Hi, HAProxy 2.6.19 was released on 2024/09/19. It added 64 new commits after version 2.6.18.
Following the 2.8.11 release, it is now the turn to the 2.6. This release covers the same period. So, fixed bugs are more or less the same, excluding those not concerning the 2.6: * The SSL stack is now always completely initialized. Due to a change of API in 3.x the old call was deprecated and used to emit a warning, but it was later found to still be required in some cases. This has been cooking in 2.9 for 6 months now and is considered OK. * HTTP applets (stats, cache and promex) were starting to process the request and reply without worrying about whether the request analysis was finished or not. In the vast majority of cases, it is not an issue because the request analysis is indeed finished in the same time the applet on server side is created. But if a filter delayed the request analysis, it might happens. In that case, some undefined and hardly predictible behaviors were able to be experienced, like responses sent too early or even crashes. Among others, the compression filter was pretty sensitive in this case because it is mandatory to filter the request before the response. To fix the issue, there is now a check in backend HTTP applets to wait for the end of the request analysis. * The hard limit on the number of file descriptors now defaults to about 1 million, in order to match what has been done for a very long time on many distros, and that recently changed to 1 billion on some of them, causing a huge startup time (or even a watchdog at boot) and a massive memory usage. * The SSL library functions used to validate a JWT token would leave an error in the SSL stack, that will later be mistaken for an error on another connection and cause it to be closed. "jwt_verify" converter was fixed when called with a HMAC algorithm (HS256, HS384, HS512). In that case, the converter must not try to load a file because the key should hold a secret. It is especially important for runtime uses, like lua for instance. But note, for dynamic calls, this remains an issue for other algorithms because there is nothing to prevent I/O disk. * A time-of-check/time-of-use (TOCTOU) issue in the queue processing makes it rare but possible to leave a server with no connection yet not take any traffic. It's more likely to happen with maxconn 1, very hard at 2 and almost impossible at 3 or above. In addition, A flag is now used to be sure only one thread is dequeuing session at once instead of relying on a trylock to do so. No 2.6 release was affected, but 2.9/3.0 versions were buggy because of TOCTOU fix. * Empty transfer-encoding headers in H1 are now properly blocked since they may be used to try to build an attack against vulnerable implementations. * An issue in SPOE that can cause a thread to refrain from creating an applet to connect outside, causing failures on requests processed on this thread. * It was possible to crash the process when performing an implicit protocol upgrade (TCP to HTTP due to a transition from a TCP front to an HTTP back) if an error happened on the connection just before the transition. * Unhandled aborts were fixed in the H2 multiplexer. The end of message could be reported twice for tunneled streams, leaving the second one blocked at the channel level because of the first one. * Several bugs were fixed on QUIC: - An incorrect computation was performed when encoding a STREAM frame in a single packet leading to datagrams smaller than expected, resulting in suboptimal for bandwidth. - A few assorted minor fixes (possible crash on resource allocation error, slight loss of precision in Cubic parameters calculations etc). - It was possible to freeze a connection because of 0-RTT undeciphered content. - The MAX_STREAM ID value was not properly checked and it was possible to send too big value. It is now fixed. Thanks to this patch, this also ensure that the peer cannot open a stream with an invalid ID as this would cause a flow-control violation instead. - Some issues with the QUIC traces were fixed. * On H3, when a response is formatted to be sent to the client, the handling of responses with a too long header list was fixed to no longer abort the process but to return proper error. In addition, the syntax checks on :method and :scheme H3 headers were insufficient. This was fixed too. * Some bugs related to pattern expressions handling loaded from file were fixed. * When a listen() failed for TCP and Unix sockets, the file descriptor was not removed from the fdtab[] array, leading to a possible crash because of a BUG_ON() when this FD was reused. The FD is now properly removed from fdtab[] in that case. * Description of the command line options -dR and -dV were missing in the management documentation. It is now fixed. Documentation about "show stat" CLI command was also updated to reflect the renaming of "dns" counters to "resolvers". More details about the master-worker was added in the configuration manual and the "maxconn" description was improved, as well as info about http-keep-alive timeout and other timeouts. Thanks everyone for your help ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.6/src/ Git repository : https://git.haproxy.org/git/haproxy-2.6.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.6.git Changelog : https://www.haproxy.org/download/2.6/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (10): BUG/MINOR: quic: fix computed length of emitted STREAM frames SCRIPTS: git-show-backports: do not truncate git-show output BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID BUG/MINOR: h3: properly reject too long header responses Aurelien DARRAGON (7): BUG/MEDIUM: cli: fix cli_output_msg() regression DOC: management: rename show stats domain cli "dns" to "resolvers" BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() REGTESTS: add a test to ensure map-ordering is preserved BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() BUG/MEDIUM: pattern: prevent UAF on reused pattern expr BUG/MINOR: cfgparse-listen: fix option httpslog override warning message Christopher Faulet (12): BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature BUG/MINOR: h1: Fail to parse empty transfer coding names BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value BUG/MEDIUM: h1: Reject empty Transfer-encoding header BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution BUG/MINOR: cli: Atomically inc the global request counter between CLI commands BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams BUG/MEDIUM: cache/stats: Wait to have the request before sending the response BUG/MEDIUM: promex: Wait to have the request before sending the response Frederic Lecaille (2): MINOR: quic: Add a counter for reordered packets BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) Frédéric Lécaille (1): MINOR: quic: Add packet loss and maximum cc window to "show quic" Ilia Shipitsin (1): BUG/MINOR: fcgi-app: handle a possible strdup() failure Nathan Wehrman (1): DOC: config: correct the table for option tcplog Valentine Krasnobaeva (9): DOC/MINOR: management: add missed -dR and -dv options MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn DOC: configuration: update maxconn description BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails BUG/MINOR: proto_tcp: keep error msg if listen() fails BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity BUG/MINOR: pattern: pat_ref_set: return 0 if err was found William Lallemand (7): DOC: configuration: fix alphabetical order of bind options DOC: configuration: more details about the master-worker mode MEDIUM: ssl: initialize the SSL stack explicitely BUG/MINOR: jwt: don't try to load files with HMAC algorithm BUG/MINOR: jwt: fix variable initialisation DOC: configuration: issuers-chain-path not compatible with OCSP REGTESTS: mcli: test the pipelined commands on master CLI Willy Tarreau (14): MINOR: mux-h2/traces: explicitly show the error/refused stream states MINOR: queue: add a function to check for TOCTOU after queueing BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() DOC: config: improve the http-keep-alive section BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn CLEANUP: trace: remove the QUIC-specific ifdefs BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE BUG/MINOR: pattern: do not leave a leading comma on "set" error messages REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load BUG/MINOR: polling: fix time reporting when using busy polling BUG/MEDIUM: queue: implement a flag to check for the dequeuing -- Christopher Faulet