Hi,
HAProxy 1.7.4 was released on 2017/03/27. It added 36 new commits
after version 1.7.3.
The most important ones concern a regression unveiled by a fix introduced
in 1.7.3 (which itself allowed to spot another one), another issue where
clients could occasionally get a 503 when compression was enabled, and a
risk of memory leak if a redirect is enabled on http-response with compression
enabled. Other less important bugs were fixed such as an incorrect requirement
to run as root to bind on a network interface, incorrect handling of the
client-fin/server-fin timeouts occasionally leading to a busy loop or not
being applied at all, an issue with "disable/enable frontend" on the CLI in
multi-process mode, and the incorrect detection of a shutdown() received
after a response causing haproxy to emit an RST too often in case of
server-close even when it had all the information to close cleanly. There
were a bunch of minor fixes and doc updates as well.
All users of 1.7 should definitely upgrade.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Andriy Palamarchuk (4):
DOC/MINOR: Fix typos in proxy protocol doc
DOC: Protocol doc: add checksum, TLV type ranges
DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
DOC: Protocol doc: add noop TLV
Christopher Faulet (4):
BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
BUG/MAJOR: http: fix typo in http_apply_redirect_rule
Cyril Bonté (1):
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
Emmanuel Hocdet (1):
BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
Felipe Guerreiro Barbosa Ruiz (1):
BUG: payload: fix payload not retrieving arbitrary lengths
Frédéric Lécaille (2):
BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
MINOR: server: irrelevant error message with 'default-server' config file keyword.
Hongbo Long (1):
BUG/MEDIUM: stream: fix client-fin/server-fin handling
Janusz Dziemidowicz (1):
BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
Lukas Tribus (2):
MINOR: doc: 2.4. Examples should be 2.5. Examples
MINOR: doc: fix use-server example (imap vs mail)
Nenad Merdanovic (2):
BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
BUG/MINOR: Fix "get map <map> <value>" CLI command
Steven Davidovitz (1):
BUG/MINOR: checks: attempt clean shutw for SSL check
Willy Tarreau (16):
MINOR: config: warn when some HTTP rules are used in a TCP proxy
BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
CONTRIB: tcploop: add limits.h to fix build issue with some compilers
CONTRIB: tcploop: make it build on FreeBSD
CONTRIB: tcploop: fix time format to silence build warnings
CONTRIB: tcploop: report action 'K' (kill) in usage message
CONTRIB: tcploop: fix connect's address length
CONTRIB: tcploop: use the trash instead of NULL for recv()
BUG/MEDIUM: listener: do not try to rebind another process' socket
BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
BUG/MEDIUM: connection: ensure to always report the end of handshakes
MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
BUG/MEDIUM: tcp: don't require privileges to bind to device
BUILD: make the release script use shortlog for the final changelog
BUILD: scripts: fix typo in announce-release error message
---
HAProxy 1.7.4 was released on 2017/03/27. It added 36 new commits
after version 1.7.3.
The most important ones concern a regression unveiled by a fix introduced
in 1.7.3 (which itself allowed to spot another one), another issue where
clients could occasionally get a 503 when compression was enabled, and a
risk of memory leak if a redirect is enabled on http-response with compression
enabled. Other less important bugs were fixed such as an incorrect requirement
to run as root to bind on a network interface, incorrect handling of the
client-fin/server-fin timeouts occasionally leading to a busy loop or not
being applied at all, an issue with "disable/enable frontend" on the CLI in
multi-process mode, and the incorrect detection of a shutdown() received
after a response causing haproxy to emit an RST too often in case of
server-close even when it had all the information to close cleanly. There
were a bunch of minor fixes and doc updates as well.
All users of 1.7 should definitely upgrade.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Andriy Palamarchuk (4):
DOC/MINOR: Fix typos in proxy protocol doc
DOC: Protocol doc: add checksum, TLV type ranges
DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
DOC: Protocol doc: add noop TLV
Christopher Faulet (4):
BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
BUG/MAJOR: http: fix typo in http_apply_redirect_rule
Cyril Bonté (1):
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
Emmanuel Hocdet (1):
BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
Felipe Guerreiro Barbosa Ruiz (1):
BUG: payload: fix payload not retrieving arbitrary lengths
Frédéric Lécaille (2):
BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
MINOR: server: irrelevant error message with 'default-server' config file keyword.
Hongbo Long (1):
BUG/MEDIUM: stream: fix client-fin/server-fin handling
Janusz Dziemidowicz (1):
BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
Lukas Tribus (2):
MINOR: doc: 2.4. Examples should be 2.5. Examples
MINOR: doc: fix use-server example (imap vs mail)
Nenad Merdanovic (2):
BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
BUG/MINOR: Fix "get map <map> <value>" CLI command
Steven Davidovitz (1):
BUG/MINOR: checks: attempt clean shutw for SSL check
Willy Tarreau (16):
MINOR: config: warn when some HTTP rules are used in a TCP proxy
BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
CONTRIB: tcploop: add limits.h to fix build issue with some compilers
CONTRIB: tcploop: make it build on FreeBSD
CONTRIB: tcploop: fix time format to silence build warnings
CONTRIB: tcploop: report action 'K' (kill) in usage message
CONTRIB: tcploop: fix connect's address length
CONTRIB: tcploop: use the trash instead of NULL for recv()
BUG/MEDIUM: listener: do not try to rebind another process' socket
BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
BUG/MEDIUM: connection: ensure to always report the end of handshakes
MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
BUG/MEDIUM: tcp: don't require privileges to bind to device
BUILD: make the release script use shortlog for the final changelog
BUILD: scripts: fix typo in announce-release error message
---