Hi, HAProxy 2.1.9 was released on 2020/09/30. It added 59 new commits after version 2.1.8.
This version collects 2 months of fixes, the same as those that were spread over 2.2.3 and 2.2.4, so I won't paraphrase myself, but will just give a quick summary. We have fixes for the reference python SPOA server, HTTP 1xx interim responses that were unexpectedly delayed, command-line parsing issue causing "haproxy -s" with no more argument to go 100% CPU, an unknown H2 frame type that was accidently rejected while it ought to not to, listeners not bound to all processes not correctly handling a pause and resume cycle, the workaround for the libgcc_s crashes when using chroot, Lua fixes to how arguments are passed to sample fetch functions and converters (namely maps), allowing some converters to have become accessible again from Lua, a few OCSP issues I don't rememberr about, and a rare risk of crash or most likely wrong info being used if a request-only sample fetch is used in a response. With all this, I'd say that it would be nice to upgrade. No emergency, but I'd rather not get any reports from 2.1 versions older than 2.1.9 considering the number of known erratic behaviors we can get there. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.1/src/ Git repository : http://git.haproxy.org/git/haproxy-2.1.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.1.git Changelog : http://www.haproxy.org/download/2.1/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Amaury Denoyelle (1): BUG/MINOR: config: Fix memory leak on config parse listen Christopher Faulet (19): BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime MINOR: arg: Add an argument type to keep a reference on opaque data BUG/MINOR: converters: Store the sink in an arg pointer for debug() converter BUG/MINOR: lua: Duplicate map name to load it when a new Map object is created BUG/MINOR: arg: Fix leaks during arguments validation for fetches/converters BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation MINOR: hlua: Don't needlessly copy lua strings in trash during args validation BUG/MINOR: lua: Duplicate lua strings in sample fetches/converters arg array MEDIUM: lua: Don't filter exported fetches and converters MINOR: http-htx: Add an option to eval query-string when the path is replaced BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action BUG/MEDIUM: doc: Fix replace-path action description Revert "BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action" BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned MINOR: arg: Use chunk_destroy() to release string arguments BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch Eric Salama (1): BUG/MINOR: Fix memory leaks cfg_parse_peers Gilchrist Dadaglo (5): BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed BUG/MINOR: contrib/spoa-server: Do not free reference to NULL BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address Tim Duesterhus (3): DOC: cache: Use '<name>' instead of '<id>' in error message MINOR: Commit .gitattributes CLEANUP: Update .gitignore Victor Kislov (1): BUG/MINOR: auth: report valid crypto(3) support depending on build options William Dauchy (2): DOC: spoa-server: fix false friends `actually` DOC: agent-check: fix typo in "fail" word expected reply William Lallemand (7): BUG/MINOR: ssl: fix memory leak at OCSP loading BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free() BUG/MINOR: snapshots: leak of snapshots on deinit() BUG/MINOR: startup: haproxy -s cause 100% cpu BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate BUG/MINOR: ssl: verifyhost is case sensitive Willy Tarreau (20): SCRIPTS: git-show-backports: make -m most only show the left branch SCRIPTS: git-show-backports: emit the shell command to backport a commit BUG/MINOR: stats: use strncmp() instead of memcmp() on health states BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction BUG/MINOR: reload: do not fail when no socket is sent BUG/MINOR: threads: work around a libgcc_s issue with chrooting BUILD: thread: limit the libgcc_s workaround to glibc only BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections BUILD: threads: better workaround for late loading of libgcc_s BUG/MINOR: server: report correct error message for invalid port on "socks4" BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK BUG/MEDIUM: h2: report frame bits only for handled types MINOR: h2/trace: also display the remaining frame length in traces MINOR: backend: make the "whole" option of balance uri take only one bit MINOR: backend: add a new "path-only" option to "balance uri" REGTESTS: add a few load balancing tests BUG/MEDIUM: listeners: do not pause foreign listeners REGTEST: fix host part in balance-uri-path-only.vtc REGTEST: make abns_socket.vtc require 1.8 REGTEST: make map_regm_with_backref require 1.7 ---