Hi, HAProxy 3.1-dev1 was released on 2024/06/14. It added 95 new commits after version 3.1-dev0.
Because Willy announced publicly I should managed a -dev1 before his return from vacations, I have no choice. So, faced with so much pressure, here is the first 3.1 dev release. After the feature freeze preceding the 3.0.0, the developments now slowly restart. Aurélien pushed several patchs related to the initial implementation of the "log-profile" feature as described in Github issue #401. While some directives such as "log-format", "log-format-sd", "error-log-format" or "log-tag" make it possible to configure log formatting globally or at the proxy level, it may be relevant to configure such settings as close as possible to the log endpoints, that is, per "log" directive. This is what "log-profile" section now offers when combined with a "log" directive. For now, the use of log-profiles is somewhat limited because we lack the ability to explicitly trigger the log building process at specific steps during the stream handling, but it should gain more traction over the time as the feature evolves and new mechanisms allowing the emission of logs at expected processing steps will be added. William, on his side, worked on improving the AWS-LC support, making closer and closer to something isofunctional to OpenSSL-1.1.1 but with QUIC support as a bonus. More we work on AWS-LC support, more it appears as one of the best alternative to OpenSSL. On this release, William added the support for ECDA+RSA certificate selection. Finally, you may note that our acme.sh fork to be able to update dynamically certificates without any reload was removed. The feature was merged in the mainstream project. The remaining is the bunch of usual bug fixes, documentation improvements, CI upgrades and cleanups here and there. It may be good to mention that two major bugs were fixed on the H1 multiplexer. A possible use-after-free on the H1 connection when a request was drained and an issue with the zero-copy data forwarding of the chunked messages. The ten first bytes of the first chunk could be crushed, depending on the timing. So the very early adopters and fans of the dev releases are highly encouraged to upgrade. Thanks everyone for your help. Enjoy ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (8): BUG/MINOR: quic: prevent crash on qc_kill_conn() BUG/MINOR: quic: fix computed length of emitted STREAM frames BUG/MINOR: quic: ensure Tx buf is always purged BUG/MINOR: quic: fix padding of INITIAL packets OPTIM: quic: fill whole Tx buffer if needed MINOR: quic: refactor qc_build_pkt() error handling MINOR: quic: use global datagram headlen definition MINOR: quic: refactor qc_prep_pkts() loop Aurelien DARRAGON (44): MINOR: stktable: avoid ambiguous stktable_data_ptr() usage in cli_io_handler_table() BUG/MINOR: hlua: use CertCache.set() from various hlua contexts CLEANUP: hlua: fix CertCache class comment CLEANUP: hlua: use hlua_pusherror() where relevant BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage BUG/MINOR: hlua: prevent LJMP in hlua_traceback() CLEANUP: hlua: get rid of hlua_traceback() security checks BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() MINOR: log: fix "http-send-name-header" ignore warning message BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() BUG/MINOR: proxy: fix log_tag leak on deinit() BUG/MINOR: proxy: fix email-alert leak on deinit() BUG/MINOR: proxy: fix check_{command,path} leak on deinit() BUG/MINOR: proxy: fix dyncookie_key leak on deinit() BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() BUG/MINOR: proxy: fix header_unique_id leak on deinit() MINOR: proxy: add proxy_free_common() helper function BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions MINOR: log: change wording in lf_expr_postcheck() error message BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section CLEANUP: log/proxy: fix comment in proxy_free_common() DOC: config: move "hash-key" from proxy to server options DOC: config: add missing section hint for "guid" proxy keyword DOC: config: add missing context hint for new server and proxy keywords DOC: management: rename show stats domain cli "dns" to "resolvers" REORG: log: reorder send log helpers by dependency order MINOR: session: expose session_embryonic_build_legacy_err() function MEDIUM: log/session: handle embryonic session log within sess_log() MINOR: log: provide sending log context to process_send_log() when available MINOR: log: add log_orig_to_str() function MINOR: log: provide log origin in logformat expressions using '%OG' CLEANUP: log: remove ambiguous legacy comment for resolve_logger() MINOR: log/backend: always free parsing hints in resolve_logger() MINOR: log: make resolve_logger() static MINOR: log: provide proxy context to resolve_logger() MINOR: log: add __send_log_set_metadata_sd helper MINOR: log: add logger flags MINOR: log: add log-profile parsing logic MINOR: log: add log profile buildlines MEDIUM: log: handle log-profile in process_send_log() DOC: config: add documentation for log profiles REGTESTS: log: add a test for log-profile Christopher Faulet (9): BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request Ilia Shipitsin (6): CI: use "--no-install-recommends" for apt-get CI: switch to lua 5.4 CI: use USE_PCRE2 instead of USE_PCRE CI: VTest: accelerate package install a bit CI: speedup apt package install CI: FreeBSD: upgrade image, packages Tim Duesterhus (2): REGTESTS: Remove REQUIRE_VERSION=2.1 from all tests REGTESTS: Remove REQUIRE_VERSION=2.2 from all tests Valentine Krasnobaeva (2): DOC/MINOR: management: add missed -dR and -dv options DOC/MINOR: management: add -dZ option William Lallemand (20): DOC: replace the README by a markdown version ADMIN: acme.sh: remove the old acme.sh code DOC: configuration: add an example for keywords from crt-store DOC: add the FreeBSD status badge to README.md DOC: change the link to the FreeBSD CI in README.md BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL DOC: install: remove boringssl from the list of supported libraries DOC: internals: add a documentation about the master worker MINOR: ssl: add ssl_sock_bind_verifycbk() in ssl_sock.h REORG: ssl: move the SNI selection code in ssl_clienthello.c BUILD: ssl: fix build with wolfSSL CI: github: upgrade aws-lc to 1.29.0 Revert "CI: github: upgrade aws-lc to 1.29.0" MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC BUILD: ssl: disable deprecated functions for AWS-LC 1.29.0 MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing CI: github: upgrade aws-lc to 1.29.0 DOC: INSTALL: minimum AWS-LC version is v1.22.0 CI: github: do the AWS-LC weekly build with ERR=1 William Manley (1): BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts Willy Tarreau (3): BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory -- Christopher Faulet
