Hi, HAProxy 2.4.27 was released on 2024/06/18. It added 43 new commits after version 2.4.26.
This version follows the first release of 3.0. Here is a summary of the most notable changes. One fix was applied for better HTTP error reporting. In some cases, 502 server initial errors were incorrectly hidden and are now properly logged. On the backend side, an issue was found when NTLM headers are used. This caused the backend connection to be marked dynamically as private to prevent HTTP reuse. However, this is conceptually wrong when using HTTP/2 multiplexer on the backend side with http-reuse mode set to aggressive or higher, as this connection can already be shared accross several clients. Thus, NTLM headers are simply ignored in this case. For the SSL stack, cipher algorithm negotiation was adjusted as haproxy could have chosen an ECDSA certificate even if not compatible with client algorithms instead of fallback to RSA. Cache hits should be increased as previously cached HTTP responses which used Vary header on anything other than Accept-encoding but with Encoding header present were never returned from the cache. On the LUA side, a serie of cleanups and minor bugfixes are merged. Most of them are relevant to error handling which may improve script debugging. A Solaris user reported that external checks were causing an infinite loop. In fact, this was due to a wrong signal handling in evports, Solaris polling mechanism, present since its first introduction in haproxy. Thanks to everyone who contributed to this release. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.4/src/ Git repository : https://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git Changelog : https://www.haproxy.org/download/2.4/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (4): BUG/MINOR: backend: use cum_sess counters instead of cum_conn BUG/MINOR: connection: parse PROXY TLV for LOCAL mode BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1 BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe Aurelien DARRAGON (10): BUG/MEDIUM: thread/sched: set proper scheduling context upon ha_set_tid() BUG/MINOR: log: fix lf_text_len() truncate inconsistency BUG/MINOR: tools/log: invalid encode_{chunk,string} usage BUG/MINOR: log: invalid snprintf() usage in sess_build_logline() BUG/MEDIUM: fd: prevent memory waste in fdtab array CLEANUP: hlua: use hlua_pusherror() where relevant BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage BUG/MINOR: hlua: prevent LJMP in hlua_traceback() CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() Christopher Faulet (7): MINOR: cli: Remove useless loop on commands to find unescaped semi-colon BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header BUG/MINOR: stats: Don't state the 303 redirect response is chunked BUG/MINOR: server: Don't reset resolver options on a new default-server line Ilya Shipitsin (2): CI: revert kernel addr randomization introduced in 3a0fc864 CI: introduce scripts/build-vtest.sh for installing VTest Remi Tricot-Le Breton (1): BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding Valentine Krasnobaeva (3): BUG/MINOR: ssl/ocsp: init callback func ptr as NULL BUG/MINOR: activity: fix Delta_calls and Delta_bytes count BUG/MINOR: haproxy: only tid 0 must not sleep if got signal William Lallemand (2): CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration Willy Tarreau (14): BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs BUG/MEDIUM: peers/trace: fix crash when listing event types BUG/MEDIUM: evports: do not clear returned events list on signal BUG/MINOR: sock: handle a weird condition with connect() BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets BUG/MINOR: h1: fix detection of upper bytes in the URI BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned BUG/MEDIUM: stick-tables: properly mark stktable_data as packed BUILD: stick-tables: better mark the stktable_data as 32-bit aligned BUILD: fd: errno is also needed without poll() BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory MINOR: hlua: don't dump empty entries in hlua_traceback() CI: scripts: fix build of vtest regarding option -C -- Amaury Denoyelle