Hi,
HAProxy 2.5-dev5 was released on 2021/08/28. It added 65 new commits
after version 2.5-dev4.
The vacation period remains clearly visible in the flow of incoming
patches. Despite this, this version brings a few new features, among
which:
- William merged the new native HTTP client: the purpose is to ease the
addition of new features that rely on performing HTTP requests to
external hosts. LetsEncrypt and xDS immediately come to mind, but we
could imagine being able to push logs over HTTP in the future, or
using DNS-over-HTTP for example. The Lua's HTTP client (which currently
relies on raw TCP) is being updated to support the native client, which
will allow it to support keep-alive, chunks or even HTTP/2.
- RĂ©mi arranged some SSL sample fetch functions to keep a reference to
the SSL context so that it becomes to log some of the available
connection-level information even in case of handshake error
(previously the connection context would be released before the log
was produced, thus missing some info).
- Amaury extended the dynamic server deletion to any server that is not
referenced by any rule. This seems to complete the dynamic server
changes that allow to add/remove any arbitrary server without having
to reload.
- Marcin's JA3 patchset was finally merged. It provides new sample fetch
functions that ease extraction of TLS records from a client hello,
hash them and put them in a format compatible with the JA3 spec. This
is convenient to perform TLS-based client fingerprinting, for example
to detect spoofed user-agents or to restrict access only to known
valid ones.
- David improved FreeBSD support to match some of the Linux-specific
features (set-dumpable, automatic executable path retrieval, etc).
- the idle time report in "show info" was fixed; it used to report
garbage on too low activity, and to report per-thread idle value
instead of per-process. This will be backported to 2.4 and maybe
further if required.
The rest is the usual lot of bug fixes. I'm still hoping to be able to
merge a few bits on the thread groups soon. I also had a look at the
mess around the variable names indexing, and figured that while it would
be difficult to replace this without the index of names (I mean without
spending all the CPU cycles in malloc/free), there are always reasonably
few variables names in each scope (I mean far less than 4 billion!) and
we could instead always store an xxh64() of the name, which will be
collision-free and will allow us to use pools. I'll have a look at this
soon, this might simplify the code, speed it up, and save memory at the
same time.
There are a few issues in the process of being fixed or tested, so I think
there will be a new set of stable releases in a week or two. Till then
this leaves some time to give 2.5-dev5 a try :-)
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.5/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Amaury Denoyelle (10):
MINOR: server: return the next srv instance on free_server
BUG/MINOR: stats: use refcount to protect dynamic server on dump
MEDIUM: server: extend refcount for all servers
MINOR: server: define non purgeable server flag
MINOR: server: mark referenced servers as non purgeable
MINOR: server: mark servers referenced by LUA script as non purgeable
MEDIUM: server: allow to remove servers at runtime except non purgeable
REGTEST: add missing lua requirements on server removal test
REGTEST: fix haproxy required version for server removal test
BUG/MINOR: resolvers: mark servers with name-resolution as non purgeable
Dragan Dosen (2):
BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
BUG/MINOR: base64: base64urldec() ignores padding in output size check
Ilya Shipitsin (2):
CLEANUP: assorted typo fixes in the code and comments
BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2
Marcin Deranek (5):
MEDIUM: ssl: Capture more info from Client Hello
MINOR: sample: Expose SSL captures using new fetchers
MINOR: sample: Add be2dec converter
MINOR: sample: Add be2hex converter
MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size
Remi Tricot-Le Breton (2):
MEDIUM: ssl: Keep a reference to the client's certificate for use in logs
BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2
Tim Duesterhus (2):
REGTESTS: Use `feature cmd` for 2.5+ tests
REGTESTS: Remove REQUIRE_VERSION=1.5 from all tests
William Lallemand (21):
MINOR: httpclient: initialize the proxy
MINOR: httpclient: implement a simple HTTP Client API
MINOR: httpclient/cli: implement a simple client over the CLI
MINOR: httpclient/cli: change the User-Agent to "HAProxy"
MINOR: server: check if srv is NULL in free_server()
MINOR: proxy: check if p is NULL in free_proxy()
BUG/MINOR: httpclient: fix uninitialized sl variable
BUG/MINOR: httpclient/cli: change the appctx test in the callbacks
BUG/MINOR: httpclient: check if hdr_num is not 0
MINOR: httpclient: cleanup the include files
BUG/MINOR: systemd: ExecStartPre must use -Ws
MINOR: systemd: remove the ExecStartPre line in the unit file
MINOR: ssl: add an openssl version string parser
MINOR: cfgcond: implements openssl_version_atleast and
openssl_version_before
CLEANUP: ssl: remove useless check on p in openssl_version_parser()
BUG/MINOR: httpclient: remove deinit of the httpclient
MINOR: httpclient: set verify none on the https server
MINOR: httpclient: add the server to the proxy
BUG/MINOR: httpclient: fix Host header
BUILD: httpclient: fix build without OpenSSL
BUG/MINOR: proxy: don't dump servers of internal proxies
Willy Tarreau (19):
BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
BUG/MEDIUM: cfgparse: do not allocate IDs to automatic internal proxies
BUG/MINOR: http_client: make sure to preset the proxy's default settings
REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
REGTESTS: abortonclose: after retries, 503 is expected, not close
REGTESTS: server: fix agent-check syntax and expectation
MINOR: hlua: take the global Lua lock inside a global function
BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
CI: github-actions: remove obsolete options
MINOR: compiler: implement an ONLY_ONCE() macro
BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
BUG/MINOR: time: fix idle time computation for long sleeps
MINOR: time: add report_idle() to report process-wide idle time
BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
IMPORT: slz: silence a build warning with -Wundef
BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
[email protected] (2):
MINOR: tools: add FreeBSD support to get_exec_path()
MINOR: proc: setting the process to produce a core dump on FreeBSD.
---
