Softpedia >Linux >Internet >Proxy >HAproxy >  Changelog

HAproxy Changelog

What's new in HAproxy 1.5-dev22

Feb 4, 2014
  • MEDIUM: tcp-check new feature: connect
  • MEDIUM: ssl: Set verify 'required' as global default for servers side.
  • MINOR: ssl: handshake optim for long certificate chains.
  • BUG/MINOR: pattern: pattern comparison executed twice
  • BUG/MEDIUM: map: segmentation fault with the stats's socket command "set map ..."
  • BUG/MEDIUM: pattern: Segfault in binary parser
  • MINOR: pattern: move functions for grouping pat_match_* and pat_parse_* and add documentation.
  • MINOR: standard: The parse_binary() returns the length consumed and his documentation is updated
  • BUG/MINOR: payload: the patterns of the acl "req.ssl_ver" are no parsed with the good function.
  • BUG/MEDIUM: pattern: "pat_parse_dotted_ver()" set bad expect_type.
  • BUG/MINOR: sample: The c_str2int converter does not fail if the entry is not an integer
  • BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
  • MINOR: doc: Bad cli function name.
  • MINOR: http: smp_fetch_capture_header_* fetch captured headers
  • BUILD: last release inadvertently prepended a "+" in front of the date
  • BUG/MEDIUM: stream-int: fix the keep-alive idle connection handler
  • BUG/MEDIUM: backend: do not re-initialize the connection's context upon reuse
  • BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled ones during polling changes"
  • BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
  • MINOR: http: try to stick to same server after status 401/407
  • BUG/MINOR: http: always disable compression on HTTP/1.0
  • OPTIM: poll: restore polling after a poll/stop/want sequence
  • OPTIM: http: don't stop polling for read on the client side after a request
  • BUG/MEDIUM: checks: unchecked servers could not be enabled anymore
  • BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
  • BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
  • BUG/MINOR: stream-int: do not clear the owner upon unregister
  • MEDIUM: stats: add support for HTTP keep-alive on the stats page
  • BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous patch
  • Revert "MEDIUM: stats: add support for HTTP keep-alive on the stats page"
  • MAJOR: channel: add a new flag CF_WAKE_WRITE to notify the task of writes
  • OPTIM: session: set the READ_DONTWAIT flag when connecting
  • BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between requests
  • MINOR: session: factor out the connect time measurement
  • MEDIUM: session: prepare to support earlier transitions to the established state
  • MEDIUM: stream-int: make si_connect() return an established state when possible
  • MINOR: checks: use an inline function for health_adjust()
  • OPTIM: session: put unlikely() around the freewheeling code
  • MEDIUM: config: report a warning when multiple servers have the same name
  • BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want sequence"
  • BUILD/MINOR: listener: remove a glibc warning on accept4()
  • BUG/MAJOR: connection: fix mismatch between rcv_buf's API and usage
  • BUILD: listener: fix recent accept4() again
  • BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
  • BUG/MEDIUM: polling: ensure we update FD status when there's no more activity
  • MEDIUM: listener: fix polling management in the accept loop
  • MINOR: protocol: improve the proto->drain() API
  • MINOR: connection: add a new conn_drain() function
  • MEDIUM: tcp: report in tcp_drain() that lingering is already disabled on close
  • MEDIUM: connection: update callers of ctrl->drain() to use conn_drain()
  • MINOR: connection: add more error codes to report connection errors
  • MEDIUM: tcp: report connection error at the connection level
  • MEDIUM: checks: make use of chk_report_conn_err() for connection errors
  • BUG/MEDIUM: unique_id: HTTP request counter is not stable
  • DOC: fix misleading information about SIGQUIT
  • BUG/MAJOR: fix freezes during compression
  • BUG/MEDIUM: stream-interface: don't wake the task up before end of transfer
  • BUILD: fix VERDATE exclusion regex
  • CLEANUP: polling: rename "spec_e" to "state"
  • DOC: add a diagram showing polling state transitions
  • REORG: polling: rename "spec_e" to "state" and "spec_p" to "cache"
  • REORG: polling: rename "fd_spec" to "fd_cache"
  • REORG: polling: rename the cache allocation functions
  • REORG: polling: rename "fd_process_spec_events()" to "fd_process_cached_events()"
  • MAJOR: polling: rework the whole polling system
  • MAJOR: connection: remove the CO_FL_WAIT_{RD,WR} flags
  • MEDIUM: connection: remove conn_{data,sock}_poll_{recv,send}
  • MEDIUM: connection: add check for readiness in I/O handlers
  • MEDIUM: stream-interface: the polling flags must always be updated in chk_snd_conn
  • MINOR: stream-interface: no need to call fd_stop_both() on error
  • MEDIUM: connection: no need to recheck FD state
  • CLEANUP: connection: use conn_ctrl_ready() instead of checking the flag
  • CLEANUP: connection: use conn_xprt_ready() instead of checking the flag
  • CLEANUP: connection: fix comments in connection.h to reflect new behaviour.
  • OPTIM: raw-sock: don't speculate after a short read if polling is enabled
  • MEDIUM: polling: centralize polled events processing
  • MINOR: polling: create function fd_compute_new_polled_status()
  • MINOR: cli: add more information to the "show info" output
  • MEDIUM: listener: add support for limiting the session rate in addition to the connection rate
  • MEDIUM: listener: apply a limit on the session rate submitted to SSL
  • REORG: stats: move the stats socket states to dumpstats.c
  • MINOR: cli: add the new "show pools" command
  • BUG/MEDIUM: counters: flush content counters after each request
  • BUG/MEDIUM: counters: fix stick-table entry leak when using track-sc2 in connection
  • MINOR: tools: add very basic support for composite pointers
  • MEDIUM: counters: stop relying on session flags at all
  • BUG/MINOR: cli: fix missing break in command line parser
  • BUG/MINOR: config: correctly report when log-format headers require HTTP mode
  • MAJOR: http: update connection mode configuration
  • MEDIUM: http: make keep-alive + httpclose be passive mode
  • MAJOR: http: switch to keep-alive mode by default
  • BUG/MEDIUM: http: fix regression caused by recent switch to keep-alive by default
  • BUG/MEDIUM: listener: improve detection of non-working accept4()
  • BUILD: listener: add fcntl.h and unistd.h
  • BUG/MINOR: raw_sock: correctly set the MSG_MORE flag

