Hi,
HAProxy 3.1.6 was released on 2025/03/20. It added 52 new commits
after version 3.1.5.
Since the previous version one month ago we've accumulated a number of
low to medium importance fixes. Most of them address annoyances that could
be worked around so it looks like it's the right moment to emit a new
version that permits everyone to update at their own rhythm with no rush.
- servers were not reachable using ABNS addresses due to an incorrect
internal address family, and the reg-test was equally broken making it
look like it was working. Both were fixed. The logged address was
incorrect as well, by the way.
- disabling the send-proxy-v2 feature on a "server" line after some fields
had been enabled in the defaults section would result in an attempt to
send a PROXY-v1 line because the presence of any field was tested to
decide to send the PROXY header.
- "show threads" and the watchdog warnings are using signals to dump the
streams' contents. However there was an indirect pool_alloc() performed
there when retrieving the stream client's source address, and if the
stream had been interrupted inside some pool functions, the re-entrance
could corrupt them and cause random crashes later. It's more visible in
3.1 than older versions due to the watchdog warnings that are non-fatal.
Now the address will be displayed only if it can safely be retrieved.
- similar to the above, "show threads" or a watchdog warning firing while
updating the stream's call_rate frequency counter could cause a deadlock
when trying to display that same frequency counter which would then be
locked. Now only an estimate of the call rate will be reported using a
non-blocking call, which can exceptionally be inaccurate but we don't
care since it's reported only to help spot suspicious streams.
- similar to the above, "show threads" or a watchdog warning firing while
reading the local time could result in a deadlock due to the libc using
a lock internally. Now the haproxy will not attempt to display the local
time from a signal handler.
- the detection of the Rx buffer full condition on the FCGI mux could
trigger too early, causing the CPU to bounce between recv and demux
until the timeout expires.
- maps loaded from a log-format expression were not subject to the
"default-path" global setting, causing particular confusion, due to
the processing order of the configuration.
- a startup race can randomly affect the setting of CPU affinity of
certain threads during boot, if the thread starts faster than the
parent updates the pthread identifier upon return. When it happens,
the affinity setting will often be silently ignored, but on some libs
such as musl, it can also result in a segfault at boot.
- a use-after-free condition was occasionally possible in Lua applets
handling CLI keywords, causing random crashes. It was apparently
difficult to trigger and did apparently not happen before 3.0.
And there were a few other less important ones among which:
- root (or suitable capability) was required for namespaces usage
even in frontend, which is not logical as it's only needed to attach
at run time for backends.
- a few isses on the peers section parser and config consistency checker
possibly causing issues or even a segfault.
- h2: leading and trailing spaces are now properly trimmed in header
values, and streams are reset with NO_ERROR and not CANCEL when the
server responds before the end of the request and closes, making it
clear to the client that the response is valid and not an error.
- servers attached to a ring wouldn't wait before trying to reconnect,
causing connection storms in case of a server failure.
- the H1 mux and general streams were made more robust against dumps
from a signal handler, by not keeping unallocated pointers visible
and making sure certain objects still exist before being displayed.
- the h3 mux will no longer forget to send the FIN when the server
responds before the end of the request. Without this, a client could
remain stuck waiting for it.
- the automatic maxconn value was not calculated correctly for certain
large values of the memmax value passed with "-m" on the command line,
and was falling back to the default 100 used for the master process,
which is extremely low. The limit before it started to misbehave was
around 15-20 GB depending on the setups.
- the age calculation in the "show sess" output was often wrong for
streams just created (e.g. "99d"). This was confusing because grepping
on "age" is something common to detect stuck connections. Speaking of
"show sess", it now supports filtering by frontend/backend/server in
order to only focus on specific points.
And in addition to a few doc updates and cleanups, that's roughly all.
Again, no rush. If you're facing one of the issues above, you can update,
otherwise there's no emergency.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.1/src/
Git repository : https://git.haproxy.org/git/haproxy-3.1.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-3.1.git
Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (2):
BUG/MINOR: h3: do not report transfer as aborted on preemptive response
CLEANUP: h3: fix documentation of h3_rcv_buf()
Aurelien DARRAGON (12):
BUG/MINOR: log: fix outgoing abns address family
BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers
MINOR: clock: always use atomic ops for global_now_ms
CLEANUP: log: removing "log-balance" references
BUG/MINOR: log: set proper smp size for balance log-hash
BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server
BUG/MINOR: cfgparse/peers: properly handle ignored local peer case
BUG/MINOR: server: dont return immediately from parse_server() when
skipping checks
MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or
"server" lines
DOC: management: rename some last occurences from domain "dns" to
"resolvers"
BUG/MINOR: stats: fix capabilities and hide settings for some generic
metrics
BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup()
Christopher Faulet (2):
BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not
empty
BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was
already sent
Damien Claisse (1):
BUG/MINOR: cfgparse-tcp: relax namespace bind check
Dragan Dosen (2):
BUG/MEDIUM: server: properly initialize PROXY v2 TLVs
BUG/MINOR: server: fix the "server-template" prefix memory leak
Valentine Krasnobaeva (4):
BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers
BUG/MEIDUM: startup: return to initial cwd only after
check_config_validity()
MINOR: startup: adjust alert messages, when capabilities are missed
BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if
fd_hard_limit=0
William Lallemand (2):
TESTS: ist: fix wrong array size
CI: github: fix h2spec.config proxy names
Willy Tarreau (27):
BUG/MEDIUM: uxst: fix outgoing abns address family in connect()
BUG/MINOR: stream: do not call co_data() from __strm_dump_to_buffer()
BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info()
MINOR: tinfo: add a new thread flag to indicate a call from a sig handler
BUG/MEDIUM: stream: never allocate connection addresses from signal
handler
MINOR: freq_ctr: provide non-blocking read functions
BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper
BUG/MINOR: h2: always trim leading and trailing LWS in header values
BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer
BUG/MINOR: stream: fix age calculation in "show sess" output
MINOR: stream/cli: rework "show sess" to better consider optional
arguments
MINOR: stream/cli: make "show sess" support filtering on front/back/server
BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity
MINOR: compiler: add a simple macro to concatenate resolved strings
MINOR: compiler: add a new __decl_thread_var() macro to declare local
variables
MINOR: tools: use only opportunistic symbols resolution
BUILD: tools: silence a build warning when USE_THREAD=0
IMPORT: plock: give higher precedence to W than S
IMPORT: plock: lower the slope of the exponential back-off
IMPORT: plock: use cpu_relax() for a shorter time in EBO
MINOR: tinfo: split the signal handler report flags into 3
BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler
MINOR: cli: export cli_io_handler() to ease symbol resolution
MINOR: tools: improve symbol resolution without dl_addr
MINOR: tools: ease the declaration of known symbols in resolve_sym_name()
MINOR: tools: teach resolve_sym_name() a few more common symbols
BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name()
---
