From: Christopher Faulet Date: Fri, 3 Oct 2025 10:12:51 +0000 (+0200) Subject: [RELEASE] Released version 3.3-dev9 X-Git-Tag: v3.3-dev9^0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d0084cb873257a76da9a9fc7e485ef9fdfb65d77;p=thirdparty%2Fhaproxy.git [RELEASE] Released version 3.3-dev9 Released version 3.3-dev9 with the following main changes : - BUG/MINOR: acl: Fix error message about several '-m' parameters - MINOR: server: Parse sni and pool-conn-name expressions in a dedicated function - BUG/MEDIUM: server: Use sni as pool connection name for SSL server only - BUG/MINOR: server: Update healthcheck when server settings are changed via CLI - OPTIM: backend: Don't set SNI for non-ssl connections - OPTIM: proto_rhttp: Don't set SNI for non-ssl connections - OPTIM: tcpcheck: Don't set SNI and ALPN for non-ssl connections - BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections - MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default - MEDIUM: httpcheck/ssl: Base the SNI value on the HTTP host header by default - OPTIM: tcpcheck: Reorder tcpchek_connect structure fields to fill holes - REGTESTS: ssl: Add a script to test the automatic SNI selection - MINOR: quic: add useful trace about padding params values - BUG/MINOR: quic: too short PADDING frame for too short packets - BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET() - BUG/MEDIUM: ssl: Properly initialize msg_controllen. - MINOR: quic: SSL session reuse for QUIC - BUG/MEDIUM: proxy: fix crash with stop_proxy() called during init - MINOR: stats-file: use explicit unsigned integer bitshift for user slots - CLEANUP: quic: fix typo in quic_tx trace - TESTS: quic: add unit-tests for QUIC TX part - MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant - REGTESTS: ssl: Fix the script about automatic SNI selection - BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations - MINOR: pools: Don't dump anymore info about pools when purge is forced - BUG/MINOR: quic: properly support GSO on backend side - BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught - BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states - BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full - BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset - BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding - BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream - BUG/MINOR: hq-interop: adjust parsing/encoding on backend side - OPTIM: check: do not delay MUX for ALPN if SSL not active - BUG/MEDIUM: checks: fix ALPN inheritance from server - BUG/MINOR: check: ensure checks are compatible with QUIC servers - MINOR: check: reject invalid check config on a QUIC server - MINOR: debug: report the process id in warnings and panics - DEBUG: stream: count the number of passes in the connect loop - MINOR: debug: report the number of loops and ctxsw for each thread - MINOR: debug: report the time since last wakeup and call - DEBUG: peers: export functions that use locks - MINOR: stick-table: permit stksess_new() to temporarily allocate more entries - MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed - MEDIUM: stick-tables: give up on lock contention in process_table_expire() - MEDIUM: stick-tables: don't wait indefinitely in stktable_add_pend_updates() - MEDIUM: peers: don't even try to process updates under contention - BUG/MEDIUM: h1: Allow reception if we have early data - BUG/MEDIUM: ssl: create the mux immediately on early data - MINOR: ssl: Add a flag to let it known we have an ALPN negociated - MINOR: ssl: Use the new flag to know when the ALPN has been set. - MEDIUM: server: Introduce the concept of path parameters - CLEANUP: backend: clarify the role of the init_mux variable in connect_server() - CLEANUP: backend: invert the condition to start the mux in connect_server() - CLEANUP: backend: simplify the complex ifdef related to 0RTT in connect_server() - CLEANUP: backend: clarify the cases where we want to use early data - MEDIUM: server: Make use of the stored ALPN stored in the server - BUILD: ssl: address a recent build warning when QUIC is enabled - BUG/MINOR: activity: fix