mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-04-11 22:11:00 +02:00
Code Issues Projects Releases Wiki Activity
haproxy/src
History
Greg Kroah-Hartman ed267f9bc5 BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni 
The 16-bit name_len field is read directly from the ClientHello and
stored as the sample length without any validation against srv_len,
ext_len, or the channel buffer size. A 65-byte ClientHello with
name_len=0xffff produces a sample claiming 65535 bytes of data when
only ~4 bytes are actually present in the buffer.

Downstream consumers then read tens of kilobytes past the channel
buffer:
  - pattern.c:741 XXH3() hashes 65535 bytes -> ~50KB OOB heap read
  - sample.c smp_dup memcpy if large trash configured
  - log-format %[req.ssl_sni] leaks heap contents to logs/headers

Reachable pre-authentication on any TCP frontend using req.ssl_sni
(req_ssl_sni), which is the documented way to do SNI-based content
switching in TCP mode. No SSL handshake is required; the parser
runs on raw buffer contents in tcp-request content rules.

Bug introduced in commit d4c33c8889ec3 (2013). The ALPN parser in
the same file at line 1044 has the equivalent check; SNI never did.

This must be backported to all supported versions.
2026-04-07 10:50:04 +02:00
..
_ceb_addr.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
_ceb_blk.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
_ceb_int.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
_ceb_str.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
acl.c
BUG/MINOR: acl: warn if "_sub" derivative used with an explicit match
2025-10-28 11:59:32 +01:00
acme_resolvers.c
MEDIUM: acme: add dns-01 DNS propagation pre-check
2026-03-30 18:24:28 +02:00
acme.c
MEDIUM: acme: split the initial delay from the retry DNS delay
2026-04-02 18:29:26 +02:00
action.c
MINOR: actions: also report execution contexts registered directly
2026-03-12 18:06:38 +01:00
activity.c
MINOR: activity: support aggregating by caller also for memprofile
2026-03-12 18:06:38 +01:00
applet.c
MEDIUM: tree-wide: Rely on htx_xfer() instead of htx_xfer_blks()
2026-03-23 14:02:43 +01:00
arg.c
MINOR: arg: add an argument type for identifier
2024-10-18 14:30:24 +02:00
auth.c
BUG/MINOR: auth: Fix a leak on error path when parsing user's groups
2025-02-06 16:55:37 +01:00
backend.c
MAJOR: mux-quic: activate QMux on the backend side
2026-04-02 14:02:05 +02:00
base64.c
buf.c
MINOR: buffers: Swap buffers of same size only
2026-02-18 13:26:20 +01:00
cache.c
MEDIUM: flt_http_comp: split "compression" filter in 2 distinct filters
2026-03-06 13:55:31 +01:00
calltrace.c
ceb32_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
ceb64_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
ceba_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebb_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebib_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebis_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebl_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebs_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebtree-dbg.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebtree-prv.h
IMPORT: import cebtree (compact elastic binary trees)
2024-09-15 23:44:59 +02:00
cfgcond.c
BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
2026-04-03 09:17:35 +02:00
cfgdiag.c
MEDIUM: tcpcheck: Refactor how tcp-check rulesets are stored
2026-04-01 16:34:37 +02:00
cfgparse-global.c
MINOR: debug: read all libs in memory when set-dumpable=libs
2026-03-18 15:30:39 +01:00
cfgparse-listen.c
MEDIUM: stats: Hide the version by default and add stats-showversion
2026-04-01 14:39:28 +02:00
cfgparse-peers.c
REORG: cfgparse: move peers parsing to cfgparse-peers.c
2026-01-20 17:17:37 +01:00
cfgparse-quic.c
BUG/MINOR: quic: fix deprecated warning for window size keyword
2026-01-07 09:54:31 +01:00
cfgparse-ssl.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
cfgparse-tcp.c
MINOR: tcp: add new bind option "tcp-ss" to instruct the kernel to save the SYN
2025-12-24 11:35:09 +01:00
cfgparse-unix.c
cfgparse.c
MINOR: config: Report the warning when invalid large buffer size is set
2026-03-23 14:02:42 +01:00
channel.c
MINOR: channel: Remove total field from channels
2025-11-06 15:01:29 +01:00
check.c
MEDIUM: tcpcheck/server: Add healthcheck server keyword
2026-04-01 16:34:38 +02:00
chunk.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
cli.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
clock.c
MEDIUM: stats-file/clock: automatically update now_offset based on shared clock
2026-03-18 11:18:33 +01:00
compression.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
connection.c
BUG/MEDIUM: tcpcheck: Properly retrieve tcpcheck type to install the best mux
2026-04-05 09:26:46 +02:00
counters.c
BUG/MINOR: counters: fix unexpected 127 char GUID truncation for shm-stats-file objects
2026-04-04 02:14:50 +02:00
cpu_topo.c
BUG/MEDIUM: cpu-topo: Distribute CPUs fairly across groups
2026-02-24 08:17:16 +01:00
cpuset.c
BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET()
2025-09-06 11:05:52 +02:00
debug.c
MINOR: debug: report the execution context on thread dumps
2026-03-12 18:06:37 +01:00
dgram.c
MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{frontend,backend} as sizes
2024-11-18 18:50:02 +01:00
dict.c
dns_ring.c
dns.c
MEDIUM: dns: bind the nameserver sockets to the initiating thread
2025-09-10 16:48:09 +02:00
dynbuf.c
MINOR: buffers: Move small buffers management from quic to dynbuf part
2026-03-23 14:02:42 +01:00
eb32sctree.c
eb32tree.c
IMPORT: ebtree: only use __builtin_prefetch() when supported
2025-09-17 14:30:32 +02:00
eb64tree.c
IMPORT: ebtree: only use __builtin_prefetch() when supported
2025-09-17 14:30:32 +02:00
ebimtree.c
ebistree.c
ebmbtree.c
ebsttree.c
ebtree.c
ech.c
BUG/MINOR: ech: permission checks on the CLI
2026-03-25 18:37:06 +01:00
errors.c
MEDIUM: errors: get rid of shm_open()
2025-01-07 16:42:38 +01:00
ev_epoll.c
MEDIUM: pollers: Drop fd events after a takeover to another tgid.
2025-02-26 13:00:18 +01:00
ev_evports.c
MEDIUM: pollers: Drop fd events after a takeover to another tgid.
2025-02-26 13:00:18 +01:00
ev_kqueue.c
MEDIUM: pollers: Drop fd events after a takeover to another tgid.
2025-02-26 13:00:18 +01:00
ev_poll.c
ev_select.c
event_hdl.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
extcheck.c
BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration
2024-11-15 15:39:00 +01:00
fcgi-app.c
MEDIUM: flt_http_comp: split "compression" filter in 2 distinct filters
2026-03-06 13:55:31 +01:00
fcgi.c
BUG/MAJOR: fcgi: Fix param decoding by properly checking its size
2026-03-05 15:35:21 +01:00
fd.c
CLEANUP: fd: make use of ha_aligned_alloc() for the fdtab
2025-08-11 19:55:30 +02:00
filters.c
MEDIUM: filters: add "filter-sequence" directive
2026-04-03 12:10:27 +02:00
fix.c
flt_bwlim.c
BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period
2025-11-24 14:10:13 +01:00
flt_http_comp.c
MINOR: filters: add filter name to flt_conf struct
