Hi, HAProxy 2.4.17 was released on 2022/05/13. It added 24 new commits after version 2.4.16.
Here are the issues fixed by this release: * A regression in the H1 multiplexer was fixed. If an H2 message announced the payload size with a Content-Length header and contained trailers, an internal error was triggered during forwarding on the other side, in the H1 multiplexer. * A major issue in the DNS part was fixed. A concurrency issue that could lead to a crash when a DNS request was failing. Because of some missing locks on dgram structure, it was possible to set the UDP socket FD to -1 on a thread while it as used to access to fdtab array on another thread. * A server abort or a server timeout could be experienced with FCGI backend connections when the END_REQUEST record was delayed for responses with no content-length. * A timing issue could lead to some delay in the server-side connection establishment. It was a tricky issue, but sometimes the server-side connection attempts were only validated after the "timeout connect" value, and only with H2 clients. * H2 streams were marked as open after processing it instead of before. It could be an issue when a client didn't respect the H2 MAX_CONCURRENT_STREAMS setting because the max_id was only updated on the success path. Thus, under some circumstances a connection error was reported instead of a stream error. * The watchdog could be erroneously triggered because an uninitialized value was not tested. It was possible to encounter this issue in the master just after loading the configuration. * It was reported the maximum line length on the server-state file was too small. It was increased to 2kB. * Some bugs in CLI commands were fixed. "show resolvers" and "show cli sockets" commands were not properly yielding and some locks were missing in "show map" command. It is very unlikely to have ever hit one of these bugs, but not impossible though. Thanks everyone for your help and your contributions ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation : http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.4/src/ Git repository : http://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports Latest builds : http://www.haproxy.org/l/dev-packages --- Complete changelog : Christopher Faulet (4): BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified DOC: config: Update doc for PR/PH session states to warn about rewrite failures CLEANUP: mux-h1: Fix comments and error messages for global options Emeric Brun (1): BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket Ilya Shipitsin (2): CI: github actions: update LibreSSL to 3.5.2 CI: dynamically determine actual version of h2spec William Lallemand (2): BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized Willy Tarreau (14): SCRIPTS: announce-release: add URL of dev packages BUG/MINOR: mux-h2: mark the stream as open before processing it not after MINOR: mux-h2: report a trace event when failing to create a new stream BUG/MEDIUM: resolvers: make "show resolvers" properly yield BUG/MEDIUM: cli: make "show cli sockets" really yield BUG/MINOR: map/cli: protect the backref list during "show map" errors BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init DOC: fix typo "ant" for "and" in INSTALL BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings BUILD: listener: shut report of possible null-deref in listener_accept() BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( DOC: install: update gcc version requirements BUG/MINOR: conn_stream: do not confirm a connection from the frontend path vigneshsp (1): BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). -- Christopher Faulet
