Hi, HAProxy 1.8.20 was released on 2019/04/25. It added 48 new commits after version 1.8.19.
The previous version was release few months ago. This one fixes several bugs, some rather important bugs: - A crash may happen upon exit if a thread closes a listener FD at the exact same moment another thread tries to accept() a pending connection on it. Issue reported and fixed by Richard Russo. - Willy significantly improved the listener's accept code by reducing the scope of the listener lock. He also made the code mode robust. At the end, thanks to this patch, the accept rate has doubled on a shared port between 8 threads, and multiplied by 4 the connection rate on a tcp-request connection reject rule. Moreover, Olivier implemented self-locked lists that can safely be manipulated with multiple threads without having to worry about concurrency issues. This allowed Willy to remove the lock on the listener queue thus fixing a possible AB/BA lock issue. - A bug affects the stats code from 1.5 and above when POST requests are supported (when admin mode is enabled) : some large POST requests may end up in a situation where the applet waits for more body and the analyser cannot send it because the buffer is considered full. This ultimately freezes the session. Now it is verified that the body length doesn't exceed what can fit in a request buffer. - The SPOE per-thread initialization would rely on a wrong agent pointer derivated from the last one known when parsing the configuration, making it fail if more than one agent is declared. Other bugs were also fixed on the SPOE, mainly on the way fragmented frames was handled internally. - An issue, fixed by Ricardo Nabinger Sanchez, affects checks and may occasionally cause crashes. - A very old bug on how HTTP sample fetches work was fixed. All HTTP sample fetches were buggy because the channel used was chosen depending on the sample direction and not on the keyword really used. The request channel was used when called during the request analysis and the response one was used when called during the response analysis, regardless the sample really called. It could cause a whole bunch of bugs, from undefined behavior because the data were extracted from the wrong buffer to crash of HAProxy. - Dragan Dosen fixed a possible segfault when HAProxy is built with the 51Degrees support but not configured to use it. Only builds that use Pattern algorithm were affected. - Pierre Cheynier fixed the TLS 1.3 cipher suites. Any attempt to put TLS 1.3 ciphers on servers failed with output 'unable to set TLS 1.3 cipher suites'. - A bug during the load of a map was fixed. Now when a map file is loaded, the default value is parsed only when it is present. This fixes segfaults at parsing time when no default value is provided. - Pattern IDs are now assigned after checking the config validity. It fixes a bug where some map identifiers were not assigned (appearing as -1 in show map). Thanks to Pavlos Parissis to report this bug. - A bug was fixed in the peers. Peer sessions were not always cleanly reset on release, resulting in a bad state for new sessions. - Build of HAProxy on AIX 5.1 was fixed. - Missing locks was added in set-map and add-acl HTTP rules. The rest is less important or doesn't have an immediately visible effect. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Christopher Faulet (9): BUG/MAJOR: spoe: Fix initialization of thread-dependent fields BUG/MAJOR: stats: Fix how huge POST data are read from the channel BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages BUG/MAJOR: http_fetch: Get the channel depending on the keyword used BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler David Carlier (1): BUILD/MINOR: listener: Silent a few signedness warnings. Dragan Dosen (1): BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees() Emeric Brun (1): BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release. Freddy Spierenburg (1): DOC: The option httplog is no longer valid in a backend. Lukas Tribus (1): BUG/MINOR: ssl: fix warning about ssl-min/max-ver support Olivier Houchard (5): BUG/MAJOR: listener: Make sure the listener exist before using it. BUG/MEDIUM: logs: Only attempt to free startup_logs once. MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API. MINOR: lists: Implement locked variations. BUG/MEDIUM: lists: Properly handle the case we're removing the first elt. Pierre Cheynier (1): BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites Ricardo Nabinger Sanchez (1): BUG/MAJOR: checks: segfault during tcpcheck_main Robin H. Johnson (1): MINOR: skip get_gmtime where tm is unused William Lallemand (2): BUG/MINOR: cli: correctly handle abns in 'show cli sockets' MINOR: cli: start addresses by a prefix in 'show cli sockets' Willy Tarreau (24): BUG/MINOR: listener: keep accept rate counters accurate under saturation BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts BUILD: makefile: work around an old bug in GNU make-3.80 MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf() BUILD: makefile: fix build of IPv6 header on aix51 BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51 BUILD: Makefile: disable shared cache on AIX 5.1 BUILD: use inttypes.h instead of stdint.h BUILD: connection: fix naming of ip_v field BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity BUG/MINOR: threads: fix the process range of thread masks BUG/MEDIUM: list: fix the rollback on addq in the locked liss BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer BUG/MEDIUM: list: add missing store barriers when updating elements and head MINOR: list: make the delete and pop operations idempotent BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED() MAJOR: listener: do not hold the listener lock in listener_accept() BUG/MEDIUM: listener: use a self-locked list for the dequeue lists BUG/MEDIUM: listener: make sure the listener never accepts too many conns BUG/MEDIUM: maps: only try to parse the default value when it's present BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR -- Christopher Faulet