Hi, HAProxy 2.0.15 was released on 2020/06/12. It added 77 new commits after version 2.0.14.
A major issue was fixed when using l7 retries which could provokes a crash. The fix had to be done in a different way than in 2.1+ since the architecture changed a lot. If you want more details about it, please read the commit message. A very difficult to trigger risk of crash was also fixed when connecting to a server using ALPN but haproxy fails to find a mux after the TLS handshake. Some fixes were made with captures converters that could crash if misued as well as some buggy sample fetches (http_first_req, unique-id, CPU, latency). An HTTP reuse issue was fixed when using NTML authentication, this was fixed by using a safer test for making the NTML sessions private. Some inconsistencies in the argument parser were also fixed, the parameter of all options now support a hyphen as a first character except the -sf/st ones. We also fixed the support of the "--" option in the mworker mode, which is useful at the end of the command when you want to use a list of configuration files. Find the complete changelog below. As usual, don't forget to update to this version if you are using the 2.0 branch. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Adam Mills (1): DOC: hashing: update link to hashing functions Adis Nezirovic (1): BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT Christopher Faulet (20): BUG/MINOR: check: Update server address and port to execute an external check MINOR: checks: Add a way to send custom headers and payload during http chekcs BUG/MINOR: checks: Respect the no-check-ssl option BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function BUG/MEDIUM: server/checks: Init server check during config validity check BUG/MINOR: checks/server: use_ssl member must be signed BUG/MEDIUM: checks: Always initialize checks before starting them BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks BUG/MINOR: checks: Remove a warning about http health checks BUG/MINOR: sample: Set the correct type when a binary is converted to a string BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used Dragan Dosen (1): BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() Emeric Brun (3): BUG/MINOR: peers: fix internal/network key type mapping. BUG/MINOR: logs: prevent double line returns in some events. BUG/MEDIUM: logs: fix trailing zeros on log message. Frédéric Lécaille (2): BUG/MINOR: protocol_buffer: Wrong maximum shifting. BUG/MINOR: peers: Incomplete peers sections should be validated. Gaetan Rivet (1): BUG/MINOR: checks: chained expect will not properly wait for enough data Jerome Magnin (3): BUG/MINOR: ssl: default settings for ssl server options are not used DOC: option logasap does not depend on mode BUILD: select: only declare existing local labels to appease clang Nathan Neulinger (1): BUG/MINOR: lua: Add missing string length for lua sticktable lookup Olivier Doucet (1): DOC: Improve documentation on http-request set-src Olivier Houchard (3): BUG/MEDIUM: http-ana: Handle NTLM messages correctly. BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. Tim Duesterhus (2): BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv William Dauchy (4): BUG/MEDIUM: connections: force connections cleanup on server changes CLEANUP: connections: align function declaration BUG/MINOR: pollers: remove uneeded free in global init Revert "BUG/MEDIUM: connections: force connections cleanup on server changes" William Lallemand (7): REGTEST: ssl: test the client certificate authentication BUG/MEDIUM: mworker: fix the copy of options in copy_argv() BUG/MINOR: init: -x can have a parameter starting with a dash BUG/MINOR: init: -S can have a parameter starting with a dash BUG/MEDIUM: mworker: fix the reload with an -- option BUG/MINOR: mworker: fix a memleak when execvp() failed BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 Willy Tarreau (27): BUG/MINOR: tools: fix the i386 version of the div64_32 function BUG/MINOR: http: make url_decode() optionally convert '+' to SP BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream BUG/MEDIUM: listener: mark the thread as not stuck inside the loop MINOR: threads: export the POSIX thread ID in panic dumps BUG/MINOR: debug: properly use long long instead of long for the thread ID BUG/MEDIUM: shctx: really check the lock's value while waiting BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock MINOR: stream: report the list of active filters on stream crashes BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() BUG/MINOR: http-ana: fix NTLM response parsing again BUG/MEDIUM: http_ana: make the detection of NTLM variants safer BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" BUG/MINOR: soft-stop: always wake up waiting threads on stopping BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf SCRIPTS: publish-release: pass -n to gzip to remove timestamp BUILD: makefile: adjust the sed expression of "make help" for solaris BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor BUG/MEDIUM: pattern: fix thread safety of pattern matching --- -- William Lallemand