Hi, HAProxy 2.3.17 was released on 2022/01/11. It added 51 new commits after version 2.3.16.
This is essentially an update of 2.3 with the relevant fixes that were collected from 2.4.9 to 2.4.12. The list below was mostly composed from the last few 2.4 changelogs: - using multiple log-forward sections would crash after parsing the config, that's now fixed. - possible crash on master CLI when trying to enter an old pid when in prompt mode - yet another risk of crash on resolvers was fixed, this time when getting a response error, because some invalid elements could be left in the list. - the problem where the SNI could be set again on a reused server connection was fixed - a workaround for a possibly slow malloc_trim() in modern libcs upon reload when using many threads, that could be slow enough to panic the old process. - there was a risk of frozen stream or spinning loop when combining layer-7 retries with some filters because an analyser responsible for releasing the filter was dropped. This was fixed. - eliminate a rare risk of deadlock when built with DEBUG_UAF. It would only affect developers chasing some user-after-free bugs, but better fix it anyway. - on reload we used to transfer listening sockets by packs of 253 between the old and the new process but it looks like for whatever reason on musl 253 doesn't work and the limit is 252. It might be caused by a slightly different layout for the message. So the limit was lowered by one as this will definitely not affect reload time! - Daniel Jakots fixed the build with libreSSL 3.5 and newer (some macros didn't work anymore). - David Carlier fixed the build with FreeBSD 14, which changes the cpuset API to better match Linux's. - the build warning with clang on i386 was addressed - fixed some usual "maybe unused" warnings on old compilers for unusual platform (gcc-4.7 on MIPS with threads disabled). - William fixed a bug in the master-worker when the master is executed in wait mode (only after a reload failure in 2.3). In this case, the master must never try to to get the listeners FD from the previous process using _getsocks on the stats socket. Otherwise, if a reload fails, the master exists with a EXIT_FAILURE status, killing all the workers. - the CLI's "show version" was backported to help with diagnostics and to uniformize APIs between versions. - various minor doc updates and typo fixes - some regtest and CI backports to ease stable maintainers' job Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.3/src/ Git repository : http://git.haproxy.org/git/haproxy-2.3.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.3.git Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Amaury Denoyelle (2): BUG/MINOR: backend: do not set sni on connection reuse BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose Christopher Faulet (5): BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time BUG/MEDIUM: resolvers: Detach query item on response error DOC: spoe: Clarify use of the event directive in spoe-message section DOC: config: Specify %Ta is only available in HTTP mode BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry Daniel Jakots (1): BUILD: ssl: unbreak the build with newer libressl David Carlier (1): BUILD/MINOR: tools: solaris build fix on dladdr. Emeric Brun (1): BUG/MAJOR: segfault using multiple log forward sections. Ilya Shipitsin (11): CI: Github Actions: enable prometheus exporter CI: Github Actions: remove LibreSSL-3.0.2 builds CI: Github Actions: enable BoringSSL builds CI: Github Action: run "apt-get update" before packages restore CI: github actions: update LibreSSL to 3.3.0 CI: github actions: enable 51degrees feature CI: GitHub Actions: enable daily Coverity scan CI: github actions: build several popular "contrib" tools CI: github actions: switch to stable LibreSSL release CI: github actions: update LibreSSL to 3.2.5 CI: Github Actions: switch to LibreSSL-3.3.3 Lukas Tribus (1): DOC: config: retry-on list is space-delimited Thierry Fournier (1): DOC: fix misspelled keyword "resolve_retries" in resolvers Tim Duesterhus (12): CI: Expand use of GitHub Actions for CI CI: Stop hijacking the hosts file CI: Make the h2spec workflow more consistent with the VTest workflow CI: Pass the github.event_name to matrix.py CI: Clean up Windows CI CI: Set DEBUG=-DDEBUG_STRICT=1 in GitHub Actions CI: Pin VTest to a known good commit CI: Fix DEBUG_STRICT definition for Coverity CI: Fix the coverity builds Revert "CI: Pin VTest to a known good commit" CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() William Lallemand (6): DOC: configuration: issuers-chain-path only applies to bind lines MINOR: cli: "show version" displays the current process version BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode BUG/MINOR: ssl: free the fields in srv->ssl_ctx BUG/MINOR: cli: fix _getsocks with musl libc BUG/MEDIUM: mworker: don't use _getsocks in wait mode Willy Tarreau (10): CI: Github Actions: temporarily disable BoringSSL builds MEDIUM: task: extend the state field to 32 bits MINOR: ssl: make tlskeys_list_get_next() take a list element REGTESTS: mark the abns test as broken again BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types MINOR: pools: work around possibly slow malloc_trim() during gc BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode BUILD: cli: clear a maybe-unused warning on some older compilers BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free ---