2026-04-03 12:10:20 +02:00
flt_spoe.c
BUG/MINOR: http-ana: Only consider client abort for abortonclose
2026-03-27 11:18:40 +01:00
flt_trace.c
CLEANUP: tree-wide: drop a few useless null-checks before free()
2026-02-26 08:24:03 +01:00
freq_ctr.c
BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period
2025-11-24 14:10:13 +01:00
frontend.c
MEDIUM: Add connect/queue/tarpit timeouts to set-timeout
2026-02-19 08:20:37 +01:00
guid.c
MEDIUM: guid: switch guid to more compact cebuis_tree
2025-09-16 09:23:46 +02:00
h1_htx.c
BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/"
2026-03-05 15:34:46 +01:00
h1.c
BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field
2025-05-16 15:13:17 +02:00
h2.c
BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message
2026-03-17 07:48:02 +01:00
h3_stats.c
MEDIUM: counters: return aggregate extra counters in ->fill_stats()
2026-02-26 17:03:53 +01:00
h3.c
BUG/MEDIUM: h3: reject unaligned frames except DATA
2026-03-19 10:40:25 +01:00
haproxy.c
MINOR: ssl/log: add keylog format variables and env vars
2026-04-01 16:28:49 +02:00
hash.c
haterm_init.c
BUG/MEDIUM: haterm: Move all init functions of haterm in haterm_init.c
2026-04-03 15:09:44 +02:00
haterm.c
BUG/MEDIUM: haterm: Move all init functions of haterm in haterm_init.c
2026-04-03 15:09:44 +02:00
hlua_fcn.c
BUG/MINOR: hlua: fix return with push nil on proxy check
2026-03-03 08:45:27 +01:00
hlua.c
MINOR: sample: store location for fetch/conv via initcalls
2026-03-12 18:06:38 +01:00
hpack-dec.c
BUG/MEDIUM: hpack: correctly deal with too large decoded numbers
2026-03-05 14:33:21 +01:00
hpack-enc.c
hpack-huff.c
hpack-tbl.c
hq_interop.c
MEDIUM: quic/mux-quic: adjust app-ops install
2026-03-03 16:22:57 +01:00
http_acl.c
http_act.c
BUG/MINOR: http-act: fix a typo in the "pause" action error message
2026-04-03 16:25:49 +02:00
http_ana.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
http_client.c
MEDIUM: tree-wide: Rely on htx_xfer() instead of htx_xfer_blks()
2026-03-23 14:02:43 +01:00
http_conv.c
MEDIUM: sample: Get chunks with a size dependent on input data when necessary
2026-02-18 13:26:21 +01:00
http_ext.c
CLEANUP: assorted typo fixes in the code and comments
2025-04-02 11:12:20 +02:00
http_fetch.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
http_htx.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
http_rules.c
MINOR: actions: store the location of keywords registered via initcalls
2026-03-12 18:06:38 +01:00
http.c
MINOR: http: fix 405,431,501 default errorfile
2025-10-29 08:47:19 +01:00
httpclient_cli.c
MINOR: httpclient-cli: Reset httpclient HTX buffer instead of removing blocks
2025-07-24 12:13:42 +02:00
htx.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
init.c
MINOR: initcall: record the file and line declaration of an INITCALL
2026-03-12 18:06:38 +01:00
jwe.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
jws.c
BUG/MINOR: jws: fix memory leak in jws_b64_signature
2026-03-12 09:18:42 +01:00
jwt.c
MINOR: jwt: Improve 'jwt_tokenize' function
2026-03-10 14:20:42 +01:00
lb_chash.c
BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers
2026-02-10 07:22:54 +01:00
lb_fas.c
MINOR: proxies/servers: Calculate queueslength and use it.
2025-01-28 12:49:41 +01:00
lb_fwlc.c
BUG/MEDIUM: fwlc: Handle memory allocation failures.
2025-10-01 18:13:33 +02:00
lb_fwrr.c
MEDIUM: lb_fwrr: Don't start all thread groups on the same server.
2025-04-17 17:38:23 +02:00
lb_map.c
MINOR: proxies/servers: Calculate queueslength and use it.
