Hi, HAProxy 2.2.15 was released on 2021/07/16. It added 90 new commits after version 2.2.14.
This release is very similar to the 2.3.11/2.3.12. To sum up, most noticeable bugs fixed in this release are: * A possible deadlock if "set maxconn server" command was used when there was a pending connection ready to be dequeued. * A possible infinite loop in process_stream() when a connection error was reported while the stream was waiting for a retry. * A possible race between free() and pool_alloc() in the pools lockless variant. * A bug in the HTX defragmentation leading to crash. The bug might be encountered in the HTTP compression filter or in HTTP header replacement. * An old bug preventing the dequeuing for servers with a very low maxconn because the load balancing was not skipped when a new connection was picked from the proxy's or server's queue. * A bug in the sock part leading to high CPU usage because some early connection failures might be missed. * A thread-safety issue with the SHCTX code when compiled with USE_PRIVATE_CACHE mode. It was not using any locks. * Most of resolvers performance issues and several other bugs in this area. * An issue with the abortonclose option. It was not working since a while. * A bug in the HTTP compression leading to truncated or corrupted responses. * A bug with synchronous connect in tcpcheck when several connections come one after the other. * "url_ip"/"url_port" sample fetches not properly handling url parsing errors. In addition, the http-ignore-probes is now respected for H2 connections. When this option is set, no errors are reported anymore when connections are aborted during preface. And the FCGI multiplexer was slightly improved to send a relative path instead of a normalized URI to an application and to expose SERVER_SOFTWARE parameter by default. Finally, as a consequence of the bug fixed in the pools, the code was simplified. The lockless implementation is used everywhere, resulting in the removal of the very old locked implementation that was kept for non-capable architectures. As a result, threads will now be faster on less common architectures (e.g. i686, MIPS, PPC64, ...). The rest is less visible but contains, as usual, cleanups, small fixes here and there, improvements... It is strongly advised to update to this version. Thanks everyone for your help and your contributions! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.2/src/ Git repository : http://git.haproxy.org/git/haproxy-2.2.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.2.git Changelog : http://www.haproxy.org/download/2.2/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Alex (1): DOC: use the req.ssl_sni in examples Alexandar Lazic (1): DOC/MINOR: move uuid in the configuration to the right alphabetical order Amaury Denoyelle (5): BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check REGTESTS: fix maxconn update with agent-check Christopher Faulet (35): BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers BUG/MINOR: stream: Decrement server current session counter on L7 retry BUG/MINOR: stream: Reset stream final state and si error type on L7 retry BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive MINOR: conn-stream: Force mux to wait for read events if abortonclose is set MEDIUM: mux-h1: Don't block reads when waiting for the other side BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set REGTESTS: Add script to test abortonclose option BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry BUG/MEDIUM: compression: Add a flag to know the filter is still processing data BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default DOC: lua: Add a warning about buffers modification in HTTP MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules DOC: config: Add missing actions in "tcp-request session" documentation BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI BUG/MINOR: server/cli: Fix locking in function processing "set server" command BUG/MINOR: resolvers: Always attach server on matching record on resolution BUG/MINOR: resolvers: Reset server IP when no ip is found in the response MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" BUG/MINOR: server-state: load SRV resolution only if params match the config BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled MINOR: resolvers: Clean server in a dedicated function when removing a SRV item MINOR: resolvers: Remove server from named_servers tree when removing a SRV item BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() Daniel Black (1): DOC: config: use CREATE USER for mysql-check Dirkjan Bussink (1): BUG/MINOR: checks: return correct error code for srv_parse_agent_check Emeric Brun (9): BUG/MEDIUM: dns: reset file descriptor if send returns an error BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken BUG/MINOR: resolvers: answser item list was randomly purged or errors MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item MEDIUM: resolvers: add a ref between servers and srv request or used SRV record BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs BUG/MINOR: stick-table: fix several printf sign errors dumping tables DOC: stick-table: add missing documentation about gpt0 stored type BUG/MINOR: peers: fix data_type bit computation more than 32 data_types Remi Tricot-Le Breton (15): BUG/MEDIUM: ebtree: Invalid read when looking for dup entry BUG/MINOR: server: Missing calloc return value check in srv_parse_source BUG/MINOR: peers: Missing calloc return value check in peers_register_table BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list BUG/MINOR: http: Missing calloc return value check while parsing redirect rule BUG/MINOR: http: Missing calloc return value check in make_arg_list BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future Thierry Fournier (1): MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode William Lallemand (1): BUG/MINOR: ssl/cli: fix a lock leak when no memory available Willy Tarreau (20): REGTESTS: add minimal CLI "add map" tests BUG/MEDIUM: cli: prevent memory leak on write errors MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS BUG/MINOR: stream: properly clear the previous error mask on L7 retries BUG/MINOR: lua/vars: prevent get_var() from allocating a new name BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE BUG/MINOR: ssl: use atomic ops to update global shctx stats BUG/MINOR: mworker: fix typo in chroot error message BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue MINOR: mux-h2: obey http-ignore-probes during the preface BUG/MEDIUM: sock: make sure to never miss early connection failures BUG/MINOR: cli: fix server name output in "show fd" DOC: peers: fix the protocol tag name in the doc BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() MINOR: pools: do not maintain the lock during pool_flush() MEDIUM: pools: use a single pool_gc() function for locked and lockless BUG/MAJOR: pools: fix possible race with free() in the lockless variant CLEANUP: pools: remove now unused seq and pool_free_list BUG/MAJOR: pools: fix incomplete backport of lockless pool fix BUG/MAJOR: pools: second fix for incomplete backport of lockless pool fix -- Christopher Faulet