Skip to content

HAproxy-1.7.2
Compare
Choose a tag to compare
@DBezemer DBezemer released this 15 Jan 00:29
· 7 commits to 1.7 since this release
1.7.2
da343c0

HAProxy 1.7.2 was released on 2017/01/13. It added 40 new commits
after version 1.7.1.

The most important fix here is for a regression introduced right before
1.7 release and randomly causing fragmented requests to be flagged as
bad requests depending on the previous buffer contents ; this is more
noticeable under low load with authenticated requests.

A few users having IPv6-only hosts have noticed that we broke support for
resolving such addresses with the recent dynamic resolution changes. This
has been fixed now.

Two users reported an issue with SNI not being properly sent to the server
when health checks were enabled. This was due to the reuse of the SSL
session, which must not be done if the SNI changes. This has also been
fixed.

A few minor improvements were brought as well. Now when configuring http-reuse
with either send-proxy or usesrc clientip, a warning will be emitted. It's
now possible to select all servers on the stats page to perform a grouped
action. It's possible to change the HTTP reason field in responses, and
there's a new sample fetch function "fc_rcvd_proxy" to know whether or not
the proxy protocol was used on the front connection (ie the connection comes
from a trusted client).

The rest is mostly internal infrastructure fixes which doesn't directly
translate into immediately visible bugs.

Overall things are getting better, and aside the 2 or 3 late regressions
everything is pretty normal.

Due to the bad request bug, I encourage every user of 1.7.x to upgrade
to 1.7.2.

Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy

Complete changelog :
Christopher Faulet (2):
BUG/MINOR: Fix the sending function in Lua's cosocket
BUG/MAJOR: channel: Fix the definition order of channel analyzers

David Harrigan (1):
MINOR: stats: Support "select all" for backend actions

Emeric Brun (1):
MINOR: connection: add sample fetch "fc_rcvd_proxy"

Emmanuel Hocdet (1):
BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage

Guillaume de Lafond (1):
DOC: Add timings events schemas

Jarno Huuskonen (2):
MINOR: proto_http.c 502 error txt typo.
DOC: add deprecation notice to "block"

Marcin Deranek (2):
DOC: fix small typo in fe_id (backend instead of frontend)
BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled

Olivier Doucet (1):
BUG/MINOR: option prefer-last-server must be ignored in some case

Robin H. Johnson (1):
MINOR: http: custom status reason.

Ryabin Sergey (1):
BUG/MINOR: Reset errno variable before calling strtol(3)

Thierry FOURNIER (9):
BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
DOC: lua: documentation about time parser functions
DOC: lua: section declared twice
BUG/MINOR: lua/cli: bad error message
BUG/MINOR: lua: memory leak executing tasks
BUG/MINOR: lua: bad return code
BUG/MINOR: stats: fix be/sessions/current out in typed stats
BUILD: lua: build failed on FreeBSD.
BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches
sc*_get_gpt0

William Lallemand (1):
BUG/MINOR: systemd: potential zombie processes

Willy Tarreau (18):
SCRIPTS: git-show-backports: fix a harmless typo
SCRIPTS: git-show-backports: add -H to use the hash of the commit message
BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
BUG/MINOR: http: report real parser state in error captures
BUILD: scripts: automatically update the branch in version.h when
releasing
BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
BUG/MINOR: config: emit a warning if http-reuse is enabled with
incompatible options
BUG/MINOR: tools: fix off-by-one in port size check
BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
MEDIUM: server: split the address and the port into two different fields
MINOR: tools: make str2sa_range() return the port in a separate argument
MINOR: server: take the destination port from the port field, not the addr
MEDIUM: server: disable protocol validations when the server doesn't
resolve
BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
[RELEASE] Released version 1.7.2

Assets 4
Loading