*
- CLEANUP: cli: simplify the request parser a little bit
- CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers
- BUILD: server: remove a build warning introduced by latest series
- BUG/MINOR: log-format: uncatched memory allocation functions
- CLEANUP: log-format: useless file and line in json converter
- CLEANUP/MINOR: log-format: unexport functions
parse_logformat_var_args() and parse_logformat_var()
- CLEANUP: log-format: fix return code of the function
parse_logformat_var()
- CLEANUP: log-format: fix return code of function
parse_logformat_var_args()
- CLEANUP: log-format: remove unused arguments
- MEDIUM: log-format: strict parsing and enable fail
- MEDIUM: log-format/conf: take into account the
parse_logformat_string() return code
- BUILD: ssl: make the SSL layer build again with openssl 0.9.8
- BUILD: vars: remove a build warning on vars.c
- MINOR: lua: add utility function for check boolean argument
- MINOR: lua: Add tokenize function.
- BUG/MINOR: conf: calloc untested
- MINOR: http/conf: store the use_backend configuration file and line
for logs
- MEDIUM: log-format: Use standard HAProxy log system to report
errors
- CLEANUP: sample: report "converter" instead of "conv method" in
error messages
- BUG: spoe: Fix parsing of SPOE actions in ACK frames
- MINOR: cli: make "show stat" support a proxy name
- MINOR: cli: make "show errors" support a proxy name
- MINOR: cli: make "show errors" capable of dumping only request or
response
- BUG/MINOR: freq-ctr: make swrate_add() support larger values
- CLEANUP: counters: move from 3 types to 2 types
- CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
- REORG: tcp-rules: move tcp rules processing to their own file
- REORG: stkctr: move all the stick counters processing to
stick-tables.c
- DOC: update the roadmap file with the latest changes
And full changelog since 1.6.0 :
Andreas Seltenreich (5):
CLEANUP: stats: Avoid computation with uninitialized bits.
CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
CLEANUP: map: Avoid memory leak in out-of-memory condition.
BUG/MINOR: standard: Avoid free of non-allocated pointer
BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
Andrew Hayworth (2):
MEDIUM: dns: Don't use the ANY query type
MINOR: cli: ability to set per-server maxconn
Andrew Rodland (5):
MINOR: proxy: add 'served' field to proxy, equal to total of all
servers'
MINOR: backend: add hash-balance-factor option for hash-type
consistent
MINOR: server: compute a "cumulative weight" to allow chash
balancing to hit its target
MEDIUM: server: Implement bounded-load hash algorithm
DOC: fix the entry for hash-balance-factor config option
Baptiste Assmann (53):
BUG/MINOR: dns: parsing error of some DNS response
BUG/MAJOR: dns: first DNS response packet not matching queried
hostname may lead to a loop
BUG/MINOR: dns: unable to parse CNAMEs response
DOC: typo on capture.res.hdr and capture.req.hdr
BUG/MINOR: dns: check for duplicate nameserver id in a resolvers
section was missing
BUG/MINOR: http rule: http capture 'id' rule points to a non
existing id
DOC: relation between timeout http-request and option
http-buffer-request
BUG/MINOR: tcpcheck: conf parsing error when no port configured
on server and last rule is a CONNECT with no port
BUG/MINOR: tcpcheck: conf parsing error when no port configured
on server and first rule(s) is (are) COMMENT
DOC: mailers: typo in 'hostname' description
DOC: compression: missing mention of libslz for compression
algorithm
MINOR: lru: new function to delete <nb> least recently used keys
MINOR: server state: missing LF (\n) on error message printed
when parsing server state file
BUG/MEDIUM: dns: no DNS resolution happens if no ports provided
to the nameserver
BUG/MAJOR: servers state: server port is erased when dns
resolution is enabled on a server
MINOR: cfgparse: warn when uid parameter is not a number
MINOR: cfgparse: warn when gid parameter is not a number
DOC: "addr" parameter applies to both health and agent checks
DOC: timeout client: pointers to timeout http-request
DOC: typo on stick-store response
DOC: stick-table: amend paragraph blaming the loss of table upon
reload
DOC: typo: ACL subdir match
DOC: typo: maxconn paragraph is wrong due to a wrong buffer size
DOC: regsub: parser limitation about the inability to use
closing square brackets
DOC: typo: req.uri is now replaced by capture.req.uri
BUG/MINOR: dns: inapropriate way out after a resolution timeout
BUG/MINOR: dns: trigger a DNS query type change on resolution
timeout
BUG/MINOR: DNS: resolution structure change
BUILD: make proto_tcp.c compatible with musl library
MINOR: standard.c: ipcmp() function to compare 2 IP addresses
stored in 2 struct sockaddr_storage
MINOR: standard.c: ipcpy() function to copy an IP address from a
struct sockaddr_storage into an other one
MAJOR: listen section: don't use first bind port anymore when no
server ports are provided
MINOR: cli: change a server health check port through the stats
socket
MAJOR: check: find out which port to use for health check at run
time
MINOR: server: introduction of 3 new server flags
MINOR: new update_server_addr_port() function to change both
server's ADDR and service PORT
MINOR: cli: ability to change a server's port
CLEANUP/MINOR dns: comment do not follow up code update
MINOR: chunk: new strncat function
MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value
MINOR: dns: new MAX values
MINOR: dns: new macro to compute DNS header size
MINOR: dns: new DNS structures to store received packets
MEDIUM: dns: new DNS response parser
MINOR: dns: query type change when last record is a CNAME
MINOR: dns: proper domain name validation when receiving DNS
response
MINOR: dns: comments in types/dns.h about structures endianness
MINOR: init: move apply_server_state in haproxy.c before
MODE_CHECK
MAJOR: server: postpone address resolution
MINOR: new srv_admin flag: SRV_ADMF_RMAINT
MINOR: dns: implement extra 'hold' timers.
