HAProxy 2.2.32 was released on 2023/12/18. It added 51 new commits
after version 2.2.31.

This release flushes the pipe of pending fixes:

On H2 side, a possible crash was fixed when processing a response containing
a DATA frame after an 1xx response (or more generally before final
headers). When a congested H2 connection is shut done, we now take care to
wait to send the final empty DATA frame with the ES flag, if necessary,
instead of sending a RST_STREAM. H2 streams waiting in the send_list or the
fctl_list are now properly woken up, improving performance on constraint
environments. Finally, the stream ID is now committed even if the stream is

Related to H1 but at the applicative level, the abortonclose option handling
was fixed. It was not properly handled when set on the backend only. It was
only usable on defaults section. Finally, an issue in the H1 chunked payload
parsing was fixed by Chris Staite.

The takeover mechanism, used by H1, H2 and FCGI multiplexers, to allow
thread migration of idle connections on server side, was fixed. In case of
memory allocation failure, the connection was released synchronously, which
was unexpected. Now, allocations are performed first. Thus on error, the
migration is just cancelled and the connection remains untouched.

The "word" converter was fixed to properly work with "-m found" operator.

A possible crash in fcgi with stderr records due to a zero-copy operation
that should not be allowed in this case.

Streamers detection, used to perform SSL sends bigger than
tune.ssl.maxrecord, was no longer working for HTX streams.

Matching of action's arguments was not working as expected because the
parser stopped on the first match instead of looking for the longest
matching name.

With TLSv1.3, the certificate selection favored RSA certificated over ECDSA
when both were available for a domain while it should be the opposite.

sc-set-gpt0 actions is now allowed from tcp-request connection. According to
the documentation, this was supposed to be supported.

Thanks everyone for your help and your contributions !

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.2/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.2.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.2.git
   Changelog        : https://www.haproxy.org/download/2.2/src/CHANGELOG
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Aurelien DARRAGON (12):
      BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
      DOC: lua: fix core.register_action typo
      BUG/MINOR: hlua/action: incorrect message on E_YIELD error
      BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
      MINOR: pattern: fix pat_{parse,match}_ip() function comments
      BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
      BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
      BUG/MINOR: stktable: missing free in parse_stick_table()
      BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure
      BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
      DOC: config: specify supported sections for "max-session-srv-conns"
      DOC: config: add matrix entry for "max-session-srv-conns"

Christopher Faulet (17):
      BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending 
      BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout
      BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR 
      BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before 
      BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending
      BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task
      BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check 
      BUG/MINOR: stconn: Handle abortonclose if backend connection was already 
set up
      MINOR: connection: Add a CTL flag to notify mux it should wait for reads 
      MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for 
      BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only
      REGTESTS: http: Improve script testing abortonclose option
      BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented
      MINOR: htx: Use a macro for overhead induced by HTX
      MINOR: channel: Add functions to get info on buffers and deal with HTX 
      BUG/MINOR: stconn: Fix streamer detection for HTX streams
      BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer

Eugene Dorfman (1):
      DOC: 51d: updated 51Degrees repo URL for v3.2.10

Frédéric Lécaille (1):
      MINOR: buf: Add b_force_xfer() function

Tim Duesterhus (4):
      CI: Update to actions/checkout@v4
      REGTESTS: sample: Test the behavior of consecutive delimiters for the 
field converter
      BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
      DOC: Clarify the differences between field() and word()

William Lallemand (5):
      BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0
      BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual 
      BUG/MEDIUM: ssl: segfault when cipher is NULL
      DOC: management: -q is quiet all the time
      BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly

Willy Tarreau (11):
      SCRIPTS: git-show-backports: automatic ref and base detection with -m
      BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API
      BUG/MEDIUM: actions: always apply a longest match on prefix lookup
      BUG/MINOR: mux-h2: commit the current stream ID even on reject
      DOC: config: use the word 'backend' instead of 'proxy' in 'track' 
      BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover()
      BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover()
      BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover()
      REGTESTS: http: add a test to validate chunked responses delivery
      BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation
      BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(

Christopher Faulet

Reply via email to