HAProxy 2.5.0 was released on 2021/11/23. It added 9 new commits after
version 2.5-dev15, fixing minor last-minute details (bind warnings
that turned to errors, and an incorrect free in the backend SSL cache).

We were slightly delayed compared to my initial expectations (~1-2 weeks),
but nothing to be ashamed of at all, as it allowed to nail down several
issues that were affecting older releases, and to improve the doc, so
that's not wasted time.

I must confess that I've had a hard time enumerating just a few changes
in this version, as the spectrum is quite broad and the amoung of changes
varies a lot between areas. Thus I'll focus on those that seem relevant,
keeping the deeply technical stuff synthetic, and sorry for those who do
not see their work cited here, it doesn't mean it's not interesting, just
that it doesn't come to my mind before the other ones:

  - more dynamic servers. Now virtually any setting can be changed at
    run time, and servers may even be deleted.

  - The native HTTP client got merged. It currently offers an ease of
    use from Lua, but will also open the way to native interaction with
    external services.

  - speaking of Lua, it's now possible to implement content filters in
    Lua to inspect or modify contents passing through haproxy. This is
    currently experiemntal.

  - Stick-tables now allow to store and replicate arrays of general
    purpose tags and counters

  - SSL saw a lot of improvements, by CA/CRL now updatable at runtime,
    much better error reporting and logging, OCSP status now readable
    from the CLI, a new httpslog option, and OpenSSL 3.0.0 being
    supported. SSL client fingerprinting using the JA3 de-facto
    standard is also supported.

  - JWT token validation helps integrate with environments requiring

  - QUIC is born. Like a baby, it doesn't walk yet but it's possible to
    interact with it and it will respond. There's still quite some work
    to do before it can be deployed but I have good hopes that for 2.6
    it will be mature enough and the SSL library issues will be resolved
    either by the OpenSSL team listening to their users or by distros
    finally adopting a fork.

  - the master process now always switches to wait mode to release its
    memory. That counts quite a lot for those dealing with extremely
    large configs, maps or ACLs.

  - huge performance improvements in some areas (HTTP/1 chunking *8,
    queues *2, DNS N->log(N), threads:2-5%)

  - the frontend mode (TCP/HTTP) can now be switched on the fly per
    session, so that HTTP rules are applied to TCP connections once
    validated as HTTP.

  - defaults sections now support TCP and HTTP rulesets, that
    frontends and backends will use prior to theirs. This allows one
    to standardize some configuration for similar applications and place
    common rules there.

  - stats of stopping proxies are now available in a stopping process
    for as long as the process is reachable (e.g. master->worker).

  - generally speaking, a number of usability improvements (error
    reporting, new converters and sample fetch functions, improved
    details in CLI's output etc).

I hope you'll enjoy it and will provide useful feedback. I know that some
of my haproxytech coworkers have been working on an in-depth article to
provide more details on each change. This will likely appear soon on the
blog on https://haproxy.com/blog/ but no rush, I know how hard it is to
emit release notes, it's even harder to write working examples!

As a reminder, this is a stable version which will receive fixes for
around 12 months. Its initially scheduled EOL is 2023-Q1 but it can be
slightly extended depending on adoption and feedback.

2.6-dev0 was also created as a copy of 2.5.0 to mark the beginning of 2.6
which is expected to be released between May and June of 2022, and will
be an LTS release. Haproxy.org was already upgraded to run on it :-)

As an announce message cannot be one without the usual thanks, let me
first turn the projector on our new code contributors in this release,
who I hope will continue to contribute good code and ideas:

  Anubhav, Daniel Black, Jaroslaw Rzeszótko, Jonathon Lacher,
  Kunal Gangakhedkar, Mark Mullan, Marno Krahmer, jenny-cheung,

In addition to them I'm also counting 22 returning contributors, among

  Aleksandar Lazic, Amaury Denoyelle, Björn Jacke, Christopher Faulet,
  David Carlier, Dirkjan Bussink, Dragan Dosen, Emeric Brun,
  Frédéric Lécaille, Ilya Shipitsin, John Roesler, Marcin Deranek,
  Maximilian Mader, Miroslav Zagorac, Olivier Houchard,
  Remi Tricot-Le Breton, Thayne McCombs, Thierry Fournier,
  Tim Düsterhus, William Dauchy, William Lallemand, Willy Tarreau

And that's without mentioning the usual team who devotes a lot of their
time helping users and operating the infrastructure tools behind the
curtains, particularly Lukas Tribus, Tim Düsterhus, Ilya Shipitsin, as
well as all those who provide helpful comments on the list and report

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.5/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.5.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.5.git
   Changelog        : http://www.haproxy.org/download/2.5/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog since 2.5-dev15:
Ilya Shipitsin (3):
      BUILD: SSL: add quictls build to scripts/build-ssl.sh
      BUILD: SSL: add QUICTLS to build matrix
      CLEANUP: assorted typo fixes in the code and comments

Tim Duesterhus (1):
      CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis

William Lallemand (1):
      BUG/MINOR: ssl: free correctly the sni in the backend SSL cache

Willy Tarreau (4):
      BUILD: cli: clear a maybe-unused  warning on some older compilers
      BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
      BUG/MINOR: ssl: make SSL counters atomic
      MINOR: version: mention that it's stable now


Reply via email to