Hi, HAProxy 1.7.2 was released on 2017/01/13. It added 40 new commits after version 1.7.1.
The most important fix here is for a regression introduced right before 1.7 release and randomly causing fragmented requests to be flagged as bad requests depending on the previous buffer contents ; this is more noticeable under low load with authenticated requests. A few users having IPv6-only hosts have noticed that we broke support for resolving such addresses with the recent dynamic resolution changes. This has been fixed now. Two users reported an issue with SNI not being properly sent to the server when health checks were enabled. This was due to the reuse of the SSL session, which must not be done if the SNI changes. This has also been fixed. A few minor improvements were brought as well. Now when configuring http-reuse with either send-proxy or usesrc clientip, a warning will be emitted. It's now possible to select all servers on the stats page to perform a grouped action. It's possible to change the HTTP reason field in responses, and there's a new sample fetch function "fc_rcvd_proxy" to know whether or not the proxy protocol was used on the front connection (ie the connection comes from a trusted client). The rest is mostly internal infrastructure fixes which doesn't directly translate into immediately visible bugs. Overall things are getting better, and aside the 2 or 3 late regressions everything is pretty normal. Due to the bad request bug, I encourage every user of 1.7.x to upgrade to 1.7.2. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.7/src/ Git repository : http://git.haproxy.org/git/haproxy-1.7.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (2): BUG/MINOR: Fix the sending function in Lua's cosocket BUG/MAJOR: channel: Fix the definition order of channel analyzers David Harrigan (1): MINOR: stats: Support "select all" for backend actions Emeric Brun (1): MINOR: connection: add sample fetch "fc_rcvd_proxy" Emmanuel Hocdet (1): BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage Guillaume de Lafond (1): DOC: Add timings events schemas Jarno Huuskonen (2): MINOR: proto_http.c 502 error txt typo. DOC: add deprecation notice to "block" Marcin Deranek (2): DOC: fix small typo in fe_id (backend instead of frontend) BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled Olivier Doucet (1): BUG/MINOR: option prefer-last-server must be ignored in some case Robin H. Johnson (1): MINOR: http: custom status reason. Ryabin Sergey (1): BUG/MINOR: Reset errno variable before calling strtol(3) Thierry FOURNIER (9): BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) DOC: lua: documentation about time parser functions DOC: lua: section declared twice BUG/MINOR: lua/cli: bad error message BUG/MINOR: lua: memory leak executing tasks BUG/MINOR: lua: bad return code BUG/MINOR: stats: fix be/sessions/current out in typed stats BUILD: lua: build failed on FreeBSD. BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 William Lallemand (1): BUG/MINOR: systemd: potential zombie processes Willy Tarreau (18): SCRIPTS: git-show-backports: fix a harmless typo SCRIPTS: git-show-backports: add -H to use the hash of the commit message BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake BUG/MEDIUM: ssl: avoid double free when releasing bind_confs BUG/MEDIUM: ssl: for a handshake when server-side SNI changes BUG/MINOR: http: report real parser state in error captures BUILD: scripts: automatically update the branch in version.h when releasing BUG/MAJOR: http: fix risk of getting invalid reports of bad requests BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options BUG/MINOR: tools: fix off-by-one in port size check BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family MEDIUM: server: split the address and the port into two different fields MINOR: tools: make str2sa_range() return the port in a separate argument MINOR: server: take the destination port from the port field, not the addr MEDIUM: server: disable protocol validations when the server doesn't resolve BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 [RELEASE] Released version 1.7.2 ---