HAProxy 1.8.24 was released on 2020/02/15. It added 49 new commits after
version 1.8.23. This aligns the code on the level of fixes that went
into 1.9.13 and 1.9.14.

There's nothing really outstanding here, as can be seen in the changelog
below. The main reason for this release is that I was reminded on Discourse
by Lukas and @pnikolov that the "attr" attribute for the "cookie" directive
was backported, allowing to address the breakage that some sites reportedly
experience since the latest release of the Chrome browser changed its
default setting for the SameSite cookie attribute from "None" to "Lax".
Typically some such sites may need to update their "cookie" directive to
add SameSite and secure. Example:

   cookie SRV insert indirect nocache secure attr "SameSite=None"

If nobody complained to you about your site being broken under Chrome,
you don't need to change anything.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/1.8/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.8.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
   Changelog        : http://www.haproxy.org/download/1.8/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Baptiste Assmann (2):
      BUG/MINOR: http_act: don't check capture id in backend
      BUG/MINOR: dns: allow srv record weight set to 0

Christopher Faulet (4):
      BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
      BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during 
      BUG/MINOR: tcp-rules: Fix memory releases on error path during action 
      MINOR: proxy/http-ana: Add support of extra attributes for the cookie 

Emmanuel Hocdet (1):
      BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1

Jerome Magnin (2):
      BUG/MINOR: stream: don't mistake match rules for store-request rules
      BUG/MINOR: pattern: handle errors from fgets when trying to load patterns

Mathias Weiersmueller (1):
      DOC: clarify matching strings on binary fetches

Olivier Houchard (2):
      BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
      BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.

Tim Duesterhus (2):
      BUG/MINOR: dns: Make dns_query_id_seed unsigned
      MINOR: acl: Warn when an ACL is named 'or'

William Dauchy (4):
      BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
      BUG/MINOR: dns: allow 63 char in hostname
      BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
      BUG/MINOR: tcp: don't try to set defaultmss when value is negative

William Lallemand (2):
      BUG/MEDIUM: mworker: remain in mworker mode during reload
      BUG/MEDIUM: cli: _getsocks must send the peers sockets

Willy Tarreau (29):
      BUG/MEDIUM: listener/thread: fix a race when pausing a listener
      BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
      BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
      BUG/MINOR: listener: also clear the error flag on a paused listener
      BUG/MEDIUM: listener/threads: fix a remaining race in the listener's 
      DOC: document the listener state transitions
      BUG/MAJOR: dns: add minimalist error processing on the Rx path
      BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
      DOC: listeners: add a few missing transitions
      BUILD/MINOR: ssl: shut up a build warning about format truncation
      BUILD/MINOR: tools: shut up the format truncation warning in 
      BUILD: do not disable -Wformat-truncation anymore
      DOC: remove references to the outdated architecture.txt
      BUG/MINOR: log: fix minor resource leaks on logformat error path
      BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
      BUG/MINOR: listener: do not immediately resume on transient error
      BUG/MINOR: server: make "agent-addr" work on default-server line
      BUG/MINOR: listener: fix off-by-one in state name check
      BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy()
      BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
      BUG/MINOR: sample: always check converters' arguments
      BUG/MEDIUM: session: do not report a failure when rejecting a session
      BUG/MAJOR: hashes: fix the signedness of the hash inputs
      BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
      SCRIPTS: announce-release: place the send command in the mail's header
      SCRIPTS: announce-release: allow the user to force to overwrite old files
      BUG/MINOR: unix: better catch situations where the unix socket path 
length is close to the limit
      BUG/MEDIUM: listener: only consider running threads when resuming 
      SCRIPTS: make announce-release executable again


Reply via email to