HAProxy 2.3.5 was released on 2021/02/06. It added 54 new commits
after version 2.3.4.

There's no critical bug in this one but fixes for a few problematic cases
that either have been there for a while or resulted from recent incomplete

  - an issue in filters (compression, spoe, etc) could block response
    headers in empty responses with no content-length ;

  - there was a risk of temporary CLOSE_WAIT on aborted H2 connections since
    the recent fixes for truncated responses. Note that these ones would
    vanish on timeout anyway, hence it was more annoying than dramatic ;

  - a rare risk of segfault in idle connections code related to accidental
    reuse of a TCP connection involving a pending handshake was fixed ;

  - the CLI's "abort ssl cert" would purge the old instead of new SSL info;

  - errors on connections would not prevent SSL handshake from being
    performed, leading to wasted CPU cycles that could sometimes maintain
    the load artificially high during contention ;

  - Lua's core.get_info() got broken in previous version due to the missing
    definition of INF_BUILD_INFO in stats ;

  - there was a small risk of crash in tcpchecks when using multiple
    connections ;

  - the previous fix for DNS SRV records was incorrect and had to be
    reverted in 2.3.4 as it was sometimes causing a bad pointer
    dereference and crashing. The code was rechecked and the correct
    fix merged again ;

  - an alignment issue in the XXHash code affecting ARMv6/v7 running
    in 32-bit mode on 64-bit kernels was addressed ; it could cause
    bus errors and crashes in 32-bit chroots or containers when using
    the pattern LRU cache ;

  - a few other really minor issues were addressed

  - "server" definitions in "frontend" sections were mistakenly not
    rejected during parsing, but would generally result in random crashes
    later due to uninitialised fields. They are now properly rejected.

In addition, the maximum HTTP/1 chunk size was extended from 2 GB to 4 PB
since there was no more compelling reason to limit ourselves to 32 bits
storage anymore. Last, some of the "show fd" output improvements were
backported as they significantly help when reporting bugs. 

2.2.9 is imminent as well with essentially the same fixes, I just don't
know yet if my backport of the tcpcheck fix is correct and don't want
to take any risks :-)

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.3/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.3.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.3.git
   Changelog        : http://www.haproxy.org/download/2.3/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Adis Nezirovic (1):
      BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition

Amaury Denoyelle (6):
      BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
      BUG/MEDIUM: session: only retrieve ready idle conn from session
      REORG: backend: simplify conn_backend_get
      BUG/MEDIUM: backend: never reuse a connection for tcp mode
      BUG/MINOR: backend: check available list allocation for reuse
      BUG/MINOR: mux_h2: fix incorrect stat titles

Baptiste Assmann (1):
      BUG/MINOR: dns: SRV records ignores duplicated AR records (v2)

Bertrand Jacquin (3):
      MINOR: build: discard echoing in help target
      BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
      BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX

Christopher Faulet (8):
      BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
      MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities
      MINOR: server: Forbid server definitions in frontend sections
      BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback 
      BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is 
      MINOR: h1: Raise the chunk size limit up to (2^52 - 1)
      BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
      MINOR: config: Deprecate and ignore tune.chksize global option

David CARLIER (1):
      BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.

Frédéric Lécaille (4):
      MINOR: peers: Add traces for peer control messages.
      BUG/MINOR: peers: Possible appctx pointer dereference.
      BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
      MINOR: contrib: Make the wireshark peers dissector compile for more 

Remi Tricot-Le Breton (1):
      BUG/MINOR: sock: Unclosed fd in case of connection allocation failure

Tim Duesterhus (1):
      DOC: Improve documentation of the various hdr() fetches

William Lallemand (3):
      BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file()
      BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
      BUILD: Makefile: move REGTESTST_TYPE default setting

Willy Tarreau (25):
      BUILD: peers: fix build warning about unused variable
      BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" 
      BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
      CLEANUP: tools: make resolve_sym_name() take a const pointer
      CLEANUP: cli: make "show fd" use a const connection to access other fields
      MINOR: cli: make "show fd" also report the xprt and xprt_ctx
      MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps.
      MINOR: ssl: provide a "show fd" helper to report important SSL information
      MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves 
      MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber 
when known
      MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber 
when known
      MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm 
subscriber when known
      MINOR: cli: give the show_fd helpers the ability to report a suspicious 
      MINOR: cli/show_fd: report some easily detectable suspicious states
      MINOR: ssl/show_fd: report some FDs as suspicious when possible
      MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls
      MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls
      DOC: management: fix "show resolvers" alphabetical ordering
      BUG/MEDIUM: ssl: check a connection's status before computing a handshake
      BUG/MINOR: xxhash: make sure armv6 uses memcpy()
      BUG/MINOR: ssl: do not try to use early data if not configured
      BUILD: ssl: fix build breakage with last commit
      MINOR: cli/show_fd: report local and report ports when known
      BUG/MEDIUM: mux-h2: handle remaining read0 cases
      BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED


Reply via email to