Hi,
HAProxy 1.7.12 was released on 2019/10/25. It added 114 new commits
after version 1.7.11.
I noticed that due to the vast majority of the recent bugs being related
to modern changes like threads, muxes, connection scheduling etc, very
few fixes affect older versions like 1.7 and 1.6 and we tend to constantly
postpone their releases. The last 1.7 was issued no less than 1.5 years
ago with nobody complaining loudly. That tells me 3 things:
- 1.7 is not that much used anymore
- it is stable enough for most use cases where it's relevant
- time is better spent working on recent versions than backporting minor
fixes there at the risk of breaking existing setups
Thus I consider it reasonable to mark it "critical fixes only" since it
really reflects its practical status, and continue to keep it this way
for a while. With less fixes backported to it, we'll more easily handle
future releases, should any critical fix have to be backported in the
future. I'll do the same soon with 1.6. No need to run away screaming yet,
I think we can safely keep them one or two more years in this state before
dropping support.
I had a look at all the fixes pending there, and to be honest I don't
remember about most of them. However one thing is interesting, most of
those tagged "major" there were much less likely to be encountered than
the ones we've got since 1.8 so overall I think it has reached a level
of reliability that we should maintain instead of risking to degrade it
by failing to backport some unimportant fixes. It's also worth noting
that we reached such a state with only 12 releases in 1.7 while we'll
likely at least double this before 1.8 may reach the same status! It
looks like 1.7 was very calm overall, mostly because it does not much
differ from 1.6.
Those running on a git snapshot will probably want to update to this new
release, and those used to deploy 1.7.11 may want to jump to 1.7.12 and
stay away from several risks of crashes. Please check the changelog below
for more details.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Christopher Faulet (21):
BUG/MINOR: checks: Fix check->health computation for flapping servers
BUG/MINOR: config: Copy default error messages when parsing of a backend
starts
BUG/MAJOR: stream-int: Update the stream expiration date in
stream_int_notify()
BUG/MINOR: check: Wake the check task if the check is finished in
wake_srv_chk()
BUG/MAJOR: stats: Fix how huge POST data are read from the channel
BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers
BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per
request
BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing
data
BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
MINOR: config: Test validity of tune.maxaccept during the config parsing
CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1
BUG/MEDIUM: hlua: Check the calling direction in lua functions of the
HTTP class
MINOR: hlua: Don't set request analyzers on response channel for lua
actions
MINOR: hlua: Add a flag on the lua txn to know in which context it can be
used
BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP
ready
BUG/MINOR: lua: Set right direction and flags on new HTTP objects
BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is
increased
BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is
increased
BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is
parsed
BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a
stkctr
DOC: Fix documentation about the cli command to get resolver stats
Cyril Bonté (1):
BUG/MEDIUM: lua: socket timeouts are not applied
David Carlier (1):
BUG/MEDIUM: da: cast the chunk to string.
Dragan Dosen (3):
BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
BUG/MINOR: haproxy: fix rule->file memory leak
Emeric Brun (5):
BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable
error.
BUG/MINOR: map: fix map_regm with backref
BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on
release.
Frédéric Lécaille (2):
BUG/MINOR: lua: Segfaults with wrong usage of types.
BUG/MINOR: lua: Bad HTTP client request duration.
Jens Bissinger (1):
DOC: Fix spelling error in configuration doc
Jérôme Magnin (2):
BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in
dns_validate_response()
BUG/MINOR: server: don't always trust srv_check_health when loading a
server state
Kevin Zhu (1):
BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
Krisztian Kovacs (1):
BUG/MEDIUM: namespace: close open namespaces during soft shutdown
Lukas Tribus (3):
DOC: clarify force-private-cache is an option
DOC: fix reference to map files in MAINTAINERS
DOC: restore note about "independant" typo
Miroslav Zagorac (1):
BUG/MINOR: WURFL: fix send_log() function arguments
Moemen MHEDHBI (1):
DOC: Update configuration doc about the maximum number of stick counters.
