From: Willy Tarreau Date: Wed, 20 May 2026 15:46:36 +0000 (+0200) Subject: [RELEASE] Released version 3.4-dev13 X-Git-Tag: v3.4-dev13^0 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bcf768f15779fd912cabc397ae323fc5b1eef230;p=thirdparty%2Fhaproxy.git [RELEASE] Released version 3.4-dev13 Released version 3.4-dev13 with the following main changes : - BUG/MINOR: backend: correct parameter value validation in get_server_ph_post() - BUG/MINOR: config/dns: properly fail on duplicate nameserver name detection - BUG/MEDIUM: dns: fix long loops in additional records parse on name failure - BUG/MEDIUM: resolvers: fix name compression pointer validation in resolv_read_name() - BUG/MEDIUM: dns: fix memory leak of sockaddr in dns_session_init() error path - CLEANUP: proxy: fix tiny mistakes in parse error messages - CLEANUP: dns: fix misleading error messages in dns_stream_init() - BUG/MINOR: server: better handling of OOM in srv_set_fqdn() - BUG/MINOR: servers: use proper source of pool_conn_name in srv_settings_cpy() - BUG/MEDIUM: server/cli: unlock server lock on failure in cli_parse_set_server - BUG/MINOR: resolvers: fix dangling list pointer in resolvers_new() error paths - BUG/MINOR: dns: fix dangling dgram pointer on dns_dgram_init() failure path - BUG/MINOR: proxy: use proxy_drop() in parse_new_proxy() error path - CLEANUP: resolvers: properly initialize the sample in resolv_action_do_resolve() - BUG/MINOR: resolvers: report the expression error in the do-resolve() action parser - BUG/MINOR: resolvers: fix leaked dgram and dns_ring struct in parse_resolve_conf() - BUG/MINOR: resolvers: fix leaked fields on cfg_parse_resolvers() error paths - BUG/MINOR: resolvers: fix missing task_idle destruction in resolvers_destroy() - CLEANUP: proxy: fix duplicate declaration of cli_find_frontend in proxy.h - CLEANUP: address a few typos and copy-paste errors in httpclient and dns - DOC: internal: add a few rules about internal core principles - BUG/MINOR: session/trace: use distinct flags for SESS_EV_END and _ERR - CLEANUP: stick-table: uniformize the different action_inc_gpc*() - REGTESTS: do not run quic/tls13_ssl_crt-list_filters in quic openssl compat mode - REGTESTS: quic/issuers_chain_path: do not forget to enable QUIC compat mode - BUG/MINOR: sock: store the connection error status - BUG/MINOR: check: properly report errno in chk_report_conn_err() - CLEANUP: tcpcheck: mention that we're a bit far for a sync errno - BUG/MINOR: jwt: fix possible memory leak in convert_ecdsa_sig() error path - CLEANUP: jwe: fix theoretical overflow in AAD length calculation - DOC: config: further clarify that resolvers "default" exists - MINOR: proxy: remove the experimental status on dynamic backends - BUG/MEDIUM: limits: properly account for global.maxpipes in compute_ideal_maxconn() - BUG/MINOR: jws: fix OpenSSL 3.0 version check from > to >= - BUG/MINOR: jws: Add missing return value check (EVP_PKEY_get_bn_param) - BUG/MINOR: server: Properly handle init-state value during haproxy startup - BUG/MINOR: httpclient-cli: Destroy http-client context if failing to start it - BUG/MEDIUM: h1: Skip all h2c values from Upgrade headers during parsing - BUG/MINOR: h1: Don't mask websocket protocol if multiple protocols used - MINOR: haterm: Don't init haterm master pipe if not used - CLEANUP: haterm: Remove "(too old kernel)" from warning message during init - BUG/MINOR: httpclient-cli: fix uninit variable in error label - MINOR: mux: Rename the "token" from mux_proto_list to mux_proto - MEDIUM: connections: Use both mux_proto and alpn to pick a mux - MINOR: connection: define conn_select_mux_fe() - MINOR: connection: define conn_select_mux_be() - MINOR: connection/mux_quic: add MUX field for QMux handshake - MINOR: proxy/server: reject TCP ALPN h3 without experimental - MEDIUM: ssl: allow h3/QMux negotiation without explicit proto - BUG/MINOR: server: accept server IDs above 2^31 and clarify error message - BUG/MINOR: backend: fix balance hash calculation when using hash-type none - MINOR: server: support hash-key id32 for a cleaner