Hi, HAProxy 1.8.21 was released on 2019/08/16. It added 64 new commits after version 1.8.20.
It looks like we've been focused quite a bit on 2.0 and 1.9 lately and forgot to update 1.8 :-/ The main issues addressed by this release are a possible segfault when issuing "show map" and "show acl" over the CLI, a possible deadlock in the dequeuing code that can be triggered with threads, server maxconn and server slowstart together, a (low) risk of deadlock in the accept() code when threads are enabled and a very low frontend maxconn value is set, and a risk of infinite loop in the round-robin code when used with threads, as the avoided server that once was eligible might have become full while trying to find a better one. There was also an assorted number of less important fixes in about all areas, with nothing really standing out (compression, lua, dns, connections, h2, spoe, checks). The good thing is that since the early reports that followed 1.8.20 3-4 months ago, everything has become quite calm on this front, either indicating that 1.8 is quite OK by now, or that most users migrated to 2.0 (which would also explain the recent bump of reports in this one). Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (18): BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request MINOR: spoe: Use the sample context to pass frag_ctx info during encoding MINOR: examples: Use right locale for the last changelog date in haproxy.spec BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled MINOR: config: Test validity of tune.maxaccept during the config parsing CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1 BUG/MINOR: http_fetch: Rely on the smp direction for "cookie()" and "hdr()" BUG/MEDIUM: spoe: Don't use the SPOE applet after releasing it BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class MINOR: hlua: Don't set request analyzers on response channel for lua actions MINOR: hlua: Add a flag on the lua txn to know in which context it can be used BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready BUG/MINOR: lua: Set right direction and flags on new HTTP objects BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout David Carlier (1): BUG/MEDIUM: da: cast the chunk to string. Emmanuel Hocdet (2): BUG/MINOR: ssl: fix 0-RTT for BoringSSL MINOR: ssl: ssl_fc_has_early should work for BoringSSL Ilya Shipitsin (2): BUG/MINOR: ssl_sock: Fix memory leak when disabling compression BUILD: ssl: fix latest LibreSSL reg-test error Kazuo Yagi (1): MINOR: doc: Remove -Ds option in man page Kevin Zhu (1): BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed Michael Prokop (1): DOC: fix typos Olivier Houchard (4): MINOR: threads: Implement HA_ATOMIC_LOAD(). BUG/MEDIUM: port_range: Make the ring buffer lock-free. BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). MINOR: build: Disable -Wstringop-overflow. Tim Duesterhus (1): BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses William Lallemand (1): MINOR: doc: add master-worker in the man page Willy Tarreau (30): BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI BUG/MEDIUM: dns: make the port numbers unsigned BUG/MAJOR: lb/threads: make sure the avoided server is not full on second pass BUG/MEDIUM: http: fix "http-request reject" when not final BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit BUG/MEDIUM: connection: fix multiple handshake polling issues BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars BUG/MEDIUM: vars: make the tcp/http unset-var() action support conditions BUG/MEDIUM: mux-h2: make sure the connection timeout is always set BUG/MINOR: http-rules: mention "deny_status" for "deny" in the error message BUILD: makefile: use :space: instead of digits to count commits BUILD: makefile: do not rely on shell substitutions to determine git version MINOR: task: introduce work lists BUG/MAJOR: listener: fix thread safety in resume_listener() BUG/MEDIUM: tcp-check: unbreak multiple connect rules again BUG/MEDIUM: http/htx: unbreak option http_proxy BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff BUG/MINOR: proxy: always lock stop_proxy() BUILD: threads: add the definition of PROTO_LOCK DOC: improve the wording in CONTRIBUTING about how to document a bug fix BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() BUG/MEDIUM: protocols: properly initialize the proto_lock in 1.8 BUG/MINOR: stream-int: also update analysers timeouts on activity BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition BUG/MINOR: mux-h2: always send stream window update before connection's BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame Yann Cézard (2): DOC: contrib/modsecurity: Typos and fix the reject example BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it ---