HAProxy 2.4.0 was released on 2021/05/14. It added 34 new commits
after version 2.4-dev19. This completes 6 months of improvements and
cleanups split into 1687 commits from 36 participants. I'm pleased to
welcome these 7 new contributors who got their first commit merged
into 2.4, hoping they'll want to continue:

  Florian Apolloner, Jan Wagner, Maciej Zdeb, Maximilian Mader,
  Phil Scherer, Thayne McCombs, Evgeny Varnavskiy

And these 29 other ones who are not new as they already contributed
before 2.4:

  Adis Nezirovic, Aleksandar Lazic, Amaury Denoyelle, Baptiste Assmann
  Bertrand Jacquin, Christian Ruppert, Christopher Faulet,
  Daniel Corbett, David Carlier, Dragan Dosen, Emeric Brun, Eric Salama,
  Frédéric Lécaille, Gilchrist Dadaglo, Ilya Shipitsin, Jerome Magnin,
  Joao Morais, Julien Pivotto, Matthieu Guegan, Miroslav Zagorac,
  Moemen MHEDHBI, Olivier Houchard, Remi Tricot-Le Breton,
  Thierry Fournier, Tim Duesterhus, William Dauchy, William Lallemand,
  Willy Tarreau, Yves Lafon

It's really great to see more and more participation in multiple areas,
turning good ideas into usable features, and with increasing quality
overall. Let's continue like this, it's going into the right direction.

Speaking of quality, for the first time we really managed to enforce the
feature freeze, leading to most only harmless stuff getting merged past
that point. It allowed us to focus much better than before on regressions
and eliminate the usual last-minute bugs. This, combined with the work
done by Ilya and Tim on the CI, and with the continuously growing set of
regression tests, has significantly shortened the average lifetime of the
bugs (many of which not leaving the developer's computer anymore). And
this pays off: each and every -dev version among the 20 ones produced
was deployed on haproxy.org, and no single failure was observed since,
not even a crash, hang, leak, slow down or rendering issue. This makes
me think that 2.4 out of the box is probably more reliable than the
excellent 2.2 after 14 revisions. That's also why we release slightly
before the initially expected deadline, it almost seems there's nothing
left to be fixed! This proves that with some shared efforts it's possible
to improve, and I hope that we'll continue on this trend so that 2.5 gets
even better (yes, it's always possible).

This version brings a few fixes for bugs and build issues on top of -dev19,
very minor changes (addition of some ARM CPU targets in the Makefile to ease
portable builds, a few extra normalizers, a few example files, and a sorting
key for "show profiling"). Please see at the end of this message for the

What's new in 2.4 compared to 2.3 ? Lots of cool stuff! The work was spread
on several fronts:
  - performance and latency: a lot of work was done on locking reduction,
    bringing 2.4 a much lower latency than 2.3 had, and a higher scalability.
    2.4 is NUMA-aware on Linux and will avoid binding to cross-socket cores
    by default. Idle server-side connections are now reusable even when SNI,
    proxy protocol or transparent proxy are used, saving costly round trips.
    Lua now supports lock-free multi-threading. Idle frontend connections
    will now be closed as soon as possible during reloads.

  - reliability: "strict-limits" is on by default, experimental features
    are protected against accidental use from a copy-paste, a diagnostic
    mode was added to report suspicious or uncommon constructs that could
    be mistakes, new live debugging tools were added for better in-field
    debugging. Backend idle connections will be closed before quitting
    so that they don't consume source ports in TIME_WAIT.

  - management and integration: maps and ACLs now support atomic updates,
    server-side SSL certificates can also be updated without reloading,
    servers can be added/removed without reloading (still experimental),
    more server settings can be edited at run time, global variables can
    be listed/edited at run time, "defaults" section can now be named,
    reused an inherited, line numbers and file names can be included in
    any command, file paths can now be relative to the config file, some
    new ".if/.elif/.else/.endif" config directives permit a smoother
    transition between versions using a same config file (particularly
    useful for automated rollbacks), 

  - interoperability / protocol support: WebSocket over HTTP/2 (RFC8441)
    is now supported on both sides, regardless of the version on the other
    side. The cache now supports the "Vary" header with a few commonly
    used headers, including "Accept-encoding" which gets normalized for
    optimal cache hit ratio. The Prometheus exporter got a significant
    liftup, requires less tricks on the Prometheus side, and supports
    listing only certain metrics for faster retrieval. Optional native
    support for Opentracing was also integrated (via USE_OT=1). The DNS
    resolvers now support talking to servers over TCP. Basic support for
    extracting information from MQTT and FIX protocol was added. Timeouts
    can now be adjusted on the fly and per-request in order to adapt to
    particuarly slow servers or special protocols.

