Hi, HAProxy 2.4.15 was released on 2022/03/14. It added 26 new commits after version 2.4.14.
This one contains more or less the same fixes than the 2.5.5, except 2.5-specific ones : * An issue in the pass-through multiplexer leading to a connection leak on the server side when timeout occurred during the connection establishment. In this case, the server connection was detached from the application stream but not closed. At this stage the connection could only be closed by the server, if it was finally accepted, or by the kernel, after all SYN retries. All versions as far as 2.3 are affected by this bug. * An issue in the master CLI. When a command was sent to a worker, the errors, especially write errors, during the response processing were not properly handled. The session could remain stuck if a client quickly closed the connection before the response was fully sent. The maxconn value of the master CLI is set 10. Thus, it could quickly be unresponsive if this happened several times. * A possible null deref in the htx_xfer_blks() function, when headers or trailers were partially transferred. Concretely, it was only possible when H2 trailers were copied from the mux to the channel buffer. * An issue with all HTX applets. The end of a message was only reported at the HTX level. The channel's flags were not updated accordingly. The only known visible effect of this bug was some server aborts erroneously reported in the stats counters. * A theoretical risk of memleak in session_accept_fd() because of a wrong goto label on the error path. * An alignment issue with pool_head structure. * Proxy mode (tcp, http, cli...) is not properly reported when displayed. Missing "syslog" and "peers" mode can now be reported. * "no-memory-trimming" global option was added to disable call to malloc_trim(). Some users with very large numbers of connections have been facing extremely long malloc_trim() calls on reload that managed to trigger the watchdog! That's a bit counter-productive. It's even possible that some implementations are not perfectly reliable or that their trimming time grows quadratically with the memory used. With this option, it is possible to disable this mechanism. * The anti-loop protection in process_stream() was improved to only count the no-progress calls. Thanks everyone for your help and your contributions! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.4/src/ Git repository : http://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Christian Ruppert (1): DOC: Fix usage/examples of deprecated ACLs Christopher Faulet (12): BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() REGTESTS: fix the race conditions in normalize_uri.vtc REGTESTS: fix the race conditions in secure_memcmp.vtc BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request DEBUG: cache: Update underlying buffer when loading HTX message in cache applet BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing DEBUG: stream: Add the missing descriptions for stream trace events DEBUG: stream: Fix stream trace message to print response buffer state BUG/MAJOR: mux-pt: Always destroy the backend connection on detach Ilya Shipitsin (3): CI: github actions: add OpenTracing builds CI: github actions: use cache for OpenTracing CI: github actions: use cache for SSL libs William Lallemand (2): BUG/MINOR: add missing modes in proxy_mode_str() BUG/MINOR: cli: shows correct mode in "show sess" Willy Tarreau (8): CI: github actions: add the output of $CC -dM -E- BUG/MINOR: pool: always align pool_heads to 64 bytes BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed MINOR: pools: add a new global option "no-memory-trimming" BUILD: pools: fix backport of no-memory-trimming on non-linux OS BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() BUG/MINOR: stream: make the call_rate only count the no-progress calls BUILD: tree-wide: mark a few numeric constants as explicitly long long -- Christopher Faulet