Hi,
HAProxy 3.0.3 was released on 2024/07/11. It added 42 new commits
after version 3.0.2.
This version closes the list of pending issues for 3.0. Fixed in this
release are:
- a QUIC bug affecting 3.0 and above only, by which can trigger a BUG_ON
(hence a crash) sometimes when trying to mix a large initial packet
with a small 1-RTT short packet in the same datagram ;
- a bug in the bwlim filter that can make it forget to update its
timeout and loop fast when woken up with nothing to forward ;
- the lack of filtering of empty transfer-encoding headers in the H1 mux
that was reported by Ben Kallus ;
- the insufficient syntax checks on :method and :scheme H3 headers that
was reported by Yuki Mogi ;
- a hang on lua CLI applets when trying to deal with their own buffers ;
- a possible crash in peers code due to a synchronization issue that is
occasionally triggered by one of the regtests (GH #2629) ;
- a possible crash in deinit() (when quitting/reloading) when using e-mail
alerts after a fix that went into 3.0.2 ;
- a rare but possible deadlock (and crash) in QUIC after a recent fix for
a race condition in the CID tree, that also went into 3.0.2 ;
- an unreproduced race condition affecting the QUIC CID tree. The impact
might be a possible crash but it was only found in code review and never
reported nor reproduced ;
- a remaining issue in DNS resolution timeout/error that may cause some
flapping due to the server's address not being fully wiped ;
- a subtle race between server address change and server removal that
may sometimes try to update a just deleted server due to isolation
starting after the lookup and implicitly giving control back when
starting ;
- an issue in SPOE that can cause a thread to refrain from creating an
applet to connect outside, causing failures on requests processed on
this thread ;
- a race in stick-tables starting from 2.9 where an element may be
accessed immediately after decrementing the refcount, sometimes
allowing it to be purged in parallel and causing crashes (GH #2611).
- and the rest is a bunch of small fixes for less impacting or likely
bugs.
Some might have been waiting on 3.0.1 after seeing that 3.0.2 got a few
incomplete or unstable fixes. If you're on 3.0, 3.0.3 definitely is the
one to start with. Of course, I'm always having a thought for those
reading that in the future when I'm writing things like this, but really
it's what 3.0.0 ought to have been, so please don't wait to upgrade,
particularly if you've experienced issues recently.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.0/src/
Git repository : https://git.haproxy.org/git/haproxy-3.0.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-3.0.git
Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (13):
BUG/MAJOR: quic: fix padding with short packets
SCRIPTS: git-show-backports: do not truncate git-show output
BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission
BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure
BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid()
BUG/MINOR: quic: fix race condition in qc_check_dcid()
BUG/MINOR: quic: fix race-condition on trace for CID retrieval
BUG/MEDIUM: server: fix race on server_atomic_sync()
DEV: flags/quic: decode quic_conn flags
Aurelien DARRAGON (8):
BUG/MINOR: log: fix broken '+bin' logformat node option
DEBUG: hlua: distinguish burst timeout errors from exec timeout errors
BUG/MEDIUM: proxy: fix email-alert invalid free
DOC: management: document ptr lookup for table commands
DOC: api/event_hdl: small updates, fix an example and add some precisions
BUG/MINOR: hlua: report proper context upon error in
hlua_cli_io_handler_fct()
BUG/MINOR: server: fix first server template name lookup UAF
BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or
error
Christopher Faulet (9):
BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a
session
BUG/MINOR: promex: Remove Help prefix repeated twice for each metric
BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers
BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without
appctx
BUG/MINOR: h1: Fail to parse empty transfer coding names
BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
BUG/MEDIUM: h1: Reject empty Transfer-encoding header
BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current
thread
BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in
past
Valentine Krasnobaeva (2):
MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD
DOC: configuration: update maxconn description
William Lallemand (6):
REGTESTS: ssl: fix some regtests 'feature cmd' start condition
DOC: configuration: fix alphabetical order of bind options
DOC: configuration: add details about crt-store in bind "crt" keyword
DOC: configuration: more details about the master-worker mode
BUG/MINOR: jwt: don't try to load files with HMAC algorithm
BUG/MINOR: jwt: fix variable initialisation
Willy Tarreau (4):
DEV: flags/show-fd-to-flags: adapt to recent versions
MINOR: activity: make the memory profiling hash size configurable at
build time
BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking
Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD"
---