MAJOR: dns: runtime resolution can change server admin state
MEDIUM: server: add a new init-addr server line setting
Ben Cabot (1):
BUG/MEDIUM: config: Adding validation to stick-table expire
value.
Ben Shillito (8):
DOC: Edited 51Degrees section of README/
DOC: add Ben Shillito as the maintainer of 51d
BUILD/MAJOR:updated 51d Trie implementation to incorperate
latest update to 51Degrees.c
BUG/MINOR: 51d: Ensures a unique domain for each configuration
BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy
best practices.
BUG/MINOR: 51d: Releases workset back to pool.
BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
CLEANUP: 51d: Aligned if statements with HAProxy best practices
and removed casts from malloc.
Benoit GARNIER (2):
BUG/MINOR: log: GMT offset not updated when entering/leaving DST
BUG/MINOR: log: Don't use strftime() which can clobber timezone
if chrooted
Bertrand Jacquin (8):
MINOR: listener: add the "accept-netscaler-cip" option to the
"bind" keyword
MINOR: tcp: add "tcp-request connection expect-netscaler-cip
layer4"
MINOR: build: Allow linking to device-atlas library file
BUG/MEDIUM: ssl: Store certificate filename in a variable
BUG/MINOR: ssl: Print correct filename when error occurs reading
OCSP
CLEANUP: ssl: Remove goto after return dead code
CLEANUP: ssl: Fix bind keywords name in comments
DOC: ssl: Use correct wording for ca-sign-pass
Bertrand Paquet (1):
BUG/MINOR : allow to log cookie for tarpit and denied request
Chad Lavoie (2):
MINOR: cli: allow the semi-colon to be escaped on the CLI
MINOR: stats: Escape equals sign on socket dump
Chris Short (1):
BUG/MINOR: examples: Fixing haproxy.spec to remove references to
.cfg files
Christopher Faulet (58):
BUILD: ssl: fix build error introduced in commit 7969a3 with
OpenSSL < 1.0.0
BUG/MINOR: http: Be sure to process all the data received from a
server
MINOR: filters/http: Use a wrapper function instead of
stream_int_retnclose
BUG: stream_interface: Reuse connection even if the output
channel is empty
BUG/MINOR: ssl: Be sure to use unique serial for regenerated
certificates
MAJOR: filters: Add filters support
MINOR: filters: Do not reset stream analyzers if the client is
gone
REORG: filters: Prepare creation of the HTTP compression filter
MAJOR: filters/http: Rewrite the HTTP compression as a filter
MEDIUM: filters: Use macros to call filters callbacks to
speed-up processing
MEDIUM: filters: remove http_start_chunk, http_last_chunk and
http_chunk_end
MEDIUM: filters: Replace filter_http_headers callback by an
analyzer
MEDIUM: filters/http: Move body parsing of HTTP messages in
dedicated functions
MINOR: filters: Add stream_filters structure to hide filters info
MAJOR: filters: Require explicit registration to filter HTTP
body and TCP data
MINOR: filters: Remove unused or useless stuff and do small
optimizations
MEDIUM: filters: Optimize the HTTP compression for chunk encoded
response
MINOR: filters/http: Slightly update the parsing of chunks
MINOR: filters/http: Forward remaining data when a channel has
no "data" filters
MINOR: filters: Add an filter example
MINOR: filters: Extract proxy stuff from the struct filter
MINOR: filters: Print the list of existing filters during HA
startup
MINOR: filters: Typo in an error message
MINOR: filters: Filters must define the callbacks struct during
config parsing
DOC: filters: Add filters documentation
BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in
backends stats
MEDIUM: filters: Move HTTP headers filtering in its own callback
MINOR: filters: Simplify calls to analyzers using 2 new macros
MEDIUM: filters: Add pre and post analyzer callbacks
DOC: filters: Update the filters documentation accordingly to
recent changes
BUG/MEDIUM: filters: Fix data filtering when data are modified
BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data
forwarding
BUG/MINOR: Rework slightly commit 9962f8fc to clean code and
avoid mistakes
BUG/MEDIUM: http/compression: Fix how chunked data are copied
during the HTTP body parsing
BUG: vars: Fix 'set-var' converter because of a typo
CLEANUP: remove last references to 'ruleset' section
MEDIUM: filters: Add attch/detach and stream_set_backend
callbacks
MINOR: filters: Update filters documentation accordingly to
recent changes
MINOR: filters: Call stream_set_backend callbacks before
updating backend stats
MINOR: filters: Remove backend filters attached to a stream only
for HTTP streams
MINOR: flt_trace: Add hexdump option to dump forwarded data
MINOR: cfgparse: Add functions to backup and restore registered
sections
MINOR: cfgparse: Parse scope lines and save the last one parsed
REORG: sample: move code to release a sample expression in
sample.c
MINOR: vars: Allow '.' in variable names
MINOR: vars: Add vars_set_by_name_ifexist function
MEDIUM: vars: Add a per-process scope for variables
MINOR: vars: Add 'unset-var' action/converter
MAJOR: spoe: Add an experimental Stream Processing Offload Engine
MINOR: spoe: add random ip-reputation service as SPOA example
MINOR: spoe/checks: Add support for SPOP health checks
MINOR: filters: Add check_timeouts callback to handle timers
expiration on streams
MINOR: spoe: Add 'timeout processing' option to limit time to
