mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-08 06:26:10 +02:00
Code Issues Projects Releases Wiki Activity

[RELEASE] Released version 3.4-dev11

Browse Source 
Released version 3.4-dev11 with the following main changes :
    - BUG/MEDIUM: acme: fix segfault on newOrder with empty authorizations
    - BUG/MINOR: acme: skip auth/challenge steps when newOrder returns a certificate
    - BUG/MINOR: sink: do not free existing sinks on allocation error
    - CLEANUP: net_helper: fix incorrect const pointers in writev_n16()
    - BUG/MINOR: vars: make parse_store() return error on var_set() failure
    - BUG/MINOR: vars: don't store the variable twice with set-var-fmt
    - BUG/MINOR: vars: only print first invalid char in fill_desc()
    - BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
    - MINOR: add an MPSC ring buffer implementation
    - OPTIM: quic: rework the QUIC RX code
    - MINOR: quic: store the DCID as an offset
    - OPTIM: quic: reduce the size of struct quic_dgram
    - BUG/MINOR: quic: handle cases where we don't have an address
    - BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
    - MEDIUM: mux-quic: extend shut to app proto layer
    - MINOR: h3/hq_interop: implement stream reset on shut abort/kill-conn
    - BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
    - BUG/MINOR: map: do not leak a map descriptor on load error
    - CLEANUP: map/cli: fix some map-related help messages
    - BUG/MINOR: pattern: release the reference on failure to load from file
    - CLEANUP: acl: remove duplicate test in parse_acl_expr() and unused variable
    - CI: github: add DEBUG_STRICT=2 to ASAN jobs
    - BUG/MINOR: quic: fix buffer overflow with sockaddr_in46
    - BUG/MEDIUM: acme: fix stalled renewal when opportunistic DNS check fails
    - BUG/MINOR: quic: fix trace crash on datagram receive
    - MINOR: quic: fix trace spacing when datagram is displayed
    - CLEANUP: mux-h2: remove the outdated condition to release h2c on timeout
    - BUILD: add an EXTRA_MAKE option to build addons easily
    - BUILD: otel: removed USE_OTEL, addon is now built via EXTRA_MAKE
    - CLEANUP: otel: move opentelemetry outside haproxy sources
    - BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
    - BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
    - DOC: otel: update the filter's status and URL in the docs
    - DOC: acme: document missing acme-vars and provider-name keywords
    - BUG/MINOR: dns: always validate the source address in responses
    - BUG/MINOR: tcpcheck: Properly report error for http health-checks
    - CLEANUP: resolvers: Remove duplicated line when resolvers proxy is initialized
    - BUG/MINOR: resolvers: Free new requester on error when linking a resolution
    - BUG/MINOR: resolvers: Fix lookup for a hostname in the state-file tree
    - BUG/MINOR: resolvers: Free opts on parse error in resolv_parse_do_resolve()
    - BUG/MAJOR: net_helper: also fix tcp_options_list for OOB write loop
    - BUG/MEDIUM: ssl/sample: check output buffer size in aes_cbc_enc converter
    - BUG/MAJOR: http-ana: fix private session retrieval on NTLM
    - REGTESTS: add a regtest to validate various NTLM transitions
    - BUG/MEDIUM: mworker/cli: fix user and operator permission via @@<pid> in master CLI
    - BUG/MINOR: mworker/cli: check ci_insert() return value in pcli_parse_request()
    - REGTESTS: http-messaging: always send RFC8441 client settings to use ext connect
    - BUG/MINOR: h2: add decoding for :protocol in traces
    - BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting
    - MINOR: mux-h2: add a new message flag to indicate ext connect support
    - BUG/MINOR: h2: only accept :protocol with extended CONNECT
    - BUG/MINOR: acme: contact mail should be optional, don't pass ToS bool
    - CLEANUP: http-fetch: Remove duplcated return statement in smp_fetch_stver()
    - CLEANUP: http-fetch: Adjust smp_fetch_url32_src() comment
    - CLEANUP: http-fetch: Fix indentation of sample_fetch_keywords
    - BUG/MINOR: http_fetch: Check return values of unchecked buffer operations
    - BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used
    - BUG/MEDIUM: h1_htx: Remove reverved block on error during contig chunks parsing
    - CLEANUP: haterm: Remove duplicated bloc to know if haterm must drain
    - BUG/MINOR: haterm: Immediately report error when draining the request
    - CLEANUP: haterm: Remove useless IS_HTX_SC() test
    - BUG/MINOR: haterm: Fix a possible integer overflow on the request body length
    - BUG/MEDIUM: haterm: Subscribe for receives until request was fully drained
    - BUG/MINOR: haterm: Don't set HTX_FL_EOM flag on 100-Continue responses
    - BUG/MEDIUM: haterm: Properly handle end of request and end of response
    - BUG/MEDIUM: haterm: Properly handle client timeout
    - BUG/MINOR: haterm: Fix condition to use direct data forwarding
    - BUG/MINOR: haterm: Report a 400-bad-request error on receive error
    - DEBUG: haterm: Add hstream flags in the trace messages
    - MINOR: haterm: Remove now useless req_body field from hstream
    - MINOR: mux_quic: reset stream after app shutdown for HTTP/0.9
    - MINOR: mux_quic: do not perform unnecessary timeout handling on BE side
    - BUG/MEDIUM: mux_quic: adjust qcc_is_dead() to account detached streams
    - MINOR: mux_quic: simplify MUX_CTL_GET_NBSTRM
    - MINOR: ssl: Export 'current_crtstore_name'
    - MINOR: ssl: Factorize code from "new/set ssl cert" CLI command
    - MINOR: ssl: Factorize ckch instance rebuild process
    - MEDIUM: ssl: Refactorize "commit ssl cert"
    - BUG/MINOR: ssl: Use the sequence number with kTLS and TLS 1.2
    - BUG/MINOR: mux_quic: fix max stream ID reuse estimation
    - MINOR: mux_quic: release BE conns if reuse definitely blocked
    - BUG/MINOR: mux_quic: refresh timeout only if I/O performed
    - MEDIUM: mux-h1: Return an error on h2 upgrade attempts if not allowed
    - BUG/MEDIUM: mux-h2: Properly consume padding for DATA frames
    - MEDIUM: tools: read_line_to_trash() handle empty files without \n
    - MINOR: jws: support HMAC in jws_b64_protected(), make nonce optional
    - MINOR: jws: introduce jws_b64_hmac_signature() function for HMAC signing
    - MINOR: acme: implement EAB - external account binding
    - MINOR: acme: allow specifying custom MAC alg for EAB
    - REGTESTS: Fix h1_to_h2_upgrade.vtc to force h2 on first bind line
    - MINOR: cli: allow specifying a tgid with show fd
    - Revert "BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect"
    - BUILD: use Makefile.mk instead of Makefile.inc in EXTRA_MAKE
    - Revert "BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting"
    - BUG/MEDIUM: mux-h2: fix the detection of the ext connect support
    - MINOR: jwe: Add option to enable/disable algorithms or encryption algorithms for jwt_decrypt
    - MINOR: jwe: Disable 'RSA1_5' algorithm by default in jwt_decrypt converters
    - BUG/MEDIUM: jwe: Fix jwt.decrypt_alg_list to work correctly
    - BUG/MEDIUM: stick-table: properly check permissions on CLI's set/clear cmd
    - DOC: acme: EAB is now supported
This commit is contained in:
Willy Tarreau 2026-05-08 05:22:55 +02:00
parent 815845f17e
commit 5d26fe6082
4 changed files with 105 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
CHANGELOG
View File