distribution - MINOR: backend: support hash-key guid for a stabler distribution - MINOR: startup: support unprivileged chroot if possible - MEDIUM: startup: add automatic chroot feature - MINOR: h2: explain committed_extra_streams dec on h2_init() error - OPTIM: h2: do not update committed streams if elasticity disabled - MINOR: mux_quic: implement basic committed_extra_streams accounting - MINOR: quic: use stream elasticity value for initial advertisement - MINOR: mux_quic: define ms_bidi_rel QCC member - MAJOR: mux_quic: support stream elasticity during connection lifetime - BUG/MEDIUM: servers: Store the connection hash with the parameter cache - BUG/MINOR: prevent conn leak in case of xprt_qmux init failure - BUILD: traces: set a few __maybe_unused on vars used only for traces - BUILD: traces: add USE_TRACE allowing to disable traces - MINOR: startup: do not execute chroot() when "/" - MEDIUM: startup: warn when chroot is not set for root - BUG/MEDIUM: servers: Don't forget to set srv_hash when needed - DOC: fix typo on QUIC stream.max-concurrent reference - BUG/MINOR: mux_quic: do not exceed stream.max-concurrent on backend side - BUG/MINOR: htx: Fix value of HTX_XFER_HDRS_ONLY flag - MEDIUM: htx: Improve htx_xfer API to not count HTX meta-data - BUG/MEDIUM: applet: Fix transfer of HTX data to the applet - BUG/MEDIUM: htx: Alloc a chunk of right size in htx_replace_blk_value() - MEDIUM: stick-tables: Avoid freeing elements while holding a lock - MINOR: intops: add a multiply overflow detection for ulong and size_t - CLEANUP: tree-wide: use array_size_or_fail() in array size for allocations - DOC: update supported gcc and openssl versions in INSTALL --- diff --git a/CHANGELOG b/CHANGELOG index 27bb0ded2..25ad8f602 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,86 @@ ChangeLog : =========== +2026/05/20 : 3.4-dev13 + - BUG/MINOR: backend: correct parameter value validation in get_server_ph_post() + - BUG/MINOR: config/dns: properly fail on duplicate nameserver name detection + - BUG/MEDIUM: dns: fix long loops in additional records parse on name failure + - BUG/MEDIUM: resolvers: fix name compression pointer validation in resolv_read_name() + - BUG/MEDIUM: dns: fix memory leak of sockaddr in dns_session_init() error path + - CLEANUP: proxy: fix tiny mistakes in parse error messages + - CLEANUP: dns: fix misleading error messages in dns_stream_init() + - BUG/MINOR: server: better handling of OOM in srv_set_fqdn() + - BUG/MINOR: servers: use proper source of pool_conn_name in srv_settings_cpy() + - BUG/MEDIUM: server/cli: unlock server lock on failure in cli_parse_set_server + - BUG/MINOR: resolvers: fix dangling list pointer in resolvers_new() error paths + - BUG/MINOR: dns: fix dangling dgram pointer on dns_dgram_init() failure path + - BUG/MINOR: proxy: use proxy_drop() in parse_new_proxy() error path + - CLEANUP: resolvers: properly initialize the sample in resolv_action_do_resolve() + - BUG/MINOR: resolvers: report the expression error in the do-resolve() action parser + - BUG/MINOR: resolvers: fix leaked dgram and dns_ring struct in parse_resolve_conf() + - BUG/MINOR: resolvers: fix leaked fields on cfg_parse_resolvers() error paths + - BUG/MINOR: resolvers: fix missing task_idle destruction in resolvers_destroy() + - CLEANUP: proxy: fix duplicate declaration of cli_find_frontend in proxy.h + - CLEANUP: address a few typos and copy-paste errors in httpclient and dns + - DOC: internal: add a few rules about internal core principles + - BUG/MINOR: session/trace: use distinct flags for SESS_EV_END and _ERR + - CLEANUP: stick-table: uniformize the different action_inc_gpc*() + - REGTESTS: do not run quic/tls13_ssl_crt-list_filters in quic openssl compat mode + - REGTESTS: quic/issuers_chain_path: do not forget to enable QUIC compat mode + - BUG/MINOR: sock: store the connection error status + - BUG/MINOR: check: properly report errno in chk_report_conn_err() + - CLEANUP: tcpcheck: mention that we're a bit far for a sync errno + - BUG/MINOR: jwt: fix possible memory leak in convert_ecdsa_sig() error