mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-20 05:11:26 +02:00
[RELEASE] Released version 3.3-dev8
Released version 3.3-dev8 with the following main changes :
- BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW
- BUG/MINOR: quic-be: missing Initial packet number space discarding
- BUG/MEDIUM: quic-be: crash after backend CID allocation failures
- BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind
- BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
- MINOR: dns: dns_connect_nameserver: fix fd leak at error path
- BUG/MEDIUM: quic: reset padding when building GSO datagrams
- BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
- BUG/MAJOR: quic: fix INITIAL padding with probing packet only
- BUG/MINOR: quic: don't coalesce probing and ACK packet of same type
- MINOR: quic: centralize padding for HP sampling on packet building
- MINOR: http_ana: fix typo in http_res_get_intercept_rule
- BUG/MEDIUM: http_ana: handle yield for "stats http-request" evaluation
- MINOR: applet: Rely on applet flag to detect the new api
- MINOR: applet: Add function to test applet flags from the appctx
- MINOR: applet: Add a flag to know an applet is using HTX buffers
- MINOR: applet: Make some applet functions HTX aware
- MEDIUM: applet: Set .rcv_buf and .snd_buf functions on default ones if not set
- BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend
- REGTESTS: jwt: create dynamically "cert.ecdsa.pem"
- BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort
- MINOR: haproxy: abort config parsing on fatal errors for post parsing hooks
- MEDIUM: server: split srv_init() in srv_preinit() + srv_postinit()
- MINOR: proxy: handle shared listener counters preparation from proxy_postcheck()
- DOC: configuration: reword 'generate-certificates'
- BUG/MEDIUM: quic-be: avoid crashes when releasing Initial pktns
- BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
- MINOR: ssl: diagnostic warning when both 'default-crt' and 'strict-sni' are used
- MEDIUM: ssl: convert diag to warning for strict-sni + default-crt
- DOC: configuration: clarify 'default-crt' and implicit default certificates
- MINOR: quic: remove ->offset qf_crypto struct field
- BUG/MINOR: mux-quic: trace with non initialized qcc
- BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found
- BUG/MEDIUM: mworker: fix startup and reload on macOS
- BUG/MINOR: connection: rearrange union list members
- BUG/MINOR: connection: remove extra session_unown_conn() on reverse
- MINOR: cli: display failure reason on wait command
- BUG/MINOR: server: decrement session idle_conns on del server
- BUG/MINOR: mux-quic: do not access conn after idle list insert
- MINOR: session: document explicitely that session_add_conn() is safe
- MINOR: session: uninline functions related to BE conns management
- MINOR: session: refactor alloc/lookup of sess_conns elements
- MEDIUM: session: protect sess conns list by idle_conns_lock
- MINOR: server: shard by thread sess_conns member
- MEDIUM: server: close new idle conns if server in maintenance
- MEDIUM: session: close new idle conns if server in maintenance
- MINOR: server: cleanup idle conns for server in maint already stopped
- MINOR: muxes: enforce thread-safety for private idle conns
- MEDIUM: conn/muxes/ssl: reinsert BE priv conn into sess on IO completion
- MEDIUM: conn/muxes/ssl: remove BE priv idle conn from sess on IO
- MEDIUM: mux-quic: enforce thread-safety of backend idle conns
- MAJOR: server: implement purging of private idle connections
- MEDIUM: session: account on server idle conns attached to session
- MAJOR: server: do not remove idle conns in del server
- BUILD: mworker: fix ignoring return value of ‘read’
- DOC: unreliable sockpair@ on macOS
- MINOR: muxes: adjust takeover with buf_wait interaction
- OPTIM: backend: set release on takeover for strict maxconn
- DOC: configuration: confuse "strict-mode" with "zero-warning"
- MINOR: doc: add missing statistics column
- MINOR: doc: add missing statistics column
- MINOR: stats: display new curr_sess_idle_conns server counter
- MINOR: proxy: extend "show servers conn" output
- MEDIUM: proxy: Reject some header names for 'http-send-name-header' directive
- BUG/BUILD: stats: fix build due to missing stat enum definition
- DOC: proxy-protocol: Make example for PP2_SUBTYPE_SSL_SIG_ALG accurate
- CLEANUP: quic: remove a useless CRYPTO frame variable assignment
- BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
- BUG/MAJOR: mux-quic: fix crash on reload during emission
- MINOR: conn/muxes/ssl: add ASSUME_NONNULL() prior to _srv_add_idle
- REG-TESTS: map_redirect: Don't use hdr_dom in ACLs with "-m end" matching method
- MINOR: acl: Only allow one '-m' matching method
- MINOR: acl; Warn when matching method based on a suffix is overwritten
- BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
- BUG/MINOR: server: Duplicate healthcheck's sni inherited from default server
- BUG/MINOR: acl: Properly detect overwritten matching method
- BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url()
- BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger()
- BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
- BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen()
- BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options()
- BUG/MINOR: tools: Add OOM check for malloc() in indent_msg()
- BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames
- MINOR: quic/flags: complete missing flags
- BUG/MINOR: quic: fix room check if padding requested
- BUG/MINOR: quic: fix padding issue on INITIAL retransmit
- BUG/MINOR: quic: pad Initial pkt with CONNECTION_CLOSE on client
- MEDIUM: quic: strengthen BUG_ON() for unpad Initial packet on client
- DOC: configuration: rework the jwt_verify keyword documentation
- BUG/MINOR: haproxy: be sure not to quit too early on soft stop
- BUILD: acl: silence a possible null deref warning in parse_acl_expr()
- MINOR: quic: Add more information about RX packets
- CI: fix syntax of Quic Interop pipelines
- MEDIUM: cfgparse: warn when using user/group when built statically
- BUG/MEDIUM: stick-tables: don't leave the expire loop with elements deleted
- BUG/MINOR: stick-tables: never leave used entries without expiration
- BUG/MEDIUM: peers: don't fail twice to grab the update lock
- MINOR: stick-tables: limit the number of visited nodes during expiration
- OPTIM: stick-tables: exit expiry faster when the update lock is held
- MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare()
- MINOR: stats-file: introduce shm-stats-file directive
- MEDIUM: stats-file: processes share the same clock source from shm-stats-file
- MINOR: stats-file: add process slot management for shm stats file
- MEDIUM: stats-file/counters: store and preload stats counters as shm file objects
- DOC: config: document "shm-stats-file" directive
- OPTIM: stats-file: don't unnecessarily die hard on shm_stats_file_reuse_object()
- MINOR: compiler: add ALWAYS_PAD() macro
- BUILD: stats-file: fix aligment issues
- MINOR: stats-file: reserve some bytes in exported structs
- MEDIUM: stats-file: add some BUG_ON() guards to ensure exported structs are not changed by accident
- BUG/MINOR: check: ensure check-reuse is compatible with SSL
- BUG/MINOR: check: fix dst address when reusing a connection
- REGTESTS: explicitly use "balance roundrobin" where RR is needed
- MAJOR: backend: switch the default balancing algo to "random"
- BUG/MEDIUM: conn: fix UAF on connection after reversal on edge
- BUG/MINOR: connection: streamline conn detach from lists
- BUG/MEDIUM: quic-be: too early SSL_SESSION initialization
- BUG/MINOR: log: fix potential memory leak upon error in add_to_logformat_list()
- MEDIUM: init: always warn when running as root without being asked to
- MINOR: sample: Add base2 converter
- MINOR: version: add -vq, -vqb, and -vqs flags for concise version output
- BUILD: trace: silence a bogus build warning at -Og
- MINOR: trace: accept trace spec right after "-dt" on the command line
- BUILD: makefile: bump the default minimum linux version to 4.17
This commit is contained in:
Willy Tarreau
parent
85ac6a6f7b
commit
b167d545cf
126
CHANGELOG
126
CHANGELOG
@ -1,6 +1,132 @@
|
||||
ChangeLog :
|
||||
===========
|
||||
|
||||
2025/09/05 : 3.3-dev8
|
||||
- BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW
|
||||
- BUG/MINOR: quic-be: missing Initial packet number space discarding
|
||||
- BUG/MEDIUM: quic-be: crash after backend CID allocation failures
|
||||
- BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind
|
||||
- BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
|
||||
- MINOR: dns: dns_connect_nameserver: fix fd leak at error path
|
||||
- BUG/MEDIUM: quic: reset padding when building GSO datagrams
|
