Re: [ANNOUNCE] haproxy-1.8.31
Le 12/9/22 à 16:41, Tim Düsterhus a écrit : Willy, On 12/9/22 16:28, Christopher Faulet wrote: HAProxy 1.8.31 was released on 2022/12/09. It added 83 new commits after version 1.8.30. It appears releases.json didn't update automatically for 1.8: https://www.haproxy.org/download/1.8/src/releases.json You are a sniper ! I should be ok now. Thanks :) -- Christopher Faulet
Re: [ANNOUNCE] haproxy-1.8.31
Willy, On 12/9/22 16:28, Christopher Faulet wrote: HAProxy 1.8.31 was released on 2022/12/09. It added 83 new commits after version 1.8.30. It appears releases.json didn't update automatically for 1.8: https://www.haproxy.org/download/1.8/src/releases.json Best regards Tim Düsterhus
[ANNOUNCE] haproxy-1.8.31
Hi, HAProxy 1.8.31 was released on 2022/12/09. It added 83 new commits after version 1.8.30. The EOL for the 1.8 is planned at the end of this year. Except if there are critical bugs in next few weeks, no further release should be expected. For anyone still running a 1.8, it may be a good idea to think to upgrade. Except if you rely on legacy features, like the legacy HTTP mode, it could be good to directly upgrade to 2.2. No specific support should no longer be expected on the 1.8. This release is emitted to flush the pipe. Apart for recently backported patches, it will be too long for me to remember the context of all fixes. But after 9 months with no new release, I guess if anyone is still running the 1.8.30, it means there is no real issues for his usage. Thus the following changelog is probably enough. Thanks everyone for you help and your contributions ! Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation: http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse: http://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog: http://www.haproxy.org/download/1.8/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs: http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports Latest builds: http://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (3): BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check BUG/MINOR: server: allow 'enable health' only if check configured Aurelien DARRAGON (2): BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists Christopher Faulet (17): BUG/MINOR: logs: Report the true number of retries if there was no connection BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function DOC: config: Add missing actions in "tcp-request session" documentation BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI BUG/MINOR: server/cli: Fix locking in function processing "set server" command BUG/MEDIUM: tcp-check: Do not dereference inexisting connection MINOR: action: Use a generic function to check validity of an action rule list BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration BUG/MINOR: cache: Disable cache if applet creation fails BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode BUG/MEDIUM: peers: Add connect and server timeut to peers proxy BUG/MAJOR: stick-table: don't process store-response rules for applets BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task Emeric Brun (15): BUG/MEDIUM: peers: re-work connection to new process during reload. BUG/MEDIUM: peers: re-work refcnt on table to protect against flush BUG/MEDIUM: peers: initialize resync timer to get an initial full resync BUG/MEDIUM: peers: register last acked value as origin receiving a resync req BUG/MEDIUM: peers: stop considering ack messages teaching a full resync BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected BUG/MEDIUM: peers: reset commitupdate value in new conns BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly BUG/MEDIUM: peers: reset tables stage flags stages on new conns BUG/MEDIUM: dns: reset file descriptor if send returns an error BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken DOC: stick-table: add missing documentation about gpt0 stored type BUG/MINOR: peers: fix data_type bit computation more than 32 data_types DOC: peers: fix doc "enable" statement on "peers" sections DOC: peers: clarify when entry expiration date is renewed. Lukas Tribus (1): DOC: ssl: req_ssl_sni needs implicit TLS Remi Tricot-Le Breton (2): BUG/MEDIUM: ebtree: Invalid read when looking for dup entry BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future Thayne McCombs (2): BUG/MINOR: tools: fix parsing "
[ANNOUNCE] haproxy-2.0.30
