HAProxy 2.7.11 was released on 2023/12/07. It added 160 new commits
after version 2.7.10.

Once again, a huge release. This one is more or less equivalent to the
2.8.3, 2.8.4 and 2.8.5, except the wrapper for QUIC over OpenSSL was not
backported to 2.7. More details can be found into 2.8 announcement
messages. I will only quickly sum up main changes here.

About QUIC, an important change is that now QUIC connections are accounted
against maxconn since their allocation. Previously, this was only done once
the handshake succeeded and the MUX layer was allocated. This is important
as it should ensure that haproxy ressources remains under control even
regarding QUIC handshakes. Along this change, QUIC connections are also
accounted in SSL connections which was never the case before.

Another noticeable change concerns connections on CLOSING or DRAINING state.
These states are used when a CONNECTION_CLOSE was sent or received. When
entering it, a connection must cease all transmission, except resending of a
CONNECTION_CLOSE frame. This could be compared in some way to TCP FIN_WAIT.
Before this release, idle timeout was used to kept the connection longer
than necessary. Now, recommandations from RFC 9000 are followed more
strictly and the RTT estimation is used to release the connection earlier.
This should improve haproxy ressources consumption if CONNECTION_CLOSE
frames are exchanged frequently.

Several fixes on QUIC as usual. Some of them related to QUIC Retry
mechanism. Crashes occurrences which could happened under memory exhaustion
and memory leaks under heavy load were prevented. An incompatibility with L4
tcp-rules was fixed. A possible crash was fixed on QUIC connections waiting
to be killed if some retransmissions were still to be processed. The
CONNECTION_CLOSE_APP encoding was fixed (but it is harmless for the
2.7). Malformed ACK frames are now properly ignored. A possible wakeup loop
on client connection closure was also fixed. RTT sampling might be ignored
is some rare cases, when now_ms wraps. It is now fixed. And RTT computation
was also fixed to be more accurate.

On H3 side, the trailers encoding was fixed. It was never working as
intended. And PUSH_PROMISE are now always rejected. It is stated in the RFC
that PUSH_PROMISE are never sent by a client. Thus, it can be rejected in
any case until HTTP/3 will be implemented on the backend side.

On H2 side, a possible crash was fixed when processing a response containing
a DATA frame after an 1xx response (or more generally before final
headers). When a congested H2 connection is shut done, we now take care to
wait to send the final empty DATA frame with the ES flag, if necessary,
instead of sending a RST_STREAM. Handling of http-request and
http-keep-alive timeouts was fixed. H2 streams waiting in the send_list or
the fctl_list are now properly woken up, improving performance on constraint
environments. Finally, the stream ID is now committed even if the stream is

In the H1 multiplexer, handling of http-request and http-keep-alive timeouts
was fixed. A bug prevented sending of 400-bad-request response on
shutdown before the first request was fixed. Some sanitizing was performed
on headers during parsing when Content-Length and Transfer-Encoding headers
were both present. Related to H1 but at the applicative level, the
abortonclose option handling was fixed. It was not properly handled when set
on the backend only. It was only usable on defaults section. Finally, an
issue in the H1 chunked payload parsing was fixed by Chris Staite.

The takeover mechanism, used by H1, H2 and FCGI multiplexers, to allow
thread migration of idle connections on server side, was fixed. In case of
memory allocation failure, the connection was released synchronously, which
was unexpected. Now, allocations are performed first. Thus on error, the
migration is just cancelled and the connection remains untouched.

A race in the Lua co-socket connect code was addressed, by which if it's
interrupted by the Lua scheduler in the middle of the operation, it would
fail and not be able to recover. Now it will be able to reconnect. It is now
possible to mix lua actions loaded from 'lua-load' and 'lua-load-per-thread'
directives within a single http/tcp session.

An annoying issue was met when testing the reverse-http mechanism on the
2.9, by which failed connection attempts would apparently not be attempted
again when there was no connect timeout. It turned out to be more
generalized than the rhttp system, and actually affects all outgoing
connections relying on NPN or ALPN to choose the mux, on which no mux is
installed and for which the subscriber (ssl_sock) must be notified
instead. The issue appeared during 2.2-dev1 development.

Incomplete cache entries when streams are interrupted by the clients are now
properly removed from the cache, instead of waiting their expiration.

The "word" converter was fixed to properly work with "-m found" operator.

The configuration parser was fixed to properly handle lines with an
unmatched environment variables instead of stopping the line parsing.

A memory leak was fixed when parsing a "default-server" directive in
defaults sections.

proxy initialization was fixed to also initialize all default settings. It
is especially useful to prevent crashes for internal proxies, such as sinks
and log forwarders.

A possible case where deleting a server from the CLI was possible if the
server didn't have any streams anymore but was being retried on by one
stream. I.e. that stream still had a reference to it and could possibly end
up on it again after the retry.

We now make sure not to interrupt HTTP responses that are delivered before
requests when the server terminates with a reset. That's particularly
visible in H2 with gRPC.

A possible crash in fcgi with stderr records due to a zero-copy operation
that should not be allowed in this case.

Streamers detection, used to perform SSL sends bigger than
tune.ssl.maxrecord, was no longer working for HTX streams.

The "proto" keyword was not working for dynamic servers.

Matching of action's arguments was not working as expected because the
parser stopped on the first match instead of looking for the longest
matching name.

Some huge pauses were erroneously imposed by the bandwidth limitation filter
because of an overflow on the overshoot computation after a long inactivity

Crashes were possible if an applet was released while it was waiting for a
buffer. It was not properly removed from the list of entities waiting for a
buffer. It only happened if the memory was limited.

On reload, it was possible to exit the master on bind error because
distinction between the master process and children ones was made too
late. Identifying the master process earlier fixed the issue.

It was possible to enter into a deadlock when purging a pattern because
pools were trimmed while the operation was under a lock. Thus during a
clearing of a map, if another thread tried to access or update an entry in
the same map, it had to wait for the pattern lock to be released, while the
pools trimming function was waiting for all threads to be harmless, thus
causing a deadlock. To fix the issue, the pools are now trimmed by the

On peers, it was no longer possible to perform a full resync if the number
of tables exceeded the number of updates allowed at once. The loop
responsible to send updates to other peers was always interrupted after the
end. To fix the issue, restart conditions for a teaching loop were changed.

The method used to decide how many pool entries could be released at once
was buggy. Comparaison between the allocated count and the used count was
inverted. In some cases, this led to very small batches to be released,
increasing the memory consumption. Not really a memory leak however.

@system-ca was not properly loaded because the ca-base directory was still

With TLSv1.3, the certificate selection favored RSA certificated over ECDSA
when both were available for a domain while it should be the opposite.

sc-add-gpc and sc-set-gpt(0) actions are now allowed from tcp-request
connection. According to the documentation, this was supposed to be

The SSL certificates replacement was broken in 2.6 when the ".crt" extension
was handled as a default extension for a certificate. Without
"ssl-load-extra-del-ext" option, the lookup for certificates with a ".crt"
failed. This was fixed by removing ".crt" extension from default ones.

It is now possible to configure the connect timeout and the number of
retries for httpclients. To do so, two new global options were added:
"httpclient.timeout.connect" and "httpclient.retries".

Finally, xxhash was update to version 0.8.2 and some updates was also
performed on plock.

At the end of the month, we will enter in the last quarter before the 2.7
end-of-life. If you are still running a 2.7, you should update to 2.7.11 of
course. But you are also encouraged to evaluate the 2.8, the 2.8.5 was just

Thanks everyone for your help and your contributions !