||||
- BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
|
||||
- BUG/MAJOR: quic: fix INITIAL padding with probing packet only
|
||||
- BUG/MINOR: quic: don't coalesce probing and ACK packet of same type
|
||||
- MINOR: quic: centralize padding for HP sampling on packet building
|
||||
- MINOR: http_ana: fix typo in http_res_get_intercept_rule
|
||||
- BUG/MEDIUM: http_ana: handle yield for "stats http-request" evaluation
|
||||
- MINOR: applet: Rely on applet flag to detect the new api
|
||||
- MINOR: applet: Add function to test applet flags from the appctx
|
||||
- MINOR: applet: Add a flag to know an applet is using HTX buffers
|
||||
- MINOR: applet: Make some applet functions HTX aware
|
||||
- MEDIUM: applet: Set .rcv_buf and .snd_buf functions on default ones if not set
|
||||
- BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend
|
||||
- REGTESTS: jwt: create dynamically "cert.ecdsa.pem"
|
||||
- BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort
|
||||
- MINOR: haproxy: abort config parsing on fatal errors for post parsing hooks
|
||||
- MEDIUM: server: split srv_init() in srv_preinit() + srv_postinit()
|
||||
- MINOR: proxy: handle shared listener counters preparation from proxy_postcheck()
|
||||
- DOC: configuration: reword 'generate-certificates'
|
||||
- BUG/MEDIUM: quic-be: avoid crashes when releasing Initial pktns
|
||||
- BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
|
||||
- MINOR: ssl: diagnostic warning when both 'default-crt' and 'strict-sni' are used
|
||||
- MEDIUM: ssl: convert diag to warning for strict-sni + default-crt
|
||||
- DOC: configuration: clarify 'default-crt' and implicit default certificates
|
||||
- MINOR: quic: remove ->offset qf_crypto struct field
|
||||
- BUG/MINOR: mux-quic: trace with non initialized qcc
|
||||
- BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found
|
||||
- BUG/MEDIUM: mworker: fix startup and reload on macOS
|
||||
- BUG/MINOR: connection: rearrange union list members
|
||||
- BUG/MINOR: connection: remove extra session_unown_conn() on reverse
|
||||
- MINOR: cli: display failure reason on wait command
|
||||
- BUG/MINOR: server: decrement session idle_conns on del server
|
||||
- BUG/MINOR: mux-quic: do not access conn after idle list insert
|
||||
- MINOR: session: document explicitely that session_add_conn() is safe
|
||||
- MINOR: session: uninline functions related to BE conns management
|
||||
- MINOR: session: refactor alloc/lookup of sess_conns elements
|
||||
- MEDIUM: session: protect sess conns list by idle_conns_lock
|
||||
- MINOR: server: shard by thread sess_conns member
|
||||
- MEDIUM: server: close new idle conns if server in maintenance
|
||||
- MEDIUM: session: close new idle conns if server in maintenance
|
||||
- MINOR: server: cleanup idle conns for server in maint already stopped
|
||||
- MINOR: muxes: enforce thread-safety for private idle conns
|
||||
- MEDIUM: conn/muxes/ssl: reinsert BE priv conn into sess on IO completion
|
||||
- MEDIUM: conn/muxes/ssl: remove BE priv idle conn from sess on IO
|
||||
- MEDIUM: mux-quic: enforce thread-safety of backend idle conns
|
||||
- MAJOR: server: implement purging of private idle connections
|
||||
- MEDIUM: session: account on server idle conns attached to session
|
||||
- MAJOR: server: do not remove idle conns in del server
|
||||
- BUILD: mworker: fix ignoring return value of ‘read’
|
||||
- DOC: unreliable sockpair@ on macOS
|
||||
- MINOR: muxes: adjust takeover with buf_wait interaction
|
||||
- OPTIM: backend: set release on takeover for strict maxconn
|
||||
- DOC: configuration: confuse "strict-mode" with "zero-warning"
|
||||
- MINOR: doc: add missing statistics column
|
||||
- MINOR: doc: add missing statistics column
|
||||
- MINOR: stats: display new curr_sess_idle_conns server counter
|
||||
- MINOR: proxy: extend "show servers conn" output
|
||||
- MEDIUM: proxy: Reject some header names for 'http-send-name-header' directive
|
||||
- BUG/BUILD: stats: fix build due to missing stat enum definition
|
||||
- DOC: proxy-protocol: Make example for PP2_SUBTYPE_SSL_SIG_ALG accurate
|
||||
- CLEANUP: quic: remove a useless CRYPTO frame variable assignment
|
||||
- BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
|
||||
- BUG/MAJOR: mux-quic: fix crash on reload during emission
|
||||
