Hi, HAProxy 1.8.27 was released on 2020/11/06. It added 44 new commits after version 1.8.26. Every 1.8 users are encouraged to upgrade as it contains several bug fixes.
This release contains some fixes also present on higher versions. Most notably a fix on the h2 multiplexer, a thread-safety bug on load-balancer algorithms, a design issue on SPOE and the skipping of disabled proxies for filters. Also there is the possibility now to update the server-state file without crashing haproxy. You can look the detailled reports for them on 2.2.5 announce. In addition, the following changes have been made : The h2 multiplexer is more robust thanks to Christopher and Willy. First it is now able to parse incomplete chunk formatting. An issue has also been raised due to a certain combination of frame type and flags which haproxy interprets wrongly as invalid and is now fixed. Some improvement on the ssl have been made by William. Notably, a better algorithm to choose a certificate when using wildcards with respect to the supported encryption algorithm. The lua engine now prevents to load map at runtime, which should never have been permitted. There is also additional checks on arguments when doing ip address manipulation. A nasty bug has fixed by Willy, triggered when using multi processes with expose-fd. In short, the "disable frontend" command had the side-effect of pausing other process socket file-descriptors. Now this case is properly handled, the other listeners are not impacted. There is also a list of smaller fixes. Again, look at 2.2.5 announce that summarizes them for more info. Thanks to everyone for this release. Enjoy ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Amaury Denoyelle (6): BUG/MINOR: config: Fix memory leak on config parse listen MINOR: counters: fix a typo in comment BUG/MINOR: stats: fix validity of the json schema BUG/MINOR: server: fix srv downtime calcul on starting BUG/MINOR: server: fix down_time report for stats BUG/MINOR: lua: initialize sample before using it Christopher Faulet (13): BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned MINOR: hlua: Display debug messages on stderr only in debug mode BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible BUG/MEDIUM: filters: Don't try to init filters for disabled proxies BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup MINOR: server: Copy configuration file and line for server templates BUG/MINOR: filters: Skip disabled proxies during startup only Dragan Dosen (1): BUG/MEDIUM: pattern: fix memory leak in regex pattern functions Lukas Tribus (1): BUG/MINOR: dns: ignore trailing dot Remi Tricot-Le Breton (1): BUG/MINOR: cache: Inverted variables in http_calc_maxage function Tim Duesterhus (2): MINOR: Commit .gitattributes CLEANUP: Update .gitignore William Dauchy (1): DOC: agent-check: fix typo in "fail" word expected reply William Lallemand (5): BUG/MINOR: startup: haproxy -s cause 100% cpu BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate BUG/MINOR: ssl: verifyhost is case sensitive DOC: ssl: crt-list negative filters are only a hint Willy Tarreau (14): BUG/MINOR: stats: use strncmp() instead of memcmp() on health states BUG/MINOR: reload: do not fail when no socket is sent BUG/MINOR: threads: work around a libgcc_s issue with chrooting BUILD: thread: limit the libgcc_s workaround to glibc only BUILD: threads: better workaround for late loading of libgcc_s BUG/MEDIUM: h2: report frame bits only for handled types BUG/MEDIUM: listeners: do not pause foreign listeners REGTESTS: add a few load balancing tests REGTEST: fix host part in balance-uri-path-only.vtc REGTEST: make abns_socket.vtc require 1.8 REGTEST: make map_regm_with_backref require 1.7 BUG/MINOR: queue: properly report redistributed connections BUG/MEDIUM: server: support changing the slowstart value from state-file BUG/MINOR: extcheck: add missing checks on extchk_setenv() -- Amaury Denoyelle