process an event
MINOR: spoe: Remove useless 'timeout ack' option
MINOR: spoe: Add 'option continue-on-error' statement in
spoe-agent section
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements
MINOR: spoe: Add "option set-on-error" statement
BUG: spoe: Fix parsing of SPOE actions in ACK frames
Coen Rosdorff (1):
DOC: fix discrepancy in the example for http-request redirect
Conrad Hoffmann (1):
BUG/MINOR: dumpstats: fix write to global chunk
Cyril Bonté (16):
BUG/MEDIUM: sample: http_date() doesn't provide the right day of
the week
DOC: fix a typo for a "deviceatlas" keyword
FIX: small typo in an example using the "Referer" header
BUG/MEDIUM: sample: urlp can't match an empty value
BUG/MEDIUM: checks: email-alert not working when declared in
defaults
BUG/MINOR: checks: email-alert causes a segfault when an unknown
mailers section is configured
BUG/MINOR: checks: typo in an email-alert error message
BUG/MEDIUM: stats: stats bind-process doesn't propagate the
process mask correctly
BUG/MEDIUM: cfgparse: wrong argument offset after parsing server
"sni" keyword
BUG/MINOR: fix maxaccept computation according to the frontend
process range
BUG/MEDIUM: stats: show servers state may show an empty or
incomplete result
BUG/MEDIUM: stats: show backend may show an empty or incomplete
result
MINOR: stats: fix typo in help messages
MINOR: stats: show stat resolvers missing in the help message
BUG/MEDIUM: stats: show servers state may show an servers from
another backend
DOC: stats: provide state details for show servers state
Dan Lloyd (1):
DOC: spelling fixes
Daniel Jakots (2):
BUILD: check for libressl to be able to build against it
BUILD: Make use of accept4() on OpenBSD.
Daniel Schneller (3):
DOC: Clarify tunes.vars.xxx-max-size settings
MINOR: acl: Add predefined METH_DELETE, METH_PUT
DOC: Clarify IPv4 address / mask notation rules
David Carlier (21):
BUILD: Make deviceatlas require PCRE
CLEANUP: proxy: calloc call inverted arguments
CLEANUP: connection: fix double negation on memcmp()
DOC: deviceatlas: more example use cases.
BUILD: dumpstats: silencing warning for printf format specifier /
time_t
MINOR: da: silent logging by default and displaying DeviceAtlas
support if built.
BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if
there is no input.
CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
MINOR: sample: Moves ARGS underlying type from 32 to 64 bits.
MINOR: da: Using ARG12 macro for the sample fetch and the
convertor.
CLEANUP: chunk: adding NULL check to chunk_dup allocation.
CLEANUP: proto_http: few corrections for gcc warnings.
BUG/MINOR: server: risk of over reading the pref_net array.
BUG/MINOR: cfgparse: couple of small memory leaks.
BUG/MEDIUM: sample: initialize the pointer before parse_binary
call.
BUG/MEDIUM: lua: protects the upper boundary of the argument
list for converters/fetches.
MINOR: lua: migrate the argument mask to 64 bits type.
CLEANUP: dumpstats: u64 field is an unsigned type.
CLEANUP: connection: using internal struct to hold source and
dest port.
MINOR: cfgparse: few memory leaks fixes.
BUILD: fix build on Solaris 10/11
Dinko Korunic (1):
BUG/MINOR: Fix OSX compilation errors
Dirkjan Bussink (1):
MEDIUM: ssl: Add support for OpenSSL 1.1.0
Dragan Dosen (9):
BUG/MINOR: server: check return value of fgets() in
apply_server_state()
MINOR: standard: add function "escape_chunk"
MEDIUM: log: add a new log format flag "E"
MINOR: stream: export the function 'smp_create_src_stkctr'
BUG/MINOR: http: url32+src should use the big endian version of
url32
BUG/MINOR: http: url32+src should check cli_conn before using it
DOC: http: add documentation for url32 and url32+src
MINOR: standard: add function "escape_string"
BUG/MEDIUM: log: use function "escape_string" instead of
"escape_chunk"
Emeric Brun (4):
BUG/MEDIUM: peers: table entries learned from a remote are
pushed to others after a random delay.
BUG/MEDIUM: peers: old stick table updates could be repushed.
BUG/MINOR: peers: some updates are pushed twice after a resync.
BUG/MINOR: peers: empty chunks after a resync.
Emmanuel Hocdet (2):
MEDIUM: ssl: support SNI filters with multicerts
MINOR: ssl: crt-list parsing factor
Erwan Velu (3):
CLEANUP: proto_http: Removing useless variable assignation
CLEANUP: dumpstats: Removing useless variables allocation
CLEANUP: dns: Removing usless variable & assignation
Frederik Deweerdt (1):
OPTIM/MINOR: session: abort if possible before connecting to the
backend
Frédéric Lécaille (2):
BUG/MINOR: peers: Fix peers data decoding issue
MEDIUM: peers: Fix a peer stick-tables synchronization issue.
Godbach (1):
DOC: LUA: fix some typos and syntax errors
Grant (1):
MINOR: examples: Update haproxy.spec URLs to haproxy.org
Herve COMMOWICK (1):
DOC: fix json converter example and error message
Hubert Verstraete (2):
MINOR: new function my_realloc2 = realloc + free upon failure
CLEANUP: fixed some usages of realloc leading to memory leak
Ian Miell (1):
CLEANUP: cfgparse: Very minor spelling correction
James Brown (1):
MINOR: check: add agent-send server parameter
Jerome Duval (2):
BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
install-bin.
BUILD: add Haiku as supported target.
