Hi,
HAProxy 2.4.25 was released on 2023/12/14. It added 73 new commits
after version 2.4.24.
This release flushes the pipe of pending fixes. Everything was already
announced in 2.6.16:
On H2 side, a possible crash was fixed when processing a response containing
a DATA frame after an 1xx response (or more generally before final
headers). When a congested H2 connection is shut done, we now take care to
wait to send the final empty DATA frame with the ES flag, if necessary,
instead of sending a RST_STREAM. H2 streams waiting in the send_list or the
fctl_list are now properly woken up, improving performance on constraint
environments. Finally, the stream ID is now committed even if the stream is
rejected.
In the H1 multiplexer, handling of http-request and http-keep-alive timeouts
was fixed. Related to H1 but at the applicative level, the abortonclose
option handling was fixed. It was not properly handled when set on the
backend only. It was only usable on defaults section. Finally, an issue in
the H1 chunked payload parsing was fixed by Chris Staite.
The takeover mechanism, used by H1, H2 and FCGI multiplexers, to allow
thread migration of idle connections on server side, was fixed. In case of
memory allocation failure, the connection was released synchronously, which
was unexpected. Now, allocations are performed first. Thus on error, the
migration is just cancelled and the connection remains untouched.
On lua, It is now possible to mix lua actions loaded from 'lua-load' and
'lua-load-per-thread' directives within a single http/tcp session.
Incomplete cache entries when streams are interrupted by the clients are now
properly removed from the cache, instead of waiting their expiration.
The "word" converter was fixed to properly work with "-m found" operator.
The configuration parser was fixed to properly handle lines with an
unmatched environment variables instead of stopping the line parsing.
A memory leak was fixed when parsing a "default-server" directive in
defaults sections.
A possible crash in fcgi with stderr records due to a zero-copy operation
that should not be allowed in this case.
Streamers detection, used to perform SSL sends bigger than
tune.ssl.maxrecord, was no longer working for HTX streams.
Matching of action's arguments was not working as expected because the
parser stopped on the first match instead of looking for the longest
matching name.
It was possible to enter into a deadlock when purging a pattern because
pools were trimmed while the operation was under a lock. Thus during a
clearing of a map, if another thread tried to access or update an entry in
the same map, it had to wait for the pattern lock to be released, while the
pools trimming function was waiting for all threads to be harmless, thus
causing a deadlock. To fix the issue, the pools are now trimmed by the
caller.
With TLSv1.3, the certificate selection favored RSA certificated over ECDSA
when both were available for a domain while it should be the opposite.
sc-add-gpc and sc-set-gpt(0) actions are now allowed from tcp-request
connection. According to the documentation, this was supposed to be
supported.
Thanks everyone for your help and your contributions !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation: https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse: https://discourse.haproxy.org/
Slack channel: https://slack.haproxy.org/
Issue tracker: https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.4/src/
Git repository : https://git.haproxy.org/git/haproxy-2.4.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git
Changelog: https://www.haproxy.org/download/2.4/src/CHANGELOG
Dataplane API:
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs: https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds: https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Aurelien DARRAGON (22):
BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
DOC: lua: fix core.register_action typo
BUG/MINOR: hlua/action: incorrect message on E_YIELD error
MINOR: hlua: add hlua_stream_ctx_prepare helper function
BUG/MEDIUM: hlua: streams don't support mixing lua-load with
lua-load-per-thread
BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
BUG/MINOR: hlua/init: coroutine may not resume itself
BUG/MINOR: server: add missing free for server->rdr_pfx
MINOR: pattern: fix pat_{parse,match}_ip() function comments
BUG/MEDIUM: listener/proxy: fix listeners