New in HAproxy 1.5-dev21 (Dec 17, 2013)

  • MINOR: stats: don't use a monospace font to report numbers
  • MINOR: session: remove debugging code
  • BUG/MAJOR: patterns: fix double free caused by loading strings from files
  • MEDIUM: http: make option http_proxy automatically rewrite the URL
  • BUG/MEDIUM: http: cook_cnt() forgets to set its output type
  • BUG/MINOR: stats: correctly report throttle rate of low weight servers
  • BUG/MEDIUM: checks: servers must not start in slowstart mode
  • BUG/MINOR: acl: parser must also stop at comma on ACL-only keywords
  • MEDIUM: stream-int: implement a very simplistic idle connection manager
  • DOC: update the ROADMAP file

New in HAproxy 1.4.24 (Jun 18, 2013)

  • This version fixes a crash which could occur when a configuration made use of hdr_ip(name,-1) or "usesrc hdr_ip(name)", if the client sent a certain number of values of the requested header.
  • CVE-2013-2175 was assigned to this bug.
  • All users of 1.4 must upgrade or apply the fix.

New in HAproxy 1.5-dev19 (Jun 18, 2013)

  • This release fixes two possible crashes, one of them remotely triggered (CVE-2013-2175) involving use of a negative occurrence number in hdr_* fetches. Other long-standing improvements were finally merged, such as http-response, dynamic setting of priority, DSCP headers, Netfilter mark and log level, transparent proxy on *BSD, fetching of environment variables, conditional PROXY protocol by ACL, 3 parallel stick-counters instead of 2, reworking of the doc to simplify the search of ACL/fetch keywords, and further-improved configuration error reporting. All 1.5 users must upgrade.

New in HAproxy 1.5-dev18 (Apr 4, 2013)

  • This release fixes a security flaw in TCP content inspection when combined with HTTP.
  • 1.5-dev users must upgrade or patch.
  • Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308.
  • No fewer than 43 bugs were fixed in various areas.

New in HAproxy 1.4.23 (Apr 4, 2013)

  • This release fixes a security flaw in the TCP content inspection code when combined with HTTP information.
  • All 1.4 users must upgrade or patch.
  • 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI.
  • Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.

New in HAproxy 1.5-dev17 (Dec 29, 2012)

  • The last known bugs since 1.5-dev15 have been fixed (frozen POSTs, aborted SSL sessions, and occasionally truncated early responses from servers to POST requests).
  • Additionally, a few long-awaited features have been implemented: support for logging anything coming from a sample fetch function using %[] in the log format, as well as passing this to servers in HTTP headers (all SSL information can now be passed this way).
  • The HTML stats page was improved with more detailed information in tips (this was broken in dev16). Users of 1.5-dev12 to 16 are strongly encouraged to upgrade.

New in HAproxy 1.5-dev15 (Dec 13, 2012)

  • The high CPU usage a few users have been experiencing in dev14 is now fixed.
  • A file descriptor leak when logging SSL information was fixed.
  • Some SSL issues with client certs were fixed.
  • SSL handshake errors are now logged.
  • Some incorrect logs of "SD" flags in case of client errors were resolved.
  • The conditions to enable Gzip compression were tightened.
  • Layer 7 information such as the IP address taken from a header can now be tracked.
  • Users of 1.5-dev12..dev14 are encouraged to upgrade.

New in HAproxy 1.5-dev14 (Nov 27, 2012)

  • The SSL stack received many fixes and improvements.
  • It now supports mutual cert authentication, client cert-based ACLs, and a multi-process session cache.
  • Some facilities were offered to support multi-process mode with SSL.
  • Health checks support SSL and the PROXY protocol.
  • HTTP forwarding now supports gzip compression.
  • Recent Linux platforms support TCP FastOpen and accept4().
  • The "bind" statement now supports "v4v6" and "v6only" keywords to decide on the IPv6 binding policy.
  • Many bugs have been fixed, so those using dev12 and dev13 in production are strongly encouraged to upgrade.

New in HAproxy 1.5-dev10 (May 15, 2012)

  • http_auth_group was broken in dev9, and would only validate users without checking groups.
  • The connection's destination address could not be fetched anymore, breaking dst ACL and transparent mode, among other things. "timeout tunnel" has been added for easier WebSocket configuration.
  • A rework of the poller has brought a global performance increase of up to around 10%. Users of 1.5 should not use 1.5-dev9, and should switch to -dev10 instead.

New in HAproxy 1.4.17 (Sep 5, 2011)

  • Last week an issue was discovered with an application emitting spaces after the content-length value, which caused haproxy to report an error when parsing it.
  • After some checks, it appeared that haproxy ought to ignore these spaces, so this was addressed.
  • It was an opportunity to improve invalid request and responses captures, so that any message rejected for its malformation can be captured.
  • A new minor feature making the X-Forwarded-For header addition conditional was added because users had to resort to complex tricks to do that.
  • Last, halog was updated to latest version

New in HAproxy 1.4.14 (Mar 29, 2011)

  • Many bugs were fixed, including http-pretend-keepalive, stuck sessions, balanced url_param with POST requests, incorrect chunk size computations on buffer boundaries, incorrectly set rlimits, incorrect removal of the last header, handling of empty pattern files, and 4GB+ content-length on 32-bit machines.
  • A few improvements were made in the CLI, new ACLs were added, and the efficiency of chunked encoded transfers was improved.
  • All 1.4 users are strongly encouraged to upgrade.

