HAProxy 2.2.5 was released on 2020/11/04. It added 60 new commits
after version 2.2.4.

The previous release is now quite old and this one fixes several bugs, some
may lead to crash. Thus, if you are running on the 2.2.X, it is probably a
good idea to update. Here are the details about this release :

Some bugs was fixed on the H2 multiplexer. The first bug is a possible
infinite loop in the function responsible to send data triggering the
watchdog. It happens when the H2 connection timed out with its mbuf ring
full. In this situation, we know it is no longer possible to send anything,
thus an error is reported and the mbuf ring is released, but it is still
marked as full. Unfortunately, in the sending function, the error is not
caught. Because the mbuf ring is marked as full we loop infinitely on it to
send nonexistent data. The second bug also affects the FCGI multiplexer. The
shutdown for reads may be handled too early on streams, especially when
there are still pending unparsed input data. When that happens, streams are
aborted too early, leading to truncated responses. The last bug is about few
"SC" reported in logs during reloads when the H2 is used on the backend
side. This happens because a graceful shutdown is performed on all H2
connections, via GOAWAY frames, while it should only be done on the
frontends ones.

Some bugs was also fixed in the H1 multiplexer. The first one is a possible
crash when bad messages are captured. The session is retrieved using the
connection owner instead of the H1 stream. But this one may be undefined if
the connection was moved at some point in an idle list. Thus a null pointer
dereference may be experienced. The second bug is about the flag
CO_RFL_READ_ONCE, instructing the socket layer to only try one read
attempt. This flag is now only set on the first read on each message.

And to not make others jealous, a memory leak was fixed in the pass-through
multiplexer. The leak happens when a TCP connection is upgraded to HTTP. The
mux is released but not the tasklet used for I/O subscriptions.

A thread-safety bug on load-balancing algorithms was fixed. The server lock
must be held when a connection is assigned or dropped. In this case, for
some algorithms (leastconn and first), the server position is updated. If
the server lock is not held, the tree may be corrupted. Another way to
trigger the bug is to update the server weight, for instance using an agent.
A divide by 0 may occur, leading to a crash. Another thread-safety bug was
fixed on the queues. This one depends on the compiler optimizations. It may
lead to a crash because pendconn_cond_unlink() occasionally sees a null
leaf_p when attempting to remove an entry. Another small bug on queue was
fixed. The counter of transferred connections when a server goes down is
now really incremented, fixing the log message emitted when a server goes

A design issue in the SPOE was fixed. An agent may try to set a variable
with the NULL data type. But internally, in HAProxy, it is not possible to
set a variable with no data. Trying to do so may lead to undefined
behaviors, depending on how the variable is then used. Thus, now, when it
happens, the variable is unset instead.

Willy fixed a possible contention problem on the global task locks when
there are many threads. Now, the number of tasks picked from the wait queue
at once is bound. At most global.tune.runqueue_depth tasks are picked at
once. The counter is updated for both the local and the global queues, so
threads with more local expired tasks will pick less global tasks and
conversely, keeping the load balanced between all threads. This will
guarantee a much lower latency if/when wakeup storms happen (e.g. hundreds
of thousands of synchronized health checks).

Willy also limited the time spent purging old entries in stick-tables. This
avoid triggering the watchdog during the purge of moderately sized

The slowstart value loaded from a state-file may now be changed, instead of
crashing HAProxy because the state is changed for a partially initialized

A bug on idle connections was fixed. When using many threads and many
servers, it's very difficult to terminate the last idle connections on each
server because of a wrong calculation of the estimate of needed connections
and because the purge task may be not woken up in case of inactivity. Now we
ensure to always wake up the purge task as long as at least one idle
connection remains. And internal calculations have been fixed.

And finally, as usual, a bunch of minor fixes and improvements :

  - Filters are no longer initialized for disabled proxies. Because the
    configuration validity is not performed for those proxies, the filters
    initialization must be skipped too. per-proxy/server post-check
    functions are also skipped.

  - Fred fixed a bug causing peers sessions to be reset sometimes.

  - The BoringSSL support was fixed and it should now work again.

  - Rémi fixed the parsing of the cache-control header values.

  - Amaury fixed the server downtime calculation and uninitialized samples
    at several places in the lua.

  - Eric fixed leaks during the init on global and per-proxy log_tag.