path + - CLEANUP: jwe: fix theoretical overflow in AAD length calculation + - DOC: config: further clarify that resolvers "default" exists + - MINOR: proxy: remove the experimental status on dynamic backends + - BUG/MEDIUM: limits: properly account for global.maxpipes in compute_ideal_maxconn() + - BUG/MINOR: jws: fix OpenSSL 3.0 version check from > to >= + - BUG/MINOR: jws: Add missing return value check (EVP_PKEY_get_bn_param) + - BUG/MINOR: server: Properly handle init-state value during haproxy startup + - BUG/MINOR: httpclient-cli: Destroy http-client context if failing to start it + - BUG/MEDIUM: h1: Skip all h2c values from Upgrade headers during parsing + - BUG/MINOR: h1: Don't mask websocket protocol if multiple protocols used + - MINOR: haterm: Don't init haterm master pipe if not used + - CLEANUP: haterm: Remove "(too old kernel)" from warning message during init + - BUG/MINOR: httpclient-cli: fix uninit variable in error label + - MINOR: mux: Rename the "token" from mux_proto_list to mux_proto + - MEDIUM: connections: Use both mux_proto and alpn to pick a mux + - MINOR: connection: define conn_select_mux_fe() + - MINOR: connection: define conn_select_mux_be() + - MINOR: connection/mux_quic: add MUX field for QMux handshake + - MINOR: proxy/server: reject TCP ALPN h3 without experimental + - MEDIUM: ssl: allow h3/QMux negotiation without explicit proto + - BUG/MINOR: server: accept server IDs above 2^31 and clarify error message + - BUG/MINOR: backend: fix balance hash calculation when using hash-type none + - MINOR: server: support hash-key id32 for a cleaner distribution + - MINOR: backend: support hash-key guid for a stabler distribution + - MINOR: startup: support unprivileged chroot if possible + - MEDIUM: startup: add automatic chroot feature + - MINOR: h2: explain committed_extra_streams dec on h2_init() error + - OPTIM: h2: do not update committed streams if elasticity disabled + - MINOR: mux_quic: implement basic committed_extra_streams accounting + - MINOR: quic: use stream elasticity value for initial advertisement + - MINOR: mux_quic: define ms_bidi_rel QCC member + - MAJOR: mux_quic: support stream elasticity during connection lifetime + - BUG/MEDIUM: servers: Store the connection hash with the parameter cache + - BUG/MINOR: prevent conn leak in case of xprt_qmux init failure + - BUILD: traces: set a few __maybe_unused on vars used only for traces + - BUILD: traces: add USE_TRACE allowing to disable traces + - MINOR: startup: do not execute chroot() when "/" + - MEDIUM: startup: warn when chroot is not set for root + - BUG/MEDIUM: servers: Don't forget to set srv_hash when needed + - DOC: fix typo on QUIC stream.max-concurrent reference + - BUG/MINOR: mux_quic: do not exceed stream.max-concurrent on backend side + - BUG/MINOR: htx: Fix value of HTX_XFER_HDRS_ONLY flag + - MEDIUM: htx: Improve htx_xfer API to not count HTX meta-data + - BUG/MEDIUM: applet: Fix transfer of HTX data to the applet + - BUG/MEDIUM: htx: Alloc a chunk of right size in htx_replace_blk_value() + - MEDIUM: stick-tables: Avoid freeing elements while holding a lock + - MINOR: intops: add a multiply overflow detection for ulong and size_t + - CLEANUP: tree-wide: use array_size_or_fail() in array size for allocations + - DOC: update supported gcc and openssl versions in INSTALL + 2026/05/13 : 3.4-dev12 - SCRIPTS: announce-release: add a link to the OpenTelemetry filter - BUG/MEDIUM: servers: Only requeue servers if they are up diff --git a/VERDATE b/VERDATE index bb6222156..f2c679d4d 100644 --- a/VERDATE +++ b/VERDATE @@ -1,2 +1,2 @@ $Format:%ci$ -2026/05/13 +2026/05/20 diff --git a/VERSION b/VERSION index cc74b51ee..7d67c9974 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.4-dev12 +3.4-dev13 diff --git a/doc/configuration.txt b/doc/configuration.txt index 8d2e7605f..34ac0c805 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3,7 +3,7 @@ Configuration Manual ---------------------- version 3.4 - 2026/05/13 + 2026/05/20 This document covers the configuration language as implemented in the version