HAProxy 1.8.18 was released on 2019/02/06. It added 39 new commits
after version 1.8.17.

The changes here are fairly limited but worth a release, in an effort
to clean the net from previous versions which were affected by the TLS
1.3 KeyUpdate bug that currently prevents browsers from using these.

Other mostly relevant fixes include :
  - a stability issue for the cache when a key used to hash to zero ;
  - validation of the process chain for track-sc/stick tables and SPOE
  - a number of small H2 problems which used to abusively result in some
    connection aborts (please note that 1.8 will never be as good as 1.9
    regarding H2, so if you heavily depend on it, you may want to give
    1.9 a try).
  - 0-RTT was fixed again; some defaults regarding the anti-replay
    protection changed when openssl 1.1.1 was released, breaking 0-RTT.
  - unique-id memory leak on TCP proxies due to defaults sections.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/1.8/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.8.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
   Changelog        : http://www.haproxy.org/download/1.8/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Christopher Faulet (1):
      BUG/MINOR: check: Wake the check task if the check is finished in 

Dirkjan Bussink (1):
      BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages

Emeric Brun (1):
      BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file

Jarno Huuskonen (1):
      DOC: http-request cache-use / http-response cache-store expects cache name

Jérôme Magnin (1):
      BUG/MINOR: server: don't always trust srv_check_health when loading a 
server state

Kevin Zhu (1):
      BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit

Miroslav Zagorac (1):
      BUG/MINOR: spoe: corrected fragmentation string size

Olivier Houchard (4):
      BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 
      DOC: Be a bit more explicit about allow-0rtt security implications.
      MINOR: xref: Add missing barriers.
      BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().

Tim Duesterhus (1):
      BUG/MINOR: stick_table: Prevent conn_cur from underflowing

Willy Tarreau (27):
      BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
      BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
      BUG/MINOR: backend: balance uri specific options were lost across defaults
      BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
      DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
      MINOR: h2: add a bit-based frame type representation
      MINOR: h2: declare new sets of frame types
      BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
      BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection 
      BUG/MINOR: mux-h2: make it possible to set the error code on an already 
closed stream
      BUG/MINOR: hpack: return a compression error on invalid table size updates
      DOC: nbthread is no longer experimental.
      SCRIPTS: add the slack channel URL to the announce script
      SCRIPTS: add the issue tracker URL to the announce script
      BUG/MINOR: stream: don't close the front connection when facing a backend 
      BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window 
      BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
      BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
      BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing 
the connection
      MINOR: stream-int: expand the flags to 32-bit
      MINOR: stream-int: add a new flag to mention that we want the connection 
to be killed
      MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
      BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
      BUG/MINOR: config: fix bind line thread mask validation
      BUG/MAJOR: config: verify that targets of track-sc and stick rules are 
      BUG/MAJOR: spoe: verify that backends used by SPOE cover all their 
callers' processes
      BUG/MINOR: config: make sure to count the error on incorrect 
track-sc/stick rules


Reply via email to