Hi, HAProxy 2.4.2 was released on 2021/07/07. It added 35 new commits after version 2.4.1.
The main purpose of this release is to fix a possible deadlock introduced into the previous release when the maxconn of a server was changed via an agent-check. In this case, the server lock was held twice leading to a deadlock, the first time in the agent-check itself, the second time in the agent response parsing when the maxconn setting was changed. Note the 2.3.10 is also affected by this bug and a new release will be emitted with the fix very soon. Some bugs in the resolvers were also fixed. First one was a possible ABBA deadlock when the server's FQDN was set from the CLI socket. In this case, the server lock was held before the resolver lock while the opposite is done when a resolution is performed. It is a quite old bug only discovered recently by chance. In addition, to avoid any ambiguities, it is now forbidden to set server's FQDN on the CLI if SRV resolution is enabled for the server. Second bug is about the SRV resolution when the server state was loaded from a file. In this case, it was possible to never renew the server information loaded during startup if the DNS server no longer announced the corresponding SRV record. To work around this bug, a task is attached to servers relying on SRV resolution to purge outdated information, if any. Two regressions of the 2.4.1 were also fixed. First, the first server of a template based on a SRV resolution was not resolved anymore. The same bug existed for single servers relying on SRV resolution. Second, a server might be ignored during resolution if its IP was set by the libc during startup. Finally, information about SRV resolution found in a server state file are now ignored if the corresponding server is no longer configured to rely on the same SRV resolution. Willy fixed a bug in the sock part leading to high CPU usage because some early connection failures might be missed if a connect() reported an error directly via the poller without ever reporting send readiness. It is an old bug revealed by recent changes. Amaury implemented the scheme-based URI normalization as described in rfc3986 6.3.2. It means the port of an URI is removed if it is a default port according to the URI scheme (80/http and 443/https). On HTTP/1, the normalization is only performed on requests using an absolute-form target URI. On HTTP/2, It is performed on requests with a scheme and an authority. It is the most common case, except CONNECT. This change will be notably useful to not confuse users who are accustomed to use the host for routing without specifying default ports. This problem was recently encountered with Firefox which specify the 443 default port for HTTP/2 WebSocket Extended CONNECT. Some may have noticed the support of "set-src" adn "set-sr-port" actions for "tcp-request content" rules was first added then reverted. While this support must be added, it should be delayed to fix a design problem by setting client source address from the L7 layer. This problem already exists because these actions are supported by "http-request" rules (See #90 on github for details). So instead of adding more confusion, we have chosen to wait a bit and delayed the feature. Other commits are regular bug fixes and cleanups, mainly: * The MQTT parser was fixed to properly handle large client ID or empty one in CONNECT message. * Tim fixed a bug in the cache to properly handle empty 'accept-encoding' header. * The "show fd" command output was fixed to displayed the server name as <proxy>/<server> instead of the reverse. * The configuration manual was fixed to add missing documentation of some keywords and to refresh "mysql-check" description. As said at the beginning of this announce, a new 2.3 release will be emitted very soon. We are really annoyed to have delayed so much this release. The same is true for the last 2.2 and 2.0 releases. For these versions, we will try to emit new releases the next week. Thanks everyone for your help and your contributions! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.4/src/ Git repository : http://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Amaury Denoyelle (7): BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check REGTESTS: fix maxconn update with agent-check MINOR: http: implement http_get_scheme MEDIUM: http: implement scheme-based normalization MEDIUM: h1-htx: apply scheme-based normalization on h1 requests MEDIUM: h2: apply scheme-based normalization on h2 requests REGTESTS: add http scheme-based normalization test Christopher Faulet (19): BUG/MINOR: server-state: load SRV resolution only if params match the config BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI MINOR: resolvers: Clean server in a dedicated function when removing a SRV item MINOR: resolvers: Remove server from named_servers tree when removing a SRV item BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() BUG/MINOR: server/cli: Fix locking in function processing "set server" command MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules DOC: config: Add missing actions in "tcp-request session" documentation CLEANUP: dns: Remove a forgotten debug message BUG/MINOR: resolvers: Always attach server on matching record on resolution BUG/MINOR: resolvers: Reset server IP when no ip is found in the response MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules BUG/MINOR: mqtt: Fix parser for string with more than 127 characters BUG/MINOR: mqtt: Support empty client ID in CONNECT message BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" Daniel Black (1): DOC: config: use CREATE USER for mysql-check David Carlier (1): BUILD: Makefile: fix linkage for Haiku. Dirkjan Bussink (1): BUG/MINOR: checks: return correct error code for srv_parse_agent_check Emeric Brun (3): BUG/MINOR: stick-table: fix several printf sign errors dumping tables BUG/MINOR: peers: fix data_type bit computation more than 32 data_types DOC: stick-table: add missing documentation about gpt0 stored type Tim Duesterhus (1): BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header Willy Tarreau (2): BUG/MEDIUM: sock: make sure to never miss early connection failures BUG/MINOR: cli: fix server name output in "show fd" -- Christopher Faulet