Joe Williams (1):
MINOR: tcp: add further tcp info fetchers
Jorrit Schippers (1):
DOC: Fix typo in description of `-st` parameter in man page
Kevin Decherf (1):
DOC: specify that stats socket doc (section 9.2) is in management
Lukas Tribus (10):
BUG/MINOR: acl: don't use record layer in req_ssl_ver
BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
MINOR: unix: don't mention free ports on EAGAIN
DOC: remove old tunnel mode assumptions
BUG/MEDIUM: dns: unbreak DNS resolver after header fix
BUG/MINOR: displayed PCRE version is running release
MINOR: show Built with PCRE version
MINOR: show Running on zlib version
MEDIUM: make SO_REUSEPORT configurable
MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections
Mac Browning (1):
DOC: add encoding to json converter example
Marcoen Hirschberg (1):
BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
Maxime de Roucy (4):
MINOR: add list_append_word function
MEDIUM: init: use list_append_word in haproxy.c
MEDIUM: init: allow directory as argument of -f
BUG/MEDIUM: init: don't use environment locale
Nenad Merdanovic (8):
BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO
are present
BUG/MAJOR: Fix crash in http_get_fhdr with exactly
MAX_HDR_HISTORY headers
MINOR: Add ability for agent-check to set server maxconn
CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI
updates
BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ>
DOC: Fix typo so fetch is properly parsed by Cyril's converter
BUG/MINOR: Fix endiness issue in DNS header creation code
MINOR: Add fe_req_rate sample fetch
Olivier Doucet (1):
DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
Panagiotis Panagiotopoulos (1):
DOC: add server name at rate-limit sessions example
Pavlos Parissis (2):
MINOR: systemd: Use variable for config and pidfile paths
MINOR: systemd: Perform sanity check on config before reload
Pieter Baauw (5):
DOC: lua-api/index.rst small example fixes, spelling correction.
MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword
spelling in resolvers
MINOR: mailers: increase default timeout to 10 seconds
MINOR: mailers: use <CRLF> for all line endings
MINOR: mailers: make it possible to configure the connection
timeout
Raghu Udiyar (1):
BUG/MINOR: stats: fix missing comma in stats on agent drain
Remi Gacogne (1):
BUG/MINOR: ssl: fix potential memory leak in
ssl_sock_load_dh_params()
Roberto Guimaraes (1):
BUG/MINOR: ssl: fix potential memory leak in
ssl_sock_load_dh_params()
Ruoshan Huang (3):
DOC: prefer using http-request/response over reqXXX/rspXXX
directives
BUG/MINOR: fix http-response set-log-level parsing error
MEDIUM: http: implement http-response track-sc* directive
Simon Horman (1):
MINOR: stats: correct documentation of process ID for typed
output
Thiago Farina (2):
MINOR: fix the return type for dns_response_get_query_id()
function
DOC: fix "needed" typo
Thierry FOURNIER (100):
CLEANUP: use direction names in place of numeric values
BUG/MEDIUM: lua: sample fetches based on response doesn't work
BUILD: freebsd: double declaration
BUG/MEDIUM: lua: clean output buffer
DOC: lua: architecture and first steps
MINOR: lua: service/applet can have access to the HTTP headers
when a POST is received
REORG/MINOR: lua: convert boolean "int" to bitfield
BUG/MEDIUM: lua: Lua applets must not fetch samples using
http_txn
BUG/MINOR: lua: Lua applets must not use http_txn
BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp
rulesets
BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
CLEANUP: lua: bad error messages
DOC: lua: fix lua API
BUILD/MINOR: regex: missing header
BUG/MINOR: stream: bad return code
DOC: lua: fix somme errors and add implicit types
MINOR: lua: add set/get priv for applets
DOC: lua: fix somme errors
BUG/MEDIUM: lua: the function txn_done() from sample fetches can
crash
BUG/MEDIUM: lua: the function txn_done() from action wrapper can
crash
DOC: lua: remove old functions
BUG/MEDIUM: lua: somme HTTP manipulation functions are called
without valid requests
MEDIUM: log: Decompose %Tq in %Th %Ti %TR
MINOR: ssl: add debug traces
BUILD/CLEANUP: ssl: Check BIO_reset() return code
BUG/MINOR: ssl: Check malloc return code
BUG/MINOR: ssl: prevent multiple entries for the same certificate
MINOR: lua: add function which return true if the channel is
full.
MINOR: lua: add ip addresses and network manipulation function
BUG/MEDIUM: channel: bad unlikely macro
CLEANUP: lua: move comment
CLEANUP: lua: control executed twice
MINOR: cli: add private pointer and release function
MEDIUM: lua: Add cli handler for Lua
BUG/MEDIUM: lua: In some case, the return of sample-fetche is
ignored
BUG/MINOR: log-format: uncatched memory allocation functions
CLEANUP: log-format: useless file and line in json converter
CLEANUP/MINOR: log-format: unexport functions
parse_logformat_var_args() and parse_logformat_var()
CLEANUP: log-format: fix return code of the function
parse_logformat_var()
CLEANUP: log-format: fix return code of function
parse_logformat_var_args()
CLEANUP: log-format: remove unused arguments
MEDIUM: log-format: strict parsing and enable fail
MEDIUM: log-format/conf: take into account the
parse_logformat_string() return code
MINOR: lua: add utility function for check boolean argument
MINOR: lua: Add tokenize function.
