[ANNOUNCE] haproxy-3.0.11

[Christopher Faulet]

Hi,

HAProxy 3.0.11 was released on 2025/06/02. It added 48 new commits
after version 3.0.10.

This release is smaller than the 3.1.7 but it though is quite similar. Here is
the list of issues fixed:

 * In the cache, when reference counter was added on cache entries, a
   regression was introduced that could lead to crash the process. When too
   many secondary entries were found in the cache for a given key, the wrong
   entry was released, corrupting the cache tree. To hit the bug, the
   processing of the "Vary" header must be enabled. The 3.0 is also affected
   by this bug.

 * Since we made it possible for a bind_conf to listen to multiple thread
  groups with shards in 2.8, the per-listener connection count was not
  properly transferred to the target listener with the connection when
  switching to another thread group. This resulted in one listener possibly
  reaching high values and another one possibly reaching negative
  values. Usually it was not visible, unless a maxconn was set on the
  bind_conf, in which case comparisons would quickly put an end to the
  willingness to accept new connections. This problem only happened when
  thread groups were enabled.

 * In Lua, the detection of shutdowns for TCP applets based on the new API
   was not properly handled. The applet could hang, waiting for more data,
   instead of leaving. Concretely, this bug can only be hit by lua CLI
   commands. In addition, AppletTCP:getline() function was fixed to be able
   to handle the new applet API. Using it from a lua CLI command would lead
   to unexpected behaviour. Finally, Channel:data() and Channel:line()
   functions was fixed to respect the documentation.

 * On peers, segfaults could be experienced because of a tiny race condition
   where a stick-table entry was removed while its expiration timer was
   updated.

 * A crash could be experienced if a server was inserted via the "add
   server" command with an already existing GUID.

 * The 0-copy data forwarding was not disabled for filters altering the
   data. It could be an issue if the filter did not remain attached on the
   stream. Concretely, it could only be an issue for some LUA filters.

 * On QUIC, wrong error codes were used to missing or invalid transport
   parameters. Some others were not rejected.

 * On H3, multiple Host headers were still preserved, only the values were
   compared. We are now aligned with the h1 and h2 by dropping extraneous
   headers. Information about :scheme pseudo-header were not properly
   reported at the HTX level, preventing the H2 multiplexer to preserve it
   on server side.

 * On the CLI, no error was reported when too many arguments were passed for
   a command. Instead, arguments above the limit (64 by default) were just
   silently ignored.

 * On the DNS part, an unexpected CPU usage could be experienced because
   there was no delay on connection retries. It was observed with a
   nameserver with invalid network settings. There is now a one-second delay
   between two connections. Related to this issue, it was also possible to
   have an accumulation of DNS sessions. The number of DNS sessions is now
   tracked When we reach a threshold (set to 100), we consider that the link
   to the dns server is broken (at least temporarily) and we stop creating
   new sessions until one of the existing one eventually succeeds.

 * On SSL, the crt-store keywords parsing was improved to avoid leak during
   configuration parsing when several occurrences of the same keyword were
   found.

 * The soft-stop was broken since a while when the thread support was
   disabled.

 * The detection of the Rx buffer full condition on the FCGI mux could
   trigger too early, causing the CPU to bounce between recv and demux until
   the timeout expires.

 * The automatic maxconn value was not calculated correctly for certain
   large values of the memmax value passed with "-m" on the command line,
   and was falling back to the default 100 used for the master process,
   which is extremely low. The limit before it started to misbehave was
   around 15-20 GB depending on the setups.

 * On h2, streams are now reset with NO_ERROR and not CANCEL when the server
   responds before the end of the request and closes, making it clear to the
   client that the response is valid and not an error.

About improvements backported to 3.0.11:

 * "send-proxy" and "send-proxy-v2" options are not relevant nor supported
   on a ring server. It is now explicitly ignored and a warning is emitted.

 * The API for the lua HTTPMessage "class" was improved to be able to change
   the body length. It was mandatory to be able to write a lua filter
   altering the message payload. HTTPMessage:set_body_len() can now be used
   for this purpose.

