Hi, HAProxy 2.0.8 was released on 2019/10/23. It added 47 new commits after version 2.0.7.
There is one bug tagged major but also a significant number of medium bugs which arguably have more chances to impact more people so I preferred not to wait too long before a release. The main fix is a risk of random crash when running with connection pools on more than 32 threads, due to a mask calculation error causing the idle connections cleanup task to be scheduled on wrong threads for threads 32 and above. Other issues concern the risk of seeing an applet being killed when running too fast, as was reported a few times with the peers applet on reloads. The redirects were broken when HTX is disabled, a 503 could be returned. The cache could cache absolute URIs still using the Host header as a key, which is not a good idea as the authority in the URI has precedence. Some crashes have been fixed in connection aborts in TCP and legacy mode. Some H2 connections would occasionally not time out if a stream was still waiting on flow control. On some rare occasions in HTX mode the last CRLF after a chunked encoded transfer could fail to be copied if only the CR could fit into the buffer, resulting in a transfer error for the client. Looking up stick-table keys from Lua could segfault. The pattern LRU cache was inappropriately shared between threads, creating a bottleneck around its lock. The dh-param setting was ignored on openssl 1.1.1 and above, often resulting in slower transfers or even handshake failures when connecting to servers supporting smaller keys. The rest is less likely to affect your experience but obviously those who reported them will appreciate the fixes ;-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Baptiste Assmann (1): BUG/MINOR: action: do-resolve does not yield on requests with body Christopher Faulet (9): BUG/MINOR: stats: Add a missing break in a switch statement BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1 BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted BUG/MINOR: mux-h1: Capture ignored parsing errors BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr Emeric Brun (5): CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn CLEANUP: bind: handle warning label on bind keywords parsing. BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1 BUG/MINOR: ssl: fix memcpy overlap without consequences. Frédéric Lécaille (1): BUG/MINOR: peers: crash on reload without local peer. Miroslav Zagorac (1): BUG/MINOR: WURFL: fix send_log() function arguments Olivier Houchard (4): BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing. Revert e8826ded5fea3593d89da2be5c2d81c522070995. BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached. BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive. Rick Rackow (1): DOC: fix typo in Prometheus exporter doc Tim Duesterhus (3): BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg) BUG/MEDIUM: lua: Store stick tables into the sample's `t` field BUG/MINOR: sample: Make the `field` converter compatible with `-m found` William Lallemand (8): BUG/MINOR: ssl: abort on sni allocation failure BUG/MINOR: ssl: free the sni_keytype nodes BUG/MINOR: ssl: abort on sni_keytypes allocation failure BUILD: ssl: wrong #ifdef for SSL engines code BUG/MINOR: mworker/ssl: close openssl FDs unconditionally REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI BUG/MINOR: mworker/cli: reload fail with inherited FD BUG/MINOR: cache: alloc shctx after check config Willy Tarreau (14): MINOR: mux-h2: add a per-connection list of blocked streams BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const BUG/MEDIUM: mux-h2: do not enforce timeout on long connections BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri DOC: clarify some points around http-send-name-header's behavior MINOR: stats: mention in the help message support for "json" and "typed" BUG/MEDIUM: applet: always check a fast running applet's activity before killing MINOR: version: make the version strings variables, not constants BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire BUG/MEDIUM: http: unbreak redirects in legacy mode BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless ---