New in HAproxy 1.5-dev5 (Mar 29, 2011)

  • Many changes were made, most of them bugfixes.
  • Server-side IPv6 and server-side PROXY protocol support was added.
  • All other changes are internal architecture changes needed to support server-side keep-alive later.
  • Users of other 1.5 development versions are encouraged to upgrade, with the usual care needed for a development version.

New in HAproxy 1.5-dev5 (Mar 29, 2011)

  • Many changes were made, most of them bugfixes.
  • Server-side IPv6 and server-side PROXY protocol support was added.
  • All other changes are internal architecture changes needed to support server-side keep-alive later.
  • Users of other 1.5 development versions are encouraged to upgrade, with the usual care needed for a development version.

New in HAproxy 1.4.10 (Nov 29, 2010)

  • A possible crash when using Cookie-based persistence with appsessions was fixed.
  • Header processing could become wrong after a single reqidel rule removed exactly two headers.
  • Strict aliasing was explicitly disabled to shut down warnings that are emitted with gcc 4.4.
  • Some out-of-memory conditions were not correctly handled in appsession or cookie captures.
  • A native target was added to make builds easier.
  • Users of appsessions are strongly encouraged to upgrade.

New in HAproxy 1.5-dev3 (Nov 15, 2010)

  • All fixes from version 1.4.9 were merged.
  • Stickiness tables can now be synchronized between multiple active haproxy nodes.
  • Sticky information is also learned from responses, providing support for SSL-ID.
  • Connections can be accepted over Unix sockets.
  • A new PROXY protocol was implemented to let other components (such as stunnel) pass connection information to haproxy.

New in HAproxy 1.5-dev1 (Aug 27, 2010)

