HAProxy 1.9.13 was released on 2019/11/25. It added 39 new commits
after version 1.9.12.

It addresses the same security issues as announced in 2.0.10:

- The first one, found by Tim Düsterhus, lets an attacker pass control
  characters into header fields, leading to a possibility of content
  smuggling attacks on HTTP/1 backends, which is mainly a concern if
  http-reuse is in use.

- The second, found by Christopher Faulet, is a direct consequence of a
  flaw in the H2 spec making no special case of HEADER frames received
  on an IDLE stream on the response path. As such, such a frame passes
  all validity checks but no stream is allocated since it's a response,
  and the decoding of the headers on a read-only dummy stream results
  in a crash of the process.

It also addresses a number of issues which were already fixed in 2.0.9,
such as an occasional risk of double free causing crashes in idle
connections, disabling splicing on chunked responses, listeners eating
CPU when reaching the frontend/process' maxconn, and improved handling
of idle connections facing errors.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/1.9/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.9.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
   Changelog        : http://www.haproxy.org/download/1.9/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Baptiste Assmann (1):
      BUG: dns: timeout resolve not applied for valid resolutions

Christopher Faulet (10):
      BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is 
      BUG/MEDIUM: mux-h1: Disable splicing for chunked messages
      BUG/MEDIUM: stream: Be sure to support splicing at the mux level to 
enable it
      BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams
      BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams
      BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to 
      BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is 
      BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
      BUG/MINOR: stream-int: Fix si_cs_recv() return value
      DOC: Add documentation about the use-service action

Emmanuel Hocdet (1):
      BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1

Eric Salama (1):
      BUILD/MINOR: ssl: fix compiler warning about useless statement

Joao Morais (1):
      BUG/MINOR: config: Update cookie domain warn to RFC6265

Jérôme Magnin (2):
      DOC: management: document reuse and connect counters in the CSV format
      DOC: management: document cache_hits and cache_lookups in the CSV format

Lukas Tribus (1):
      MINOR: doc: http-reuse connection pool fix

Olivier Houchard (3):
      MINOR: mux: Add a new method to get informations about a mux.
      BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully 
      BUG/MEDIUM: Make sure we leave the session list in session_free().

William Dauchy (1):
      MINOR: tcp: avoid confusion in time parsing init

William Lallemand (2):
      BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed
      BUG/MINOR: cli: fix out of bounds in -S parser

Willy Tarreau (16):
      MINOR: config: warn on presence of "\n" in header values/replacements
      BUG/MINOR: mux-h2: do not emit logs on backend connections
      BUG/MINOR: spoe: fix off-by-one length in UUID format string
      BUG/MEDIUM: mux-h2: report no available stream on a connection having 
      BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle 
      BUG/MEDIUM: mux-h2: immediately report connection errors on streams
      DOC: management: fix typo on "cache_lookups" stats output
      BUG/MINOR: queue/threads: make the queue unlinking atomic
      BUG/MEDIUM: listeners: always pause a listener on out-of-resource 
      BUG/MINOR: log: limit the size of the startup-logs
      MINOR: ist: add ist_find_ctl()
      BUG/MAJOR: h2: reject header values containing invalid chars
      BUG/MAJOR: h2: make header field name filtering stronger
      BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle 
      SCRIPTS: create-release: show the correct origin name in suggested 
      SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands


Reply via email to