BUG/MINOR: conf: calloc untested
MINOR: http/conf: store the use_backend configuration file and
line for logs
MEDIUM: log-format: Use standard HAProxy log system to report
errors
MINOR: map: Add regex matching replacement
BUG/MINOR: lua: unsafe initialization
MINOR: lua: file dedicated to unsafe functions
MINOR: lua: add "now" time function
MINOR: standard: add RFC HTTP date parser
MINOR: lua: Add date functions
MINOR: lua: move common function
MINOR: lua: merge function
MINOR: lua: Add concat class
BUG/MAJOR: lua: segfault using Concat object
DOC: lua: copyrights
MINOR: common: mask conversion
MEDIUM: dns: extract options
MEDIUM: dns: add a "resolve-net" option which allow to prefer an
ip in a network
BUG/MAJOR: lua: applets can't sleep.
BUG/MINOR: server: some prototypes are renamed
BUG/MINOR: lua: Useless copy
BUG/MINOR: server: fix the format of the warning on address
change
CLEANUP: server: add "const" to some message strings
MINOR: server: generalize the "updater" source
BUG/MINOR: conf: "listener id" expects integer, but its not
checked
BUG/MINOR: lua: can't load external libraries
BUG/MINOR: prevent the dump of uninitialized vars
CLEANUP: map: it seems that the map were planed to be chained
MINOR: lua: move class registration facilities
MINOR: lua: remove some useless checks
CLEANUP: lua: Remove two same functions
MINOR: lua: refactor the Lua object registration
MINOR: lua: precise message when a critical error is catched
MINOR: lua: post initialization
MINOR: lua: Add internal function which strip spaces
MINOR: lua: convert field to lua type
DOC: name set-gpt0 mismatch with the expected keyword
MINOR: http: sample fetch which returns unique-id
MINOR: dumpstats: extract stats fields enum and names
MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts
MINOR: dumpstats: split stats_dump_fe_stats() in two parts
MINOR: dumpstats: split stats_dump_li_stats() in two parts
MINOR: dumpstats: split stats_dump_sv_stats() in two parts
MINOR: dumpstats: split stats_dump_be_stats() in two parts
MINOR: lua: dump general info
MINOR: lua: add class proxy
MINOR: lua: add class server
MINOR: lua: add class listener
BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
connection state.
DOC: http: rename the unique-id sample and add the documentation
MINOR: filters: add opaque data
BUG/MEDIUM: sticktables: segfault in some configuration error
cases
BUG/MEDIUM: lua: converters doesn't work
BUG/MINOR: http: add-header: header name copied twice
BUG/MEDIUM: http: add-header: buffer overwritten
MINOR: tcp: Return TCP statistics like RTT and RTT variance
Vincent Bernat (10):
BUILD: install only relevant and existing documentation
CLEANUP: don't ignore debian/ directory if present
CLEANUP: remove unneeded casts
CLEANUP: uniformize last argument of malloc/calloc
CLEANUP: .gitignore cleanup
BUG/MINOR: dns: fix DNS header definition
BUG/MEDIUM: dns: fix alignment issue when building DNS queries
BUG/MAJOR: fix listening IP address storage for frontends
BUG/MINOR: fix listening IP address storage for frontends (cont)
BUG/MINOR: stick-table: handle out-of-memory condition gracefully
William Lallemand (23):
MINOR: rename master process name in -Ds (systemd mode)
BUG/MEDIUM: trace.c: rdtsc() is defined in two files
BUG/MEDIUM: fix risk of segfault with "show tls-keys"
MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets
DOC: update doc about tls-tickets-keys dump
MEDIUM: tcp: add 'set-src' to 'tcp-request connection'
MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src'
MEDIUM: tcp/http: add 'set-src-port' action
MEDIUM: tcp/http: new set-dst/set-dst-port actions
BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list()
MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during
tls-keys dump
MEDIUM: cli: register CLI keywords with cli_register_kw()
REORG: cli: split dumpstats.c in src/cli.c and src/stats.c
REORG: cli: split dumpstats.h in stats.h and cli.h
REORG: cli: move ssl CLI functions to ssl_sock.c
REORG: cli: move map and acl code to map.c
REORG: cli: move show stat resolvers to dns.c
REORG: cli: move 'set server' to server.c
REORG: cli: move 'show pools' to memory.c
REORG: cli: move 'show servers' to proxy.c
REORG: cli: move 'show sess' to stream.c
REORG: cli: move 'show backend' to proxy.c
REORG: cli: move get/set weight to server.c
Willy Tarreau (292):
[RELEASE] Released version 1.7-dev0
BUG/MEDIUM: namespaces: don't fail if no namespace is used
BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
disabled
DEBUG/MINOR: memory: add a build option to disable memory pools
sharing
DEBUG/MEDIUM: memory: optionally protect free data in pools
DEBUG/MEDIUM: memory: add optional control pool memory operations
MEDIUM: memory: add accounting for failed allocations
BUG/MEDIUM: config: count memory limits on 64 bits, not 32
BUG/MAJOR: http: don't requeue an idle connection that is already
queued
BUG/MEDIUM: http: switch the request channel to no-delay once
done.
BUILD/MINOR: http: proto_http.h needs sample.h
BUG/MEDIUM: http: don't enable auto-close on the response side
BUG/MEDIUM: stream: fix half-closed timeout handling
CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without
USE_ZLIB
BUG/MEDIUM: cli: changing compression rate-limiting must require
admin level
BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2
MINOR: config: make tune.recv_enough configurable
BUG/MEDIUM: config: properly adjust maxconn with nbproc when
memmax is forced
CONTRIB: initiate a debugging suite to make debugging easier
[RELEASE] Released version 1.7-dev1
BUG/MINOR: http: fix several off-by-one errors in the url_param
parser
BUG/MINOR: chunk: make chunk_dup() always check and set dst->size
MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
MINOR: chunks: add chunk_strcat() and chunk_newstr()
MINOR: chunk: make chunk_initstr() take a const string
MEDIUM: tools: add csv_enc_append() to preserve the original
chunk
MINOR: tools: make csv_enc_append() always start at the first
byte of the chunk
DOC: fix "workaround" spelling
BUG/MEDIUM: servers state: server port is used uninitialized
BUG/MEDIUM: channel: fix miscalculation of available buffer
space.