  • [BUG] stats: session rate limit gets garbaged in the stats
  • [DOC] mention 'option http-server-close' effect in Tq section
  • [DOC] summarize and highlight persistent connections behaviour
  • [DOC] add configuration samples
  • [BUG] http: dispatch and http_proxy modes were broken for a long time
  • [BUG] http: the transaction must be initialized even in TCP mode
  • [BUG] tcp: dropped connections must be counted as "denied" not "failed"
  • [BUG] consistent hash: balance on all servers, not only 2 !
  • [CONTRIB] halog: report per-server status codes, errors and response times
  • [BUG] http: the transaction must be initialized even in TCP mode (part 2)
  • [BUG] client: always ensure to zero rep->analysers
  • [BUG] session: clear BF_READ_ATTACHED before next I/O
  • [BUG] http: automatically close response if req is aborted
  • [BUG] proxy: connection rate limiting was eating lots of CPU
  • [BUG] http: report correct flags in case of client aborts during body
  • [TESTS] refine non-regression tests and add 4 new tests
  • [BUG] debug: wrong pointer was used to report a status line
  • [BUG] debug: correctly report truncated messages
  • [DOC] document the "dispatch" keyword
  • [BUG] stick_table: fix possible memory leak in case of connection error
  • [CLEANUP] acl: use 'L6' instead of 'L4' in ACL flags relying on contents
  • [MINOR] accept: count the incoming connection earlier
  • [CLEANUP] tcp: move some non tcp-specific layer6 processing out of proto_tcp
  • [CLEANUP] client: move some ACLs away to their respective locations
  • [CLEANUP] rename client -> frontend
  • [MEDIUM] separate protocol-level accept() from the frontend's
  • [MINOR] proxy: add a list to hold future layer 4 rules
  • [MEDIUM] config: parse tcp layer4 rules (tcp-request accept/reject)
  • [MEDIUM] tcp: check for pure layer4 rules immediately after accept()
  • [OPTIM] frontend: tell the compiler that errors are unlikely to occur
  • [MEDIUM] frontend: check for LI_O_TCP_RULES in the listener
  • [MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set
  • [CLEANUP] buffer->cto is not used anymore
  • [MEDIUM] session: finish session establishment sequence in with I/O handlers
  • [MEDIUM] session: initialize server-side timeouts after connect()
  • [MEDIUM] backend: initialize the server stream_interface upon connect()
  • [MAJOR] frontend: don't initialize the server-side stream_int anymore
  • [MEDIUM] session: move the conn_retries attribute to the stream interface
  • [MEDIUM] session: don't assign conn_retries upon accept() anymore
  • [MINOR] frontend: rely on the frontend and not the backend for INDEPSTR
  • [MAJOR] frontend: reorder the session initialization upon accept
  • [MINOR] proxy: add an accept() callback for the application layer
  • [MAJOR] frontend: split accept() into frontend_accept() and session_accept()
  • [MEDIUM] stats: rely on the standard session_accept() function
  • [MINOR] buffer: refine the flags that may wake an analyser up.
  • [MINOR] stream_sock: don't dereference a non-existing frontend
  • [MINOR] session: differenciate between accepted connections and received connections
  • [MEDIUM] frontend: count the incoming connection earlier
  • [MINOR] frontend: count denied TCP requests separately
  • [CLEANUP] stick_table: add/clarify some comments
  • [BUILD] memory: add a few missing parenthesis to the pool management macros
  • [MINOR] stick_table: add support for variable-sized data
  • [CLEANUP] stick_table: rename some stksess struct members to avoid confusion
  • [CLEANUP] stick_table: move pattern to key functions to stick_table.c
  • [MEDIUM] stick_table: add room for extra data types
  • [MINOR] stick_table: add support for "conn_cum" data type.
  • [MEDIUM] stick_table: don't overwrite data when storing an entry
  • [MINOR] config: initialize stick tables after all the parsing
  • [MINOR] stick_table: provide functions to return stksess data from a type
  • [MEDIUM] stick_table: move the server ID to a generic data type
  • [MINOR] stick_table: enable it for frontends too
  • [MINOR] stick_table: export the stick_table_key
  • [MINOR] tcp: add per-source connection rate limiting
  • [MEDIUM] stick_table: separate storage and update of session entries
  • [MEDIUM] stick-tables: add a reference counter to each entry
  • [MINOR] session: add a pointer to the tracked counters for the source
  • [CLEANUP] proto_tcp: make the config parser a little bit more flexible
  • [BUG] config: report the correct proxy type in tcp-request errors
  • [MINOR] config: provide a function to quote args in a more friendly way
  • [BUG] stick_table: the fix for the memory leak caused a regression
  • [MEDIUM] backend: support servers on 0.0.0.0
  • [BUG] stick-table: correctly refresh expiration timers
  • [MEDIUM] stream-interface: add a ->release callback
  • [MINOR] proxy: add a "parent" member to the structure
  • [MEDIUM] session: make it possible to call an I/O handler on both SI
  • [MINOR] tools: add a fast div64_32 function
  • [MINOR] freq_ctr: add new types and functions for periods different from 1s
  • [MINOR] errors: provide new status codes for config parsing functions
  • [BUG] http: denied requests must not be counted as denied resps in listeners
  • [MINOR] tools: add a get_std_op() function to parse operators
  • [MEDIUM] acl: make use of get_std_op() to parse intger ranges
  • [MAJOR] stream_sock: better wakeup conditions on read()
  • [BUG] session: analysers must be checked when SI state changes
  • [MINOR] http: reset analysers to listener's, not frontend's
  • [MEDIUM] session: support "tcp-request content" rules in backends
  • [BUILD] always match official tags when doing git-tar
  • [MAJOR] stream_interface: fix the wakeup conditions for embedded iohandlers
  • [MEDIUM] buffer: make buffer_feed* support writing non-contiguous chunks
  • [MINOR] tcp: src_count acl does not have a permanent result
  • [MAJOR] session: add track-counters to track counters related to the session
  • [MINOR] stick-table: provide a table lookup function
  • [MINOR] stick-table: use suffix "_cnt" for cumulated counts
  • [MEDIUM] session: move counter ACL fetches from proto_tcp
  • [MEDIUM] session: add concurrent connections counter
  • [MEDIUM] session: add data in and out volume counters
  • [MINOR] session: add the trk_conn_cnt ACL keyword to track connection counts
  • [MEDIUM] session-counters: automatically update tracked connection count
  • [MINOR] session: add the trk_conn_cur ACL keyword to track concurrent connection
  • [MINOR] session: add trk_kbytes_* ACL keywords to track data size
  • [MEDIUM] session: add a counter on the cumulated number of sessions
  • [MINOR] config: support a comma-separated list of store data types in stick-table
  • [MEDIUM] stick-tables: add support for arguments to data_types
  • [MEDIUM] stick-tables: add stored data argument type checking
  • [MEDIUM] session counters: add conn_rate and sess_rate counters
  • [MEDIUM] session counters: add bytes_in_rate and bytes_out_rate counters
  • [MINOR] stktable: add a stktable_update_key() function
  • [MINOR] session-counters: add a general purpose counter (gpc0)
  • [MEDIUM] session-counters: add HTTP req/err tracking
  • [MEDIUM] stats: add "show table []" to dump a stick-table
  • [MEDIUM] stats: add "clear table key " to clear table entries
  • [CLEANUP] stick-table: declare stktable_data_types as extern
  • [MEDIUM] stick-table: make use of generic types for stored data
  • [MINOR] stats: correctly report errors on "show table" and "clear table"
  • [MEDIUM] stats: add the ability to dump table entries matching criteria
  • [DOC] configuration: document all the new tracked counters
  • [DOC] stats: document "show table" and "clear table"
  • [MAJOR] session-counters: split FE and BE track counters
  • [MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules
  • [MEDIUM] session counters: automatically remove expired entries.
  • [MEDIUM] config: replace 'tcp-request ' with "tcp-request connection"
  • [MEDIUM] session-counters: make it possible to count connections from frontend
  • [MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters"
  • [MEDIUM] session-counters: correctly unbind the counters tracked by the backend
  • [CLEANUP] stats: use stksess_kill() to remove table entries
  • [DOC] update the references to session counters and to tcp-request connection
  • [DOC] cleanup: split a few long lines
  • [MEDIUM] http: forward client's close when abortonclose is set
  • [BUG] queue: don't dequeue proxy-global requests on disabled servers
  • [BUG] stats: global stats timeout may be specified before stats socket.
  • [BUG] conf: add tcp-request content rules to the correct list