 * Still in lua, The HTTP client is not supposed to be used to process
   several requests but there was nothing to prevent this usage. An error is
   now triggered in that case and the lua documentation was updated to be
   clear on this point.

 * The CI now relies on vtest2 which finally contains the fixes we were
   relying on and which is going to evolve.

 * Backtraces are now enabled by default on libmusl, we found why they were
   not working. This means that reports from crashes inside Docker images
   should be more useful now.

Thanks everyone for your help !

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/3.0/src/
   Git repository   : https://git.haproxy.org/git/haproxy-3.0.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-3.0.git
   Changelog        : https://www.haproxy.org/download/3.0/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages


---
Complete changelog :
Amaury Denoyelle (8):
      MINOR: quic: extend return value during TP parsing
      BUG/MINOR: quic: use proper error code on missing CID in TPs
      BUG/MINOR: quic: use proper error code on invalid server TP
      BUG/MINOR: quic: reject retry_source_cid TP on server side
      BUG/MINOR: quic: use proper error code on invalid received TP value
      BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
      BUG/MINOR: quic: reject invalid max_udp_payload size
      BUG/MEDIUM: server: fix crash after duplicate GUID insertion

Aurelien DARRAGON (9):
      MINOR: applet: add appctx_schedule() macro
      BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers
      CLEANUP: dns: remove unused dns_stream_server struct member
      BUG/MINOR: dns: prevent ds accumulation within dss
      BUG/MINOR: proxy: only use proxy_inc_fe_cum_sess_ver_ctr() with frontends
      BUG/MINOR: cli: fix too many args detection for commands
      BUG/MINOR: threads: fix soft-stop without multithreading support
      BUG/MINOR: sink: detect and warn when using "send-proxy" options with 
ring servers
      DOC: config: restore default values for resolvers hold directive

Christopher Faulet (17):
      BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not 
empty
      BUG/MINOR: cli: Issue an error when too many args are passed for a command
      BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 
upgrade
      BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on 
connection
      BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect 
documentation
      MEDIUM: hlua: Add function to change the body length of an HTTP Message
      BUG/MEDIUM: stconn: Disable 0-copy forwarding for filters altering the 
payload
      BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was 
already sent
      BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the 
request
      BUG/MEDIUM: hlua: Properly detect shudowns for TCP applets based on the 
new API
      BUG/MEDIUM: hlua: Fix getline() for TCP applets to work with applet's 
buffers
      REGTESTS: Make the script testing conditional set-var compatible with 
Vtest2
      REGTESTS: Explicitly allow failing shell commands in some scripts
      CI: vtest: Rely on VTest2 to run regression tests
      CI: vtest: Fix the build script to properly work on MaOS
      BUG/MEDIUM: httpclient: Throw an error if an lua httpclient instance is 
reused
      DOC: hlua: Add a note to warn user about httpclient object reuse

Frederic Lecaille (2):
      CLEANUP: quic: Useless BIO_METHOD initialization
      MINOR: quic: Add useful error traces about qc_ssl_sess_init() failures

Lukas Tribus (1):
      DOC: ring: refer to newer RFC5424

Remi Tricot-Le Breton (1):
      BUG/MAJOR: cache: Crash because of wrong cache entry deleted

Valentine Krasnobaeva (1):
      BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if 
fd_hard_limit=0

William Lallemand (2):
      BUG/MINOR: ssl/ckch: always free() the previous entry during parsing
      DOC: configuration: fix the example in crt-store

Willy Tarreau (7):
      BUG/MAJOR: listeners: transfer connection accounting when switching 
listeners
      BUG/MEDIUM: peers: hold the refcnt until updating ts->seen
      DOC: config: recommend disabling libc-based resolution with resolvers
      BUG/MINOR: h3: don't insert more than one Host header
      BUILD: makefile: enable backtrace by default on musl
      BUG/MEDIUM: server: fix potential null-deref after previous fix
      DOC: hlua: fix a few typos in HTTPMessage.set_body_len() documentation

--
Christopher Faulet