Hi,
HAProxy 3.2-dev16 was released on 2025/05/14. It added 52 new commits
after version 3.2-dev15.
After last week's bugfest, things got way better now. Half of the patches
are bugfixes, mostly of minor importance and covering older versions as
well. The fix for SPOP that was reverted last week was re-done in smaller
chunks, hopefully better now. The issue with the empty argument in config
files that Demi Marie reported was addressed. Now a warning will indicate
where it is and explain that the rest of the line is ignored. We can turn
that into an error for 3.3. Another issue that Demi Marie reported is the
possible use of undesired chars in the :authority H2/H3 header before
reassembling the URI (something that was discussed too late to appear
detailed in the HTTP RFC in 2021 and which ended up with just a single
line basically saying "be careful"). Now we're doing something clean, and
we'll have to do the same for the Host header as well. The locations to do
that efficiently in H1/H2/H3 have been identified, it will be done after
this -dev version.
Aside bugs, there were still a few updates:
- the IPv6 connectivity check used by "dns-family-auto" is now only valid
for 30s and will be automatically rechecked. This ensures that a machine
configured in "auto" mode that boots without network will eventually get
the knowledge of its real connectivity. Note that the test is ultra
cheap (only a route lookup), which is why we can afford to periodically
reverify.
- ACME: it's now possible to manually enable/disable the automatic
scheduler via the global section ("acme.scheduler").
- QUIC: "show quic" now supports "stream" to see a per-stream roll down of
all connections comparable to "show sess", with info about pending data
etc. Also a possibly crashing bug affecting ~dev12 and above was fixed.
- CPU topology: better identification of performance vs efficiency cores.
A new "group-by-ccx" policy was added to only rely on L3 and not clusters
because on small CPUs (laptops & desktops) made of P+E cores, they share
the same L3 and we don't necessarily want to split groups around core
types. The "performance" policy now considers the per-core capacity and
not the per-cluster one, otherwise CPUs with many small cores would
preferably use them, which was not the point. The default limit of number
of threads (256) was raise to 1024 after seeing the limit hit on a dual
EPYC 9845 (640 CPUs total). The max number of thread groups was raised
from 16 to 32 to accommodate for the 20 there. Let's hope such type of
machines doesn't become the norm in the next few years but only remains
exceptional.
- some warnings when certain keywords are used twice in crt-list and
crt-store.
- doc updates: the config doc was a bit reorganized so that stick-tables
and peers have their own section, and so that some sections that landed
in chapter 3 ("global") by accident are now moved away from this. This
results in something more readable overall.
- CI updates to enable unit tests on aws-lc, wolfssl, quictls & musl
- pool debugging: support a new "backup" mode that does like integrity but
keeping an unaltered copy of the area. (used to detect some UAF conditions)
Given how we are now WRT bugs (spending a whole day on doc usually is a
hint), I think we're fine with a release in two weeks. This means that
we'd do yet another -dev17 in the middle of next week, and the final 3.2
the week after, ideally in the middle of the week (let's aim on Wed 28 by
principle, knowing it can move a bit). Of course if horrible things are
discovered in the mean time, it can slip but at this point I'm not seeing
any reason for that to happen.
Those of us not working on their presentations will continue on doc, bugs
and small non-risky stuff till then. BTW if you have complaints about some
stuff in the doc, it's the right moment to raise them. As long as there
are not too many and we don't reorganize everything, it's a good moment to
improve the ability to find what we're looking for there.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.2/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.2/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (6):
BUG/MEDIUM: mux-quic: fix crash on invalid fctl frame dereference
MINOR: quic: account Tx data per stream
MINOR: mux-quic: account Rx data per stream
MINOR: quic: add stream format for "show quic"
MINOR: quic: display QCS info on "show quic stream"
MINOR: quic: display stream age
Aurelien DARRAGON (3):
BUG/MINOR: threads: fix soft-stop without multithreading support
BUG/MINOR: server: dont depend on proxy for server cleanup in srv_drop()
BUG/MINOR: server: perform lbprm deinit for dynamic servers
Christopher Faulet (13):
BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect
documentation
DOC: config: Fix a typo in the "term_events" definition
BUG/MINOR: spoe: Don't report error on applet release if filter is in
DONE state
BUG/MINOR: mux-spop: Don't report error for stream if ACK was already
received
BUG/MINOR: mux-spop: Make the demux stream ID a signed integer
BUG/MINOR: mux-spop: Don't open new streams for SPOP connection on error
MINOR: mux-spop: Don't set SPOP connection state to FRAME_H after ACK
parsing
BUG/MEDIUM: mux-spop: Remove frame parsing states from the SPOP
connection state
BUG/MEDIUM: mux-spop: Properly handle CLOSING state
BUG/MEDIUM: spop-conn: Report short read for partial frames payload
BUG/MEDIUM: mux-spop: Properly detect truncated frames on demux to report
error
BUG/MEDIUM: mux-spop; Don't report a read error if there are pending data
DEBUG: mux-spop: Review some trace messages to adjust the message or the
level
Ilia Shipitsin (6):
CI: AWS-LC(fips): enable unit tests
CI: AWS-LC: enable unit tests
CI: compliance: limit run on forks only to manual + cleanup
CI: musl: enable unit tests
CI: QuicTLS (weekly): limit run on forks only to manual dispatch
CI: WolfSSL: enable unit tests
William Lallemand (7):
MINOR: acme: add the global option 'acme.scheduler'
BUG/MINOR: ssl: doesn't fill conf->crt with first arg
BUG/MINOR: ssl: prevent multiple 'crt' on the same ssl-f-use line
BUG/MINOR: ssl/ckch: always free() the previous entry during parsing
MINOR: tools: ha_freearray() frees an array of string
BUG/MINOR: ssl/ckch: always ha_freearray() the previous entry during
parsing
MINOR: ssl/ckch: warn when the same keyword was used twice
Willy Tarreau (17):
DEBUG: pool: permit per-pool UAF configuration
DEBUG: pools: add a new integrity mode "backup" to copy the released area
MEDIUM: sock-inet: re-check IPv6 connectivity every 30s
BUG/MINOR: tools: improve parse_line()'s robustness against empty args
BUG/MINOR: cfgparse: improve the empty arg position report's robustness
MINOR: http: add a function to validate characters of :authority
BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before
reassembly
BUG/MINOR: cpu-topo: fix group-by-cluster policy for disordered clusters
MINOR: cpu-topo: add a new "group-by-ccx" CPU policy
MINOR: cpu-topo: provide a function to sort clusters by average capacity
MEDIUM: cpu-topo: change "performance" to consider per-core capacity
MEDIUM: cpu-topo: change "efficiency" to consider per-core capacity
MEDIUM: cpu-topo: prefer grouping by CCX for "performance" and
"efficiency"
MEDIUM: config: change default limits to 1024 threads and 32 groups
DOC: config: move address formats definition to section 2
DOC: config: move stick-tables and peers to their own section
DOC: config: move the extraneous sections out of the "global" definition
---