@ -1,6 +1,108 @@
ChangeLog :
===========
2026/05/08 : 3.4-dev11
- BUG/MEDIUM: acme: fix segfault on newOrder with empty authorizations
- BUG/MINOR: acme: skip auth/challenge steps when newOrder returns a certificate
- BUG/MINOR: sink: do not free existing sinks on allocation error
- CLEANUP: net_helper: fix incorrect const pointers in writev_n16()
- BUG/MINOR: vars: make parse_store() return error on var_set() failure
- BUG/MINOR: vars: don't store the variable twice with set-var-fmt
- BUG/MINOR: vars: only print first invalid char in fill_desc()
- BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
- MINOR: add an MPSC ring buffer implementation
- OPTIM: quic: rework the QUIC RX code
- MINOR: quic: store the DCID as an offset
- OPTIM: quic: reduce the size of struct quic_dgram
- BUG/MINOR: quic: handle cases where we don't have an address
- BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
- MEDIUM: mux-quic: extend shut to app proto layer
- MINOR: h3/hq_interop: implement stream reset on shut abort/kill-conn
- BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
- BUG/MINOR: map: do not leak a map descriptor on load error
- CLEANUP: map/cli: fix some map-related help messages
- BUG/MINOR: pattern: release the reference on failure to load from file
- CLEANUP: acl: remove duplicate test in parse_acl_expr() and unused variable
- CI: github: add DEBUG_STRICT=2 to ASAN jobs
- BUG/MINOR: quic: fix buffer overflow with sockaddr_in46
- BUG/MEDIUM: acme: fix stalled renewal when opportunistic DNS check fails
- BUG/MINOR: quic: fix trace crash on datagram receive
- MINOR: quic: fix trace spacing when datagram is displayed
- CLEANUP: mux-h2: remove the outdated condition to release h2c on timeout
- BUILD: add an EXTRA_MAKE option to build addons easily
- BUILD: otel: removed USE_OTEL, addon is now built via EXTRA_MAKE
- CLEANUP: otel: move opentelemetry outside haproxy sources
- BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
- BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
- DOC: otel: update the filter's status and URL in the docs
- DOC: acme: document missing acme-vars and provider-name keywords
- BUG/MINOR: dns: always validate the source address in responses
- BUG/MINOR: tcpcheck: Properly report error for http health-checks
- CLEANUP: resolvers: Remove duplicated line when resolvers proxy is initialized
- BUG/MINOR: resolvers: Free new requester on error when linking a resolution
- BUG/MINOR: resolvers: Fix lookup for a hostname in the state-file tree
- BUG/MINOR: resolvers: Free opts on parse error in resolv_parse_do_resolve()
- BUG/MAJOR: net_helper: also fix tcp_options_list for OOB write loop
- BUG/MEDIUM: ssl/sample: check output buffer size in aes_cbc_enc converter
- BUG/MAJOR: http-ana: fix private session retrieval on NTLM
- REGTESTS: add a regtest to validate various NTLM transitions
- BUG/MEDIUM: mworker/cli: fix user and operator permission via @@<pid> in master CLI
- BUG/MINOR: mworker/cli: check ci_insert() return value in pcli_parse_request()
- REGTESTS: http-messaging: always send RFC8441 client settings to use ext connect
- BUG/MINOR: h2: add decoding for :protocol in traces
- BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting
- MINOR: mux-h2: add a new message flag to indicate ext connect support
- BUG/MINOR: h2: only accept :protocol with extended CONNECT
- BUG/MINOR: acme: contact mail should be optional, don't pass ToS bool
- CLEANUP: http-fetch: Remove duplcated return statement in smp_fetch_stver()