  - user-friendliness: TCP loggers now do not require a ring section
    declaration anymore, it's transparently done now. Header deletion
    using a pattern matching on the name is now supported instead of
    having to list many names. Checking for real server-side errors got
    easier than before with http_fail_cnt/http_fail_rate. The config
    parser and CLI will now provide suggestions when some keywords are
    misspelled. The CLI's help output can now be filtered to subsets of
    commands and will be sorted for easier finding.

  - processing: the new "wait-for-body" HTTP action allows to wait for
    a request or response body up to a certain size or delay. This is
    convenient to detect POST contents or to detect error patterns or
    information leaks in responses. TCP frontends can now be manually
    upgraded to HTTP, allowing HTTP rules to be used in a frontend in
    a tcp->http scenario. JSON parameters can be decoded to extract some
    fields values. A URL encoder is now available to pass some fields in
    a way that is suitable for query string parameters. Base64 variants
    are now supported (such as the URL-compatible one used by JWT).

  - for distros: building optional addons will be easier thanks to the
    removal of the contrib/ directory and the cleaner integration with
    the regular build process and include files. Libslz was included by
    default, simplifying the packaging work. A few example configs were
    added into examples/ to serve as starters for users. A CPU entry was
    added to produce executables that works well both on old and new
    ARMv8 CPUs.

  - observability: more stats were added (SSL, H2). "show info" can now
    emit floating point values for rates and uptimes if requested.

And of course there's all the invisible stuff being done on the internals
to improve the code, make it more extensible, more reliable or faster. I
think that's about it. If you contributed something that I missed here,
sorry for this, that's already a lot to figure out. Don't feel upset, and
just respond here to point it :-)

For more details, my coworker Daniel went through all the announces and wrote
about these changes in more details here:


I'm pretty sure there are still a few other points that I already missed
in announces, and I remember that long ago we said about one of them that
I should not forget to mention it. Apparently I did :-)

Many thanks to all of those who participated with code, doc, support, bug
reports and discussions.

As usual, I've been careful when uploading the new release and I would
not be surprised to see a 404 or two, so do not hesitate to report any
issue. Please be gentle for the doc, as it also requires some manual
post-release adaptations and will take a bit more time.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.4/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.4.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git
   Changelog        : http://www.haproxy.org/download/2.4/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/


Complete changelog since 2.4-dev19:
Amaury Denoyelle (3):
      BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port
      BUG/MEDIUM: stick_table: fix crash when using tcp smp_fetch_src
      REGTESTS: stick-table: add src_conn_rate test

Daniel Corbett (2):
      CLEANUP: cli/activity: Remove double spacing in set profiling command
      DOC: config: Fix configuration example for mqtt

Ilya Shipitsin (2):
      CI: extend spellchecker whitelist, add "ists" as well
      CLEANUP: assorted typo fixes in the code and comments

Miroslav Zagorac (1):
      BUILD/MINOR: opentracing: fixed compilation with filter enabled

Tim Duesterhus (5):
      CI: Build VTest with clang
      BUG/MINOR: http_act: Fix normalizer names in error messages
      MINOR: uri_normalizer: Add `fragment-strip` normalizer
      MINOR: uri_normalizer: Add `fragment-encode` normalizer
      Revert "CI: Build VTest with clang"

Willy Tarreau (20):
      BUG/MINOR: memprof: properly account for differences for realloc()
      MINOR: memprof: also report the method used by each call
      MINOR: memprof: also report the totals and delta alloc-free
      CLEANUP: pattern: remove the unused and dangerous pat_ref_reload()
      IMPORT: slz: use the generic function for the last bytes of the crc32
      IMPORT: slz: do not produce the crc32_fast table when CRC is natively 
      BUILD: makefile: add a few popular ARMv8 CPU targets
      CLEANUP: stick-table: remove a leftover of an old keyword declaration
      BUG/MINOR: stats: fix lastchk metric that got accidently lost
      EXAMPLES: add a "basic-config-edge" example config
      EXAMPLES: add a trivial config for quick testing
      MINOR: activity/cli: optionally support sorting by address on "show 
      DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in 
      BUG/MINOR: lua/vars: prevent get_var() from allocating a new name
      BUG/MAJOR: config: properly initialize cpu_map.thread[] up to MAX_THREADS
      BUILD: config: avoid a build warning on numa_detect_topology() without 
      DOC: update min requirements in INSTALL
      IMPORT: slz: use inttypes.h instead of stdint.h
      BUILD: sample: use strtoll() instead of atoll()
      MINOR: version: mention that it's LTS now.

varnav (1):
      DOC: management: Correct example reload command in the document


Reply via email to