Hi,

HAProxy 2.0.8 was released on 2019/10/23. It added 47 new commits
after version 2.0.7.

There is one bug tagged major but also a significant number of medium bugs
which arguably have more chances to impact more people so I preferred not
to wait too long before a release.

The main fix is a risk of random crash when running with connection pools
on more than 32 threads, due to a mask calculation error causing the idle
connections cleanup task to be scheduled on wrong threads for threads 32
and above.

Other issues concern the risk of seeing an applet being killed when running
too fast, as was reported a few times with the peers applet on reloads. The
redirects were broken when HTX is disabled, a 503 could be returned. The
cache could cache absolute URIs still using the Host header as a key, which
is not a good idea as the authority in the URI has precedence. Some crashes
have been fixed in connection aborts in TCP and legacy mode. Some H2
connections would occasionally not time out if a stream was still waiting
on flow control. On some rare occasions in HTX mode the last CRLF after a
chunked encoded transfer could fail to be copied if only the CR could fit
into the buffer, resulting in a transfer error for the client. Looking up
stick-table keys from Lua could segfault. The pattern LRU cache was
inappropriately shared between threads, creating a bottleneck around its
lock. The dh-param setting was ignored on openssl 1.1.1 and above, often
resulting in slower transfers or even handshake failures when connecting to
servers supporting smaller keys.

The rest is less likely to affect your experience but obviously those who
reported them will appreciate the fixes ;-)

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.0/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.0.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git
   Changelog        : http://www.haproxy.org/download/2.0/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Baptiste Assmann (1):
      BUG/MINOR: action: do-resolve does not yield on requests with body

Christopher Faulet (9):
      BUG/MINOR: stats: Add a missing break in a switch statement
      BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are 
formatted to h1
      BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data
      BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is 
interrupted
      BUG/MINOR: mux-h1: Capture ignored parsing errors
      BUG/MINOR: http-htx: Properly set htx flags on error files to support 
keep-alive
      BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers
      BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is 
parsed
      BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a 
stkctr

Emeric Brun (5):
      CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn
      CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn
      CLEANUP: bind: handle warning label on bind keywords parsing.
      BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 
1.1.1
      BUG/MINOR: ssl: fix memcpy overlap without consequences.

Frédéric Lécaille (1):
      BUG/MINOR: peers: crash on reload without local peer.

Miroslav Zagorac (1):
      BUG/MINOR: WURFL: fix send_log() function arguments

Olivier Houchard (4):
      BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing.
      Revert e8826ded5fea3593d89da2be5c2d81c522070995.
      BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream 
attached.
      BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to 
receive.

Rick Rackow (1):
      DOC: fix typo in Prometheus exporter doc

Tim Duesterhus (3):
      BUG/MINOR: lua: Properly initialize the buffer's fields for string 
samples in hlua_lua2(smp|arg)
      BUG/MEDIUM: lua: Store stick tables into the sample's `t` field
      BUG/MINOR: sample: Make the `field` converter compatible with `-m found`

William Lallemand (8):
      BUG/MINOR: ssl: abort on sni allocation failure
      BUG/MINOR: ssl: free the sni_keytype nodes
      BUG/MINOR: ssl: abort on sni_keytypes allocation failure
      BUILD: ssl: wrong #ifdef for SSL engines code
      BUG/MINOR: mworker/ssl: close openssl FDs unconditionally
      REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI
      BUG/MINOR: mworker/cli: reload fail with inherited FD
      BUG/MINOR: cache: alloc shctx after check config

Willy Tarreau (14):
      MINOR: mux-h2: add a per-connection list of blocked streams
      BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const
      BUG/MEDIUM: mux-h2: do not enforce timeout on long connections
      BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri
      DOC: clarify some points around http-send-name-header's behavior
      MINOR: stats: mention in the help message support for "json" and "typed"
      BUG/MEDIUM: applet: always check a fast running applet's activity before 
killing
      MINOR: version: make the version strings variables, not constants
      BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads
      CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes
      BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire
      BUG/MEDIUM: http: unbreak redirects in legacy mode
      BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion
      BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless

---

Reply via email to