- CLEANUP: http-fetch: Adjust smp_fetch_url32_src() comment
- CLEANUP: http-fetch: Fix indentation of sample_fetch_keywords
- BUG/MINOR: http_fetch: Check return values of unchecked buffer operations
- BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used
- BUG/MEDIUM: h1_htx: Remove reverved block on error during contig chunks parsing
- CLEANUP: haterm: Remove duplicated bloc to know if haterm must drain
- BUG/MINOR: haterm: Immediately report error when draining the request
- CLEANUP: haterm: Remove useless IS_HTX_SC() test
- BUG/MINOR: haterm: Fix a possible integer overflow on the request body length
- BUG/MEDIUM: haterm: Subscribe for receives until request was fully drained
- BUG/MINOR: haterm: Don't set HTX_FL_EOM flag on 100-Continue responses
- BUG/MEDIUM: haterm: Properly handle end of request and end of response
- BUG/MEDIUM: haterm: Properly handle client timeout
- BUG/MINOR: haterm: Fix condition to use direct data forwarding
- BUG/MINOR: haterm: Report a 400-bad-request error on receive error
- DEBUG: haterm: Add hstream flags in the trace messages
- MINOR: haterm: Remove now useless req_body field from hstream
- MINOR: mux_quic: reset stream after app shutdown for HTTP/0.9
- MINOR: mux_quic: do not perform unnecessary timeout handling on BE side
- BUG/MEDIUM: mux_quic: adjust qcc_is_dead() to account detached streams
- MINOR: mux_quic: simplify MUX_CTL_GET_NBSTRM
- MINOR: ssl: Export 'current_crtstore_name'
- MINOR: ssl: Factorize code from "new/set ssl cert" CLI command
- MINOR: ssl: Factorize ckch instance rebuild process
- MEDIUM: ssl: Refactorize "commit ssl cert"
- BUG/MINOR: ssl: Use the sequence number with kTLS and TLS 1.2
- BUG/MINOR: mux_quic: fix max stream ID reuse estimation
- MINOR: mux_quic: release BE conns if reuse definitely blocked
- BUG/MINOR: mux_quic: refresh timeout only if I/O performed
- MEDIUM: mux-h1: Return an error on h2 upgrade attempts if not allowed
- BUG/MEDIUM: mux-h2: Properly consume padding for DATA frames
- MEDIUM: tools: read_line_to_trash() handle empty files without \n
- MINOR: jws: support HMAC in jws_b64_protected(), make nonce optional
- MINOR: jws: introduce jws_b64_hmac_signature() function for HMAC signing
- MINOR: acme: implement EAB - external account binding
- MINOR: acme: allow specifying custom MAC alg for EAB
- REGTESTS: Fix h1_to_h2_upgrade.vtc to force h2 on first bind line
- MINOR: cli: allow specifying a tgid with show fd
- Revert "BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect"
- BUILD: use Makefile.mk instead of Makefile.inc in EXTRA_MAKE
- Revert "BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting"
- BUG/MEDIUM: mux-h2: fix the detection of the ext connect support
- MINOR: jwe: Add option to enable/disable algorithms or encryption algorithms for jwt_decrypt
- MINOR: jwe: Disable 'RSA1_5' algorithm by default in jwt_decrypt converters
- BUG/MEDIUM: jwe: Fix jwt.decrypt_alg_list to work correctly
- BUG/MEDIUM: stick-table: properly check permissions on CLI's set/clear cmd
- DOC: acme: EAB is now supported
2026/04/29 : 3.4-dev10
- DOC: config: fix spelling of "max-threads-per-group" in the index
- MEDIUM: threads: change the default max-threads-per-group value to 16

2
VERDATE
View File

@ -1,2 +1,2 @@
$Format:%ci$
2026/04/29
2026/05/08

2
VERSION
View File

@ -1 +1 @@
3.4-dev10
3.4-dev11

2
doc/configuration.txt
View File

@ -3,7 +3,7 @@
Configuration Manual
----------------------
version 3.4
2026/04/29
2026/05/08
This document covers the configuration language as implemented in the version