Hi, HAProxy 2.0.22 was released on 2021/04/12. It added 23 new commits after version 2.0.21. Most notably, this release fixes a regression affecting the frequency counters. Thanks to quick users feedback, the bug was quickly spotted and the fix validated in higher version before being backported in the 2.0 tree. There were also important fixes in the DNS module due to recent changes. Here is the list of all the changes.
- Since the previous release, the time period of frequency counters was not properly calculated, and so the counters not correctly updated. Willy was able to fix the issue quickly thanks to quick user reports. - As mentionned, a bunch of fixes were made on the DNS resolvers. The server managed through the SRV records additional sections were not properly handled, causing servers in MAINT status to never be activated when becoming available. Also the handling of resolution errors is now safer. - The hdr_ip sample fetch is now stricter. It will reject a field if there is some garbage after a valid IPv4 address. This ensures that for example an invalid x-forwared-for header field is not present, which is better to detect a non-conformant http proxy in a network. - The silent-drop action was not functional for IPv6 connections if the haproxy process is executed without admin capabilities. It now properly set the IPv6 header field hop-limit to 1, as explained in the documentation. - The Lua debugging has been slightly improved by Christopher with the implementation of an internal function to display the backtrace in case of failure. This allows to output the backtrace even if a memory allocation failure is the cause of the bug. - The closing of an H1 connection is now idempotent. This prevents a rare occurence of a crash when closing an already closed H1 connection. - On the html stats page, a DOWN backend in transition to the UP state was incorrectly displayed with the wrong color, making it indistinguishable with going DOWN backends. - The unix-bind-prefix directive was incorrectly prepended to the UNIX socket path. - A deadlock was fixed for process built with DEBUG_UAF when using thread isolation. This option is normally only activated for debugging purposes to detect use-after-free problems. Thanks to everyone for this release. Enjoy ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Amaury Denoyelle --- Complete changelog : Baptiste Assmann (1): BUG/MAJOR: dns: disabled servers through SRV records never recover Christopher Faulet (10): MINOR: lua: Slightly improve function dumping the lua traceback BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback BUG/MEDIUM: lua: Always init the lua stack before referencing the context BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution MINOR: resolvers: Use a function to remove answers attached to a resolution MINOR: resolvers: Purge answer items when a SRV resolution triggers an error MINOR: resolvers: Add function to change the srv status based on SRV resolution MINOR: resolvers: Directly call srvrq_update_srv_state() when possible BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks Eric Salama (1): MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket Florian Apolloner (1): BUG/MINOR: stats: Apply proper styles in HTML status page. Jerome Magnin (1): BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status Willy Tarreau (9): MINOR: time: also provide a global, monotonic global_now_ms timer BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable BUG/MEDIUM: time: make sure to always initialize the global tick MINOR: tools: make url2ipv4 return the exact number of bytes parsed BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent BUG/MINOR: tcp: fix silent-drop workaround for IPv6 BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields ---