HAProxy 1.8.26 was released on 2020/08/03. It added 71 new commits after 

The previous release is 4 months old, so the list of fixes is a bit large. Most 
of these were already mentioned over the last releases. The most noticeable are:

- Some crashes were fixed with the unique-id, the http_first_req, and the
  capture.* sample fetches when called without a stream.

- The "http-check send" keyword was backported, it allows you to add extra
  headers and payload in your HTTP checks.

- A bug with the no-check-ssl option was fixed.

- A really old bug was found in the shctx lock code, making the process crash
  when there is a lot of lock contention on the cache. The shctx code is also
  used for the SSL sessions cache but there is less chance to provoke this

- An HTTP reuse issue was fixed when using NTML authentication, this was fixed
  by using a safer test for making the NTML sessions private.

- A memory leak in the DNS code was fixed. The DNS answer items attached to a
  resolution were not released when the DNS resolution was freed.

- Lua operations performed on map or acl files (set/add/del) are now
  thread-safe. And the analyze timeout is now reset before executing a lua
  action to avoid a loop because of a not updated expired timeout.

- In the H2 multiplexer, when an chunked H1 response is parsed before sending it
  to the client, if a chunk size or a chunk CRLF is incomplete, an error is now
  triggered and an RST_STREAM is sent to the client with the ROTOCOL_ERROR error
  code. It may happens if the server closes the connection, because the
  remaining incomplete data are unconditionally forwarded. Without this fix,
  nothing is parsed, leading to a infinite loop in the h2_snd_buf() function.

- Some inconsistencies in the argument parser were fixed, the parameter of all
  options now support a hyphen as a first character except the -sf/st ones.  We
  also fixed the support of the "--" option in the mworker mode, which is useful
  at the end of the command when you want to use a list of configuration files.

- The url_dec converter now takes an optional argument to specify if the input
  string is part of a form or a query-string to adapt the decoding.

- A thread-safety issue was fixed in the pattern matching code.

- The hdr_ip() sample fetch now properly parses IPv4 addresses without a NULL
  character delimiter.

- The memcmp() in ebtree was replaced by a byte-per-byte memcmp() to compare
  memory blocks because memcmp() was dangerous as it could read past the end on
  implementations that read multiple bytes at a time.

- A risk of looping (and abort) on channels that's triggered at least by Lua
  cosockets attempting to read a complete line from truncated contents was

- String comparisons with patterns (ACLs, ...) were performed by adding a
  trailing nul character but didn't check if it would fit, occasionally causing
  crashes (e.g. comparison with ALPN). Now short patterns are duplicated first.

This list is not exhaustive. Please have a look at the changelog below for the
complete list of fixes, and do not forget to update.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/1.8/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.8.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
   Changelog        : http://www.haproxy.org/download/1.8/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Christopher Faulet (20):
      BUG/MINOR: check: Update server address and port to execute an external 
      BUG/MINOR: checks: Respect the no-check-ssl option
      BUG/MINOR: checks/server: use_ssl member must be signed
      BUG/MINOR: sample: Set the correct type when a binary is converted to a 
      BUG/MINOR: config: Make use_backend and use-server post-parsing less 
      BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua 
      BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del 
      BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version
      BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible
      BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are 
      BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is 
      BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
      BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action 
      MINOR: checks: Add a way to send custom headers and payload during http 
      BUG/MINOR: checks: Compute the right HTTP request length for HTTP health 
      BUG/MINOR: checks: Remove a warning about http health checks
      BUG/MEDIUM: server/checks: Init server check during config validity check
      BUG/MEDIUM: checks: Always initialize checks before starting them
      BUG/MINOR: checks: Respect check-ssl param when a port or an addr is 
      BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable

Emeric Brun (3):
      BUG/MINOR: peers: fix internal/network key type mapping.
      BUG/MINOR: logs: prevent double line returns in some events.
      BUG/MEDIUM: logs: fix trailing zeros on log message.

Gaetan Rivet (1):
      BUG/MINOR: checks: chained expect will not properly wait for enough data

Jerome Magnin (3):
      BUG/MINOR: ssl: default settings for ssl server options are not used
      DOC: option logasap does not depend on mode
      BUILD: select: only declare existing local labels to appease clang

Miroslav Zagorac (1):
      BUG/MINOR: spoe: correction of setting bits for analyzer

Olivier Doucet (1):
      DOC: Improve documentation on http-request set-src

Ryan O'Hara (1):
      BUG/MINOR: systemd: Wait for network to be online

Tim Duesterhus (5):
      BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x 
sequence is encountered
      BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL
      BUG/MINOR: http_act: don't check capture id in backend (2)
      BUG/MINOR: sample: Free str.area in smp_check_const_bool
      BUG/MINOR: sample: Free str.area in smp_check_const_meth

William Dauchy (1):
      BUG/MINOR: pollers: remove uneeded free in global init

William Lallemand (7):
      REGTEST: ssl: test the client certificate authentication
      BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
      BUG/MINOR: init: -x can have a parameter starting with a dash
      BUG/MEDIUM: mworker: fix the reload with an -- option
      BUG/MINOR: mworker: fix a memleak when execvp() failed
      BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0
      DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list

Willy Tarreau (28):
      BUILD: chunk: properly declare pool_head_trash as extern
      BUILD: cache: avoid a build warning with some compilers/linkers
      BUG/MINOR: tools: fix the i386 version of the div64_32 function
      BUG/MEDIUM: capture: capture-req/capture-res converters crash without a 
      BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
      BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a 
      BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a 
      BUG/MEDIUM: shctx: really check the lock's value while waiting
      BUG/MEDIUM: shctx: bound the number of loops that can happen around the 
      BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
      SCRIPTS: publish-release: pass -n to gzip to remove timestamp
      BUG/MEDIUM: pattern: fix thread safety of pattern matching
      BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness
      BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks
      BUG/MINOR: spoe: add missing key length check before checking key names
      MINOR: cli: make "show sess" stop at the last known session
      BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash
      BUG/MINOR: proxy: always initialize the trash in show servers state
      BUILD: ebtree: fix build on libmusl after recent introduction of 
      BUG/MINOR: cfgparse: don't increment linenum on incomplete lines
      SCRIPTS: announce-release: add the link to the wiki in the announce 
      SCRIPTS: git-show-backports: make -m most only show the left branch
      SCRIPTS: git-show-backports: emit the shell command to backport a commit
      BUG/MINOR: http: make url_decode() optionally convert '+' to SP
      BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
      BUG/MINOR: threads: fix multiple use of argument inside 
      BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
      MEDIUM: map: make the "clear map" operation yield

Christopher Faulet

Reply via email to