reporting of task latency - MINOR: activity: indicate the number of calls on "show tasks" - MINOR: tools: don't emit "+0" for symbol names which exactly match known ones - BUG/MEDIUM: stick-tables: don't loop on non-expirable entries - DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting - BUG/MEDIUM: ssl: Fix a crash when using QUIC - BUG/MEDIUM: ssl: Fix a crash if we failed to create the mux - MEDIUM: dns: bind the nameserver sockets to the initiating thread - MEDIUM: resolvers: make the process_resolvers() task single-threaded - BUG/MINOR: stick-table: make sure never to miss a process_table_expire update - MEDIUM: stick-table: move process_table_expire() to a single thread - MEDIUM: peers: move process_peer_sync() to a single thread - BUG/MAJOR: stream: Force channel analysis on successful synchronous send - MINOR: quic: get rid of ->target quic_conn struct member - MINOR: quic-be: make SSL/QUIC objects use their own indexes (ssl_qc_app_data_index) - MINOR: quic: display build warning for compat layer on recent OpenSSL - DOC: quic: clarifies limited-quic support - BUG/MINOR: acme: null pointer dereference upon allocation failure - BUG/MEDIUM: jws: return size_t in JWS functions - BUG/MINOR: ssl: Potential NULL deref in trace macro - BUG/MINOR: ssl: Fix potential NULL deref in trace callback - BUG/MINOR: ocsp: prototype inconsistency - MINOR: ocsp: put internal functions as static ones - MINOR: ssl: set functions as static when no protypes in the .h - BUILD: ssl: functions defined but not used - BUG/MEDIUM: resolvers: Properly cache do-resolv resolution - BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers - MINOR: activity: don't report the lat_tot column for show profiling tasks - MINOR: activity: add a new lkw_avg column to show profiling stats - MINOR: activity: collect time spent waiting on a lock for each task - MINOR: thread: add a lock level information in the thread_ctx - MINOR: activity: add a new lkd_avg column to show profiling stats - MINOR: activity: collect time spent with a lock held for each task - MINOR: activity: add a new mem_avg column to show profiling stats - MINOR: activity: collect CPU time spent on memory allocations for each task - MINOR: activity/memory: count allocations performed under a lock - DOC: proxy-protocol: Add TLS group and sig scheme TLVs - BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer - BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value - BUG/MEDIUM: resolvers: Accept to create resolution without hostname - BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester - BUG/MINOR: ocsp: Crash when updating CA during ocsp updates - Revert "BUG/MINOR: ocsp: Crash when updating CA during ocsp updates" - BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common() - MEDIUM: log/proxy: store log-steps selection using a bitmask, not an eb tree - BUG/MINOR: ocsp: Crash when updating CA during ocsp updates - BUG/MINOR: resolvers: always normalize FQDN from response - BUILD: makefile: implement support for running a command in range - IMPORT: cebtree: import version 0.5.0 to support duplicates - MEDIUM: migrate the patterns reference to cebs_tree - MEDIUM: guid: switch guid to more compact cebuis_tree - MEDIUM: server: switch addr_node to cebis_tree - MEDIUM: server: switch conf.name to cebis_tree - MEDIUM: server: switch the host_dn member to cebis_tree - MEDIUM: proxy: switch conf.name to cebis_tree - MEDIUM: stktable: index table names using compact trees - MINOR: proxy: add proxy_get_next_id() to find next free proxy ID - MINOR: listener: add listener_get_next_id() to find next free listener ID - MINOR: server: add server_get_next_id() to find next free server ID - CLEANUP: server: use server_find_by_id() when looking for already used IDs - MINOR: server: add server_index_id() to index a server by its ID - MINOR: listener: add listener_index_id() to index a listener by its ID - MINOR: proxy: add proxy_index_id() to index a proxy by its ID - MEDIUM: proxy: index proxy ID using compact trees - MEDIUM: listener: index listener ID using compact trees - MEDIUM: server: index server ID using compact