HAProxy 2.5-dev2 was released on 2021/07/17. It added 54 new commits
after version 2.5-dev1.

As expected, in part due to the holiday period, and in other part due to
the time spent backporting fixes to other branches, the activity calmed
down a little bit over the last two weeks. But there are still interesting
improvements that make it worth emitting a new release, and a few minor

- the "set-mark" action is now supported on OpenBSD, testers are welcome.

- a boot time check was added for overzealous compiler optimizations
  that result in broken code and that are triggered by forced CFLAGS
  when applied to modern compilers. If the error triggers, there's no
  way around it as it proves you were running invalid code with subtle
  bugs, you'll have to fix your build scripts. I don't think we'll get
  many complaints otherwise we'd have more bug reports. But as we have
  the ability to detect classes of bugs very early before they hit
  users, we have to do it. I'm going to backport this to stable branches
  for the same reasons.

- absolute HTTP requests in HTTP/1, as well as standard H2 requests will
  now have their port stripped according to the scheme-based normalization
  rules defined in RFC3986. I.e. any ":80" when the scheme is "http" and
  any ":443" when the scheme is "https" will be stripped both from the URI
  and the Host field. This will work around recent issues from some
  browsers that were accidentally emitting ":443" in the H2 websocket
  requests, and will increase the reliability of ACLs relying on the
  Host header field. Note that origin requests are not affected as there
  is no reliable way to guess their scheme (we might possibly do that in
  the future if we add a keyword on bind lines to enforce/ignore SSL).

- a new global directive "h2-workaround-bogus-websocket-clients" was
  added to disable the RFC8441 extension in case new browsers choke on
  it. Till now the only option around it was to completely disable H2,
  which is not cool. Here setting this directive will be enough to
  prevent haproxy from advertising support for the extended H2 CONNECT
  and make browsers use a separate HTTP/1 connection for WebSocket.

- the stick-tables now support arrays of GPC counters and GPT tags. Some
  users needed to store multiple variables for a single key and were
  reaching the limits of the stick-counters (not to mention the waste
  of memory caused by tracking so many tables). Now the arrays are
  arbitrarily limited to 100 indexes, that should be plenty for everyone.
  Better not set them too large, as each update will cause a resync of
  the whole table line over the peers protocol!

- the dynamic servers now support the "track" keyword. This means that
  as long as you already have a reference server that's being checked,
  it becomes possible to add dynamic servers that will still be checked
  (not yet individually but that's getting closer).

- the stats page now displays disabled proxies for which there are still
  active connections. Historically the stats page would not display
  stopped proxies because they were the ones that were marked "disabled"
  in the config. And since when this was done, keep-alive was not yet
  supported, it was particularly hard to get a stats page display proxies
  in the stopping state. Now it's much more common and it's particularly
  troubling to see all proxies gone. An even better long-term option would
  be to have distinct states for stopped and disabled, but it didn't look
  as it would work out of the box, though that may still be reconsidered.

- the ".if/.elif/.endif" conditions in the config file now support
  expressions with AND, OR, NOT and parenthesis. This is also supported
  on the command-line "-cc" argument, and we could soon think about
  refining some of the regtests to more accurately detect if they can
  run or not. For example their profile (slow/broken/etc) could appear
  as environment variables and be tested there with the rest.

- the TCP actions "set-src/set-dst" etc that were added in 2.5-dev1 were
  temporarily reverted. The reason is that the whole storage model is
  wrong and already causing confusion in some cases with existing HTTP
  setups, so we'd rather not add more trouble there yet and we need to
  fix the storage before reintroducing them (i.e. a set of addresses is
  needed at various levels and we must stop hijacking the connection's).

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.5/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/2.5/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Amaury Denoyelle (17):
      MINOR: http: implement http_get_scheme
      MEDIUM: http: implement scheme-based normalization
      MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
      MEDIUM: h2: apply scheme-based normalization on h2 requests
      REGTESTS: add http scheme-based normalization test
      BUILD: http_htx: fix ci compilation error with isdigit for Windows
      MINOR: http: implement http uri parser
      MINOR: http: use http uri parser for scheme
      MINOR: http: use http uri parser for authority
      REORG: http_ana: split conditions for monitor-uri in wait for request
      MINOR: http: use http uri parser for path
      BUG/MEDIUM: http_ana: fix crash for http_proxy mode during uri rewrite
      MINOR: mux_h2: define config to disable h2 websocket support
      MINOR: srv: extract tracking server config function
      MINOR: srv: do not allow to track a dynamic server
      MEDIUM: server: support track keyword for dynamic servers
      REGTESTS: test track support for dynamic servers

Christopher Faulet (1):
      Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request 
content" rules"

Daniel Black (1):
      DOC: config: use CREATE USER for mysql-check

David Carlier (1):
      BUILD/MEDIUM: tcp: set-mark support for OpenBSD

Emeric Brun (10):
      BUG/MINOR: stick-table: fix several printf sign errors dumping tables
      BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
      MINOR: stick-table: make skttable_data_cast to use only std types
      MEDIUM: stick-table: handle arrays of standard types into stick-tables
      MEDIUM: peers: handle arrays of std types in peers protocol
      DOC: stick-table: add missing documentation about gpt0 stored type
      MEDIUM: stick-table: add the new array of gpt data_type
      MEDIUM: stick-table: make the use of 'gpt' excluding the use of 'gpt0'
      MEDIUM: stick-table: add the new arrays of gpc and gpc_rate
      MEDIUM: stick-table: make the use of 'gpc' excluding the use of 'gpc0/1''

Marno Krahmer (1):
      MEDIUM: stats: include disabled proxies that hold active sessions to stats

Remi Tricot-Le Breton (1):
      BUG/MINOR: ssl: Default-server configuration ignored by server

Willy Tarreau (22):
      BUG/MEDIUM: sock: make sure to never miss early connection failures
      BUG/MINOR: cli: fix server name output in "show fd"
      BUILD: stick-table: shut up invalid "uninitialized" warning in gcc 8.3
      CLEANUP: applet: remove unused thread_mask
      BUILD: add detection of missing important CFLAGS
      BUILD: lua: silence a build warning with TCC
      MINOR: init: verify that there is a single word on "-cc"
      MINOR: init: make -cc support environment variables expansion
      MINOR: arg: add a free_args() function to free an args array
      CLEANUP: config: use free_args() to release args array in 
      CLEANUP: hlua: use free_args() to release args arrays
      REORG: config: move the condition preprocessing code to its own file
      MINOR: cfgcond: start to split the condition parser to introduce terms
      MEDIUM: cfgcond: report invalid trailing chars after expressions
      MINOR: cfgcond: remerge all arguments into a single line
      MINOR: cfgcond: support negating conditional expressions
      MINOR: cfgcond: make the conditional term parser automatically allocate 
      MINOR: cfgcond: insert an expression between the condition and the term
      MINOR: cfgcond: support terms made of parenthesis around expressions
      REGTEST: make check_condition.vtc fail as soon as possible
      REGTESTS: add more complex check conditions to check_conditions.vtc
      BUG/MEDIUM: init: restore behavior of command-line "-m" for memory 


Reply via email to