Hi, HAProxy 2.0.30 was released on 2022/12/09. It added 72 new commits after version 2.0.29. This release flushes the pipe of all pending fixes: * A major issue on sitck-tables were fixed about a possible crash if server name indexing is used to perform stickiness when the server is an applet. This is typically what happens when a "stick-store" rule is present in a backend featuring a "stats" directive. And at the end, to fix the bug, such rules must simply be ignored when the server is an applet. * A race condition on some global tasks was fixed. The stick-table expiration task and the listeners management task were concerned. These tasks may run on any thread. Both set their expiration date to TICK_ETERNITY. On the other hand, these task may be queued or scheduled from anywhere. The race was when the both happened at same time. Indeed it is forbidden to queue a task with no expiration date. To prevent any issue, a locking mechanism is now used. * It was possible to trigger the watchdog because of an extreme contention on the proxy's lock while the libc was in malloc()/free(). It was mainly due to the errors capture. A call to free() was under the lock with no special reason. The object is now released outside of the proxy's lock. * The protocol matching for HTTP/1.X is now strict. Non-HTTP/1.X protocols are now rejected by default. This can be relaxed by adding "accept-invalid-http-request" option. * An issue during the argument parsing when sample fetches or converters are called from lua was fixed to avoid crashes on failure. * An old bug in the H2 mux may cause spurious stream resets when uploading and downloading at the same time from the same stream, due to the window update frames having to be delayed when the output is full, and sent later after the stream ID was reset. Those using POST to servers might have experienced such occasional issues and might want to check for any improvement there. This was reported in issue #1830 and diagnosed by David le Blanc. * Reloading peers could compete on the local one and slow down or block the replication. * Reloading peers could interrupt a resync in progress if the retry timer triggered before the end. * In peers, messages about unkown table was not properly ignored. Those messages are now silently ignored and the upper layer continue the processing as it is done for any valid messages * It was possible to crash HAProxy by defining multiple bind lines in a peers section. An error is now reported during configuration parsing. * Pause or resume a proxy from lua code could lead to some race because these operations were performed outside the proxy's lock. To fix the issue and prevent any trouble, the proxy's API was slightly refactored to be sure the proxy's lock is always acquired by low-level functions. * There was an undesired sharing of data between default-servers that could lead to double-frees concretized by crashes when checking the config. This was reported in issue #1804 by Fabiano Nunes. * There was a bug in the SPOE. In sync or pipelining modes, an unhealthy SPOA could led HAProxy to create a huge number of applets to process queued messages, slowing down all processing. * An internal error was reported when loadbalancing on source IP address was impossible. It could happens with SPOE applets or with clients connected to HAProxy via a unix socket. Now, when this happens, a fallback to round-robin is performed. * Headers case adjustment in H1 is now available for TCP proxies. It was an issue for HTTP health-checks on backend side or for TCP connections upgraded to HTTP on frontend side. * A bug in the "method" sample fetch could lead to a crash if it was used in logs for errors triggered at the mux level. This sample requires a stream, witch does not yet exist when an early error is reported by a mux. Now, a non-matching is returned in this case. * A memory leak was fixed when some TXN variables were defined from a tcp-request ruleset for an HTTP session. Indeed, in this case, these variables were lost because of an extra list initialization during the HTTP transaction creation. * Characters escaping process in log messages was not correctly processing strings coming from sample fetches truncating the output string. * The DNS resolution is now ignored for disabled proxies preventing some crashes. * A 60s delay could be experienced after stopping HAProxy. This was happening when a signal was received before entering the poller and without any activity on the process. In mworker mode, if a worker exited and the SIGCHLD signal was delivered at the right time to the master, this one could be stuck for 60s. The timeout is now set to 0 in this specific case. Thanks everyone for your help and your contributions. Please find the usual URLs below : Site i