MEDIUM: pools: add a new flag to avoid rounding pool size up
BUG/MEDIUM: buffers: do not round up buffer size during
allocation
BUG/MINOR: stream: don't force retries if the server is DOWN
BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch
the table
BUG/CLEANUP: CLI: report the proper field states in "show sess"
MINOR: stats: send content-length with the redirect to allow
keep-alive
BUG/MAJOR: http-reuse: fix risk of orphaned connections
BUG/MEDIUM: http-reuse: do not share private connections across
backends
BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
MINOR: cli: add a new "show env" command
MEDIUM: config: allow to manipulate environment variables in the
global section
BUG/MEDIUM: chunks: always reject negative-length chunks
BUG/MINOR: systemd: ensure we don't miss signals
BUG/MINOR: systemd: report the correct signal in debug message
output
BUG/MINOR: systemd: propagate the correct signal to haproxy
MINOR: systemd: ensure a reload doesn't mask a stop
BUG/MINOR: tcpcheck: fix incorrect list usage resulting in
failure to load certain configs
BUG/MAJOR: samples: check smp->strm before using it
MINOR: sample: add a new helper to initialize the owner of a
sample
MINOR: sample: always set a new sample's owner before evaluating
it
BUG/MAJOR: vars: always retrieve the stream and session from the
sample
CLEANUP: payload: remove useless and confusing nullity checks
for channel buffer
BUG/MINOR: ssl: fix usage of the various sample fetch functions
MINOR: stats: create fields types suitable for all CSV output
data
MINOR: stats: add all the "show info" fields in a table
MEDIUM: stats: fill all the show info elements prior to
displaying them
MINOR: stats: add a function to emit fields into a chunk
MINOR: stats: add stats_dump_info_fields() to dump one field per
line
MEDIUM: stats: make use of stats_dump_info_fields() for "show
info"
MINOR: stats: add a declaration of all stats fields
MINOR: stats: don't hard-code the CSV fields list anymore
MINOR: stats: create stats fields storage and CSV dump function
MEDIUM: stats: convert stats_dump_fe_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_fe_stats() use stats fields for
HTML dump
MEDIUM: stats: convert stats_dump_li_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_li_stats() use stats fields for
HTML dump
MEDIUM: stats: convert stats_dump_be_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_be_stats() use stats fields for
HTML dump
MEDIUM: stats: convert stats_dump_sv_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_sv_stats() use the stats field for
HTML
MEDIUM: stats: move the server state coloring logic to the
server dump function
MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML
dumps
MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML
dumps
MINOR: stats: make CSV report server check status only when
enabled
MINOR: stats: only report backend's down time if it has servers
MINOR: stats: prepend '*' in front of the check status when in
progress
MINOR: stats: make HTML stats dump rely on the table for the
check status
MINOR: stats: add agent_status, agent_code, agent_duration to
output
MINOR: stats: add check_desc and agent_desc to the output fields
MINOR: stats: add check and agent's health values in the output
MEDIUM: stats: make the HTML server state dump use the CSV states
MEDIUM: stats: only report observe errors when observe is set
MEDIUM: stats: expose the same flags for CLI and HTTP accesses
MEDIUM: stats: report server's address in the CSV output
MEDIUM: stats: report the cookie value in the server & backend
CSV dumps
MEDIUM: stats: compute the color code only in the HTML form
MEDIUM: stats: report the listeners' address in the CSV output
MEDIUM: stats: make it possible to report the WAITING state for
listeners
REORG: stats: dump the frontend's HTML stats via a generic
function
REORG: stats: dump the socket stats via the generic function
REORG: stats: dump the server stats via the generic function
REORG: stats: dump the backend stats via the generic function
MEDIUM: stats: add a new "mode" column to report the proxy mode
MINOR: stats: report the load balancing algorithm in CSV output
MINOR: stats: add 3 fields to report the frontend-specific
connection stats
MINOR: stats: report number of intercepted requests for frontend
and backends
MINOR: stats: introduce stats_dump_one_line() to dump one stats
line
CLEANUP: stats: make stats_dump_fields_html() not rely on proxy
anymore
MINOR: stats: add ST_SHOWADMIN to pass the admin info in the
regular flags
MINOR: stats: make stats_dump_fields_html() not use &trash by
default
MINOR: stats: add functions to emit typed fields into a chunk
MEDIUM: stats: support "show info typed" on the CLI
MEDIUM: stats: implement a typed output format for stats
DOC: document the "show info typed" and "show stat typed" output
formats
CLEANUP: http: fix a build warning introduced by a recent fix
[RELEASE] Released version 1.7-dev2
BUILD: namespaces: fix a potential build warning in namespaces.c
BUG/MEDIUM: peers: fix incorrect age in frequency counters
MEDIUM: proxy: use dynamic allocation for error dumps
BUG/MEDIUM: ssl: rewind the BIO when reading certificates
BUG/MEDIUM: channel: fix miscalculation of available buffer
space (2nd try)
CLEANUP: fix inconsistency between fd->iocb, proto->accept and
accept()
BUG/MEDIUM: fix maxaccept computation on per-process listeners
BUG/MINOR: listener: stop unbound listeners on startup
TESTS: add blocksig.c to run tests with all signals blocked
MEDIUM: unblock signals on startup.
