HAProxy 2.4.2 was released on 2021/07/07. It added 35 new commits
after version 2.4.1.

The main purpose of this release is to fix a possible deadlock introduced
into the previous release when the maxconn of a server was changed via an
agent-check. In this case, the server lock was held twice leading to a
deadlock, the first time in the agent-check itself, the second time in the
agent response parsing when the maxconn setting was changed. Note the 2.3.10
is also affected by this bug and a new release will be emitted with the fix
very soon.

Some bugs in the resolvers were also fixed. First one was a possible ABBA
deadlock when the server's FQDN was set from the CLI socket. In this case,
the server lock was held before the resolver lock while the opposite is done
when a resolution is performed. It is a quite old bug only discovered
recently by chance. In addition, to avoid any ambiguities, it is now
forbidden to set server's FQDN on the CLI if SRV resolution is enabled for
the server. Second bug is about the SRV resolution when the server state was
loaded from a file. In this case, it was possible to never renew the server
information loaded during startup if the DNS server no longer announced the
corresponding SRV record. To work around this bug, a task is attached to
servers relying on SRV resolution to purge outdated information, if any. Two
regressions of the 2.4.1 were also fixed. First, the first server of a
template based on a SRV resolution was not resolved anymore. The same bug
existed for single servers relying on SRV resolution. Second, a server might
be ignored during resolution if its IP was set by the libc during
startup. Finally, information about SRV resolution found in a server state
file are now ignored if the corresponding server is no longer configured to
rely on the same SRV resolution.

Willy fixed a bug in the sock part leading to high CPU usage because some
early connection failures might be missed if a connect() reported an error
directly via the poller without ever reporting send readiness. It is an old
bug revealed by recent changes.

Amaury implemented the scheme-based URI normalization as described in
rfc3986 6.3.2. It means the port of an URI is removed if it is a default
port according to the URI scheme (80/http and 443/https). On HTTP/1, the
normalization is only performed on requests using an absolute-form target
URI. On HTTP/2, It is performed on requests with a scheme and an
authority. It is the most common case, except CONNECT. This change will be
notably useful to not confuse users who are accustomed to use the host for
routing without specifying default ports. This problem was recently
encountered with Firefox which specify the 443 default port for HTTP/2
WebSocket Extended CONNECT.

Some may have noticed the support of "set-src" adn "set-sr-port" actions for
"tcp-request content" rules was first added then reverted. While this
support must be added, it should be delayed to fix a design problem by
setting client source address from the L7 layer. This problem already exists
because these actions are supported by "http-request" rules (See #90 on
github for details). So instead of adding more confusion, we have chosen to
wait a bit and delayed the feature.

Other commits are regular bug fixes and cleanups, mainly:

  * The MQTT parser was fixed to properly handle large client ID or empty
    one in CONNECT message.

  * Tim fixed a bug in the cache to properly handle empty 'accept-encoding'

  * The "show fd" command output was fixed to displayed the server name as
    <proxy>/<server> instead of the reverse.

  * The configuration manual was fixed to add missing documentation of some
    keywords and to refresh "mysql-check" description.

As said at the beginning of this announce, a new 2.3 release will be emitted
very soon. We are really annoyed to have delayed so much this release. The
same is true for the last 2.2 and 2.0 releases. For these versions, we will
try to emit new releases the next week.

Thanks everyone for your help and your contributions!

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.4/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.4.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git
   Changelog        : http://www.haproxy.org/download/2.4/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Amaury Denoyelle (7):
      BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
      REGTESTS: fix maxconn update with agent-check
      MINOR: http: implement http_get_scheme
      MEDIUM: http: implement scheme-based normalization
      MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
      MEDIUM: h2: apply scheme-based normalization on h2 requests
      REGTESTS: add http scheme-based normalization test

Christopher Faulet (19):
      BUG/MINOR: server-state: load SRV resolution only if params match the 
      BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is 
      BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
      MINOR: resolvers: Clean server in a dedicated function when removing a 
SRV item
      MINOR: resolvers: Remove server from named_servers tree when removing a 
SRV item
      BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution 
      BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
      BUG/MINOR: server/cli: Fix locking in function processing "set server" 
      MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
      DOC: config: Add missing actions in "tcp-request session" documentation
      CLEANUP: dns: Remove a forgotten debug message
      BUG/MINOR: resolvers: Always attach server on matching record on 
      BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
      MINOR: resolvers: Reset server IP on error in 
      BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
      BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
      BUG/MINOR: mqtt: Support empty client ID in CONNECT message
      BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV 
      Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" 

Daniel Black (1):
      DOC: config: use CREATE USER for mysql-check

David Carlier (1):
      BUILD: Makefile: fix linkage for Haiku.

Dirkjan Bussink (1):
      BUG/MINOR: checks: return correct error code for srv_parse_agent_check

Emeric Brun (3):
      BUG/MINOR: stick-table: fix several printf sign errors dumping tables
      BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
      DOC: stick-table: add missing documentation about gpt0 stored type

Tim Duesterhus (1):
      BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' 

Willy Tarreau (2):
      BUG/MEDIUM: sock: make sure to never miss early connection failures
      BUG/MINOR: cli: fix server name output in "show fd"

Christopher Faulet

Reply via email to