[PATCH] MINOR: sample: Add bc_rtt and bc_rttvar
Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" decision to which server should the request be send, here the beginning of the patches. In any cases it would be nice to know the rtt from the backend, Imho. Does anybody know how I can "delay/sleep/wait" for the server answer to get some rtt which are not 0 as the rtt is 0. Regards AlexFrom 7610bb7234bd324e06e56732a67bf8a0e65d7dbc Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Fri, 9 Dec 2022 13:05:52 +0100 Subject: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar To be able to implement "Balancing algorithm (Peak) EWMA" is it necessary to know the round trip time to the backend. This Patch adds the fetch sample for the backend server. Part of GH https://github.com/haproxy/haproxy/issues/1570 --- doc/configuration.txt| 16 ++ reg-tests/sample_fetches/tcpinfo_rtt.vtc | 39 src/tcp_sample.c | 33 3 files changed, 88 insertions(+) create mode 100644 reg-tests/sample_fetches/tcpinfo_rtt.vtc diff --git a/doc/configuration.txt b/doc/configuration.txt index c45f0b4b6..e8526de7f 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -18854,6 +18854,22 @@ be_server_timeout : integer current backend. This timeout can be overwritten by a "set-timeout" rule. See also the "cur_server_timeout". +bc_rtt() : integer + Returns the Round Trip Time (RTT) measured by the kernel for the backend + connection. is facultative, by default the unit is milliseconds. + can be set to "ms" for milliseconds or "us" for microseconds. If the server + connection is not established, if the connection is not TCP or if the + operating system does not support TCP_INFO, for example Linux kernels before + 2.4, the sample fetch fails. + +bc_rttvar() : integer + Returns the Round Trip Time (RTT) variance measured by the kernel for the + backend connection. is facultative, by default the unit is milliseconds. + can be set to "ms" for milliseconds or "us" for microseconds. If the + server connection is not established, if the connection is not TCP or if the + operating system does not support TCP_INFO, for example Linux kernels before + 2.4, the sample fetch fails. + be_tunnel_timeout : integer Returns the configuration value in millisecond for the tunnel timeout of the current backend. This timeout can be overwritten by a "set-timeout" rule. See diff --git a/reg-tests/sample_fetches/tcpinfo_rtt.vtc b/reg-tests/sample_fetches/tcpinfo_rtt.vtc new file mode 100644 index 0..f28a2072e --- /dev/null +++ b/reg-tests/sample_fetches/tcpinfo_rtt.vtc @@ -0,0 +1,39 @@ +varnishtest "Test declaration of TCP rtt fetches" + +# feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(v2.8-dev1)'" +feature ignore_unknown_macro + +server s1 { +rxreq +txresp +} -start + +haproxy h1 -conf { + defaults common + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe from common + bind "fd@${feh1}" + + default_backend be + + backend be from common + + http-response set-header x-test1 "%[fc_rtt]" + http-response set-header x-test2 "%[bc_rtt]" + http-response set-header x-test3 "%[fc_rttvar]" + http-response set-header x-test4 "%[bc_rttvar]" + + server s1 ${s1_addr}:${s1_port} + +} -start + +client c1 -connect ${h1_feh1_sock} { +txreq -req GET -url / +rxresp +expect resp.status == 200 +#expect resp.http.x-test2 ~ " ms" +} -run diff --git a/src/tcp_sample.c b/src/tcp_sample.c index 925b93291..bf0d538ea 100644 --- a/src/tcp_sample.c +++ b/src/tcp_sample.c @@ -373,6 +373,34 @@ static inline int get_tcp_info(const struct arg *args, struct sample *smp, return 1; } +/* get the mean rtt of a backend/server connection */ +static int +smp_fetch_bc_rtt(const struct arg *args, struct sample *smp, const char *kw, void *private) +{ + if (!get_tcp_info(args, smp, 1, 0)) + return 0; + + /* By default or if explicitly specified, convert rtt to ms */ + if (!args || args[0].type == ARGT_STOP || args[0].data.sint == TIME_UNIT_MS) + smp->data.u.sint = (smp->data.u.sint + 500) / 1000; + + return 1; +} + +/* get the variance of the mean rtt of a backend/server connection */ +static int +smp_fetch_bc_rttvar(const struct arg *args, struct sample *smp, const char *kw, void *private) +{ + if (!get_tcp_info(args, smp, 1, 1)) + return 0; + + /* By default or if explicitly specified, convert rttvar to ms */ + if (!args || args[0].type == ARGT_STOP || args[0].data.sint == TIME_UNIT_MS) + smp->data.u.sint = (smp->data.u.sint + 500) / 1000; + + return 1; +} + /* get the mean rtt of a client connection */ static int smp_fetch_fc_rtt(const struct arg *args, struct sample *smp
[PATCH 1/1] DOC/CLEANUP: fix typos
