Hi,
HAProxy 3.0-dev2 was released on 2024/01/26. It added 70 new commits
after version 3.0-dev1.
There's not that much in this version but it stabilizes a few issues
that came with release 2.9 and since there are testers, better keep
-dev in good shape. A new 2.9 will probably happen in one or two weeks
with some further fixes for pending issues we're currently working on.
Among the fixes here, I can cite a failure of QUIC in OpenSSL compatibility
mode, and a rare risk of crash of the cache when using Vary.
On the front of new stuff, we have:
- an update of the deviceatlas addon to support the new version of
the library. It slightly changes the build system and may possibly
trigger a build issue when USE_DEVICEATLAS is set. I think it's OK
now (it now passes on the CI) but those using it might want to check.
- an improvement on the default certificate selection: till now, the
default certificate was the first one mentioned on the bind line. This
causes issues with sites that want to support both RSA and ECDSA. A
new approach was brought, with an optional "default-crt" keyword that
designates the default certs on the bind line, and its equivalent in
the crt-list files designated by "*" in the name. This allows the right
cert to be picked based on the desired algorithm. Of course the default
behavior doesn't change.
- the list of status codes that are increment the http_err_cnt and
http_fail_cnt counters can now be changed with the global directives
"http-err-codes" and "http-fail-codes". This has long been requested,
both by those whose applications randomly return 500 that are not
server failures, and those where 404 happen a lot and does not
necessarily indicate a URL scanner. All of the 1xx-5xx range is
permitted for both classes.
- a new "glitches" counter was added to H2 front and back connections,
and should progressively extend to all protocols and layers. It counts
the various small anomalies that are not bugs nor attacks but that are
abnormal enough to be counted, and which could indicate a faulty
application or server when found at high rates on the backend side,
or a heavily misbehaving client for the frontend side. For example,
truncated prefaces and abuses of CONTINUATION frames are counted as
such. The values are readable using a pair of sample fetch functions
so that they could be reported in the logs or even trigger a reject.
- QUIC built with latest aws-lc as the TLS library should now support
0-RTT.
- various code spelling cleanups and doc fixes
- and a few other more minor things.
And that's about all. These days I noticed that everyone is busy with
difficult bug reports, which also explains that the number of untriaged
issues on GitHub is growing a bit. I hope it'll soon calm down so that
we can all return to a more normal coding rate. We'll see :-)
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.0/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (4):
BUILD: quic: missing include for quic_tp
BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
MINOR: quic: extract qc_stream_buf free in a dedicated function
BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
Aurelien DARRAGON (8):
BUG/MINOR: map: list-based matching potential ordering regression
REGTESTS: add a test to ensure map-ordering is preserved
DOC: config: fix typo about map_*_key converters
MINOR: map: mapfile ordering also matters for tree-based match types
MINOR: vars: fix indentation in var_clear_buffer()
DOC: configuration: fix set-dst in actions keywords matrix
BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
CLEANUP: hlua: fix indent, remove extra return in hlua_core_get_var()
David Carlier (3):
BUILD/MEDIUM: deviceatlas: addon build rework.
DOC: deviceatlas: update to be in line with the v3 api.
BUILD/MEDIUM: deviceatlas: updating the addon part.
Emeric Brun (1):
BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's
CLI
Frederic Lecaille (10):
BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
MINOR: quic: Transport parameters encoding without version_information
MINOR: quic: Enable early data at SSL session level (aws-lc)
MINOR: ssl_sock: Early data disabled during SSL_CTX switching (aws-lc)
MINOR: quic: Correctly wait for the completion of handshakes with early
data (aws-lc)
BUILD: quic: Fix build error when building QUIC against wolfssl.
BUILD: quic: Fix build error when building QUIC against libressl.
BUG/MINOR: quic: newreno QUIC congestion control algorithm no more
available
CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
MINOR: quic: Stop hardcoding a scale shifting value
(CUBIC_BETA_SCALE_FACTOR_SHIFT)
Frédéric Lécaille (1):
CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
Ilya Shipitsin (6):
CI: codespell: ignore some words in URLs
CI: codespell: add more words to whitelist
CLEANUP: fix spelling of "occured" in src/h3.c
CLEANUP: fix spelling of "elemt"
CI: extend spell check white list
CI: enable spell check on git push
Mariam John (1):
MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
Miroslav Zagorac (2):
MINOR: ot: logsrv struct becomes logger
DOC: configuration: corrected description of keyword
tune.ssl.ocsp-update.mindelay
Remi Tricot-Le Breton (1):
BUG/MEDIUM: cache: Fix crash when deleting secondary entry
William Lallemand (10):
CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec()
CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec() (part 2)
MEDIUM: ssl: allow multiple fallback certificate to allow ECDSA/RSA
selection
MEDIUM: ssl: generate '*' SNI filters for default certificates
MEDIUM: ssl: does not use default_ctx for 'generate-certificate' option
REORG: ssl: move 'generate-certificates' code to ssl_gencert.c
DOC: configuration: update configuration on how to have multiple default
certs
MEDIUM: ssl: implements 'default-crt' keyword for bind Lines
CI: github: update wolfSSL to 5.6.6
DOC: INSTALL: require at least WolfSSL 5.6.6
Willy Tarreau (23):
DEV: patchbot: produce a verdict for too long commit messages
DEV: phash: add a trivial perfect hash generator for integers
OPTIM: http: simplify http_get_status_idx() using a hash
CLEANUP: http: avoid duplicating literals in find_http_meth()
MINOR: http: add infrastructure to choose status codes for err / fail
MEDIUM: http_act: check status codes against the bit fields for err/fail
MEDIUM: http: add the ability to redefine http-err-codes and
http-fail-codes
DEV: h2: add support for multiple flags in mkhdr
DEV: h2: support hex-encoded data sequences in mkhdr
BUG/MINOR: mux-h2: also count streams for refused ones
BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
MINOR: mux-h2/traces: add a missing trace on connection WU with negative
inc
MINOR: mux-h2: add a counter of "glitches" on a connection
MINOR: connection: add a new mux_ctl to report number of connection
glitches
MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
MINOR: connection: add sample fetches to report per-connection glitches
BUILD: stick-table: fix build error on 32-bit platforms
BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
BUILD: quic: fix build error when using the compatibility layer
BUILD: makefile: also define cmd_CXX to pretty-print C++ build commands
BUILD: deviceatlas: remove unneeded depenency on libcurl / libzip
BUILD: deviceatlas: fix empty "-I" left on CFLAGS
Revert "CI: enable spell check on git push"
---
