HAProxy 2.2.29 was released on 2023/02/14. It added 10 new commits
after version 2.2.28.

The main reason for this release today is the availability of a fix for the
vulnerability explained in the other thread (CVE-2023-25725).

In addition, this version addresses the following issues:

  - a regression from a previous fix that caused some server-side
    connection not to expire if some unsent data are blocked in the
    request channel.

  - a 13-years old issue with the expiration of old entries in stick-
    tables that slows down eviction at every timer period rollover
    (49.7 days), making the table size and memory usage grow for a
    while until all of them were either refreshed or expired. I'm
    still puzzled that 3 users apparently noticed it at the same time
    around last rollover on Jan 30th.

  - a bug in the SSL cache eviction that affected WolfSSL was fixed, but
    it's unclear if it could affect other libs (openssl was apparently not
    due to fixed-size records)

  - a warning will be emitted when a crt-list line is malformed.

  - minor doc fixes

The changes are intentionally limited so that all users of 2.2.28 and older
can update without taking risks.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : 
   Git repository   : 
   Git Web browsing : 
   Changelog        : 
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Aleksey Ponomaryov (1):
      BUG/MEDIUM: stick-table: do not leave entries in end of window during 

Aurelien DARRAGON (2):
      DOC: config: fix option spop-check proxy compatibility
      DOC: config: 'http-send-name-header' option may be used in default section

Christopher Faulet (1):
      BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first

William Lallemand (3):
      BUG/MEDIUM: ssl: wrong eviction from the session cache tree
      BUG/MINOR: ssl/crt-list: warn when a line is malformated
      CI: github: don't warn on deprecated openssl functions on windows

Willy Tarreau (3):
      BUG/MEDIUM: cache: use the correct time reference when comparing dates
      DOC: proxy-protocol: fix wrong byte in provided example
      BUG/CRITICAL: http: properly reject empty http header field names


Reply via email to