trees - CLEANUP: server: slightly reorder fields in the struct to plug holes - CLEANUP: proxy: slightly reorganize fields to plug some holes - CLEANUP: backend: factor the connection lookup loop - CLEANUP: server: use eb64_entry() not ebmb_entry() to convert an eb64 - MINOR: server: pass the server and thread to srv_migrate_conns_to_remove() - CLEANUP: backend: use a single variable for removed in srv_cleanup_idle_conns() - MINOR: connection: pass the thread number to conn_delete_from_tree() - MEDIUM: connection: move idle connection trees to ceb64 - MEDIUM: connection: reintegrate conn_hash_node into connection - CLEANUP: tools: use the item API for the file names tree - CLEANUP: vars: use the item API for the variables trees - BUG/MEDIUM: pattern: fix possible infinite loops on deletion - CI: scripts: add support for git in openssl builds - CI: github: add an OpenSSL + ECH job - CI: scripts: mkdir BUILDSSL_TMPDIR - Revert "BUG/MEDIUM: pattern: fix possible infinite loops on deletion" - BUG/MEDIUM: pattern: fix possible infinite loops on deletion (try 2) - CLEANUP: log: remove deadcode in px_parse_log_steps() - MINOR: counters: document that tg shared counters are tied to shm-stats-file mapping - DOC: internals: document the shm-stats-file format/mapping - IMPORT: ebtree: delete unusable ebpttree.c - IMPORT: eb32/eb64: reorder the lookup loop for modern CPUs - IMPORT: eb32/eb64: use a more parallelizable check for lack of common bits - IMPORT: eb32: drop the now useless node_bit variable - IMPORT: eb32/eb64: place an unlikely() on the leaf test - IMPORT: ebmb: optimize the lookup for modern CPUs - IMPORT: eb32/64: optimize insert for modern CPUs - IMPORT: ebtree: only use __builtin_prefetch() when supported - IMPORT: ebst: use prefetching in lookup() and insert() - IMPORT: ebtree: Fix UB from clz(0) - IMPORT: ebtree: add a definition of offsetof() - IMPORT: ebtree: replace hand-rolled offsetof to avoid UB - MINOR: listener: add the "cc" bind keyword to set the TCP congestion controller - MINOR: server: add the "cc" keyword to set the TCP congestion controller - BUG/MEDIUM: ring: invert the length check to avoid an int overflow - MINOR: trace: don't call strlen() on the thread-id numeric encoding - MINOR: trace: don't call strlen() on the function's name - OPTIM: sink: reduce contention on sink_announce_dropped() - OPTIM: sink: don't waste time calling sink_announce_dropped() if busy - CLEANUP: ring: rearrange the wait loop in ring_write() - OPTIM: ring: always relax in the ring lock and leader wait loop - OPTIM: ring: check the queue's owner using a CAS on x86 - OPTIM: ring: avoid reloading the tail_ofs value before the CAS in ring_write() - BUG/MEDIUM: sink: fix unexpected double postinit of sink backend - MEDIUM: stats: consider that shared stats pointers may be NULL - BUG/MEDIUM: http-client: Fix the test on the response start-line - MINOR: acme: acme-vars allow to pass data to the dpapi sink - MINOR: acme: check acme-vars allocation during escaping - BUG/MINOR: acme/cli: wrong description for "acme challenge_ready" - CI: move VTest preparation & friends to dedicated composite action - BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt - BUG/MINOR: compression: Test payload size only if content-length is specified - BUG/MINOR: pattern: Properly flag virtual maps as using samples - BUG/MINOR: acme: possible overflow on scheduling computation - BUG/MINOR: acme: possible overflow in acme_will_expire() - CLEANUP: acme: acme_will_expire() uses acme_schedule_date() - BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix - CI: scripts: build curl with ECH support - CI: github: add curl+ech build into openssl-ech job - BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file - MINOR: acme: provider-name for dpapi sink - BUILD: acme: fix false positive null pointer dereference - MINOR: backend: srv_queue helper - MINOR: backend: srv_is_up converter - BUILD: halog: misleading indentation in halog.c - CI: github: build halog on the vtest job - BUG/MINOR: acme: don't unlink from acme_ctx_destroy() - BUG/MEDIUM: acme: cfg_postsection_acme() don't init correctly