Hi, HAProxy 1.8.29 was released on 2021/03/19. It added 40 new commits after version 1.8.28.
As again, this is mainly a release with a collection of fixes which improve the overall quality and stability of haproxy. Here is a list of the most notables changes : - William D. and Christopher give special care on the server-state file. Some bugs related to the servers reload from the state file are corrected. Most notably, the RMAINT dynamic state is now ignored if present in the state file. This prevents an error to be reported and the server to not be updated. Also, it is now possible in the configuration file to use the server-state directive without a filename. In this case, a file with the backend name will automatically be used as the state file. In fact, this feature was already documented but not functional. - The SPOE module receives fixes. First, a crash caused by dangling references on released applets is now prevented. It could have happened on unusual various occasions, one of them being during a reload. Second, after receiving an incomplete frame, the SPOE stream processing was stucked. Now the stream is properly woken up to process the remaining data. Finally, some adjustments have been made to process streams smoother when using SPOE with multithread, especially with a low maxconn on the server. - The DNS responses are matched with case-insensitive functions. This prevent resolution failures for the uncommon case of having uppercases characters in names of DNS queries. - It is now possible to use ipv6 connections for servers with the special address 0.0.0.0 to reuse the client source address as a transparent proxy. - A bug was fixed by Willy in the configuration parser. The queue and tarpit timeouts were applied from the last default section if not defined instead of the default section before the proxy definition. This might have resulted in incorrect timeout values. This bug is 13 years old so I think it deserves a special note here :) - The processing of the originalto option has been adjusted. Now the destination address is correctly tested against the except statement. Please be careful because the doc was also wrong on this point, mentioning the source instead of the destination address. It has been edited, so this feature is now consistent. - There was an issue with the set-dst tcp rule. The destination tcp port was not correctly fixed for an ipv4 address. However its impact was limited on UNIX sockets. - Christopher wrote a fix for the filters. This ensure that the filters will be called on the response after the request, even if the analyzis on the request is finished before the start of the response filtering. - The sample fetch functions are safer and handle properly an empty string buffer value. Before this, it caused a memory corruption problem by reading bytes outside of the sample value. - Data races could happened on hard-stop or shutdown-sessions. These instructions are now only executed when no other threads are running to enforce the thread-safety. - Willy has fixed a data race on frequency counters, causing a non-monotonically updates of them. At the same occasion, an optimization has been backported. The counters are now incremented atomically without a lock. This reduces the contention on them, which should improve the performance as they are often used as proxies counters. - The sticky counter of the sessions was also subject to a non-thread safe incrementation and could be slightly off on time. An atomic operation is now used to guarantee a correct value. - A possible crash was averted by William when manipulating listener counters with an applet as a client (peers, SPOE or Lua). In this case, the listener instance is null, thus it cannot be dereferenced. However, these instructions are limited to specific scopes, so most of the time it won't happened for an applet. Thanks to everyone for this release. Enjoy ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Amaury Denoyelle (2): BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name CLEANUP: remove unused src/cfgparse-listen.c Bertrand Jacquin (1): BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX Christopher Faulet (20): BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list BUG/MINOR: server: Fix server-state-file-name directive CLEANUP: deinit: release global and per-proxy server-state variables on deinit BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL BUG/MINOR: server: Remove RMAINT from admin state when loading server state BUG/MINOR: sample: Always consider zero size string samples as unsafe BUG/MINOR: server: Init params before parsing a new server-state line BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line BUG/MINOR: http-ana: Only consider dst address to process originalto option BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule BUG/MINOR: connection: Use the client's dst family for adressless servers BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet BUG/MEDIUM: spoe: Explicitly wakeup SPOE stream if waiting for more data DOC: spoe: Add a note about fragmentation support in HAProxy BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames Emeric Brun (1): CLEANUP: channel: fix comment in ci_putblk. Olivier Houchard (1): BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive Remi Tricot-Le Breton (1): BUG/MINOR: sample: Memory leak of sample_expr structure in case of error William Dauchy (1): BUG/MINOR: server: re-align state file fields number William Lallemand (1): BUG/MEDIUM: session: NULL dereference possible when accessing the listener Willy Tarreau (12): DOC: management: fix "show resolvers" alphabetical ordering BUG/MINOR: xxhash: make sure armv6 uses memcpy() BUG/MEDIUM: config: don't pick unset values from last defaults section BUG/MINOR: session: atomically increment the tracked sessions counter BUG/MINOR: checks: properly handle wrapping time in __health_adjust() BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop BUG/MEDIUM: cli/shutdown sessions: make it thread-safe BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode CLEANUP: tcp-rules: add missing actions in the tcp-request error message MINOR: time: export the global_now variable OPTIM: freq-ctr: don't take the date lock for most updates BUG/MINOR: freq_ctr/threads: make use of the last updated global time -- Amaury Denoyelle
