HAProxy 2.4.27 was released on 2024/06/18. It added 43 new commits after
version 2.4.26.

This version follows the first release of 3.0. Here is a summary of the
most notable changes.

One fix was applied for better HTTP error reporting. In some cases, 502
server initial errors were incorrectly hidden and are now properly

On the backend side, an issue was found when NTLM headers are used. This
caused the backend connection to be marked dynamically as private to
prevent HTTP reuse. However, this is conceptually wrong when using
HTTP/2 multiplexer on the backend side with http-reuse mode set to
aggressive or higher, as this connection can already be shared accross
several clients. Thus, NTLM headers are simply ignored in this case.

For the SSL stack, cipher algorithm negotiation was adjusted as haproxy
could have chosen an ECDSA certificate even if not compatible with
client algorithms instead of fallback to RSA.

Cache hits should be increased as previously cached HTTP responses which
used Vary header on anything other than Accept-encoding but with
Encoding header present were never returned from the cache.

On the LUA side, a serie of cleanups and minor bugfixes are merged. Most
of them are relevant to error handling which may improve script

A Solaris user reported that external checks were causing an infinite
loop. In fact, this was due to a wrong signal handling in evports,
Solaris polling mechanism, present since its first introduction in

Thanks to everyone who contributed to this release.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.4/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.4.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git
   Changelog        : https://www.haproxy.org/download/2.4/src/CHANGELOG
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Amaury Denoyelle (4):
      BUG/MINOR: backend: use cum_sess counters instead of cum_conn
      BUG/MINOR: connection: parse PROXY TLV for LOCAL mode
      BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
      BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe

Aurelien DARRAGON (10):
      BUG/MEDIUM: thread/sched: set proper scheduling context upon ha_set_tid()
      BUG/MINOR: log: fix lf_text_len() truncate inconsistency
      BUG/MINOR: tools/log: invalid encode_{chunk,string} usage
      BUG/MINOR: log: invalid snprintf() usage in sess_build_logline()
      BUG/MEDIUM: fd: prevent memory waste in fdtab array
      CLEANUP: hlua: use hlua_pusherror() where relevant
      BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP
      BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage
      BUG/MINOR: hlua: prevent LJMP in hlua_traceback()
      CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume()

Christopher Faulet (7):
      MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
      BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
      BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server 
      BUG/MEDIUM: stconn: Don't forward channel data if input data must be 
      BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L 
      BUG/MINOR: stats: Don't state the 303 redirect response is chunked
      BUG/MINOR: server: Don't reset resolver options on a new default-server 

Ilya Shipitsin (2):
      CI: revert kernel addr randomization introduced in 3a0fc864
      CI: introduce scripts/build-vtest.sh for installing VTest

Remi Tricot-Le Breton (1):
      BUG/MEDIUM: cache: Vary not working properly on anything other than 

Valentine Krasnobaeva (3):
      BUG/MINOR: ssl/ocsp: init callback func ptr as NULL
      BUG/MINOR: activity: fix Delta_calls and Delta_bytes count
      BUG/MINOR: haproxy: only tid 0 must not sleep if got signal

William Lallemand (2):
      CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf
      BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA 

Willy Tarreau (14):
      BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
      BUG/MEDIUM: peers/trace: fix crash when listing event types
      BUG/MEDIUM: evports: do not clear returned events list on signal
      BUG/MINOR: sock: handle a weird condition with connect()
      BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of 
      BUG/MINOR: h1: fix detection of upper bytes in the URI
      BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned
      BUG/MEDIUM: stick-tables: properly mark stktable_data as packed
      BUILD: stick-tables: better mark the stktable_data as 32-bit aligned
      BUILD: fd: errno is also needed without poll()
      BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser
      BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory
      MINOR: hlua: don't dump empty entries in hlua_traceback()
      CI: scripts: fix build of vtest regarding option -C

Amaury Denoyelle

Reply via email to