acme sections - MINOR: acme: implement "reuse-key" option - ADMIN: haproxy-dump-certs: implement a certificate dumper - ADMIN: dump-certs: don't update the file if it's up to date - ADMIN: dump-certs: create files in a tmpdir - ADMIN: dump-certs: fix lack of / in -p - ADMIN: dump-certs: use same error format as haproxy - ADMIN: reload: add a synchronous reload helper - BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC - ADMIN: reload: introduce verbose and silent mode - ADMIN: reload: introduce -vv mode - MINOR: mt_list: Implement MT_LIST_POP_LOCKED() - BUG/MEDIUM: stick-tables: Make sure not to free a pending entry - MINOR: sched: let's permit to share the local ctx between threads - MINOR: sched: pass the thread number to is_sched_alive() - BUG/MEDIUM: wdt: improve stuck task detection accuracy - MINOR: ssl: add the ssl_bc_sni sample fetch function to retrieve backend SNI - MINOR: rawsock: introduce CO_RFL_TRY_HARDER to detect closures on complete reads - MEDIUM: ssl: don't always process pending handshakes on closed connections - MEDIUM: servers: Schedule the server requeue target on creation - MEDIUM: fwlc: Make it so fwlc_srv_reposition works with unqueued srv - BUG/MEDIUM: fwlc: Handle memory allocation failures. - DOC: config: clarify some known limitations of the json_query() converter - BUG/CRITICAL: mjson: fix possible DoS when parsing numbers - BUG/MINOR: h2: forbid 'Z' as well in header field names checks - BUG/MINOR: h3: forbid 'Z' as well in header field names checks - BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response() --- diff --git a/CHANGELOG b/CHANGELOG index 138ebe5c5..63a5dda47 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,226 @@ ChangeLog : =========== +2025/10/03 : 3.3-dev9 + - BUG/MINOR: acl: Fix error message about several '-m' parameters + - MINOR: server: Parse sni and pool-conn-name expressions in a dedicated function + - BUG/MEDIUM: server: Use sni as pool connection name for SSL server only + - BUG/MINOR: server: Update healthcheck when server settings are changed via CLI + - OPTIM: backend: Don't set SNI for non-ssl connections + - OPTIM: proto_rhttp: Don't set SNI for non-ssl connections + - OPTIM: tcpcheck: Don't set SNI and ALPN for non-ssl connections + - BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections + - MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default + - MEDIUM: httpcheck/ssl: Base the SNI value on the HTTP host header by default + - OPTIM: tcpcheck: Reorder tcpchek_connect structure fields to fill holes + - REGTESTS: ssl: Add a script to test the automatic SNI selection + - MINOR: quic: add useful trace about padding params values + - BUG/MINOR: quic: too short PADDING frame for too short packets + - BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET() + - BUG/MEDIUM: ssl: Properly initialize msg_controllen. + - MINOR: quic: SSL session reuse for QUIC + - BUG/MEDIUM: proxy: fix crash with stop_proxy() called during init + - MINOR: stats-file: use explicit unsigned integer bitshift for user slots + - CLEANUP: quic: fix typo in quic_tx trace + - TESTS: quic: add unit-tests for QUIC TX part + - MINOR: quic: restore QUIC_HP_SAMPLE_LEN constant + - REGTESTS: ssl: Fix the script about automatic SNI selection + - BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations + - MINOR: pools: Don't dump anymore info about pools when purge is forced + - BUG/MINOR: quic: properly support GSO on backend side + - BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught + - BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states + - BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full + - BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset + - BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding + - BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream + - BUG/MINOR: hq-interop: adjust parsing/encoding on backend side + - OPTIM: check: do not delay MUX for ALPN if SSL not active + - BUG/MEDIUM: checks: fix ALPN inheritance from server + - BUG/MINOR: check: ensure checks are compatible with QUIC servers + - MINOR: check: reject invalid check config on