  - Amaury fixed the loop iteration on the connection takeover.

  - The payload of internal responses is now skipped for HEAD requests.

  - During startup, A error is triggered if a 204/304 internal response
    contains a body. This includes the errorfiles and the http replies. In
    addition, for other errors, An extra check is now performed to ensure
    the body length matches the announce content-length.

  - Now servers without address but with dns resolver are set in RMAINT mode
    on startup.

  - etc.

Thanks to everyone for this release. Enjoy !

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.2/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.2.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.2.git
   Changelog        : http://www.haproxy.org/download/2.2/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Amaury Denoyelle (6):
      MINOR: counters: fix a typo in comment
      BUG/MINOR: stats: fix validity of the json schema
      BUG/MINOR: connection: fix loop iter on connection takeover
      BUG/MINOR: server: fix srv downtime calcul on starting
      BUG/MINOR: server: fix down_time report for stats
      BUG/MINOR: lua: initialize sample before using it

Brad Smith (1):
      BUILD: makefile: Fix building with closefrom() support enabled

Christopher Faulet (22):
      DOC: tcp-rules: Refresh details about L7 matching for tcp-request content 
      BUG/MINOR: tcpcheck: Set socks4 and send-proxy flags before the connect 
      MINOR: hlua: Display debug messages on stderr only in debug mode
      BUG/MINOR: mux-h1: Be sure to only set CO_RFL_READ_ONCE for the first read
      BUG/MINOR: mux-h1: Always set the session on frontend h1 stream
      BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams
      BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams
      BUG/MINOR: http: Fix content-length of the default 500 error
      BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses
      BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided
      BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad 
      BUG/MEDIUM: lb: Always lock the server when calling 
      BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD 
      BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer 
      BUG/MEDIUM: filters: Don't try to init filters for disabled proxies
      BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled 
      BUG/MINOR: checks: Report a socket error before any connection attempt
      BUG/MINOR: server: Set server without addr but with dns in RMAINT on 
      MINOR: server: Copy configuration file and line for server templates
      BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade
      BUG/MINOR: filters: Skip disabled proxies during startup only
      CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream

Emmanuel Hocdet (1):
      BUG/MEDIUM: ssl: OCSP must work with BoringSSL

Eric Salama (1):
      BUG/MINOR: Fix several leaks of 'log_tag' in init().

Frédéric Lécaille (2):
      BUG/MINOR: peers: Inconsistency when dumping peer status codes.
      BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions.

Ilya Shipitsin (2):
      BUG/MINOR: disable dynamic OCSP load with BoringSSL
      BUILD: ssl: make BoringSSL use its own version numbers

Matteo Contrini (1):
      DOC: fix typo in MAX_SESS_STKCTR

Pierre Cheynier (1):
      DOC: Add missing stats fields in the management doc

Remi Tricot-Le Breton (3):
      MINOR: ist: Add a case insensitive istmatch function
      BUG/MINOR: cache: Manage multiple values in cache-control header value
      BUG/MINOR: cache: Inverted variables in http_calc_maxage function

Sébastien Gross (1):
      DOC: Fix typos in configuration.txt

Tim Duesterhus (1):
      MINOR: ssl: Add error if a crt-list might be truncated

William Lallemand (3):
      MINOR: ssl: Add warning if a crt-list might be truncated
      MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension
      Revert "MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate 

Willy Tarreau (15):
      BUILD: ssl_crtlist: work around another bogus gcc-9.3 warning
      BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe
      DOC: fix a confusing typo on a regsub example
      CLEANUP: tree-wide: use VAR_ARRAY instead of [0] in various definitions
      BUILD: connection: fix build on clang after the VAR_ARRAY cleanup
      BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited
      BUG/MINOR: mux-h2: do not stop outgoing connections on stopping
      MINOR: fd: report an error message when failing initial allocations
      BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at 
      BUG/MINOR: queue: properly report redistributed connections
      BUG/MEDIUM: server: support changing the slowstart value from state-file
      BUG/MINOR: extcheck: add missing checks on extchk_setenv()
      BUG/MINOR: log: fix memory leak on logsrv parse error
      BUG/MINOR: log: fix risk of null deref on error path
      BUG/MEDIUM: stick-table: limit the time spent purging old entries

Christopher Faulet

Reply via email to