2025-01-28 12:49:41 +01:00
lb_ss.c
limits.c
MINOR: limits: display the computed maxconn using ha_notice()
2025-11-20 18:38:09 +01:00
linuxcap.c
MEDIUM: init: always warn when running as root without being asked to
2025-09-05 08:51:07 +02:00
listener.c
MAJOR: mux-quic: activate QMux for frontend side
2026-04-02 14:02:05 +02:00
log.c
MINOR: ssl/log: add keylog format variables and env vars
2026-04-01 16:28:49 +02:00
lru.c
mailers.c
MINOR: mailers: warn if mailers are configured but not actually used
2025-06-27 16:41:18 +02:00
map.c
BUG/MEDIUM: map/cli: CLI commands lack admin permission checks
2026-03-31 12:34:33 +02:00
mjson.c
BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads
2026-03-17 17:08:28 +01:00
mqtt.c
CLEANUP: mqtt: fix typo in MQTT_REMAINING_LENGHT_MAX_SIZE
2024-08-30 14:58:59 +02:00
mux_fcgi.c
MINOR: connection: track mux calls to report their allocation context
2026-03-12 18:06:38 +01:00
mux_h1.c
BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request
2026-04-03 15:12:55 +02:00
mux_h2.c
MINOR: mux-h2: report glitches on early RST_STREAM
2026-03-30 16:32:21 +02:00
mux_pt.c
MAJOR: muxes: No longer use app_ops .wake() callback function from muxes
2026-03-10 15:10:34 +01:00
mux_quic_qstrm.c
BUG/MINOR: mux_quic: fix uninit for QMux emission
2026-04-02 16:58:00 +02:00
mux_quic.c
MAJOR: mux-quic: activate QMux on the backend side
2026-04-02 14:02:05 +02:00
mux_spop.c
MINOR: connection: track mux calls to report their allocation context
2026-03-12 18:06:38 +01:00
mworker.c
CLEANUP: mworker: fix tab/space mess in mworker_env_to_proc_list()
2026-03-19 18:01:06 +01:00
namespace.c
BUG/MINOR: namespace: handle a possible strdup() failure
2024-12-10 08:05:34 +01:00
ncbmbuf.c
MINOR: ncbmbuf: improve itbmap_next() code
2026-02-23 16:28:41 +01:00
ncbuf.c
net_helper.c
CLEANUP: net_helper: fix typo in comment
2026-04-02 11:29:54 +02:00
pattern.c
BUG/MAJOR: set the correct generation ID in pat_ref_append().
2025-12-31 00:29:47 +01:00
payload.c
BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni
2026-04-07 10:50:04 +02:00
peers.c
BUG/MEDIUM: peers: enforce check on incoming table key type
2026-03-19 07:03:10 +01:00
pipe.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
pool.c
CLEANUP: stats: drop stats.h / stats-t.h where not needed
2026-02-26 08:24:03 +01:00
proto_quic.c
MINOR: quic: store source address for backend conns
2025-11-20 16:44:03 +01:00
proto_rhttp.c
MINOR: connection: track mux calls to report their allocation context
2026-03-12 18:06:38 +01:00
proto_sockpair.c
BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS
2026-03-16 16:31:58 +01:00
proto_tcp.c
MINOR: startup: Add HAVE_WORKING_TCP_MD5SIG in haproxy -vv
2026-02-12 18:02:19 +01:00
proto_udp.c
BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards
2025-12-11 18:09:47 +01:00
proto_uxdg.c
MINOR: protocol: create abnsz socket address family
2024-10-29 12:14:50 +01:00
proto_uxst.c
MINOR: sock: Add protocol and socket types parameters to sock_create_server_socket()
2025-06-11 18:37:34 +02:00
protocol.c
MINOR: quic: rename "no-quic" to "tune.quic.listen"
2025-10-23 16:47:58 +02:00
proxy.c
MEDIUM: filters: add "filter-sequence" directive
2026-04-03 12:10:27 +02:00
qmux_http.c
MEDIUM: tree-wide: Rely on htx_xfer() instead of htx_xfer_blks()
2026-03-23 14:02:43 +01:00
qmux_trace.c
MINOR: mux-quic: prepare traces support for QMux
2026-04-02 14:02:04 +02:00
qpack-dec.c
BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
2026-03-20 19:40:11 +01:00
qpack-enc.c
BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
2025-07-15 18:39:23 +02:00
qpack-tbl.c
queue.c