Nikhil Agrawal (1):
BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns
error
Olivier Houchard (8):
BUG/MINOR: servers: Don't make "server" in a frontend fatal.
BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
BUG/MEDIUM: buffers: Make sure we don't wrap in
buffer_insert_line2/replace2.
MINOR: server: Use memcpy() instead of strncpy().
MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
MINOR: peers: use defines instead of enums to appease clang.
BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
Patrick Hemmer (1):
BUG/MEDIUM: lua: reset lua transaction between http requests
Remi Gacogne (4):
BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
BUG: dns: Prevent out-of-bounds read in dns_read_name()
BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
BUG: dns: Fix out-of-bounds read via signedness error in
dns_validate_dns_response()
Ricardo Nabinger Sanchez (1):
BUG/MAJOR: checks: segfault during tcpcheck_main
Thierry FOURNIER (9):
BUG/MINOR: spoe: Mistake in error message about SPOE configuration
BUG/MEDIUM: lua/socket: Length required read doesn't work
MINOR: task/notification: Is notifications registered ?
BUG/MEDIUM: lua/socket: wrong scheduling for sockets
BUG/MAJOR: lua: Dead lock with sockets
BUG/MEDIUM: lua/socket: Notification error
BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
BUG/MEDIUM: lua/socket: Buffer error, may segfault
BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
Tim Duesterhus (5):
BUILD: Generate sha256 checksums in publish-release
BUG/MINOR: stick_table: Prevent conn_cur from underflowing
BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed
responses
BUG/MINOR: lua: Properly initialize the buffer's fields for string
samples in hlua_lua2(smp|arg)
BUG/MINOR: sample: Make the `field` converter compatible with `-m found`
William Lallemand (4):
BUG/MAJOR: map: fix a segfault when using http-request set-map
BUG/MINOR: ssl: free the sni_keytype nodes
BUG/MINOR: ssl: abort on sni allocation failure
BUG/MINOR: ssl: abort on sni_keytypes allocation failure
Willy Tarreau (37):
BUG/MINOR: lua: ensure large proxy IDs can be represented
BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn
computation
BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer
was reportedly full
BUG/MEDIUM: stats: don't ask for more data as long as we're responding
BUG/MINOR: config: stick-table is not supported in defaults section
SCRIPTS: git-show-backports: add missing quotes to "echo"
BUG/MEDIUM: queue: prevent a backup server from draining the proxy's
connections
BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
MINOR: stats: report the number of active jobs and listeners in "show
info"
BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
BUG/MINOR: backend: balance uri specific options were lost across defaults
BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
SCRIPTS: add the slack channel URL to the announce script
SCRIPTS: add the issue tracker URL to the announce script
BUG/MINOR: stream: don't close the front connection when facing a backend
error
BUG/MAJOR: config: verify that targets of track-sc and stick rules are
present
BUG/MAJOR: spoe: verify that backends used by SPOE cover all their
callers' processes
BUG/MINOR: config: make sure to count the error on incorrect
track-sc/stick rules
BUG/MAJOR: stream: avoid double free on unique_id
BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
BUG/MINOR: http-rules: mention "deny_status" for "deny" in the error
message
BUG/MEDIUM: http: also reject messages where "chunked" is missing from
transfer-enoding
BUG/MEDIUM: tcp-check: unbreak multiple connect rules again
BUILD: makefile: work around an old bug in GNU make-3.80
BUILD: makefile: use :space: instead of digits to count commits
BUILD: makefile: do not rely on shell substitutions to determine git
version
BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
BUG/MEDIUM: maps: only try to parse the default value when it's present
BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars
BUG/MEDIUM: vars: make the tcp/http unset-var() action support conditions
DOC: improve the wording in CONTRIBUTING about how to document a bug fix
BUG/MINOR: stream-int: also update analysers timeouts on activity
BUILD/MINOR: ssl: silence a build warning about const and 'cipher'
BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion
sada (1):
BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1
arguments.
---
