Hi,

HAProxy 2.4.28 was released on 2024/11/08. It added 39 new commits
after version 2.4.27.

The 2.4.27 is now quite old. There is not so much pending bug fixes, but
emitting a new 2.4 release now is a good way to stay aligned with other
versions. So let's do so. Following bugs were fixed in this release:

  * Dynamic servers testing under heavy load have been performed during 3.0
    development cycle. This revealed that crashes could occur due to the removal
    of a server currently in used. Removal conditions were thus adjusted to
    reject such operation.

  * The SSL stack is now always completely initialized. Due to a change of
    API in 3.x the old call was deprecated and used to emit a warning, but
    it was later found to still be required in some cases.

  * An issue in SPOE that can cause a thread to refrain from creating an
    applet to connect outside, causing failures on requests processed on
    this thread.

  * It was possible to crash the process when performing an implicit
    protocol upgrade (TCP to HTTP due to a transition from a TCP front to an
    HTTP back) if an error happened on the connection just before the
    transition.

  * Unhandled aborts were fixed in the H2 multiplexer. The end of
    message could be reported twice for tunneled streams, leaving the second
    one blocked at the channel level because of the first one.

  * Some bugs related to pattern expressions handling loaded from file were
    fixed.

  * When a listen() failed for TCP and Unix sockets, the file descriptor was
    not removed from the fdtab[] array, leading to a possible crash because
    of a BUG_ON() when this FD was reused. The FD is now properly removed
    from fdtab[] in that case.

  * Description of the command line options -dR and -dV were missing in the
    management documentation. It is now fixed. Documentation about "show stat"
    CLI command was also updated to reflect the renaming of "dns" counters to
    "resolvers". In the configuration manual, the info about http-keep-alive
    timeout and other timeouts were improved.

  * It was possible to experienced a deadlock by setting the maxconn of a
    frontend on the CLI, because of a double lock on the proxy lock.

  * It was possible to reuse HTTP connections for requests to different
    endpoints because some address families where not properly handled. The
    issue was encountered with the HTTP client and UNIX socket combination.

  * A server abort was reported on an invalid HTTP response payload instead of
    an internal error. The right termination state is now reported in that case.

  * "set ssl cert" CLI command was not properly checking the transaction
    name. That could lead to commit accidentally a transaction on the wrong
    certificate.

Thanks everyone for your help !

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.4/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.4.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git
   Changelog        : https://www.haproxy.org/download/2.4/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages


---
Complete changelog :
Amaury Denoyelle (3):
      SCRIPTS: git-show-backports: do not truncate git-show output
      MINOR: session: rename private conns elements
      BUG/MAJOR: server: do not delete srv referenced by session

Aurelien DARRAGON (9):
      BUG/MEDIUM: cli: fix cli_output_msg() regression
      DOC: management: rename show stats domain cli "dns" to "resolvers"
      BUG/MINOR: hlua: report proper context upon error in 
hlua_cli_io_handler_fct()
      BUG/MINOR: pattern: prevent const sample from being tampered in 
pat_match_beg()
      BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
      BUG/MEDIUM: server: server stuck in maintenance after FQDN change
      BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
      BUG/MEDIUM: hlua: properly handle sample func errors in 
hlua_run_sample_{fetch,conv}()
      BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled 
address families

Christopher Faulet (8):
      BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current 
thread
      BUG/MINOR: cli: Atomically inc the global request counter between CLI 
commands
      BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no 
longer ready
      BUG/MEDIUM: cli: Always release back endpoint between two commands on the 
mcli
      BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
      BUG/MINOR: server: Don't warn fallback IP is used during init-addr 
resolution
      BUG/MINOR: http-ana: Don't report a server abort if response payload is 
invalid
      BUG/MINOR: http-ana: Report internal error if an action yields on a final 
eval

Ilia Shipitsin (1):
      BUG/MINOR: fcgi-app: handle a possible strdup() failure

Oliver Dala (1):
      BUG/MEDIUM: cli: Deadlock when setting frontend maxconn

Valentine Krasnobaeva (7):
      DOC/MINOR: management: add missed -dR and -dv options
      BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
      BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
      BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
      BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
      BUG/MINOR: cfgparse-global: fix allowed args number for setenv
      BUG/MINOR: mworker: fix mworker-max-reloads parser

William Lallemand (4):
      DOC: configuration: fix alphabetical order of bind options
      MEDIUM: ssl: initialize the SSL stack explicitely
      DOC: configuration: issuers-chain-path not compatible with OCSP
      BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name 
correctly

Willy Tarreau (6):
      BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state 
warning
      BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
      BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
      REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
      BUG/MINOR: polling: fix time reporting when using busy polling
      DOC: config: improve the http-keep-alive section

--
Christopher Faulet


Reply via email to