Hi, HAProxy 1.8.24 was released on 2020/02/15. It added 49 new commits after version 1.8.23. This aligns the code on the level of fixes that went into 1.9.13 and 1.9.14.
There's nothing really outstanding here, as can be seen in the changelog below. The main reason for this release is that I was reminded on Discourse by Lukas and @pnikolov that the "attr" attribute for the "cookie" directive was backported, allowing to address the breakage that some sites reportedly experience since the latest release of the Chrome browser changed its default setting for the SameSite cookie attribute from "None" to "Lax". Typically some such sites may need to update their "cookie" directive to add SameSite and secure. Example: cookie SRV insert indirect nocache secure attr "SameSite=None" If nobody complained to you about your site being broken under Chrome, you don't need to change anything. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Baptiste Assmann (2): BUG/MINOR: http_act: don't check capture id in backend BUG/MINOR: dns: allow srv record weight set to 0 Christopher Faulet (4): BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive Emmanuel Hocdet (1): BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 Jerome Magnin (2): BUG/MINOR: stream: don't mistake match rules for store-request rules BUG/MINOR: pattern: handle errors from fgets when trying to load patterns Mathias Weiersmueller (1): DOC: clarify matching strings on binary fetches Olivier Houchard (2): BUG/MEDIUM: kqueue: Make sure we report read events even when no data. BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. Tim Duesterhus (2): BUG/MINOR: dns: Make dns_query_id_seed unsigned MINOR: acl: Warn when an ACL is named 'or' William Dauchy (4): BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2 BUG/MINOR: dns: allow 63 char in hostname BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener BUG/MINOR: tcp: don't try to set defaultmss when value is negative William Lallemand (2): BUG/MEDIUM: mworker: remain in mworker mode during reload BUG/MEDIUM: cli: _getsocks must send the peers sockets Willy Tarreau (29): BUG/MEDIUM: listener/thread: fix a race when pausing a listener BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state BUG/MINOR: listener/threads: always use atomic ops to clear the FD events BUG/MINOR: listener: also clear the error flag on a paused listener BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() DOC: document the listener state transitions BUG/MAJOR: dns: add minimalist error processing on the Rx path BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. DOC: listeners: add a few missing transitions BUILD/MINOR: ssl: shut up a build warning about format truncation BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset() BUILD: do not disable -Wformat-truncation anymore DOC: remove references to the outdated architecture.txt BUG/MINOR: log: fix minor resource leaks on logformat error path BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers BUG/MINOR: listener: do not immediately resume on transient error BUG/MINOR: server: make "agent-addr" work on default-server line BUG/MINOR: listener: fix off-by-one in state name check BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() BUG/MINOR: sample: fix the closing bracket and LF in the debug converter BUG/MINOR: sample: always check converters' arguments BUG/MEDIUM: session: do not report a failure when rejecting a session BUG/MAJOR: hashes: fix the signedness of the hash inputs BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error SCRIPTS: announce-release: place the send command in the mail's header SCRIPTS: announce-release: allow the user to force to overwrite old files BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit BUG/MEDIUM: listener: only consider running threads when resuming listeners SCRIPTS: make announce-release executable again ---