Hi, HAProxy 2.7.1 was released on 2022/12/19. It added 82 new commits after version 2.7.0.
This version provides bug fixes as usual and some minor features mostly for QUIC and for pool debugging. A major fix regarding unitialized bytes in the FCGI mux was backported. It one could have leak sensitive data to the backends before the fix. When trying to upgrade from a previous version with a reload instead of a restart, a bug in the master-worker was preventing to reload and was stopping the whole process. The maxconn automatic computation was fixed, its output value was not correct anymore since the introduction of the httpclient SSL backend. An issue in the new bandwith limitation filter was fixed, which could have caused long pauses during transfer. Some fixes on the stats output were backported. A scheduling issue in the resolvers was preventing the resolution during runtime. Some fixes were backported regarding QUIC and h3, haproxy now rejects more stictly malformated header names in H3 exchanges. The "tune.quic.socket-owner" global option which allows to use one fd per connection was also backported. The haproxy_backend_agg_check_status metric for the prometheus exporter was backported. Some features regarding debugging were also backported: * The -dMuaf option which allows pool debugging without recompiling HAProxy with DEBUG_UAF was backported, allowing more flexibility for live debugging. * "debug dev memstats" allows pool filtering * A alloc/free balance was added in "debug dev memstats" As usual, it is recommended to update to this version if you were using 2.7.0. The complete list of fixes is in the changelog below. ############################################################################################# Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.7/src/ Git repository : https://git.haproxy.org/git/haproxy-2.7.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.7.git Changelog : https://www.haproxy.org/download/2.7/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (30): BUG/MEDIUM: h3: reject request with invalid header name BUG/MEDIUM: h3: reject request with invalid pseudo header MINOR: http: extract content-length parsing from H2 BUG/MEDIUM: h3: parse content-length and reject invalid messages MINOR: quic: remove qc from quic_rx_packet MINOR: quic: complete traces in qc_rx_pkt_handle() MINOR: quic: extract datagram parsing code MINOR: tools: add port for ipcmp as optional criteria MINOR: quic: detect connection migration MINOR: quic: ignore address migration during handshake MINOR: quic: startup detect for quic-conn owned socket support MINOR: quic: test IP_PKTINFO support for quic-conn owned socket MINOR: quic: define config option for socket per conn MINOR: quic: allocate a socket per quic-conn MINOR: quic: use connection socket for emission MEDIUM: quic: use quic-conn socket for reception MEDIUM: quic: move receive out of FD handler to quic-conn io-cb MINOR: mux-quic: rename duplicate function names MEDIUM: quic: requeue datagrams received on wrong socket MINOR: quic: reconnect quic-conn socket on address migration BUG/MINOR: quic: fix fd leak on startup check quic-conn owned socket BUG/MINOR: quic: properly handle alloc failure in qc_new_conn() BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket CLEANUP: mux-quic: remove unused attribute on qcs_is_close_remote() BUG/MINOR: mux-quic: remove qcs from opening-list on free BUG/MINOR: mux-quic: handle properly alloc error in qcs_new() BUG/MEDIUM: h3: fix cookie header parsing BUG/MINOR: h3: fix memleak on HEADERS parsing failure MINOR: h3: check return values of htx_add_* on headers parsing BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset Aurelien DARRAGON (4): BUG/MINOR: checks: restore legacy on-error fastinter behavior MINOR: stats: provide ctx for dumping functions MINOR: stats: introduce stats field ctx BUG/MINOR: stats: fix show stat json buffer limitation Bertrand Jacquin (1): BUG/MEDIUM: tests: use tmpdir to create UNIX socket Cedric Paillet (2): BUG/MINOR: promex: create haproxy_backend_agg_server_status MINOR: promex: introduce haproxy_backend_agg_check_status Christopher Faulet (10): BUG/MEDIIM: stconn: Flush output data before forwarding close to write side DOC: promex: Add missing backend metrics REGTESTS: fix the race conditions in iff.vtc BUG/MEDIUM: freq-ctr: Don't compute overshoot value for empty counters BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout BUG/MEDIUM: mux-h1: Don't release H1 stream upgraded from TCP on error BUG/MINOR: mux-h1: Fix test instead a BUG_ON() in h1_send_error() BUG/MINOR: mux-h1: Report EOS on parsing/internal error for not running stream BUG/MINOR:: mux-h1: Never handle error at mux level for running connection BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats Ilya Shipitsin (3): CI: github: split ssl lib selection based on git branch CI: github: remove redundant ASAN loop CI: github: split matrix for development and stable branches Remi Tricot-Le Breton (1): BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain William Lallemand (16): BUG/MINOR: ssl: initialize SSL error before parsing BUG/MINOR: ssl: initialize WolfSSL before parsing CI: github: reintroduce openssl 1.1.1 MINOR: mworker: display an alert upon a wait-mode exit BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers BUG/MEDIUM: mworker: create the mcli_reload socketpairs in case of upgrade BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task REGTESTS: startup: check maxconn computation BUG/MINOR: startup: don't use internal proxies to compute the maxconn REGTESTS: startup: change the expected maxconn to 11000 CI: github: set ulimit -n to a greater value REGTESTS: startup: activate automatic_maxconn.vtc CLEANUP: ssl: remove check on srv->proxy REGTESTS: startup: add alternatives values in automatic_maxconn.vtc BUILD: peers: peers-t.h depends on stick-table-t.h REGTESTS: startup: disable automatic_maxconn.vtc Willy Tarreau (13): BUG/MEDIUM: checks: do not reschedule a possibly running task on state change BUG/MINOR: checks: make sure fastinter is used even on forced transitions BUG/MINOR: init/threads: continue to limit default thread count to max per group BUILD: atomic: atomic.h may need compiler.h on ARMv8.2-a BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir CLEANUP: pools: move the write before free to the uaf-only function CLEANUP: pool: only include pool-os from pool.c not pool.h REORG: pool: move all the OS specific code to pool-os.h CLEANUP: pools: get rid of CONFIG_HAP_POOLS DEBUG: pool: show a few examples in -dMhelp MINOR: pools: make DEBUG_UAF a runtime setting MINOR: debug: support pool filtering on "debug dev memstats" MINOR: debug: add a balance of alloc - free at the end of the memstats dump Youfu Zhang (1): BUG/MAJOR: fcgi: Fix uninitialized reserved bytes scientiamobile (1): LICENSE: wurfl: clarify the dummy library license. --- -- William Lallemand