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.7/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.7.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.7.git
   Changelog        : https://www.haproxy.org/download/2.7/src/CHANGELOG
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Aleksandar Lazic (1):
      DOC: internal: filters: fix reference to entities.pdf

Amaury Denoyelle (23):
      BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing
      BUG/MINOR: mux-quic: remove full demux flag on ncbuf release
      BUG/MINOR: hq-interop: simplify parser requirement
      BUG/MINOR: quic: reject packet with no frame
      BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream
      BUG/MINOR: mux-quic: support initial 0 max-stream-data
      BUG/MINOR: h3: strengthen host/authority header parsing
      BUG/MINOR: mux-quic: fix free on qcs-new fail alloc
      BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash
      BUG/MINOR: quic: do not consider idle timeout on CLOSING state
      BUG/MINOR: ssl: use a thread-safe sslconns increment
      MINOR: frontend: implement a dedicated actconn increment function
      BUG/MINOR: mux-quic: fix early close if unset client timeout
      BUG/MINOR: quic: fix retry token check inconsistency
      MEDIUM: quic: count quic_conn instance for maxconn
      MEDIUM: quic: count quic_conn for global sslconns
      BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure
      BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure
      BUG/MAJOR: quic: complete thread migration before tcp-rules
      BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding
      BUG/MINOR: h3: fix TRAILERS encoding
      BUG/MINOR: h3: always reject PUSH_PROMISE
      BUG/MINOR: quic_tp: fix preferred_address decoding

Aurelien DARRAGON (28):
      BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
      BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
      BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
      DOC: lua: fix core.register_action typo
      BUG/MINOR: hlua/action: incorrect message on E_YIELD error
      MINOR: hlua: add hlua_stream_ctx_prepare helper function
      BUG/MEDIUM: hlua: streams don't support mixing lua-load with 
      BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
      BUG/MINOR: hlua/init: coroutine may not resume itself
      BUG/MINOR: server: add missing free for server->rdr_pfx
      MINOR: pattern: fix pat_{parse,match}_ip() function comments
      BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams
      MINOR: connection: add conn_pr_mode_to_proto_mode() helper func
      BUG/MEDIUM: server: "proto" not working for dynamic servers
      BUG/MINOR: stktable: missing free in parse_stick_table()
      BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure
      BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
      BUG/MINOR: sink: don't learn srv port from srv addr
      MINOR: stktable: add stktable_deinit function
      BUG/MINOR: proxy/stktable: missing frees on proxy cleanup
      DOC: config: fix timeout check inheritance restrictions
      REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY
      DOC: lua: add sticktable class reference from Proxy.stktable
      DOC: lua: fix Proxy.get_mode() output
      BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
      DOC: config: specify supported sections for "max-session-srv-conns"
      DOC: config: add matrix entry for "max-session-srv-conns"
      DOC: config: fix monitor-fail typo

Cedric Paillet (1):
      BUG/MINOR: promex: fix backend_agg_check_status

Chris Staite (1):
      BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer

Christopher Faulet (35):
      BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending 
      BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown
      BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout
      BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR 
      BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before 
      BUG/MEDIUM: http-ana: Try to handle response before handling server abort
      MINOR: hlua: Set context's appctx when the lua socket is created
      MINOR: hlua: Don't preform operations on a not connected socket
      MINOR: hlua: Save the lua socket's timeout in its context
      MINOR: hlua: Save the lua socket's server in its context
      MINOR: hlua: Test the hlua struct first when the lua socket is connecting
      BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only
      BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was 
      BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set
      BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set
      BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first 
      BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending
      BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task
      BUG/MEDIUM: peers: Fix synchro for huge number of tables
      BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check 
      CLEANUP: htx: Properly indent htx_reserve_max_data() function
      BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive 
      BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period
      BUG/MEDIUM: applet: Remove appctx from buffer wait list on release
      BUG/MINOR: stconn: Handle abortonclose if backend connection was already 
set up
      MINOR: connection: Add a CTL flag to notify mux it should wait for reads 
      MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for 
      BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only
      REGTESTS: http: Improve script testing abortonclose option
      BUG/MINOR: http-client: Don't forget to commit changes on HTX message
      BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented
      MINOR: htx: Use a macro for overhead induced by HTX
      MINOR: channel: Add functions to get info on buffers and deal with HTX 
      BUG/MINOR: stconn: Fix streamer detection for HTX streams
      BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer

Emeric Brun (1):
      Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a 

Eugene Dorfman (1):
      DOC: 51d: updated 51Degrees repo URL for v3.2.10

Frédéric Lécaille (17):
      BUG/MINOR: quic: Possible skipped RTT sampling
      BUG/MAJOR: quic: Really ignore malformed ACK frames.
      BUG/MINOR: quic: Wrong RTT adjusments
      BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var)
      BUG/MINOR: quic: Leak of frames to send.
      BUG/MINOR: quic: Wrong cluster secret initialization
      BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos
      BUG/MINOR: quic: idle timer task requeued in the past
      BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack 
ranges tree
      BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets
      BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures
      DOC: quic: Wrong syntax for "quic-cc-algo" keyword.
      BUG/MEDIUM: quic: Possible crash for connections to be killed
      BUG/MINOR: quic: Possible RX packet memory leak under heavy load
      BUG/MINOR: config: Stopped parsing upon unmatched environment variables
      BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load
      BUG/MINOR: quic: Possible leak of TX packets under heavy load

Ilya Shipitsin (3):
      CI: get rid of travis-ci wrapper for Coverity scan
      CI: musl: highlight section if there are coredumps
      CI: musl: drop shopt in workflow invocation

Johannes Naab (1):
      DOC: typo: fix sc-set-gpt references

Remi Tricot-Le Breton (1):
      BUG/MINOR: cache: Remove incomplete entries from the cache when stream is 

Tim Duesterhus (4):
      CI: Update to actions/checkout@v4
      REGTESTS: sample: Test the behavior of consecutive delimiters for the 
field converter
      BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
      DOC: Clarify the differences between field() and word()

William Lallemand (11):
      BUILD: Makefile: add the USE_QUIC option to make help
      BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate
      DOC: configuration: update examples for req.ver
      MINOR: httpclient: allow to configure the retries
      MINOR: httpclient: allow to configure the timeout.connect
      BUG/MINOR: ssl: load correctly @system-ca when ca-base is define
      BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual 
      BUG/MEDIUM: ssl: segfault when cipher is NULL
      DOC: management: -q is quiet all the time
      BUG/MEDIUM: mworker: set the master variable earlier
      BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly

Willy Tarreau (32):
      DEV: flags/show-sess-to-flags: properly decode fd.state
      SCRIPTS: git-show-backports: automatic ref and base detection with -m
      IMPORT: plock: also support inlining the int code
      MINOR: threads: inline the wait function for pthread_rwlock emulation
      MINOR: atomic: make sure to always relax after a failed CAS
      IMPORT: xxhash: update xxHash to version 0.8.2
      BUG/MINOR: ssl_sock: fix possible memory leak on OOM
      BUILD: import: guard plock.h against multiple inclusion
      BUG/MINOR: checks: do not queue/wake a bounced check
      BUILD: bug: make BUG_ON() void to avoid a rare warning
      BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API
      BUG/MEDIUM: actions: always apply a longest match on prefix lookup
      BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed
      BUG/MINOR: mux-h2: make up other blocked streams upon removal from list
      BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again
      BUG/MINOR: trace: fix trace parser error reporting
      BUG/MINOR: mux-h2: commit the current stream ID even on reject
      BUG/MINOR: mux-h2: update tracked counters with req cnt/req err
      DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder
      BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range()
      BUG/MEDIUM: pool: fix releasable pool calculation when overloaded
      DOC: config: use the word 'backend' instead of 'proxy' in 'track' 
      BUG/MEDIUM: connection: report connection errors even when no mux is 
      BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover()
      BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover()
      BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover()
      BUG/MINOR: stream/cli: report correct stream age in "show sess"
      REGTESTS: http: add a test to validate chunked responses delivery
      BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind 
      BUG/MINOR: server: do not leak default-server in defaults sections
      DOC: config: fix missing characters in set-spoe-group action
      BUG/MEDIUM: proxy: always initialize the default settings after init

Christopher Faulet

Reply via email to