stable-bot: WARNING: 24 bug fixes in queue for next release - 1.9
Hi, This is a friendly bot that watches fixes pending for the next haproxy-stable release! One such e-mail is sent periodically once patches are waiting in the last maintenance branch, and an ideal release date is computed based on the severity of these fixes and their merge date. Responses to this mail must be sent to the mailing list. Last release 1.9.13 was issued on 2019/11/25. There are currently 24 patches in the queue cut down this way: - 1 MAJOR, first one merged on 2019/12/10 - 9 MEDIUM, first one merged on 2019/12/05 - 14 MINOR, first one merged on 2019/11/25 Thus the computed ideal release date for 1.9.14 would be 2019/12/23, which is in one week or less. The current list of patches in the queue is: - MAJOR : dns: add minimalist error processing on the Rx path - MEDIUM : checks: Make sure we set the task affinity just before connecting. - MEDIUM : proto_udp/threads: recv() and send() must not be exclusive. - MEDIUM : mux-h1: Never reuse H1 connection if a shutw is pending - MEDIUM : stream-int: don't subscribed for recv when we're trying to flush data - MEDIUM : tasks: Make sure we switch wait queues in task_set_affinity(). - MEDIUM : kqueue: Make sure we report read events even when no data. - MEDIUM : listener/threads: fix a remaining race in the listener's accept() - MEDIUM : listener/thread: fix a race when pausing a listener - MEDIUM : stream: address a very rare unhandled connection issue - MINOR : listener: do not immediately resume on transient error - MINOR : ssl: certificate choice can be unexpected with openssl >= 1.1.1 - MINOR : server: make "agent-addr" work on default-server line - MINOR : mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN - MINOR : tasks: only requeue a task if it was already in the queue - MINOR : listener: fix off-by-one in state name check - MINOR : proxy: make soft_stop() also close FDs in LI_PAUSED state - MINOR : http-htx: Don't make http_find_header() fail if the value is empty - MINOR : stream: init variables when the list is empty - MINOR : log: fix minor resource leaks on logformat error path - MINOR : mux-h1: Fix conditions to know whether or not we may receive data - MINOR : listener/threads: always use atomic ops to clear the FD events - MINOR : listener: also clear the error flag on a paused listener - MINOR : mworker: properly pass SIGTTOU/SIGTTIN to workers --- The haproxy stable-bot is freely provided by HAProxy Technologies to help improve the quality of each HAProxy release. If you have any issue with these emails or if you want to suggest some improvements, please post them on the list so that the solutions suiting the most users can be found.
stable-bot: NOTICE: 14 bug fixes in queue for next release - 1.8
Hi, This is a friendly bot that watches fixes pending for the next haproxy-stable release! One such e-mail is sent periodically once patches are waiting in the last maintenance branch, and an ideal release date is computed based on the severity of these fixes and their merge date. Responses to this mail must be sent to the mailing list. Last release 1.8.23 was issued on 2019/11/25. There are currently 14 patches in the queue cut down this way: - 1 MAJOR, first one merged on 2019/12/10 - 4 MEDIUM, first one merged on 2019/12/05 - 9 MINOR, first one merged on 2019/12/05 Thus the computed ideal release date for 1.8.24 would be 2019/12/24, which is in two weeks or less. The current list of patches in the queue is: - MAJOR : dns: add minimalist error processing on the Rx path - MEDIUM : proto_udp/threads: recv() and send() must not be exclusive. - MEDIUM : listener/threads: fix a remaining race in the listener's accept() - MEDIUM : listener/thread: fix a race when pausing a listener - MEDIUM : kqueue: Make sure we report read events even when no data. - MINOR : listener: fix off-by-one in state name check - MINOR : server: make "agent-addr" work on default-server line - MINOR : listener: also clear the error flag on a paused listener - MINOR : log: fix minor resource leaks on logformat error path - MINOR : listener/threads: always use atomic ops to clear the FD events - MINOR : proxy: make soft_stop() also close FDs in LI_PAUSED state - MINOR : listener: do not immediately resume on transient error - MINOR : mworker: properly pass SIGTTOU/SIGTTIN to workers - MINOR : ssl: certificate choice can be unexpected with openssl >= 1.1.1 --- The haproxy stable-bot is freely provided by HAProxy Technologies to help improve the quality of each HAProxy release. If you have any issue with these emails or if you want to suggest some improvements, please post them on the list so that the solutions suiting the most users can be found.
Re: ModSecurity testing
> Em 13 de dez de 2019, à(s) 10:09, Christopher Faulet > escreveu: > > Le 10/12/2019 à 05:24, Igor Cicimov a écrit : >> >> Testing with Haproxy 2.0.10 but same result with 1.8.23. The versions of >> ModSecurity is 2.9.2 and the OWASP rules v3.0.2 >> What am I doing wrong? Can anyone provide a request that should confirm if >> the module is working or not from or share the experience from their own >> setup? > > Hi Igor, > > First of all, I don't know how the modsecurity agent really work. But I'm > surprised to see it returns -101. In the code, -1, 0 or an HTTP status code > is expected. And only 0 or the HTTP status code is returned to HAProxy. I > don't know if -101 is a valid return value from modsecurity point of view. > But it is not from the agent one. > > Then, You don't have an error 403 because the variable txn.modsec.code is > negative, so the deny http-request rule is never triggered. So, I guess your > error 400 comes from your webserver. You can enabled HTTP log to have more > information. > > Finally, I notice some requests to the SPOA agent seems to have failed. The > variable is not set (- in the logs). You can try to enable SPOE logs in your > SPOE engine configuration. Take a look at the SPOE documentation > (doc/SPOE.txt) for more information. Hi, perhaps this thread helps: https://www.mail-archive.com/haproxy@formilux.org/msg30061.html And perhaps this building of ModSecurity SPOA will also help: https://github.com/jcmoraisjr/modsecurity-spoa/blob/v0.5/rootfs/Dockerfile ~jm