s/algorithmm/algorithm/ s/an other/another/ s/certicates/certificates/ s/exemples/examples/ s/informations/information/ s/optionnal/optional/ --- doc/design-thoughts/config-language.txt | 4 ++-- doc/internals/http-parsing.txt | 4 ++-- doc/management.txt | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git doc/design-thoughts/config-language.txt doc/design-thoughts/config-language.txt index 510ada68e..20c4fbd2b 100644 --- doc/design-thoughts/config-language.txt +++ doc/design-thoughts/config-language.txt @@ -24,9 +24,9 @@ Pour les filtres : = [ == | =~ | =* | =^ | =/ | != | !~ | !* | !^ | !/ ] = "" = [ allow | permit | deny | delete | replace | switch | add | set | redir ] - = optionnal action args + = optional action args -exemples: +examples: req in URI =^ "/images" switch images req in h(host) =* ".mydomain.com" switch mydomain diff --git doc/internals/http-parsing.txt doc/internals/http-parsing.txt index 494558baa..8b3f23960 100644 --- doc/internals/http-parsing.txt +++ doc/internals/http-parsing.txt @@ -325,11 +325,11 @@ Unfortunately, some products such as Apache allow such characters :-/ - each http_txn has 1 request message (http_req), and 0 or 1 response message (http_rtr). Each of them has 1 and only one http_txn. An http_txn holds - informations such as the HTTP method, the URI, the HTTP version, the + information such as the HTTP method, the URI, the HTTP version, the transfer-encoding, the HTTP status, the authorization, the req and rtr content-length, the timers, logs, etc... The backend and server which process the request are also known from the http_txn. -- both request and response messages hold header and parsing informations, such +- both request and response messages hold header and parsing information, such as the parsing state, start of headers, start of message, captures, etc... diff --git doc/management.txt doc/management.txt index c93bff5db..b2a34fb9c 100644 --- doc/management.txt +++ doc/management.txt @@ -208,7 +208,7 @@ list of options is : tokenized, so comments are stripped and indenting is forced. If a non-zero key is specified, lines are truncated before sensitive/confidential fields, and identifiers and addresses are emitted hashed with this key using the -same algorithmm as the one used by the anonymized mode on the CLI. This +same algorithm as the one used by the anonymized mode on the CLI. This means that the output may safely be shared with a developer who needs it to figure what's happening in a dump that was anonymized using the same key. Please also see the CLI's "set anon" command. @@ -1690,7 +1690,7 @@ add server / [args]* add ssl ca-file Add a new certificate to a ca-file. This command is useful when you reached - the buffer size limit on the CLI and want to add multiple certicates. + the buffer size limit on the CLI and want to add multiple certificates. Instead of doing a "set" with all the certificates you are able to add each certificate individually. A "set ssl ca-file" will reset the ca-file. @@ -2964,7 +2964,7 @@ show resolvers [] other: any other DNS errors invalid: invalid DNS response (from a protocol point of view) too_big: too big response -outdated: number of response arrived too late (after an other name server) +outdated: number of response arrived too late (after another name server) show servers conn [] Dump the current and idle connections state of the servers belonging to the -- 2.30.2
Re: [PATCH 0/2] BUG/MINOR: promex: create haproxy_backend_agg_check_status
Le 12/8/22 à 10:16, Cedric Paillet a écrit : As described in github issue #1312, the first intention of patch 42d7c402d was to aggregate haproxy_server_check_status. But we aggregated haproxy_server_status instead. To fix that: - Deprecated haproxy_backend_agg_server_check_status. (Modify the metric description) - create new haproxy_backend_agg_server_status metric, aggregation of haproxy_backend_server_status. (to replace misnamed haproxy_backend_agg_server_check_status) - create new haproxy_backend_agg_check_status metric, aggregation of haproxy_backend_server_check_status. Cedric Paillet (2): BUG/MINOR: promex: create haproxy_backend_agg_server_status MINOR: promex: introduce haproxy_backend_agg_check_status addons/promex/service-prometheus.c | 30 +- include/haproxy/stats-t.h | 2 ++ src/stats.c| 10 -- 3 files changed, 39 insertions(+), 3 deletions(-) Thanks, both patches were merged ! I mentioned it could be backported as far as 2.4. -- Christopher Faulet
[ANNOUNCE] haproxy-2.2.26
