HAProxy 2.0.15 was released on 2020/06/12. It added 77 new commits
after version 2.0.14.

A major issue was fixed when using l7 retries which could provokes a crash.
The fix had to be done in a different way than in 2.1+ since the architecture
changed a lot. If you want more details about it, please read the commit

A very difficult to trigger risk of crash was also fixed when connecting to a
server using ALPN but haproxy fails to find a mux after the TLS handshake.

Some fixes were made with captures converters that could crash if misued as
well as some buggy sample fetches (http_first_req, unique-id, CPU, latency).

An HTTP reuse issue was fixed when using NTML authentication, this was fixed
by using a safer test for making the NTML sessions private.

Some inconsistencies in the argument parser were also fixed, the parameter of
all options now support a hyphen as a first character except the -sf/st ones.
We also fixed the support of the "--" option in the mworker mode, which is
useful at the end of the command when you want to use a list of configuration

Find the complete changelog below.

As usual, don't forget to update to this version if you are using the 2.0

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.0/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.0.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git
   Changelog        : http://www.haproxy.org/download/2.0/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Adam Mills (1):
      DOC: hashing: update link to hashing functions

Adis Nezirovic (1):
      BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT

Christopher Faulet (20):
      BUG/MINOR: check: Update server address and port to execute an external 
      MINOR: checks: Add a way to send custom headers and payload during http 
      BUG/MINOR: checks: Respect the no-check-ssl option
      BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
      BUG/MEDIUM: server/checks: Init server check during config validity check
      BUG/MINOR: checks/server: use_ssl member must be signed
      BUG/MEDIUM: checks: Always initialize checks before starting them
      BUG/MINOR: checks: Compute the right HTTP request length for HTTP health 
      BUG/MINOR: checks: Remove a warning about http health checks
      BUG/MINOR: sample: Set the correct type when a binary is converted to a 
      BUG/MINOR: config: Make use_backend and use-server post-parsing less 
      BUG/MINOR: cache: Don't needlessly test "cache" keyword in 
      BUG/MINOR: checks: Respect check-ssl param when a port or an addr is 
      BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
      BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua 
      BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del 
      BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump 
      BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version
      REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used

Dragan Dosen (1):
      BUG/MEDIUM: ssl: fix the id length check within 

Emeric Brun (3):
      BUG/MINOR: peers: fix internal/network key type mapping.
      BUG/MINOR: logs: prevent double line returns in some events.
      BUG/MEDIUM: logs: fix trailing zeros on log message.

Frédéric Lécaille (2):
      BUG/MINOR: protocol_buffer: Wrong maximum shifting.
      BUG/MINOR: peers: Incomplete peers sections should be validated.

Gaetan Rivet (1):
      BUG/MINOR: checks: chained expect will not properly wait for enough data

Jerome Magnin (3):
      BUG/MINOR: ssl: default settings for ssl server options are not used
      DOC: option logasap does not depend on mode
      BUILD: select: only declare existing local labels to appease clang

Nathan Neulinger (1):
      BUG/MINOR: lua: Add missing string length for lua sticktable lookup

Olivier Doucet (1):
      DOC: Improve documentation on http-request set-src

Olivier Houchard (3):
      BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
      BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
      BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.

Tim Duesterhus (2):
      BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x 
sequence is encountered
      REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv

William Dauchy (4):
      BUG/MEDIUM: connections: force connections cleanup on server changes
      CLEANUP: connections: align function declaration
      BUG/MINOR: pollers: remove uneeded free in global init
      Revert "BUG/MEDIUM: connections: force connections cleanup on server 

William Lallemand (7):
      REGTEST: ssl: test the client certificate authentication
      BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
      BUG/MINOR: init: -x can have a parameter starting with a dash
      BUG/MINOR: init: -S can have a parameter starting with a dash
      BUG/MEDIUM: mworker: fix the reload with an -- option
      BUG/MINOR: mworker: fix a memleak when execvp() failed
      BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0

Willy Tarreau (27):
      BUG/MINOR: tools: fix the i386 version of the div64_32 function
      BUG/MINOR: http: make url_decode() optionally convert '+' to SP
      BUG/MEDIUM: capture: capture-req/capture-res converters crash without a 
      BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
      BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a 
      BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a 
      BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a 
      BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
      MINOR: threads: export the POSIX thread ID in panic dumps
      BUG/MINOR: debug: properly use long long instead of long for the thread ID
      BUG/MEDIUM: shctx: really check the lock's value while waiting
      BUG/MEDIUM: shctx: bound the number of loops that can happen around the 
      MINOR: stream: report the list of active filters on stream crashes
      BUG/MEDIUM: backend: don't access a non-existing mux from a previous 
      Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY 
      BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure
      BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
      BUG/MINOR: threads: fix multiple use of argument inside 
      BUG/MINOR: http-ana: fix NTLM response parsing again
      BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
      BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
      BUG/MINOR: soft-stop: always wake up waiting threads on stopping
      BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
      SCRIPTS: publish-release: pass -n to gzip to remove timestamp
      BUILD: makefile: adjust the sed expression of "make help" for solaris
      BUG/MEDIUM: log: don't hold the log lock during writev() on a file 
      BUG/MEDIUM: pattern: fix thread safety of pattern matching


William Lallemand

Reply via email to