MINOR: queues: Check minconn first in srv_dynamic_maxconn()
2026-02-12 02:18:59 +01:00
quic_ack.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
quic_cc_bbr.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc_cubic.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc_drs.c
BUG/MINOR: quic: remove max_bw filter from delivery rate sampling
2024-12-13 14:42:43 +01:00
quic_cc_newreno.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc_nocc.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cid.c
CLEANUP: assorted typo fixes in the code, commits and doc
2025-12-25 19:45:29 +01:00
quic_cli.c
BUG/MINOR: quic: fix uninit list on show quic handler
2025-11-25 14:50:19 +01:00
quic_conn.c
MEDIUM: quic/mux-quic: adjust app-ops install
2026-03-03 16:22:57 +01:00
quic_enc.c
TESTS: quic: useless param for b_quic_dec_int()
2025-10-15 09:58:03 +02:00
quic_fctl.c
quic_frame.c
MINOR: quic: implement QMux transport params frame parser/builder
2026-04-02 14:02:04 +02:00
quic_loss.c
MINOR: quic: split congestion controler options for FE/BE usage
2025-10-23 16:49:20 +02:00
quic_openssl_compat.c
MINOR: quic: Fix build with USE_QUIC_OPENSSL_COMPAT
2026-02-03 04:05:34 +01:00
quic_pacing.c
MINOR: quic: adapt credit based pacing to BBR
2025-01-23 17:41:07 +01:00
quic_retransmit.c
MINOR: quic: prefer qc_is_back() usage over qc->target
2025-08-07 16:59:59 +02:00
quic_retry.c
CLEANUP: quic-stats: include counters from quic_stats
2026-02-26 08:24:03 +01:00
quic_rules.c
MINOR: actions: store the location of keywords registered via initcalls
2026-03-12 18:06:38 +01:00
quic_rx.c
MINOR: quic: refactor frame parsing
2026-04-02 14:02:04 +02:00
quic_sock.c
CLEANUP: stats: drop stats.h / stats-t.h where not needed
2026-02-26 08:24:03 +01:00
quic_ssl.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
quic_stats.c
MEDIUM: counters: return aggregate extra counters in ->fill_stats()
2026-02-26 17:03:53 +01:00
quic_stream.c
MINOR: quic: Use b_alloc_small() to allocate a small buffer
2026-03-23 14:02:42 +01:00
quic_tls.c
BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling
2025-10-22 15:04:41 +02:00
quic_token.c
BUG/MAJOR: quic: reject invalid token
2026-02-12 09:09:44 +01:00
quic_tp.c
MINOR: quic: implement QMux transport params frame parser/builder
2026-04-02 14:02:04 +02:00
quic_trace.c
MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm()
2025-12-08 10:40:59 +01:00
quic_tx.c
MINOR: quic: refactor frame encoding
2026-04-02 14:02:04 +02:00
raw_sock.c
MINOR: rawsock: introduce CO_RFL_TRY_HARDER to detect closures on complete reads
2025-10-01 10:23:01 +02:00
regex.c
MINOR: regex: use a thread-local match pointer for pcre2
2025-10-13 16:56:43 +02:00
resolvers.c
MEDIUM: acme: add dns-01 DNS propagation pre-check
2026-03-30 18:24:28 +02:00
ring.c
OPTIM: ring: avoid reloading the tail_ofs value before the CAS in ring_write()
2025-09-18 15:27:32 +02:00
sample.c
MINOR: sample: also report contexts registered directly
2026-03-12 18:06:38 +01:00
server_state.c
MEDIUM: counters: Dynamically allocate per-thread group counters
2026-01-13 11:12:34 +01:00
server.c
BUG/MEDIUM: tcpcheck/server: Fix parsing of healthcheck param for dynamic servers
2026-04-03 16:31:18 +02:00
session.c
MAJOR: mux-quic: activate QMux for frontend side
2026-04-02 14:02:05 +02:00
sha1.c
shctx.c
BUG/MEDIUM: shctx: Use the next block when data exactly filled a block
2026-02-18 09:44:15 +01:00
signal.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
sink.c
MINOR: proxy: add refcount to proxies
2026-03-02 10:44:59 +01:00
slz.c
IMPORT: slz: silence a build warning on non-x86 non-arm
2025-05-16 16:43:53 +02:00
sock_inet.c
BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards
