Hi, HAProxy 3.0.3 was released on 2024/07/11. It added 42 new commits after version 3.0.2.
This version closes the list of pending issues for 3.0. Fixed in this release are: - a QUIC bug affecting 3.0 and above only, by which can trigger a BUG_ON (hence a crash) sometimes when trying to mix a large initial packet with a small 1-RTT short packet in the same datagram ; - a bug in the bwlim filter that can make it forget to update its timeout and loop fast when woken up with nothing to forward ; - the lack of filtering of empty transfer-encoding headers in the H1 mux that was reported by Ben Kallus ; - the insufficient syntax checks on :method and :scheme H3 headers that was reported by Yuki Mogi ; - a hang on lua CLI applets when trying to deal with their own buffers ; - a possible crash in peers code due to a synchronization issue that is occasionally triggered by one of the regtests (GH #2629) ; - a possible crash in deinit() (when quitting/reloading) when using e-mail alerts after a fix that went into 3.0.2 ; - a rare but possible deadlock (and crash) in QUIC after a recent fix for a race condition in the CID tree, that also went into 3.0.2 ; - an unreproduced race condition affecting the QUIC CID tree. The impact might be a possible crash but it was only found in code review and never reported nor reproduced ; - a remaining issue in DNS resolution timeout/error that may cause some flapping due to the server's address not being fully wiped ; - a subtle race between server address change and server removal that may sometimes try to update a just deleted server due to isolation starting after the lookup and implicitly giving control back when starting ; - an issue in SPOE that can cause a thread to refrain from creating an applet to connect outside, causing failures on requests processed on this thread ; - a race in stick-tables starting from 2.9 where an element may be accessed immediately after decrementing the refcount, sometimes allowing it to be purged in parallel and causing crashes (GH #2611). - and the rest is a bunch of small fixes for less impacting or likely bugs. Some might have been waiting on 3.0.1 after seeing that 3.0.2 got a few incomplete or unstable fixes. If you're on 3.0, 3.0.3 definitely is the one to start with. Of course, I'm always having a thought for those reading that in the future when I'm writing things like this, but really it's what 3.0.0 ought to have been, so please don't wait to upgrade, particularly if you've experienced issues recently. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.0/src/ Git repository : https://git.haproxy.org/git/haproxy-3.0.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-3.0.git Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (13): BUG/MAJOR: quic: fix padding with short packets SCRIPTS: git-show-backports: do not truncate git-show output BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() BUG/MINOR: quic: fix race condition in qc_check_dcid() BUG/MINOR: quic: fix race-condition on trace for CID retrieval BUG/MEDIUM: server: fix race on server_atomic_sync() DEV: flags/quic: decode quic_conn flags Aurelien DARRAGON (8): BUG/MINOR: log: fix broken '+bin' logformat node option DEBUG: hlua: distinguish burst timeout errors from exec timeout errors BUG/MEDIUM: proxy: fix email-alert invalid free DOC: management: document ptr lookup for table commands DOC: api/event_hdl: small updates, fix an example and add some precisions BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() BUG/MINOR: server: fix first server template name lookup UAF BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error Christopher Faulet (9): BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session BUG/MINOR: promex: Remove Help prefix repeated twice for each metric BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx BUG/MINOR: h1: Fail to parse empty transfer coding names BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value BUG/MEDIUM: h1: Reject empty Transfer-encoding header BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past Valentine Krasnobaeva (2): MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD DOC: configuration: update maxconn description William Lallemand (6): REGTESTS: ssl: fix some regtests 'feature cmd' start condition DOC: configuration: fix alphabetical order of bind options DOC: configuration: add details about crt-store in bind "crt" keyword DOC: configuration: more details about the master-worker mode BUG/MINOR: jwt: don't try to load files with HMAC algorithm BUG/MINOR: jwt: fix variable initialisation Willy Tarreau (4): DEV: flags/show-fd-to-flags: adapt to recent versions MINOR: activity: make the memory profiling hash size configurable at build time BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD" ---