a QUIC server + - MINOR: debug: report the process id in warnings and panics + - DEBUG: stream: count the number of passes in the connect loop + - MINOR: debug: report the number of loops and ctxsw for each thread + - MINOR: debug: report the time since last wakeup and call + - DEBUG: peers: export functions that use locks + - MINOR: stick-table: permit stksess_new() to temporarily allocate more entries + - MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed + - MEDIUM: stick-tables: give up on lock contention in process_table_expire() + - MEDIUM: stick-tables: don't wait indefinitely in stktable_add_pend_updates() + - MEDIUM: peers: don't even try to process updates under contention + - BUG/MEDIUM: h1: Allow reception if we have early data + - BUG/MEDIUM: ssl: create the mux immediately on early data + - MINOR: ssl: Add a flag to let it known we have an ALPN negociated + - MINOR: ssl: Use the new flag to know when the ALPN has been set. + - MEDIUM: server: Introduce the concept of path parameters + - CLEANUP: backend: clarify the role of the init_mux variable in connect_server() + - CLEANUP: backend: invert the condition to start the mux in connect_server() + - CLEANUP: backend: simplify the complex ifdef related to 0RTT in connect_server() + - CLEANUP: backend: clarify the cases where we want to use early data + - MEDIUM: server: Make use of the stored ALPN stored in the server + - BUILD: ssl: address a recent build warning when QUIC is enabled + - BUG/MINOR: activity: fix reporting of task latency + - MINOR: activity: indicate the number of calls on "show tasks" + - MINOR: tools: don't emit "+0" for symbol names which exactly match known ones + - BUG/MEDIUM: stick-tables: don't loop on non-expirable entries + - DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting + - BUG/MEDIUM: ssl: Fix a crash when using QUIC + - BUG/MEDIUM: ssl: Fix a crash if we failed to create the mux + - MEDIUM: dns: bind the nameserver sockets to the initiating thread + - MEDIUM: resolvers: make the process_resolvers() task single-threaded + - BUG/MINOR: stick-table: make sure never to miss a process_table_expire update + - MEDIUM: stick-table: move process_table_expire() to a single thread + - MEDIUM: peers: move process_peer_sync() to a single thread + - BUG/MAJOR: stream: Force channel analysis on successful synchronous send + - MINOR: quic: get rid of ->target quic_conn struct member + - MINOR: quic-be: make SSL/QUIC objects use their own indexes (ssl_qc_app_data_index) + - MINOR: quic: display build warning for compat layer on recent OpenSSL + - DOC: quic: clarifies limited-quic support + - BUG/MINOR: acme: null pointer dereference upon allocation failure + - BUG/MEDIUM: jws: return size_t in JWS functions + - BUG/MINOR: ssl: Potential NULL deref in trace macro + - BUG/MINOR: ssl: Fix potential NULL deref in trace callback + - BUG/MINOR: ocsp: prototype inconsistency + - MINOR: ocsp: put internal functions as static ones + - MINOR: ssl: set functions as static when no protypes in the .h + - BUILD: ssl: functions defined but not used + - BUG/MEDIUM: resolvers: Properly cache do-resolv resolution + - BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers + - MINOR: activity: don't report the lat_tot column for show profiling tasks + - MINOR: activity: add a new lkw_avg column to show profiling stats + - MINOR: activity: collect time spent waiting on a lock for each task + - MINOR: thread: add a lock level information in the thread_ctx + - MINOR: activity: add a new lkd_avg column to show profiling stats + - MINOR: activity: collect time spent with a lock held for each task + - MINOR: activity: add a new mem_avg column to show profiling stats + - MINOR: activity: collect CPU time spent on memory allocations for each task + - MINOR: activity/memory: count allocations performed under a lock + - DOC: proxy-protocol: Add TLS group and sig scheme TLVs + - BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer + - BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value + - BUG/MEDIUM: resolvers: Accept to create resolution without hostname + - BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester + - BUG/MINOR: ocsp: Crash when updating CA during ocsp updates + - Revert "BUG/MINOR: ocsp: Crash when updating CA during ocsp updates" + - BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common() + - MEDIUM: log/proxy: store log-steps selection using a bitmask, not an eb tree + - BUG/MINOR: ocsp: Crash when updating CA during ocsp updates + - BUG/MINOR: resolvers: always normalize FQDN from response + - BUILD: makefile: implement support for running a command in range + - IMPORT: cebtree: import version 0.5.0 to support duplicates + - MEDIUM: migrate the patterns reference to cebs_tree + - MEDIUM: guid: switch guid to more compact cebuis_tree + - MEDIUM: server: switch addr_node to cebis_tree + - MEDIUM: server: switch conf.name to cebis_tree + - MEDIUM: server: switch the host_dn member to cebis_tree + - MEDIUM: proxy: switch conf.name to cebis_tree + - MEDIUM: stktable: index table names using compact trees + - MINOR: proxy: add proxy_get_next_id() to find next free proxy ID + - MINOR: listener: add listener_get_next_id() to find next free listener ID + - MINOR: server: add server_get_next_id() to find next free server ID + - CLEANUP: server: use server_find_by_id() when looking for already used IDs + - MINOR: server: add server_index_id() to index a server by its ID + - MINOR: listener: add listener_index_id() to index a listener by its ID + - MINOR: proxy: add proxy_index_id() to index a proxy by its ID + - MEDIUM: proxy: index proxy ID using compact trees + - MEDIUM: listener: index listener ID using compact trees + - MEDIUM: server: index server ID using compact trees + - CLEANUP: server: slightly reorder fields in the struct to plug holes + - CLEANUP: proxy: slightly reorganize fields to plug some holes + - CLEANUP: backend: factor the connection lookup loop + - CLEANUP: server: use eb64_entry() not ebmb_entry() to convert an eb64 + - MINOR: server: pass the server and thread to srv_migrate_conns_to_remove() + - CLEANUP: backend: use a single variable for removed in srv_cleanup_idle_conns() + - MINOR: connection: pass the thread number to conn_delete_from_tree() + - MEDIUM: connection: move idle connection trees to ceb64 + - MEDIUM: connection: reintegrate conn_hash_node into connection + - CLEANUP: tools: use the item API for the file names tree + - CLEANUP: vars: use the item API for the variables trees + - BUG/MEDIUM: pattern: fix possible infinite loops on deletion + - CI: scripts: add support for git in openssl builds + - CI: github: add an OpenSSL + ECH job + - CI: scripts: mkdir BUILDSSL_TMPDIR + - Revert "BUG/MEDIUM: pattern: fix possible infinite loops on deletion" + - BUG/MEDIUM: pattern: fix possible infinite loops on deletion (try 2) + - CLEANUP: log: remove deadcode in px_parse_log_steps() + - MINOR: counters: document that tg shared counters are tied to shm-stats-file mapping + - DOC: internals: document the shm-stats-file format/mapping + - IMPORT: ebtree: delete unusable ebpttree.c + - IMPORT: eb32/eb64: reorder the lookup loop for modern CPUs + - IMPORT: eb32/eb64: use a more parallelizable check for lack of common bits + - IMPORT: eb32: drop the now useless node_bit variable + - IMPORT: eb32/eb64: place an unlikely() on the leaf test + - IMPORT: ebmb: optimize the lookup for modern CPUs + - IMPORT: eb32/64: optimize insert for modern CPUs + - IMPORT: ebtree: only use __builtin_prefetch() when supported + - IMPORT: ebst: use prefetching in lookup() and insert() + - IMPORT: ebtree: Fix UB from clz(0) + - IMPORT: ebtree: add a definition of offsetof() + - IMPORT: ebtree: replace hand-rolled offsetof to avoid UB + - MINOR: listener: add the "cc" bind keyword to set the TCP congestion controller + - MINOR: server: add the "cc" keyword to set the TCP congestion controller + - BUG/MEDIUM: ring: invert the length check to avoid an int overflow + - MINOR: trace: don't call strlen() on the thread-id numeric encoding + - MINOR: trace: don't call strlen() on the function's name + - OPTIM: sink: reduce contention on sink_announce_dropped() + - OPTIM: sink: don't waste time calling sink_announce_dropped() if busy + - CLEANUP: ring: rearrange the wait loop in ring_write() + - OPTIM: ring: always relax in the ring lock and leader wait loop + - OPTIM: ring: check the queue's owner using a CAS on x86 + - OPTIM: ring: avoid reloading the tail_ofs value before the CAS in ring_write() + - BUG/MEDIUM: sink: fix unexpected double postinit of sink backend + - MEDIUM: stats: consider that shared stats pointers may be NULL + - BUG/MEDIUM: http-client: Fix the test on the response start-line + - MINOR: acme: acme-vars allow to pass data to the dpapi sink + - MINOR: acme: check acme-vars allocation during escaping + - BUG/MINOR: acme/cli: wrong description for "acme challenge_ready" + - CI: move VTest preparation & friends to dedicated composite action + - BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt + - BUG/MINOR: compression: Test payload size only if content-length is specified + - BUG/MINOR: pattern: Properly flag virtual maps as using samples + - BUG/MINOR: acme: possible overflow on scheduling computation + - BUG/MINOR: acme: possible overflow in acme_will_expire() + - CLEANUP: acme: acme_will_expire() uses acme_schedule_date() + - BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix + - CI: scripts: build curl with ECH support + - CI: github: add curl+ech build into openssl-ech job + - BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file + - MINOR: acme: provider-name for dpapi sink + - BUILD: acme: fix false positive null pointer dereference + - MINOR: backend: srv_queue helper + - MINOR: backend: srv_is_up converter + - BUILD: halog: misleading indentation in halog.c + - CI: github: build halog on the vtest job + - BUG/MINOR: acme: don't unlink from acme_ctx_destroy() + - BUG/MEDIUM: acme: cfg_postsection_acme() don't init correctly acme sections + - MINOR: acme: implement "reuse-key" option + - ADMIN: haproxy-dump-certs: implement a certificate dumper + - ADMIN: dump-certs: don't update the file if it's up to date + - ADMIN: dump-certs: create files in a tmpdir + - ADMIN: dump-certs: fix lack of / in -p + - ADMIN: dump-certs: use same error format as haproxy + - ADMIN: reload: add a synchronous reload helper + - BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC + - ADMIN: reload: introduce verbose and silent mode + - ADMIN: reload: introduce -vv mode + - MINOR: mt_list: Implement MT_LIST_POP_LOCKED() + - BUG/MEDIUM: stick-tables: Make sure not to free a pending entry + - MINOR: sched: let's permit to share the local ctx between threads + - MINOR: sched: pass the thread number to is_sched_alive() + - BUG/MEDIUM: wdt: improve stuck task detection accuracy + - MINOR: ssl: add the ssl_bc_sni sample fetch function to retrieve backend SNI + - MINOR: rawsock: introduce CO_RFL_TRY_HARDER to detect closures on complete reads + - MEDIUM: ssl: don't always process pending handshakes on closed connections + - MEDIUM: servers: Schedule the server requeue target on creation + - MEDIUM: fwlc: Make it so fwlc_srv_reposition works with unqueued srv + - BUG/MEDIUM: fwlc: Handle memory allocation failures. + - DOC: config: clarify some known limitations of the json_query() converter + - BUG/CRITICAL: mjson: fix possible DoS when parsing numbers + - BUG/MINOR: h2: forbid 'Z' as well in header field names checks + - BUG/MINOR: h3: forbid 'Z' as well in header field names checks + - BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response() + 2025/09/05 : 3.3-dev8 - BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW - BUG/MINOR: quic-be: missing Initial packet number space discarding diff --git a/VERDATE b/VERDATE index 4be54261a..0e8fcefd3 100644 --- a/VERDATE +++ b/VERDATE @@ -1,2 +1,2 @@ $Format:%ci$ -2025/09/05 +2025/10/03 diff --git a/VERSION b/VERSION index 4aca116b1..6a774aa9a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.3-dev8 +3.3-dev9 diff --git a/doc/configuration.txt b/doc/configuration.txt index 5addf6c53..7f56e5eeb 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3,7 +3,7 @@ Configuration Manual ---------------------- version 3.3 - 2025/09/05 + 2025/10/03 This document covers the configuration language as implemented in the version