Am 20.09.2018 um 14:31 schrieb Willy Tarreau:
> Subject: [ANNOUNCE] haproxy-1.8.14
> To: email@example.com
> HAProxy 1.8.14 was released on 2018/09/20. It added 44 new commits
> after version 1.8.13.
Image on docker hub was updated to.
> The most important one fixes a security issue reported by Tim Düsterhus
> and which was assigned CVE-2018-14645. There is an integer signedness
> issue in the HPACK decoder used in HTTP/2 which theorically makes it
> possible to remotely crash an haproxy instance where HTTP/2 is in use.
> I want to thank Tim for his responsible reporting and Ryan O'Hara for
> quickly providing us with a CVE ID.
> The only workaround for those who for various reasons can't immediately
> update, is to disable HTTP/2. But distros will provide an updated package
> soon. If some distro maintainers need a way to test if their version is
> properly fixed, please contact me privately, I'll explain how to proceed.
> Two other major issues are fixed in this version, one of them related to
> how SSL is initialized in Lua, apparently it didn't properly consider
> the presence of threads, leading to random behaviours. The second only
> affects kqueue, I don't have the details in memory, I suspect it was
> causing some delays in connection processing there.
> The rest is the regular list of problematic but not critical issues that
> need to be fixed but for which there is no emergency.
> Please find the usual URLs below :
>Site index : http://www.haproxy.org/
>Sources : http://www.haproxy.org/download/1.8/src/
>Git repository : http://git.haproxy.org/git/haproxy-1.8.git/
>Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
>Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
> Complete changelog :
> Baptiste Assmann (4):
> MINOR: dns: fix wrong score computation in dns_get_ip_from_response
> MINOR: dns: new DNS options to allow/prevent IP address duplication
> BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and
> server state file
> BUG/MINOR: dns: check and link servers' resolvers right after config
> Bertrand Jacquin (2):
> DOC: ssl: Use consistent naming for TLS protocols
> DOC: Fix typos in lua documentation
> Cyril Bonté (1):
> BUG/MEDIUM: lua: socket timeouts are not applied
> Dragan Dosen (1):
> BUG/MEDIUM: patterns: fix possible double free when reloading a pattern
> Emeric Brun (4):
> BUG/MINOR: ssl: empty connections reported as errors.
> BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
> BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable
> BUG/MINOR: map: fix map_regm with backref
> Emmanuel Hocdet (1):
> BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
> Frédéric Lécaille (3):
> BUG/MINOR: lua: Bad HTTP client request duration.
> BUG/MAJOR: thread: lua: Wrong SSL context initialization.
> BUG/MINOR: server: Crash when setting FQDN via CLI.
> Jens Bissinger (1):
> DOC: Fix spelling error in configuration doc
> Lukas Tribus (1):
> DOC: dns: explain set server ... fqdn requires resolver
> Olivier Houchard (4):
> MINOR: threads: Introduce double-width CAS on x86_64 and arm.
> BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
> BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
> BUG/MAJOR: kqueue: Don't reset the changes number by accident.
> Patrick Hemmer (1):
> BUG/MEDIUM: lua: reset lua transaction between http requests
> Thierry FOURNIER (1):
> BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
> Willy Tarreau (20):
> BUG/MEDIUM: servers: check the queues once enabling a server
> BUG/MEDIUM: queue: prevent a backup server from draining the proxy's
> BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
> MINOR: threads: add more consistency between certain variables in
> no-thread case
> BUG/MEDIUM: threads: fix the no-thread case after the change to the
> sync point
> MEDIUM: hathreads: implement a more flexible rendez-vous point
> BUG/MEDIUM: cli: make "show fd" thread-safe
> BUG/MEDIUM: cli/threads: protect all "proxy" commands against
> concurrent updates
> BUG/MEDIUM: cli/threads: protect some server commands against
> concurrent operations
> BUG/MEDIUM: unix: provide a ->drain() function
> BUG/MEDIUM: mux_pt: dereference the connection with care in
> MINOR: thread: implement HA_ATOMIC_XADD()
> BUG/MINOR: stream: use atomic increments for the