Hi, HAProxy 2.2.26 was released on 2022/12/09. It added 80 new commits after version 2.2.25. There hasn't been new 2.2 version since this summer. This one is thus quite huge and flush the pipe. Here are issues fixed in this release: * A major issue on sitck-tables were fixed about a possible crash if server name indexing is used to perform stickiness when the server is an applet. This is typically what happens when a "stick-store" rule is present in a backend featuring a "stats" directive. And at the end, to fix the bug, such rules must simply be ignored when the server is an applet. * A race condition on some global tasks was fixed. The stick-table expiration task and the listeners management task were concerned. These tasks may run on any thread. Both set their expiration date to TICK_ETERNITY. On the other hand, these task may be queued or scheduled from anywhere. The race was when the both happened at same time. Indeed it is forbidden to queue a task with no expiration date. To prevent any issue, a locking mechanism is now used. * There was an issue with the init sequence of tcp sink from a ring. The sink initialization was performed too early and some parts were not properly initialized, especially for SSL, causing crashes at runtime. * It was possible to trigger the watchdog because of an extreme contention on the proxy's lock while the libc was in malloc()/free(). It was mainly due to the errors capture. A call to free() was under the lock with no special reason. The object is now released outside of the proxy's lock. * The HTTP compression filter was fixed to properly handle rewrite errors. Indeed, on rewrite error, the compression is not performed. But in this case, we must be sure to remove the "Content-Encoding" header. * A crash during ring section parsing was fixed. If a "ring" section initialization failed (e.g. due to a duplicate name, invalid chars, or missing memory), any subsequent "server" statement found in the same section crashed the config parser by dereferencing the currently NULL cfg_sink. * A bug in resolvers was fixed. It was possible to experience a crash because of a use-after-free when a resolution was released. When a resolution was aborted, it was not removed from the tree referencing all pending requests. Thus it was still possible to get a reference on a resolution in the same time it was released. * There was a logic bug in processing of option http-restrict-req-hdr-names that could cause deletion of a wrong header or a crash when facing multiple forbidden chars. This was reported in issue #1822, analyzed and fixed by Mateusz Malek. * An old bug in the H2 mux may cause spurious stream resets when uploading and downloading at the same time from the same stream, due to the window update frames having to be delayed when the output is full, and sent later after the stream ID was reset. Those using POST to servers might have experienced such occasional issues and might want to check for any improvement there. This was reported in issue #1830 and diagnosed by David le Blanc. * Tim reported in issue #1799 that upon reload, and old process that failed to synchronize its tables with the new one could loop for a while without any pause and waste a lot of CPU doing this. * Reloading peers could compete on the local one and slow down or block the replication. * Reloading peers could interrupt a resync in progress if the retry timer triggered before the end. * In peers, messages about unkown table was not properly ignored. Those messages are now silently ignored and the upper layer continue the processing as it is done for any valid messages * Pause or resume a proxy from lua code could lead to some race because these operations were performed outside the proxy's lock. To fix the issue and prevent any trouble, the proxy's API was slightly refactored to be sure the proxy's lock is always acquired by low-level functions. * There was an undesired sharing of data between default-servers that could lead to double-frees concretized by crashes when checking the config. This was reported in issue #1804 by Fabiano Nunes. * There was a bug in the SPOE. In sync or pipelining modes, an unhealthy SPOA could led HAProxy to create a huge number of applets to process queued messages, slowing down all processing. * Characters escaping process in log messages was not correctly processing strings coming from sample fetches truncating the output string. * Agent-check could be delayed by ~200ms due to TCP QUICKACK being disabled by default. * Reading from the rings could also occasionally freeze at high rate if the reader had to stop due to a buffer full while the writer had already stopped due to a ring full. * A 60s delay could be experienced after stopping HAProxy. This was happening when a signal was rece