- MINOR: conn/muxes/ssl: add ASSUME_NONNULL() prior to _srv_add_idle
|
||||
- REG-TESTS: map_redirect: Don't use hdr_dom in ACLs with "-m end" matching method
|
||||
- MINOR: acl: Only allow one '-m' matching method
|
||||
- MINOR: acl; Warn when matching method based on a suffix is overwritten
|
||||
- BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
|
||||
- BUG/MINOR: server: Duplicate healthcheck's sni inherited from default server
|
||||
- BUG/MINOR: acl: Properly detect overwritten matching method
|
||||
- BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url()
|
||||
- BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger()
|
||||
- BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
|
||||
- BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen()
|
||||
- BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options()
|
||||
- BUG/MINOR: tools: Add OOM check for malloc() in indent_msg()
|
||||
- BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames
|
||||
- MINOR: quic/flags: complete missing flags
|
||||
- BUG/MINOR: quic: fix room check if padding requested
|
||||
- BUG/MINOR: quic: fix padding issue on INITIAL retransmit
|
||||
- BUG/MINOR: quic: pad Initial pkt with CONNECTION_CLOSE on client
|
||||
- MEDIUM: quic: strengthen BUG_ON() for unpad Initial packet on client
|
||||
- DOC: configuration: rework the jwt_verify keyword documentation
|
||||
- BUG/MINOR: haproxy: be sure not to quit too early on soft stop
|
||||
- BUILD: acl: silence a possible null deref warning in parse_acl_expr()
|
||||
- MINOR: quic: Add more information about RX packets
|
||||
- CI: fix syntax of Quic Interop pipelines
|
||||
- MEDIUM: cfgparse: warn when using user/group when built statically
|
||||
- BUG/MEDIUM: stick-tables: don't leave the expire loop with elements deleted
|
||||
- BUG/MINOR: stick-tables: never leave used entries without expiration
|
||||
- BUG/MEDIUM: peers: don't fail twice to grab the update lock
|
||||
- MINOR: stick-tables: limit the number of visited nodes during expiration
|
||||
- OPTIM: stick-tables: exit expiry faster when the update lock is held
|
||||
- MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare()
|
||||
- MINOR: stats-file: introduce shm-stats-file directive
|
||||
- MEDIUM: stats-file: processes share the same clock source from shm-stats-file
|
||||
- MINOR: stats-file: add process slot management for shm stats file
|
||||
- MEDIUM: stats-file/counters: store and preload stats counters as shm file objects
|
||||
- DOC: config: document "shm-stats-file" directive
|
||||
- OPTIM: stats-file: don't unnecessarily die hard on shm_stats_file_reuse_object()
|
||||
- MINOR: compiler: add ALWAYS_PAD() macro
|
||||
- BUILD: stats-file: fix aligment issues
|
||||
- MINOR: stats-file: reserve some bytes in exported structs
|
||||
- MEDIUM: stats-file: add some BUG_ON() guards to ensure exported structs are not changed by accident
|
||||
- BUG/MINOR: check: ensure check-reuse is compatible with SSL
|
||||
- BUG/MINOR: check: fix dst address when reusing a connection
|
||||
- REGTESTS: explicitly use "balance roundrobin" where RR is needed
|
||||
- MAJOR: backend: switch the default balancing algo to "random"
|
||||
- BUG/MEDIUM: conn: fix UAF on connection after reversal on edge
|
||||
- BUG/MINOR: connection: streamline conn detach from lists
|
||||
- BUG/MEDIUM: quic-be: too early SSL_SESSION initialization
|
||||
- BUG/MINOR: log: fix potential memory leak upon error in add_to_logformat_list()
|
||||
- MEDIUM: init: always warn when running as root without being asked to
|
||||
- MINOR: sample: Add base2 converter
|
||||
- MINOR: version: add -vq, -vqb, and -vqs flags for concise version output
|
||||
- BUILD: trace: silence a bogus build warning at -Og
|
||||
- MINOR: trace: accept trace spec right after "-dt" on the command line
|
||||
- BUILD: makefile: bump the default minimum linux version to 4.17
|
||||
|
||||
2025/08/20 : 3.3-dev7
|
||||
- MINOR: quic: duplicate GSO unsupp status from listener to conn
|
||||
- MINOR: quic: define QUIC_FL_CONN_IS_BACK flag
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Configuration Manual
|
||||
----------------------
|
||||
version 3.3
|
||||
2025/08/20
|
||||
2025/09/05
|
||||
|
||||
|
||||
This document covers the configuration language as implemented in the version
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user