Hi,
HAProxy 3.0.10 was released on 2025/04/22. It added 47 new commits
after version 3.0.9.
This is the 3.0 backport of what went into 3.1.7, essentially:
- transparent proxy connections at the proxy level ("option transparent")
would not include the destination address in the connection hash
calculation, meaning that idle connections for a different address
than expected could be reused between requests.
- usesrc clientip would accidentally include the client's port in the
hash calculation, resulting in a very low connection reuse ratio.
- a few months ago we addressed the presence of leading/trailing spaces
in H2 header values, but we forgot to do it for h3. This was now done.
In h2 it had been observed that some rare clients keep the space after
the comma when splitting "cookie" values, causing errors between
haproxy and servers, so we can reasonably expect that this would
happen with h3 too if the same clients support both protocols. In
addition, he H3 header sanitization was synchronized with the latest
fixes applied to H2 (filter "upgrade", block invalid chars in URI,
etc).
- TCP/HTTP Lua applets could lose some data when yielding.
- HTTP/1 uploads over reused connections facing a server close (e.g.
keep-alive timeout) could still return a 502 instead of silently
closing if the close was detected while uploading the payload. This
has been seen to cause occasional 502 with short PUT requests on
servers with a short keep-alive timeout. It's now handled correctly
and may even be eligible to L7 retries in case the payload fits
entirely in the buffer.
- an assertion could be violated in QUIC, causing a crash, if an invalid
request is received after the mux had emitted a STOP_SENDING frame.
- stick-tables could learn entries from peers with an expiration date
further in the future than what their own expire time permits, causing
entries resulting from a temporary misconfiguration to be very
difficult to evict from a cluster (e.g. mistakenly write "24d" instead
of "24h" and entries persist for 3 weeks even across reloads). Now the
entries' expiration date will be capped to the stick table's setting.
- the regsub converter, used to perform regex-based substitutions, would
check the remaining room in the buffer against the initially available
size for each replaced pattern instead of checking it against the
remaining size. This was reported by Aleandro Prudenzano of Doyensec
and Edoardo Geraci of Codean Labs, and was assigned CVE-2025-32464.
The risk is quite low since such configs are quite unlikely and in the
rare cases they will happen, the replacement will involve static
contents, thus essentially a risk of crash.
- in some rare cases, forced shutdowns of streams attached to a server
would result in the stream to freeze and stay in this state forever.
It would concern both those killed using "shutdown session" on the
CLI and those killed via on-marked-up, on-marked-down etc.
- regarding the "warning" vs "show threads" race, in 3.0 warnings are
not enabled by default. The minimum strict was backported from 3.1
(address the risk of re-entrance in dladdr) and we might backport more
in the future if needed.
- the epoll workaround that was merged into 3.1.4 using FD generation
was finally backported. It will make reported events 100% trustable
now, and we'll be certain that any reported error was from that socket
and not from an earlier one previously using the same FD.
- the other epoll fix consisting in unregistering listening FDs upon
reload was also backported. Users dealing with long-running old
processes might observe a lower CPU usage on these old processes.
There are also these less important ones:
- the Lua could possibly crash due to a risk of use-after-free in the
Queue API if a resource allocation error happened on the consumption
side and the other side would still push into it.
- in certain rare cases (timing dependent), certain client aborts that
are forwarded to the server could be logged as server aborts ("SD")
instead of client aborts ("CD") depending on which side was checked
first when deciding on the final state.
- logs could sometimes produce an incorrect CBOR encoding. And a "raw"
encoding was also added.
- a few minor fixes on RHTTP, and a few build issues (gcc-15 warnings,
NetBSD failing on CONCAT(), and a few doc fixes.
- the lock fairness improvements that reduce tail latencies on large
AMD CPUs that had been merged into 3.1.6 were also backported since
the gains were significant.
- one case where QUIC could crash on out-of-memory condition when trying
to allocate CRYPTO buffers was addressed. It could be triggered in
memory-constrained environments (i.e. containers). This fix was also
added to 3.1 after the release.
Just like for 3.1, nothing really important in this one, mostly stuff that
only affects rare setups, and a few things that had been pending for a
while, so except for those affected by some of the issues above, there's
no emergency to update. If you've missed a few 3.0 updates, it could be
the right opportunity to deploy a new update. Same if you're still on 2.9
(now end-of-life).
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.0/src/
Git repository : https://git.haproxy.org/git/haproxy-3.0.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-3.0.git
Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (14):
BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local
BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream()
BUG/MINOR: rhttp: fix incorrect dst/dst_port values
BUG/MINOR: backend: do not overwrite srv dst address on reuse
BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
BUG/MEDIUM: h3: trim whitespaces when parsing headers value
BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding
BUG/MINOR: h3: filter upgrade connection header
BUG/MINOR: h3: reject invalid :path in request
BUG/MINOR: h3: reject request URI with invalid characters
BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure
BUG/MINOR: mux-h2: prevent past scheduling with idle connections
BUG/MINOR: rhttp: fix reconnect if timeout connect unset
BUG/MINOR: rhttp: ensure GOAWAY can be emitted after reversal
Aurelien DARRAGON (9):
MINOR: log: support "raw" logformat node typecast
MINOR: task: add thread safe notification_new and notification_wake
variants
BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait()
CLEANUP: log: adjust _lf_cbor_encode_byte() comment
BUG/MINOR: log: fix CBOR encoding with LOG_VARTEXT_START() +
lf_encode_chunk()
BUG/MINOR: hlua: fix invalid errmsg use in hlua_init()
BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers
(2)
BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost
data)
BUG/MINOR: stktable: invalid use of stkctr_set_entry() with mixed table
types
Christopher Faulet (5):
BUG/MEDIUM: stream: Fix a possible freeze during a forced shut on a stream
BUG/MINOR: http-ana: Properly detect client abort when forwarding the
response
BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp
forwarding
DEBUG: stream: Add debug counters to track some client/server aborts
BUG/MEDIUM: mux-fcgi: Properly handle read0 on partial records
Emeric Brun (2):
BUG/MINOR: peers: fix expire learned from a peer not converted from ms to
ticks
BUG/MEDIUM: peers: prevent learning expiration too far in futur from
unsync node
Olivier Houchard (1):
TESTS: Fix build for filltab25.c
Valentine Krasnobaeva (1):
BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init
char arrays
Willy Tarreau (15):
DOC: config: fix two missing "content" in "tcp-request" examples
BUILD: compiler: undefine the CONCAT() macro if already defined
BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex
back-refs
BUG/MINOR: backend: do not use the source port when hashing clientip
DOC: config: add the missing "profiling.memory" to the global kw index
DEBUG: fd: add a counter of takeovers of an FD since it was last opened
MINOR: fd: add a generation number to file descriptors
MINOR: epoll: permit to mask certain specific events
DEBUG: epoll: store and compare the FD's generation count with reported
event
MEDIUM: epoll: skip reports of stale file descriptors
IMPORT: plock: give higher precedence to W than S
IMPORT: plock: lower the slope of the exponential back-off
IMPORT: plock: use cpu_relax() for a shorter time in EBO
BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill()
MINOR: tools: also protect the library name resolution against concurrent
accesses
---
