Hi, HAProxy 2.3-dev3 was released on 2020/08/14. It added 38 new commits after version 2.3-dev2.
There's nothing really outstanding. Usual bugfixes that also went into 2.2. I'm just listing the user-visible changes here. Christopher also addressed a very old limitation regarding how converters and sample fetch functions are exported to Lua. There were only exported when they had no argument or some that were trivial to handle (filtered based on the argument parsing functions). It happened that by adding some optional arguments to certain converters (http_date I guess, probably others), that changed their signature and they were not exported anymore, potentially breaking some Lua scripts. But since that was initially decided (in 1.6 I guess), the rest of the code has evolved quite a lot, making this restriction be justified only by a historic reason. So after reimplementing the equivalent of the missing argument parsers, the restriction was now removed and all of these native functions are now accessible from Lua. Another long-standing issue was addressed by William today, regarding how filters "work" in crt-lists. When using an exclusion they don't work well because instead of using a list of exclusions, a lookup is performed and the matching entry is skipped. While that might work in certain cases (single entry for a given cert), there are situations where it cannot work like when this is used to exclude certain servernames from certain cert types. Thus William reworked that so that it really does what the doc says and what the syntax suggests. It should not have any visible effect for all those who were not subject to the problem, but might possibly reveal issues in certain broken configs that were working by accident (i.e. the desired cert is broken and not used and might suddenly be exposed). If you're using crt-lists with exlusions, you're welcome to verify that it's still OK for you. After some time this fix will be backported so that users don't get trapped anymore, but we'll have to delay this to avoid bad surprises. David Carlier provided an optimization for pcre2 by shortening the code path to call the match function. If you're using pcre2 with a lot of regex, you might be interested in measuring the savings. Regarding the next steps, last week we've worked quite a lot on the architectural evolutions required to make QUIC integrate smoothly with the rest. Mind you that there's still quite a lot of work to be done! I now have a list of notes that I'm progressively cleaning up and turning to development guidelines to be stored into doc/internal/ in the hope that it may help others integrate their code into all of this. One observation coming from all this work is that we were mistaken in thinking that UDP had to use listeners (and no single argument of a "bind" line applies to UDP, which is what initially ignited a spark). This will have for effect that the current syntax used in the UDP log forwarder will slightly change so that TCP properly uses "bind" while UDP uses something else (maybe "udp-bind", maybe something else). For now this was not changed but it's just to warn that if you're integrating support for this feature into your config management, get prepared to see a change there in the near future. Have fun with this one as long as these versions still represent a very low risk :-) I'll deploy it on the haproxy.org servers shortly. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.3/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Baptiste Assmann (2): CLEANUP: dns: typo in reported error message BUG/MAJOR: dns: disabled servers through SRV records never recover Christopher Faulet (14): BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime MINOR: arg: Add an argument type to keep a reference on opaque data BUG/MINOR: converters: Store the sink in an arg pointer for debug() converter BUG/MINOR: lua: Duplicate map name to load it when a new Map object is created BUG/MINOR: arg: Fix leaks during arguments validation for fetches/converters BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation MINOR: hlua: Don't needlessly copy lua strings in trash during args validation BUG/MINOR: lua: Duplicate lua strings in sample fetches/converters arg array MEDIUM: lua: Don't filter exported fetches and converters MINOR: lua: Add support for userlist as fetches and converters arguments MINOR: lua: Add support for regex as fetches and converters arguments MINOR: arg: Use chunk_destroy() to release string arguments David Carlier (1): OPTIM: regex: PCRE2 use JIT match when JIT optimisation occured. Ilya Shipitsin (2): BUILD: Makefile: require SSL_LIB, SSL_INC to be explicitly set CI: travis-ci: specify SLZ_LIB, SLZ_INC for travis builds William Dauchy (5): BUG/MINOR: spoa-server: fix size_t format printing DOC: spoa-server: fix false friends `actually` CLEANUP: ssl: ssl_sock_crt2der semicolon and spaces MINOR: ssl: add ssl_{c,s}_chain_der fetch methods CLEANUP: fix all duplicated semicolons William Lallemand (9): BUG/MINOR: ssl: fix memory leak at OCSP loading BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free() BUG/MINOR: snapshots: leak of snapshots on deinit() BUG/MEDIUM: ssl: fix the ssl-skip-self-issued-ca option BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2 BUG/MINOR: ssl: double free w/ smp_fetch_ssl_x_chain_der() BUG/MEDIUM: ssl: never generates the chain from the verify store BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate CLEANUP: ssl: remove poorly readable nested ternary Willy Tarreau (5): SCRIPTS: git-show-backports: make -m most only show the left branch SCRIPTS: git-show-backports: emit the shell command to backport a commit BUG/MINOR: stats: use strncmp() instead of memcmp() on health states BUILD: makefile: don't disable -Wstringop-overflow anymore BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction ---