Hi, HAProxy 2.0.26 was released on 2021/12/03. It added 68 new commits after version 2.0.25.
This version contains a lot of bug fixes. One of the main area to benefit from them is the muxers and streams infrastructure. Adjustments were made to prevent rare occurences of blocked transfer, improper connection closing or premature abort. Even though most users won't notice the difference, this is obviously a critical path of the haproxy architecture, that's why it's always important to upgrade to the latest stable in your branch. Resolvers is another section which receive improvement. Race conditions were fixed and the code should be more reliable. Sadly, the current architecture has shown its limits and won't perform in the most optimal way. For users with an important usage of resolvers, do not hesitate to have a look at the 2.5 which have breaking changes and big progress on performance. In the SSL area, resumption on the backend side was not functional with SNI on TLS1.3. This is now fixed. Also, the error reporting has been improved and will now return a proper description if a failure occurs with strict-sni. A very subtle bug was fixed in the LUA code for the sleep() function. Most of the time, it will run fine. However, due to an erroneous time comparison, there is a risk to freeze the entire haproxy process when using it. However, this is extremly rare as this can occurs only when the time is wrapping, which happens during 1ms every 49 days. The "block" statement in the proxy configuration was broken since the previous release due to an incorrect refactoring and has been now restored. Note however that this keyword is deprecated and users are encourage to use an alternative like the "http-request deny" rule. Some cleanups were made for samples. In some fetches such as strcmp or secure_memcmp, variables of the improper type could cause a crash. Now a check has been added to properly handle this case. Thanks to everyone for this release. Enjoy ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Amaury Denoyelle (1): BUG/MINOR: server: allow 'enable health' only if check configured Christopher Faulet (31): BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached Revert "REGTESTS: mark http_abortonclose as broken" BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input BUG/MINOR: stream: Don't release a stream if FLT_END is still registered BUG/MEDIUM: http-ana: Reset channels analysers when returning an error BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set BUG/MINOR: filters: Set right FLT_END analyser depending on channel BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration DOC: config: Fix alphabetical order of fc_* samples MINOR: stream: Improve dump of bogus streams BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check MINOR: htx: Add an HTX flag to know when a message is fragmented MINOR: htx: Add a function to know if the free space wraps BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value DOC: config: Fix typo in ssl_fc_unique_id description BUG/MINOR: http-ana: Apply stop to the current section for http-response rules BUG/MEDIUM: conn-stream: Don't reset CS flags on close BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value BUG/MINOR: stick-table/cli: Check for invalid ipv6 key CLEANUP: ssl: Release cached SSL sessions on deinit Dragan Dosen (2): BUG/MEDIUM: http: check for a channel pending data before waiting BUG/MINOR: stats: fix the POST requests processing in legacy mode Emeric Brun (1): DOC: peers: fix doc "enable" statement on "peers" sections Olivier Houchard (1): MEDIUM: actions: Fix block ACL. Remi Tricot-Le Breton (1): BUG/MINOR: http: Authorization value can have multiple spaces after the scheme William Lallemand (4): BUG/MINOR: systemd: ExecStartPre must use -Ws BUG/MINOR: mworker: doesn't launch the program postparser BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found Willy Tarreau (27): BUG/MINOR: compat: make sure __WORDSIZE is always defined BUG/MINOR: cli/payload: do not search for args inside payload BUG/MEDIUM: lua: fix wakeup condition from sleep() BUG/MAJOR: lua: use task_wakeup() to properly run a task once CLEANUP: sample: rename sample_conv_var2smp() to *_sint CLEANUP: sample: uninline sample_conv_var2smp_str() MINOR: sample: provide a generic var-to-sample conversion function BUG/MEDIUM: sample: properly verify that variables cast to sample MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero BUG/MEDIUM: resolver: make sure to always use the correct hostname length BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix BUG/MEDIUM: resolvers: use correct storage for the target address MINOR: resolvers: merge address and target into a union "data" BUILD: resolvers: avoid a possible warning on null-deref BUG/MEDIUM: resolvers: always check a valid item in query_list BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() CLEANUP: always initialize the answer_list CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close MINOR: mux-h2: perform a full cycle shutdown+drain on close BUG/MEDIUM: mux-h2: always process a pending shut read BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found BUG/MINOR: shctx: do not look for available blocks when the first one is enough -- Amaury Denoyelle