Hi, HAProxy 2.0.34 was released on 2023/12/18. It added 25 new commits after version 2.0.33.
This release flushes the pipe of pending fixes: On H2 side, when a congested H2 connection is shut done, we now take care to wait to send the final empty DATA frame with the ES flag, if necessary, instead of sending a RST_STREAM. H2 streams waiting in the send_list or the fctl_list are now properly woken up, improving performance on constraint environments. Finally, the stream ID is now committed even if the stream is rejected. The "word" converter was fixed to properly work with "-m found" operator. Matching of action's arguments was not working as expected because the parser stopped on the first match instead of looking for the longest matching name. With TLSv1.3, the certificate selection favored RSA certificated over ECDSA when both were available for a domain while it should be the opposite. If you are running a 2.0, you should be careful. The EOL for this version is planned for the next summer. You are encouraged to evaluate a newer version. The 2.8.5 was just released. It might be a good candidate. Thanks everyone for your help and your contributions ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.0/src/ Git repository : https://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.0.git Changelog : https://www.haproxy.org/download/2.0/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Aurelien DARRAGON (9): DOC: lua: fix core.register_action typo BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() BUG/MINOR: hlua: fix invalid use of lua_pop on error paths BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage BUG/MINOR: stktable: missing free in parse_stick_table() BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure BUG/MINOR: stick-table/cli: Check for invalid ipv4 key DOC: config: specify supported sections for "max-session-srv-conns" DOC: config: add matrix entry for "max-session-srv-conns" Christopher Faulet (2): BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task Eugene Dorfman (1): DOC: 51d: updated 51Degrees repo URL for v3.2.10 Tim Duesterhus (3): REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter BUG/MINOR: sample: Make the `word` converter compatible with `-m found` DOC: Clarify the differences between field() and word() William Lallemand (4): BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA BUG/MEDIUM: ssl: segfault when cipher is NULL DOC: management: -q is quiet all the time BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly Willy Tarreau (6): SCRIPTS: git-show-backports: automatic ref and base detection with -m BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API BUG/MEDIUM: actions: always apply a longest match on prefix lookup BUG/MINOR: mux-h2: commit the current stream ID even on reject DOC: config: use the word 'backend' instead of 'proxy' in 'track' description REGTESTS: http: add a test to validate chunked responses delivery -- Christopher Faulet