Hi,
HAProxy 2.4.28 was released on 2024/11/08. It added 39 new commits
after version 2.4.27.
The 2.4.27 is now quite old. There is not so much pending bug fixes, but
emitting a new 2.4 release now is a good way to stay aligned with other
versions. So let's do so. Following bugs were fixed in this release:
* Dynamic servers testing under heavy load have been performed during 3.0
development cycle. This revealed that crashes could occur due to the removal
of a server currently in used. Removal conditions were thus adjusted to
reject such operation.
* The SSL stack is now always completely initialized. Due to a change of
API in 3.x the old call was deprecated and used to emit a warning, but
it was later found to still be required in some cases.
* An issue in SPOE that can cause a thread to refrain from creating an
applet to connect outside, causing failures on requests processed on
this thread.
* It was possible to crash the process when performing an implicit
protocol upgrade (TCP to HTTP due to a transition from a TCP front to an
HTTP back) if an error happened on the connection just before the
transition.
* Unhandled aborts were fixed in the H2 multiplexer. The end of
message could be reported twice for tunneled streams, leaving the second
one blocked at the channel level because of the first one.
* Some bugs related to pattern expressions handling loaded from file were
fixed.
* When a listen() failed for TCP and Unix sockets, the file descriptor was
not removed from the fdtab[] array, leading to a possible crash because
of a BUG_ON() when this FD was reused. The FD is now properly removed
from fdtab[] in that case.
* Description of the command line options -dR and -dV were missing in the
management documentation. It is now fixed. Documentation about "show stat"
CLI command was also updated to reflect the renaming of "dns" counters to
"resolvers". In the configuration manual, the info about http-keep-alive
timeout and other timeouts were improved.
* It was possible to experienced a deadlock by setting the maxconn of a
frontend on the CLI, because of a double lock on the proxy lock.
* It was possible to reuse HTTP connections for requests to different
endpoints because some address families where not properly handled. The
issue was encountered with the HTTP client and UNIX socket combination.
* A server abort was reported on an invalid HTTP response payload instead of
an internal error. The right termination state is now reported in that case.
* "set ssl cert" CLI command was not properly checking the transaction
name. That could lead to commit accidentally a transaction on the wrong
certificate.
Thanks everyone for your help !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.4/src/
Git repository : https://git.haproxy.org/git/haproxy-2.4.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git
Changelog : https://www.haproxy.org/download/2.4/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Amaury Denoyelle (3):
SCRIPTS: git-show-backports: do not truncate git-show output
MINOR: session: rename private conns elements
BUG/MAJOR: server: do not delete srv referenced by session
Aurelien DARRAGON (9):
BUG/MEDIUM: cli: fix cli_output_msg() regression
DOC: management: rename show stats domain cli "dns" to "resolvers"
BUG/MINOR: hlua: report proper context upon error in
hlua_cli_io_handler_fct()
BUG/MINOR: pattern: prevent const sample from being tampered in
pat_match_beg()
BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
BUG/MEDIUM: server: server stuck in maintenance after FQDN change
BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
BUG/MEDIUM: hlua: properly handle sample func errors in
hlua_run_sample_{fetch,conv}()
BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled
address families
Christopher Faulet (8):
BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current
thread
BUG/MINOR: cli: Atomically inc the global request counter between CLI
commands
BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no
longer ready
BUG/MEDIUM: cli: Always release back endpoint between two commands on the
mcli
BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
BUG/MINOR: server: Don't warn fallback IP is used during init-addr
resolution
BUG/MINOR: http-ana: Don't report a server abort if response payload is
invalid
BUG/MINOR: http-ana: Report internal error if an action yields on a final
eval
Ilia Shipitsin (1):
BUG/MINOR: fcgi-app: handle a possible strdup() failure
Oliver Dala (1):
BUG/MEDIUM: cli: Deadlock when setting frontend maxconn
Valentine Krasnobaeva (7):
DOC/MINOR: management: add missed -dR and -dv options
BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
BUG/MINOR: cfgparse-global: fix allowed args number for setenv
BUG/MINOR: mworker: fix mworker-max-reloads parser
William Lallemand (4):
DOC: configuration: fix alphabetical order of bind options
MEDIUM: ssl: initialize the SSL stack explicitely
DOC: configuration: issuers-chain-path not compatible with OCSP
BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name
correctly
Willy Tarreau (6):
BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state
warning
BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
BUG/MINOR: polling: fix time reporting when using busy polling
DOC: config: improve the http-keep-alive section
--
Christopher Faulet
