Hi, HAProxy 2.5.0 was released on 2021/11/23. It added 9 new commits after version 2.5-dev15, fixing minor last-minute details (bind warnings that turned to errors, and an incorrect free in the backend SSL cache).
We were slightly delayed compared to my initial expectations (~1-2 weeks), but nothing to be ashamed of at all, as it allowed to nail down several issues that were affecting older releases, and to improve the doc, so that's not wasted time. I must confess that I've had a hard time enumerating just a few changes in this version, as the spectrum is quite broad and the amoung of changes varies a lot between areas. Thus I'll focus on those that seem relevant, keeping the deeply technical stuff synthetic, and sorry for those who do not see their work cited here, it doesn't mean it's not interesting, just that it doesn't come to my mind before the other ones: - more dynamic servers. Now virtually any setting can be changed at run time, and servers may even be deleted. - The native HTTP client got merged. It currently offers an ease of use from Lua, but will also open the way to native interaction with external services. - speaking of Lua, it's now possible to implement content filters in Lua to inspect or modify contents passing through haproxy. This is currently experiemntal. - Stick-tables now allow to store and replicate arrays of general purpose tags and counters - SSL saw a lot of improvements, by CA/CRL now updatable at runtime, much better error reporting and logging, OCSP status now readable from the CLI, a new httpslog option, and OpenSSL 3.0.0 being supported. SSL client fingerprinting using the JA3 de-facto standard is also supported. - JWT token validation helps integrate with environments requiring authentication. - QUIC is born. Like a baby, it doesn't walk yet but it's possible to interact with it and it will respond. There's still quite some work to do before it can be deployed but I have good hopes that for 2.6 it will be mature enough and the SSL library issues will be resolved either by the OpenSSL team listening to their users or by distros finally adopting a fork. - the master process now always switches to wait mode to release its memory. That counts quite a lot for those dealing with extremely large configs, maps or ACLs. - huge performance improvements in some areas (HTTP/1 chunking *8, queues *2, DNS N->log(N), threads:2-5%) - the frontend mode (TCP/HTTP) can now be switched on the fly per session, so that HTTP rules are applied to TCP connections once validated as HTTP. - defaults sections now support TCP and HTTP rulesets, that frontends and backends will use prior to theirs. This allows one to standardize some configuration for similar applications and place common rules there. - stats of stopping proxies are now available in a stopping process for as long as the process is reachable (e.g. master->worker). - generally speaking, a number of usability improvements (error reporting, new converters and sample fetch functions, improved details in CLI's output etc). I hope you'll enjoy it and will provide useful feedback. I know that some of my haproxytech coworkers have been working on an in-depth article to provide more details on each change. This will likely appear soon on the blog on https://haproxy.com/blog/ but no rush, I know how hard it is to emit release notes, it's even harder to write working examples! As a reminder, this is a stable version which will receive fixes for around 12 months. Its initially scheduled EOL is 2023-Q1 but it can be slightly extended depending on adoption and feedback. 2.6-dev0 was also created as a copy of 2.5.0 to mark the beginning of 2.6 which is expected to be released between May and June of 2022, and will be an LTS release. Haproxy.org was already upgraded to run on it :-) As an announce message cannot be one without the usual thanks, let me first turn the projector on our new code contributors in this release, who I hope will continue to contribute good code and ideas: Anubhav, Daniel Black, Jaroslaw Rzeszótko, Jonathon Lacher, Kunal Gangakhedkar, Mark Mullan, Marno Krahmer, jenny-cheung, vishnu In addition to them I'm also counting 22 returning contributors, among which: Aleksandar Lazic, Amaury Denoyelle, Björn Jacke, Christopher Faulet, David Carlier, Dirkjan Bussink, Dragan Dosen, Emeric Brun, Frédéric Lécaille, Ilya Shipitsin, John Roesler, Marcin Deranek, Maximilian Mader, Miroslav Zagorac, Olivier Houchard, Remi Tricot-Le Breton, Thayne McCombs, Thierry Fournier, Tim Düsterhus, William Dauchy, William Lallemand, Willy Tarreau And that's without mentioning the usual team who devotes a lot of their time helping users and operating the infrastructure tools behind the curtains, particularly Lukas Tribus, Tim Düsterhus, Ilya Shipitsin, as well as all those who provide helpful comments on the list and report bugs. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.5/src/ Git repository : http://git.haproxy.org/git/haproxy-2.5.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.5.git Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog since 2.5-dev15: Ilya Shipitsin (3): BUILD: SSL: add quictls build to scripts/build-ssl.sh BUILD: SSL: add QUICTLS to build matrix CLEANUP: assorted typo fixes in the code and comments Tim Duesterhus (1): CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis William Lallemand (1): BUG/MINOR: ssl: free correctly the sni in the backend SSL cache Willy Tarreau (4): BUILD: cli: clear a maybe-unused warning on some older compilers BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword BUG/MINOR: ssl: make SSL counters atomic MINOR: version: mention that it's stable now ---