Hi, HAProxy 2.4.28 was released on 2024/11/08. It added 39 new commits after version 2.4.27.
The 2.4.27 is now quite old. There is not so much pending bug fixes, but emitting a new 2.4 release now is a good way to stay aligned with other versions. So let's do so. Following bugs were fixed in this release: * Dynamic servers testing under heavy load have been performed during 3.0 development cycle. This revealed that crashes could occur due to the removal of a server currently in used. Removal conditions were thus adjusted to reject such operation. * The SSL stack is now always completely initialized. Due to a change of API in 3.x the old call was deprecated and used to emit a warning, but it was later found to still be required in some cases. * An issue in SPOE that can cause a thread to refrain from creating an applet to connect outside, causing failures on requests processed on this thread. * It was possible to crash the process when performing an implicit protocol upgrade (TCP to HTTP due to a transition from a TCP front to an HTTP back) if an error happened on the connection just before the transition. * Unhandled aborts were fixed in the H2 multiplexer. The end of message could be reported twice for tunneled streams, leaving the second one blocked at the channel level because of the first one. * Some bugs related to pattern expressions handling loaded from file were fixed. * When a listen() failed for TCP and Unix sockets, the file descriptor was not removed from the fdtab[] array, leading to a possible crash because of a BUG_ON() when this FD was reused. The FD is now properly removed from fdtab[] in that case. * Description of the command line options -dR and -dV were missing in the management documentation. It is now fixed. Documentation about "show stat" CLI command was also updated to reflect the renaming of "dns" counters to "resolvers". In the configuration manual, the info about http-keep-alive timeout and other timeouts were improved. * It was possible to experienced a deadlock by setting the maxconn of a frontend on the CLI, because of a double lock on the proxy lock. * It was possible to reuse HTTP connections for requests to different endpoints because some address families where not properly handled. The issue was encountered with the HTTP client and UNIX socket combination. * A server abort was reported on an invalid HTTP response payload instead of an internal error. The right termination state is now reported in that case. * "set ssl cert" CLI command was not properly checking the transaction name. That could lead to commit accidentally a transaction on the wrong certificate. Thanks everyone for your help ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.4/src/ Git repository : https://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git Changelog : https://www.haproxy.org/download/2.4/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (3): SCRIPTS: git-show-backports: do not truncate git-show output MINOR: session: rename private conns elements BUG/MAJOR: server: do not delete srv referenced by session Aurelien DARRAGON (9): BUG/MEDIUM: cli: fix cli_output_msg() regression DOC: management: rename show stats domain cli "dns" to "resolvers" BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() BUG/MEDIUM: pattern: prevent UAF on reused pattern expr BUG/MEDIUM: server: server stuck in maintenance after FQDN change BUG/MEDIUM: hlua: make hlua_ctx_renew() safe BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families Christopher Faulet (8): BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread BUG/MINOR: cli: Atomically inc the global request counter between CLI commands BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid BUG/MINOR: http-ana: Report internal error if an action yields on a final eval Ilia Shipitsin (1): BUG/MINOR: fcgi-app: handle a possible strdup() failure Oliver Dala (1): BUG/MEDIUM: cli: Deadlock when setting frontend maxconn Valentine Krasnobaeva (7): DOC/MINOR: management: add missed -dR and -dv options BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity BUG/MINOR: pattern: pat_ref_set: return 0 if err was found BUG/MINOR: cfgparse-global: fix allowed args number for setenv BUG/MINOR: mworker: fix mworker-max-reloads parser William Lallemand (4): DOC: configuration: fix alphabetical order of bind options MEDIUM: ssl: initialize the SSL stack explicitely DOC: configuration: issuers-chain-path not compatible with OCSP BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly Willy Tarreau (6): BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning BUG/MINOR: trace: automatically start in waiting mode with "start <evt>" BUG/MINOR: pattern: do not leave a leading comma on "set" error messages REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load BUG/MINOR: polling: fix time reporting when using busy polling DOC: config: improve the http-keep-alive section -- Christopher Faulet