2025-12-11 18:09:47 +01:00
sock_unix.c
BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards
2025-12-11 18:09:47 +01:00
sock.c
BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
2026-03-20 16:51:47 +01:00
ssl_ckch.c
BUILD: ssl: make X509_NAME usage OpenSSL 4.0 ready
2026-03-11 17:00:59 +01:00
ssl_clienthello.c
BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces
2025-12-08 10:40:59 +01:00
ssl_crtlist.c
BUG/MINOR: ssl: error with ssl-f-use when no "crt"
2026-02-16 18:41:40 +01:00
ssl_gencert.c
BUILD: ssl: make X509_NAME usage OpenSSL 4.0 ready
2026-03-11 17:00:59 +01:00
ssl_ocsp.c
BUG/MEDIUM: ssl/ocsp: ocsp commands are missing permission checks
2026-03-31 12:18:26 +02:00
ssl_sample.c
MINOR: ssl: add the ssl_fc_crtname sample fetch
2026-04-03 10:41:00 +02:00
ssl_sock.c
BUG/MINOR: ssl: fix memory leak in ssl_fc_crtname by using SSL_CTX ex_data index
2026-04-03 11:00:36 +02:00
ssl_trace.c
BUILD: ssl: make X509_NAME usage OpenSSL 4.0 ready
2026-03-11 17:00:59 +01:00
ssl_utils.c
BUILD: ssl: make X509_NAME usage OpenSSL 4.0 ready
2026-03-11 17:00:59 +01:00
stats-file.c
MEDIUM: stats-file/clock: automatically update now_offset based on shared clock
2026-03-18 11:18:33 +01:00
stats-html.c
MEDIUM: stats: Hide the version by default and add stats-showversion
2026-04-01 14:39:28 +02:00
stats-json.c
BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer
2025-02-06 17:19:49 +01:00
stats-proxy.c
MINOR: stats: protect proxy iteration via watcher
2026-02-27 10:28:24 +01:00
stats.c
MINOR: stats: protect proxy iteration via watcher
2026-02-27 10:28:24 +01:00
stconn.c
MINOR: stconn: flag the stream endpoint descriptor when the app has started
2026-03-30 16:27:53 +02:00
stick_table.c
CLEANUP: fix typos and spelling in comments and documentation
2026-03-30 09:24:19 +02:00
stream.c
MINOR: stconn: flag the stream endpoint descriptor when the app has started
2026-03-30 16:27:53 +02:00
systemd.c
BUILD: systemd: fix usage of reserved name "sun" in the address field
2024-11-25 08:09:09 +01:00
task.c
BUILD: sched: fix leftover of debugging test in single-run changes
2026-03-23 07:29:43 +01:00
tcp_act.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
tcp_rules.c
BUG/MINOR: config: Properly test warnif_misplaced_* return values
2026-03-27 07:35:25 +01:00
tcp_sample.c
MINOR: tcp-sample: permit retrieving tcp_info from the connection/session stage
2026-01-11 15:48:20 +01:00
tcpcheck.c
MINOR: tcpcheck: Reject unknown keyword during parsing of healthcheck section
2026-04-03 16:31:17 +02:00
thread.c
MEDIUM: proxy: add lock for global accesses during proxy free
2026-03-02 14:09:25 +01:00
time.c
tools.c
BUILD: tools: potential null pointer dereference in dl_collect_libs_cb
2026-03-23 21:52:56 +01:00
trace.c
MINOR: traces: defer processing of "-dt" options
2026-03-13 09:13:24 +01:00
uri_auth.c
CLEANUP: stats: drop stats.h / stats-t.h where not needed
2026-02-26 08:24:03 +01:00
uri_normalizer.c
BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2)
2024-07-18 13:29:52 +02:00
vars.c
MINOR: vars: implement dump_all_vars() sample fetch
2026-01-21 10:44:19 +01:00
version.c
REORG: version: move the remaining BUILD_* stuff from haproxy.c to version.c
2025-01-20 17:53:55 +01:00
wdt.c
BUG/MEDIUM: wdt: improve stuck task detection accuracy
2025-10-01 10:18:53 +02:00
xprt_handshake.c
MINOR: connection: track mux calls to report their allocation context
2026-03-12 18:06:38 +01:00
xprt_qstrm.c
MINOR: mux-quic: use QMux transport parameters from qstrm xprt
2026-04-02 14:02:04 +02:00
xprt_quic.c
MINOR: quic: use server cache for ALPN on BE side
2026-03-03 16:23:03 +01:00