Any chance of getting the SNI pass-through to verifyhost supported into
the next release? Bit of a security issue..
--
Kevin
On 2017-06-16 6:31 AM, William Lallemand wrote:
Hi,
HAProxy 1.7.6 was released on 2017/06/16. It added 37 new commits
after version 1.7.5.
As you may know, I'm now part of the stable release team of HAProxy along
with Willy and Cyril.
This is my first stable release which fixes a few major bugs:
- Olivier fixed a hang reported on FreeBSD. HAProxy was relying on an undefined
behavior in C to compute the timer which lead to various hangs every 49.7 days.
We now use the -fwrapv flag at compilation time to force the behavior of the
compiler. Binaries compiled with clang are more suited to be impacted by this
bug.
- Fred fixed a hang which is related to the DNS polling system. The fd of the
resolver was not unregistered but closed which lead to a hang of any new
connection using the same fd number.
- Willy fixed a runtime segfault caused by cookies and tarpit rules.
- Fred fixed a segfault occuring upon reload when parsing a server state file
in the case one of the servers was deleted from the configuration file.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Adam Spiers (1):
DOC: stick-table is available in frontend sections
Andrew Rodland (1):
BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
Christopher Faulet (4):
BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next
request
BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
BUG/MINOR: acls: Set the right refflag when patterns are loaded from a
map
BUG/MINOR: http/filters: Be sure to wait if a filter loops in
HTTP_MSG_ENDING
Frédéric Lécaille (5):
BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
BUG/MINOR: server: missing default server 'resolvers' setting
duplication.
BUG/MAJOR: dns: Broken kqueue events handling (BSD systems).
BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
BUG/MAJOR: server: Segfault after parsing server state file.
Glenn Strauss (2):
DOC: update sample code for PROXY protocol
DOC: mention lighttpd 1.4.46 implements PROXY
Jarno Huuskonen (4):
DOC: changed "block"(deprecated) examples to http-request deny
DOC: add few comments to examples.
DOC: add layer 4 links/cross reference to "block" keyword.
DOC: errloc/errorloc302/errorloc303 missing status codes.
Jim Freeman (1):
CLEANUP: logs: typo: simgle => single
Lukas Tribus (1):
DOC: update RFC references
Nan Liu (1):
BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04
Olivier Houchard (2):
BUG/MAJOR: Use -fwrapv.
BUG/MINOR: server: don't use "proxy" when px is really meant.
Thierry FOURNIER (3):
BUG/MEDIUM: lua: memory leak
MINOR/DOC: lua: just precise one thing
BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return
anything
Willy Tarreau (12):
BUG/MINOR: config: missing goto out after parsing an incorrect ACL
character
BUG/MINOR: arg: don't try to add an argument on failed memory allocation
BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on
error
BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
MINOR: lua: ensure the memory allocator is used all the time
BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
MEDIUM: config: don't check config validity when there are fatal errors
BUG/MINOR: checks: don't send proxy protocol with agent checks
BUG/MAJOR: http: call manage_client_side_cookies() before erasing the
buffer
BUG/MEDIUM: unix: never unlink a unix socket from the file system
scripts: create-release pass -n to tail
SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity
