HAProxy 2.4.16 was released on 2022/04/29. It added 65 new commits
after version 2.4.15.

This release is pretty similar to the 2.5.6 released early in the
week. Thus, here is a cut-paste of relevant parts:

 * An internal issue leading to truncated messages was fixed. When data were
   mixed with an error report, connection errors could be handled too early
   by the stream-interface. Now connection errors are only considered by the
   stream-interface during the connection establishment. After that, it
   relies on the conn-stream to be notified of any error.

 * An issue in the idle connections management code was fixed. It's
   extremely hard to hit but it could randomly crash the process under high
   contention on the server side due to a missing lock.

 * An issue in the pass-through multiplexer, exposed by the previous fix,
   and that may lead to a loop at 100% CPU was fixed. Connection error was
   not properly reported to the conn-stream on the sending path.

 * An issue with the FCGI multiplexer when the response is compressed was
   fixed. The FCGI application was rewriting the response headers modifying
   HTX flags while the compression filter was doing so by modifying the HTTP
   message flags. Thus some modification performed on a side were not
   detected by the other, leading to produce invalid responses. Now, the
   flags of both structures are systematically updated.

 * An issue with responses to HEAD requests sent to FCGI servers was fixed.
   A "Content-Length: 0" header was erroneously added on the bodyless
   responses while it should not. Indeed, if the expected payload size is
   not specified by the server, HAProxy must not add this header because it
   cannot know it. In addition, still in the FCGI multiplexer, the parsing
   of headers and trailers was fixed to properly handle parsing errors.

 * Two issues in the H1 multiplexer were fixed. First, Connection error was
   reported to early, when there were still pending data for the
   stream. Because of this bug, last pending data could be truncated. Now
   the connection error is reported only if there is no pending data. The
   second issue is a problem about full buffer detection during the trailers
   parsing. Because of this bug, it was possible to block the message
   parsing till the timeout expiration.

 * A design issue with the HTX was fixed. When EOM HTX block was replaced by
   a flag, we tried hard to be sure the flag was always set with the last
   HTX block.  It works pretty well for all messages received from a client
   or a server. But for internal messages, it was not always true,
   especially for messages produced by applets. Some workarounds were found
   to fix this design issue on stable versions. But a more elegant solution
   must be found for the 2.6. Prometheus exporter, the stats applet and lua
   HTTP applets were concerned.

 * Some issues in the H2 multiplexers were fixed. First the GOAWAY frame is
   no longer sent if SETTINGS were not sent. Then, as announced, the
   "timeout http-keep-alive" and "timeout http-request" are now respected
   and work as documented, so that it will finally be possible to force such
   connections to be closed when no request comes even if they're seeing
   control traffic such as PING frames. This can typically happen in some
   server-to-server communications whereby the client application makes use
   of PING frames to make sure the connection is still alive.

 * A crash of HAproxy was fixed. It happened when HAproxy was compiled
   without the PCRE/PCRE2 support if it tried to replace part of the uri
   while the path is invalid or not specified.

 * An issue with url_enc() converter was fixed. It was able to crush HTTP
   headers. It is now fixed.

 * Expired entries were displayed in "show cache" output. These entries are
   now evicted instead of being listed.

 * The server queue management was made way more scalable with threads. Till
   now dequeuing would wake up next pending entry which could run on a
   different thread, resulting in a lot of entries in the shared run queue
   when many threads were running, causing a lot of contention on the
   scheduler's lock, thus slowing down the dequeuing and adding in turn
   contention on the queue's lock, to the point that a few users were seeing
   similar performance with N threads as with a single thread when queues
   were highly solicited. A small change was made both in the scheduler and
   in the dequeuing code to bypass this locking and completely address this

 * Support for MQTT 3.1 was added.

 * An improvement which is not related to the code, with the precious help
   of Tim and Cyril, we could finally set up an automatic generation of the
   HTML documentation. It's performed daily and published on github pages at

Thanks everyone for your help and your contributions!

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Documentation    : http://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.4/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.4.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git
   Changelog        : http://www.haproxy.org/download/2.4/src/CHANGELOG
   Pending bugs     : http://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : http://www.haproxy.org/l/reviewed-bugs
   Code reports     : http://www.haproxy.org/l/code-reports

Complete changelog :
Christopher Faulet (19):
      DOC: config: Explictly add supported MQTT versions
      BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers 
      BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message 
      BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
      BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
      BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP 
      BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
      BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is 
      BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
      BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
      BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
      BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be 
      BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
      BUG/MINOR: cache: Disable cache if applet creation fails
      BUG/MAJOR: connection: Never remove connection from idle lists outside 
the lock
      BUG/MINOR: rules: Fix check_capture() function to use the right rule 
      REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
      CLEANUP: acl: Remove unused variable when releasing an acl expression
      BUILD: opentracing: Fix OT build due to misuse of var_clear()

Dhruv Jain (1):
      MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for 

Ilya Shipitsin (3):
      CI: github actions: switch to LibreSSL-3.5.1
      CI: github actions: update OpenSSL to 3.0.2
      CI: cirrus: switch to FreeBSD-13.0

Lukas Tribus (1):
      DOC: reflect H2 timeout changes

Miroslav Zagorac (8):
      BUG/MINOR: opentracing: setting the return value in function 
      EXAMPLES: opentracing: refined shell scripts for testing filter 
      DOC: opentracing: corrected comments in function descriptions
      CLEANUP: opentracing: removed unused function flt_ot_var_unset()
      CLEANUP: opentracing: removed unused function flt_ot_var_get()
      CLEANUP: opentracing: added flt_ot_smp_init() function
      CLEANUP: opentracing: added variable to store variable length
      DEBUG: opentracing: show return values of all functions in the debug 

Tim Duesterhus (3):
      CI: Update to actions/checkout@v3
      CI: Update to actions/cache@v3
      BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit()

William Lallemand (3):
      BUG/MINOR: tools: fix url2sa return value with IPv4
      BUG/MINOR: server/ssl: free the SNI sample expression
      BUG/MINOR: tools: url2sa reads too far when no port nor path

Willy Tarreau (27):
      BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
      BUG/MEDIUM: trace: avoid race condition when retrieving session from 
      BUG/MEDIUM: stream-int: do not rely on the connection error once 
      MEDIUM: mux-h2: slightly relax timeout management rules
      BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
      BUG/MINOR: samples: add missing context names for sample fetch functions
      BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
      BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
      BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
      BUG/MINOR: cache: do not display expired entries in "show cache"
      BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
      BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
      BUG/MINOR: mux-h2: use timeout http-request as a fallback for 
      BUILD: sched: workaround crazy and dangerous warning in Clang 14
      BUILD: compiler: use a more portable set of asm(".weak") statements
      BUG/MEDIUM: stream: do not abort connection setup too early
      SCRIPTS: announce-release: update the doc's URL
      DOC: lua: update a few doc URLs
      SCRIPTS: announce-release: add shortened links to pending issues
      DOC: remove my name from the config doc
      MINOR: task: add a new task_instant_wakeup() function
      MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
      BUILD: compiler: properly distinguish weak and global symbols
      BUG/MINOR: pools: make sure to also destroy shared pools in 
      BUILD: fd: remove unused variable totlen in fd_write_frag_line()
      BUILD: sockpair: do not set unused flag
      BUILD: proto_uxst: do not set unused flag

Christopher Faulet

Reply via email to