BUG/MEDIUM: channel: don't allow to overwrite the reserve until
connected
BUG/MEDIUM: channel: incorrect polling condition may delay event
delivery
BUG/MEDIUM: channel: fix miscalculation of available buffer
space (3rd try)
BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in
TCP mode
BUG/MEDIUM: http: fix incorrect reporting of server errors
MINOR: channel: add new function channel_congested()
BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests
from dead client
BUG/MAJOR: channel: fix miscalculation of available buffer space
(4th try)
BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly
cleared
BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
CLEANUP: don't ignore scripts in .gitignore
BUILD: add a few release and backport scripts in scripts/
[RELEASE] Released version 1.7-dev3
CLEANUP: config: detect double registration of a config section
MINOR: log: add the %Td log-format specifier
SCRIPTS: teach git-show-backports how to report upstream commits
SCRIPTS: make git-show-backports capable of limiting its history
BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
BUG/MEDIUM: stick-tables: fix breakage in table converters
MINOR: stick-table: change all stick-table converters' inputs to
SMP_T_ANY
BUILD: fix build on Solaris 11
BUG/MEDIUM: config: fix multiple declaration of section parsers
BUILD/MEDIUM: rebuild everything when an include file is changed
BUILD/MEDIUM: force a full rebuild if some build options change
BUILD: ssl: fix typo causing a build failure in the multicert
patch
BUG/MINOR: init: always ensure that global.rlimit_nofile matches
actual limits
BUG/MINOR: init: ensure that FD limit is raised to the max
allowed
BUG/MEDIUM: external-checks: close all FDs right after the fork()
BUG/MAJOR: external-checks: use asynchronous signal delivery
BUG/MINOR: external-checks: do not unblock undesired signals
CLEANUP: external-check: don't block/unblock SIGCHLD when
manipulating the list
BUG/MINOR: srv-state: fix incorrect output of state file
BUG/MINOR: http: fix misleading error message for response
captures
BUG/BUILD: don't automatically run "make" on "make install"
DOC: add missing doc for http-request deny [deny_status <status>]
BUG/MEDIUM: http: unbreak uri/header/url_param hashing
Revert "BUG/MINOR: ssl: fix potential memory leak in
ssl_sock_load_dh_params()"
BUG/MEDIUM: dns: fix alignment issues in the DNS response parser
BUG/MINOR: peers: don't count track-sc multiple times on errors
BUG/MEDIUM: stream-int: completely detach connection on connect
error
BUG/MAJOR: compression: initialize avail_in/next_in even during
flush
BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
MINOR: sample: implement smp_is_safe() and smp_make_safe()
MINOR: sample: provide smp_is_rw() and smp_make_rw()
BUG/MAJOR: server: the "sni" directive could randomly cause
trouble
BUG/MEDIUM: stick-tables: do not fail on string keys with no
allocated size
BUG/MEDIUM: stick-table: properly convert binary samples to keys
MINOR: sample: use smp_make_rw() in upper/lower converters
MINOR: tcp: add dst_is_local and src_is_local
BUILD: protocol: fix some build errors on OpenBSD
BUILD: log: iovec requires to include sys/uio.h on OpenBSD
BUILD: tcp: do not include netinet/ip.h for IP_TTL
BUILD: connection: fix build breakage on openbsd due to missing
in_systm.h
BUILD: checks: remove the last strcat and eliminate a warning on
OpenBSD
BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists
BUILD: compression: remove a warning when no compression lib is
used
BUILD: poll: remove unused hap_fd_isset() which causes a warning
with clang
BUG/MAJOR: stick-counters: possible crash when using sc_trackers
with wrong table
[RELEASE] Released version 1.7-dev4
CLEANUP: logs: remove unused log format field definitions
BUG/MAJOR: stream: properly mark the server address as unset on
connect retry
BUG/MINOR: payload: fix SSLv2 version parser
BUG/MINOR: stats: report the correct conn_time in backend's html
output
BUG/MEDIUM: dns: don't randomly crash on out-of-memory
MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port
commutative
DOC: fix missed entry for "set-{src,dst}{,-port}"
BUG/MINOR: vars: use sess and not s->sess in action_store()
BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on
the session
MINOR: stats: output dcon
CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4
MINOR: counters: add new fields for denied_sess
MEDIUM: tcp: add registration and processing of TCP L5 rules
MINOR: stats: emit dses
DOC: document tcp-request session
BUG/MINOR: systemd: make the wrapper return a non-null status
code on error
BUG/MINOR: systemd: always restore signals before execve()
BUG/MINOR: systemd: check return value of calloc()
MINOR: systemd: report it when execve() fails
BUG/MEDIUM: systemd: let the wrapper know that haproxy has
completed or failed
SCRIPTS: make git-show-backports also dump a "git show" command
[RELEASE] Released version 1.7-dev5
BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the
stream
BUG/MEDIUM: peers: fix use after free in peer_session_create()
MINOR: peers: make peer_session_forceshutdown() use the appctx
and not the stream
MINOR: peers: remove the pointer to the stream
BUG/MEDIUM: systemd-wrapper: return correct exit codes
MEDIUM: tools: make str2ip2() preserve existing ports
CLEANUP: tools: make ipcpy() preserve the original port
OPTIM: http: move all http character classs tables into a single
one
OPTIM: http: improve parsing performance of long header lines
OPTIM: http: improve parsing performance of long URIs
OPTIM: http: optimize lookup of comma and quote in header values
