Hi, HAProxy 2.2.32 was released on 2023/12/18. It added 51 new commits after version 2.2.31.
This release flushes the pipe of pending fixes: On H2 side, a possible crash was fixed when processing a response containing a DATA frame after an 1xx response (or more generally before final headers). When a congested H2 connection is shut done, we now take care to wait to send the final empty DATA frame with the ES flag, if necessary, instead of sending a RST_STREAM. H2 streams waiting in the send_list or the fctl_list are now properly woken up, improving performance on constraint environments. Finally, the stream ID is now committed even if the stream is rejected. Related to H1 but at the applicative level, the abortonclose option handling was fixed. It was not properly handled when set on the backend only. It was only usable on defaults section. Finally, an issue in the H1 chunked payload parsing was fixed by Chris Staite. The takeover mechanism, used by H1, H2 and FCGI multiplexers, to allow thread migration of idle connections on server side, was fixed. In case of memory allocation failure, the connection was released synchronously, which was unexpected. Now, allocations are performed first. Thus on error, the migration is just cancelled and the connection remains untouched. The "word" converter was fixed to properly work with "-m found" operator. A possible crash in fcgi with stderr records due to a zero-copy operation that should not be allowed in this case. Streamers detection, used to perform SSL sends bigger than tune.ssl.maxrecord, was no longer working for HTX streams. Matching of action's arguments was not working as expected because the parser stopped on the first match instead of looking for the longest matching name. With TLSv1.3, the certificate selection favored RSA certificated over ECDSA when both were available for a domain while it should be the opposite. sc-set-gpt0 actions is now allowed from tcp-request connection. According to the documentation, this was supposed to be supported. Thanks everyone for your help and your contributions ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.2/src/ Git repository : https://git.haproxy.org/git/haproxy-2.2.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.2.git Changelog : https://www.haproxy.org/download/2.2/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Aurelien DARRAGON (12): BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection DOC: lua: fix core.register_action typo BUG/MINOR: hlua/action: incorrect message on E_YIELD error BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() MINOR: pattern: fix pat_{parse,match}_ip() function comments BUG/MINOR: hlua: fix invalid use of lua_pop on error paths BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage BUG/MINOR: stktable: missing free in parse_stick_table() BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure BUG/MINOR: stick-table/cli: Check for invalid ipv4 key DOC: config: specify supported sections for "max-session-srv-conns" DOC: config: add matrix entry for "max-session-srv-conns" Christopher Faulet (17): BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up MINOR: connection: Add a CTL flag to notify mux it should wait for reads again MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only REGTESTS: http: Improve script testing abortonclose option BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented MINOR: htx: Use a macro for overhead induced by HTX MINOR: channel: Add functions to get info on buffers and deal with HTX streams BUG/MINOR: stconn: Fix streamer detection for HTX streams BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer Eugene Dorfman (1): DOC: 51d: updated 51Degrees repo URL for v3.2.10 Frédéric Lécaille (1): MINOR: buf: Add b_force_xfer() function Tim Duesterhus (4): CI: Update to actions/checkout@v4 REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter BUG/MINOR: sample: Make the `word` converter compatible with `-m found` DOC: Clarify the differences between field() and word() William Lallemand (5): BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA BUG/MEDIUM: ssl: segfault when cipher is NULL DOC: management: -q is quiet all the time BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly Willy Tarreau (11): SCRIPTS: git-show-backports: automatic ref and base detection with -m BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API BUG/MEDIUM: actions: always apply a longest match on prefix lookup BUG/MINOR: mux-h2: commit the current stream ID even on reject DOC: config: use the word 'backend' instead of 'proxy' in 'track' description BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() REGTESTS: http: add a test to validate chunked responses delivery BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( -- Christopher Faulet