[ANNOUNCE] haproxy-2.4.20
Hi, HAProxy 2.4.20 was released on 2022/12/09. It added 66 new commits after version 2.4.19. All fixes shipped in this release were already described in 2.5.10 announcement. Just note that for there is still a pending fix for the "set-uri" action, not included in this release. It will only be shipped with the 2.4.21. The "set-uri" action is been bogus for a while and was not working as documented, and used to make HTTP/1 and HTTP/2 produce different outputs. The reason for being careful is that during 2.5 there was once an issue with "set-uri" and we proposed as an emergency work-around for those not having the time to upgrade to use "set-uri %[url]" and this very specific one will behave differently by sending absolute URIs just as documented (some users are currently annoyed by the bogus behavior in 2.6, so we'll have to fix it). As such, while updating to 2.4.20, take this opportunity to have a look at your config to see if you're having a old line like: http-request set-uri %[url] If so, just comment it out, it will not change anything, and will make sure that 2.4.21 doesn't cause any change. Otherwise, here is the list of fixes, cut-pasted from the 2.5.10 announce: * A major issue on sitck-tables were fixed about a possible crash if server name indexing is used to perform stickiness when the server is an applet. This is typically what happens when a "stick-store" rule is present in a backend featuring a "stats" directive. And at the end, to fix the bug, such rules must simply be ignored when the server is an applet. * A race condition on some global tasks was fixed. The stick-table expiration task and the listeners management task were concerned. These tasks may run on any thread. Both set their expiration date to TICK_ETERNITY. On the other hand, these task may be queued or scheduled from anywhere. The race was when the both happened at same time. Indeed it is forbidden to queue a task with no expiration date. To prevent any issue, a locking mechanism is now used. * The HTTP compression filter was fixed to properly handle rewrite errors. Indeed, on rewrite error, the compression is not performed. But in this case, we must be sure to remove the "Content-Encoding" header. * The FCGI multiplexer was fixed to avoid overflow on the data length copied into a buffer when STDIN record is built. This could happen when the buffer was almost full and lead to a crash. * A crash during ring section parsing was fixed. If a "ring" section initialization failed (e.g. due to a duplicate name, invalid chars, or missing memory), any subsequent "server" statement found in the same section crashed the config parser by dereferencing the currently NULL cfg_sink. * In peers, messages about unkown table was not properly ignored. Those messages are now silently ignored and the upper layer continue the processing as it is done for any valid messages * An issue during the argument parsing when sample fetches or converters are called from lua was fixed to avoid crashes on failure and to properly handle implicit stick-table. * The pgsql healthcheck was update to support new authentication methods. Now AUTH_REQ_GSS, AUTH_REQ_GSS and AUTH_REQ_SASL are supported. * On connection retry, Turn-around, adding 1 second pause before connection retry, is now enforce only when no redispatch is performed. * A memory leak was fixed when some TXN variables were defined from a tcp-request ruleset for an HTTP session. Indeed, in this case, these variables were lost because of an extra list initialization during the HTTP transaction creation. * smtpchk healthcheck now gracefully close SMTP transaction by sending a QUIT message. * Error handling during http replies parsing was fixed to prevent any crash during arguments parsing while a log-format body was expected but not evaluated yet. * And finally, to finish this boring list, the usual fixes here and there, documentation and build improvements. Thanks everyone for your help and your contributions. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation: https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse: https://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.4/src/ Git repository : https://git.haproxy.org/git/haproxy-2.4.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git Changelog: https://www.haproxy.org/download/2.4/src/CHANGELOG Dataplane API: https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs: https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-r