BUG/MEDIUM: srv-state: properly restore the DRAIN state
BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
MINOR: server: do not emit warnings/logs/alerts on server state
changes at boot
BUG/MEDIUM: servers: properly propagate the maintenance states
during startup
DOC: move the device detection modules documentation to their own
files
CLEANUP: wurfl: reduce exposure in the rest of the code
MINOR: stream: make option contstats usable again
MEDIUM: tools: make str2sa_range() return the FQDN even when not
resolving
MINOR: server: indicate in the logs when RMAINT is cleared
MINOR: stats: indicate it when a server is down due to resolution
MINOR: server: make srv_set_admin_state() capable of telling why
this happens
MEDIUM: cli: leave the RMAINT state when setting an IP address on
the CLI
MEDIUM: server: make use of init-addr
MINOR: server: implement init-addr none
MEDIUM: server: make libc resolution failure non-fatal
MINOR: server: add support for explicit numeric address in
init-addr
DOC: add some documentation for the "init-addr" server keyword
MINOR: init: add -dr to ignore server address resolution failures
MEDIUM: server: do not restrict anymore usage of IP address from
the state file
DOC: update ROADMAP file
[RELEASE] Released version 1.7-dev6
SCRIPTS: make publish-release also copy the new SPOE doc
BUILD: http: include types/sample.h in proto_http.h
BUILD: debug/flags: remove test for SF_COMP_READY
CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT
CONTRIB: tcploop: scriptable TCP I/O for debugging purposes
CONTRIB: tcploop: implement fork()
CONTRIB: tcploop: implement logging when called with -v
CONTRIB: tcploop: update the usage output
CONTRIB: tcploop: support sending plain strings
CONTRIB: tcploop: don't report failed send() or recv()
CONTRIB: tcploop: add basic loops via a jump instruction
CLEANUP: lua: avoid directly calling getsockname/getpeername()
BUG/MEDIUM: connection: check the control layer before stopping
polling
DEBUG: connection: mark the closed FDs with a value that is
easier to detect
BUG/MEDIUM: stick-table: fix regression caused by recent fix for
out-of-memory
BUG/MINOR: cli: properly decrement ref count on tables during
failed dumps
BUILD: contrib: fix ip6range build on Centos 7
BUG/MINOR: cli: fix pointer size when reporting data/transport
layer name
BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
BUG/MINOR: cli: wake up the CLI's task after a timeout update
MINOR: connection: add a few functions to report the data and
xprt layers' names
MINOR: connection: add names for transport and data layers
MINOR: cli: create new function cli_has_level() to validate
permissions
MINOR: server: create new function cli_find_server() to find a
server
MINOR: proxy: create new function cli_find_frontend() to find a
frontend
REORG: cli: move "show stat" to stats.c
REORG: cli: move "show info" to stats.c
REORG: cli: move dump_text(), dump_text_line(), and
dump_binary() to standard.c
REORG: cli: move table dump/clear/set to stick_table.c
REORG: cli: move "show errors" out of cli.c
REORG: cli: make "show env" also use the generic keyword
registration
REORG: cli: move "set timeout" to its own handler
REORG: cli: move "clear counters" to stats.c
REORG: cli: move "set maxconn global" to its own handler
REORG: cli: move "set maxconn server" to server.c
REORG: cli: move "set maxconn frontend" to proxy.c
REORG: cli: move "shutdown sessions server" to stream.c
REORG: cli: move "shutdown session" to stream.c
REORG: cli: move "shutdown frontend" to proxy.c
REORG: cli: move "{enable|disable} frontend" to proxy.c
REORG: cli: move "{enable|disable} server" to server.c
REORG: cli: move "{enable|disable} health" to server.c
REORG: cli: move "{enable|disable} agent" to server.c
REORG: cli: move the "set rate-limit" functions to their own
parser
CLEANUP: cli: rename STAT_CLI_* to CLI_ST_*
CLEANUP: cli: simplify the request parser a little bit
CLEANUP: cli: remove assignments to st0 and st2 in keyword
parsers
BUILD: server: remove a build warning introduced by latest series
BUILD: ssl: make the SSL layer build again with openssl 0.9.8
BUILD: vars: remove a build warning on vars.c
CLEANUP: sample: report "converter" instead of "conv method" in
error messages
MINOR: cli: make "show stat" support a proxy name
MINOR: cli: make "show errors" support a proxy name
MINOR: cli: make "show errors" capable of dumping only request or
response
BUG/MINOR: freq-ctr: make swrate_add() support larger values
CLEANUP: counters: move from 3 types to 2 types
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
REORG: tcp-rules: move tcp rules processing to their own file
REORG: stkctr: move all the stick counters processing to
stick-tables.c
DOC: update the roadmap file with the latest changes
[RELEASE] Released version 1.7.0
fengpeiyuan (1):
DOC: fix a few spelling mistakes
jesse.de...@asu.edu (1):
BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
lsenta (1):
BUG: http: do not abort keep-alive connections on server timeout
mildis (2):
MINOR: config: allow IPv6 bracketed literals
BUG/MINOR: ssl: close ssl key file on error
scientiamobile (1):
MEDIUM: wurfl: add Scientiamobile WURFL device detection module
yanbzhu (7):
MINOR: ssl: Added cert_key_and_chain struct
MEDIUM: ssl: Added support for creating SSL_CTX with multiple
certs
MINOR: ssl: Added multi cert support for crt-list config keyword
MEDIUM: ssl: Added multi cert support for loading crt directories
MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling
DOC: ssl: Adding docs for Multi-Cert bundling
DOC: ssl: fixed some formatting errors in crt tag
---
