Hi, HAProxy 2.5-dev2 was released on 2021/07/17. It added 54 new commits after version 2.5-dev1.
As expected, in part due to the holiday period, and in other part due to the time spent backporting fixes to other branches, the activity calmed down a little bit over the last two weeks. But there are still interesting improvements that make it worth emitting a new release, and a few minor bugs. - the "set-mark" action is now supported on OpenBSD, testers are welcome. - a boot time check was added for overzealous compiler optimizations that result in broken code and that are triggered by forced CFLAGS when applied to modern compilers. If the error triggers, there's no way around it as it proves you were running invalid code with subtle bugs, you'll have to fix your build scripts. I don't think we'll get many complaints otherwise we'd have more bug reports. But as we have the ability to detect classes of bugs very early before they hit users, we have to do it. I'm going to backport this to stable branches for the same reasons. - absolute HTTP requests in HTTP/1, as well as standard H2 requests will now have their port stripped according to the scheme-based normalization rules defined in RFC3986. I.e. any ":80" when the scheme is "http" and any ":443" when the scheme is "https" will be stripped both from the URI and the Host field. This will work around recent issues from some browsers that were accidentally emitting ":443" in the H2 websocket requests, and will increase the reliability of ACLs relying on the Host header field. Note that origin requests are not affected as there is no reliable way to guess their scheme (we might possibly do that in the future if we add a keyword on bind lines to enforce/ignore SSL). - a new global directive "h2-workaround-bogus-websocket-clients" was added to disable the RFC8441 extension in case new browsers choke on it. Till now the only option around it was to completely disable H2, which is not cool. Here setting this directive will be enough to prevent haproxy from advertising support for the extended H2 CONNECT and make browsers use a separate HTTP/1 connection for WebSocket. - the stick-tables now support arrays of GPC counters and GPT tags. Some users needed to store multiple variables for a single key and were reaching the limits of the stick-counters (not to mention the waste of memory caused by tracking so many tables). Now the arrays are arbitrarily limited to 100 indexes, that should be plenty for everyone. Better not set them too large, as each update will cause a resync of the whole table line over the peers protocol! - the dynamic servers now support the "track" keyword. This means that as long as you already have a reference server that's being checked, it becomes possible to add dynamic servers that will still be checked (not yet individually but that's getting closer). - the stats page now displays disabled proxies for which there are still active connections. Historically the stats page would not display stopped proxies because they were the ones that were marked "disabled" in the config. And since when this was done, keep-alive was not yet supported, it was particularly hard to get a stats page display proxies in the stopping state. Now it's much more common and it's particularly troubling to see all proxies gone. An even better long-term option would be to have distinct states for stopped and disabled, but it didn't look as it would work out of the box, though that may still be reconsidered. - the ".if/.elif/.endif" conditions in the config file now support expressions with AND, OR, NOT and parenthesis. This is also supported on the command-line "-cc" argument, and we could soon think about refining some of the regtests to more accurately detect if they can run or not. For example their profile (slow/broken/etc) could appear as environment variables and be tested there with the rest. - the TCP actions "set-src/set-dst" etc that were added in 2.5-dev1 were temporarily reverted. The reason is that the whole storage model is wrong and already causing confusion in some cases with existing HTTP setups, so we'd rather not add more trouble there yet and we need to fix the storage before reintroducing them (i.e. a set of addresses is needed at various levels and we must stop hijacking the connection's). Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.5/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Amaury Denoyelle (17): MINOR: http: implement http_get_scheme MEDIUM: http: implement scheme-based normalization MEDIUM: h1-htx: apply scheme-based normalization on h1 requests MEDIUM: h2: apply scheme-based normalization on h2 requests REGTESTS: add http scheme-based normalization test BUILD: http_htx: fix ci compilation error with isdigit for Windows MINOR: http: implement http uri parser MINOR: http: use http uri parser for scheme MINOR: http: use http uri parser for authority REORG: http_ana: split conditions for monitor-uri in wait for request MINOR: http: use http uri parser for path BUG/MEDIUM: http_ana: fix crash for http_proxy mode during uri rewrite MINOR: mux_h2: define config to disable h2 websocket support MINOR: srv: extract tracking server config function MINOR: srv: do not allow to track a dynamic server MEDIUM: server: support track keyword for dynamic servers REGTESTS: test track support for dynamic servers Christopher Faulet (1): Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" Daniel Black (1): DOC: config: use CREATE USER for mysql-check David Carlier (1): BUILD/MEDIUM: tcp: set-mark support for OpenBSD Emeric Brun (10): BUG/MINOR: stick-table: fix several printf sign errors dumping tables BUG/MINOR: peers: fix data_type bit computation more than 32 data_types MINOR: stick-table: make skttable_data_cast to use only std types MEDIUM: stick-table: handle arrays of standard types into stick-tables MEDIUM: peers: handle arrays of std types in peers protocol DOC: stick-table: add missing documentation about gpt0 stored type MEDIUM: stick-table: add the new array of gpt data_type MEDIUM: stick-table: make the use of 'gpt' excluding the use of 'gpt0' MEDIUM: stick-table: add the new arrays of gpc and gpc_rate MEDIUM: stick-table: make the use of 'gpc' excluding the use of 'gpc0/1'' Marno Krahmer (1): MEDIUM: stats: include disabled proxies that hold active sessions to stats Remi Tricot-Le Breton (1): BUG/MINOR: ssl: Default-server configuration ignored by server Willy Tarreau (22): BUG/MEDIUM: sock: make sure to never miss early connection failures BUG/MINOR: cli: fix server name output in "show fd" BUILD: stick-table: shut up invalid "uninitialized" warning in gcc 8.3 CLEANUP: applet: remove unused thread_mask BUILD: add detection of missing important CFLAGS BUILD: lua: silence a build warning with TCC MINOR: init: verify that there is a single word on "-cc" MINOR: init: make -cc support environment variables expansion MINOR: arg: add a free_args() function to free an args array CLEANUP: config: use free_args() to release args array in cfg_eval_condition() CLEANUP: hlua: use free_args() to release args arrays REORG: config: move the condition preprocessing code to its own file MINOR: cfgcond: start to split the condition parser to introduce terms MEDIUM: cfgcond: report invalid trailing chars after expressions MINOR: cfgcond: remerge all arguments into a single line MINOR: cfgcond: support negating conditional expressions MINOR: cfgcond: make the conditional term parser automatically allocate nodes MINOR: cfgcond: insert an expression between the condition and the term MINOR: cfgcond: support terms made of parenthesis around expressions REGTEST: make check_condition.vtc fail as soon as possible REGTESTS: add more complex check conditions to check_conditions.vtc BUG/MEDIUM: init: restore behavior of command-line "-m" for memory limitation ---