Hi, HAProxy 2.4.21 was released on 2023/01/27. It added 43 new commits after version 2.4.20.
As for the 2.6.8 and the 2.5.11, this release includes the fix about the "set-uri" HTTP action. This fix was delayed for the 2.4.20. It is now shipped with the 2.4.21. The behavior of this action is no longer the same. This action is been bogus for a while and was not working as documented, and used to make HTTP/1 and HTTP/2 produce different outputs. The URI is now sent to H1 server exactly as set by the action. Otherwise, for other fixes: About the H2: * Interim responses that carry the end-of-stream flag are now rejected as invalid while it was handled as a full response. The consequences of this issue are uncertain in 2.4 and newer, but on 2.2 and older it could trigger a BUG_ON() condition and cause a panic. About the FCGI * The path-info subexpression was not properly handled due to an inverted condition. * A major fix regarding uninitialized bytes in the FCGI mux was backported. It one could have leak sensitive data to the backends before the fix. About listeners: * Multiple races were found and addressed related to closed FDs (mostly happening on reload, sometimes on resuming after an aborted reload) About HTTP rules: * Make sure that the logged status matches the reported status even upon errors and also after http-after-response * There was a parsing error reported for responses carrying a websocket header when the status was not 101. About the Master-Worker: * When trying to upgrade from a previous version with a reload instead of a restart, a bug in the master-worker was preventing to reload and was stopping the whole process. About other fixes: * A fix for a buffer realignment bug introduced in 1.9 was fixed. It's uncertain whether it was possible to trigger it or not, but it could possibly have been responsible for some rare unexplained corruptions. * The haproxy_backend_agg_check_status metric for the Prometheus exporter was backported. * A scheduling issue in the resolvers was preventing the resolution during runtime. Thanks everyone for you help and your contributions ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.4/src/ Git repository : https://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git Changelog : https://www.haproxy.org/download/2.4/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Aurelien DARRAGON (3): REGTEST: fix the race conditions in json_query.vtc REGTEST: fix the race conditions in digest.vtc REGTEST: fix the race conditions in hmac.vtc Cedric Paillet (2): BUG/MINOR: promex: create haproxy_backend_agg_server_status MINOR: promex: introduce haproxy_backend_agg_check_status Christopher Faulet (15): BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action BUG/MEDIIM: stconn: Flush output data before forwarding close to write side BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure DOC: promex: Add missing backend metrics REGTESTS: fix the race conditions in iff.vtc BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action BUG/MINOR: promex: Don't forget to consume the request on error BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state Daniel Corbett (1): DOC: config: fix "Address formats" chapter syntax Manu Nicolas (1): CLEANUP: htx: fix a typo in an error message of http_str_to_htx Paul Barnetta (1): BUG/MINOR: mux-fcgi: Correctly set pathinfo Remi Tricot-Le Breton (4): BUG/MEDIUM: ssl: Verify error codes can exceed 63 BUG/MINOR: ssl: Fix potential overflow BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain BUG/MINOR: http: Memory leak of http redirect rules' format string William Lallemand (4): CI: github: change "ubuntu-latest" to "ubuntu-20.04" BUILD: peers: peers-t.h depends on stick-table-t.h BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers REGTESTS: startup: check maxconn computation Willy Tarreau (10): BUILD: makefile: build the features list dynamically BUILD: makefile: sort the features list BUG/MINOR: http-ana: make set-status also update txn->status BUG/MINOR: listeners: fix suspend/resume of inherited FDs DOC: config: fix wrong section number for "protocol prefixes" DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" BUG/MINOR: listener: close tiny race between resume_listener() and stopping BUG/MINOR: mux-h2: add missing traces on failed headers decoding BUILD: hpack: include global.h for the trash that is needed in debug mode BUG/MINOR: sink: free the forwarding task on exit Youfu Zhang (1): BUG/MAJOR: fcgi: Fix uninitialized reserved bytes scientiamobile (1): LICENSE: wurfl: clarify the dummy library license. -- Christopher Faulet