New in HAproxy 1.4.7 (Jun 10, 2010)

  • [BUG] http: dispatch and http_proxy modes were broken for a long time
  • [BUG] http: the transaction must be initialized even in TCP mode
  • [BUG] tcp: dropped connections must be counted as "denied" not "failed"
  • [BUG] consistent hash: balance on all servers, not only 2 !
  • [CONTRIB] halog: report per-server status codes, errors and response times
  • [BUG] http: the transaction must be initialized even in TCP mode (part 2)
  • [BUG] stick_table: fix possible memory leak in case of connection error
  • [BUG] proxy: connection rate limiting was eating lots of CPU
  • [BUG] frontend: always ensure to zero rep->analysers
  • [BUG] http: report correct flags in case of client aborts during body
  • [TESTS] refine non-regression tests and add 4 new tests
  • [BUG] debug: wrong pointer was used to report a status line
  • [BUG] debug: correctly report truncated messages
  • [DOC] document the "dispatch" keyword

New in HAproxy 1.4.4 (Apr 8, 2010)

  • Some people were experiencing optimisation issues with Tomcat and Jetty, with which it was not possible to perform client side keep-alive when the server received a "Connection: close" header. This is due to a strange design choice by which they decide the client is not interested in the response length if it intends to close after the transfer! Well technically that works... most often... Sometimes users may get truncated objects without being aware of that. Anyway, Cyril Bonté had a very smart idea for a workaround : pretend to the server we'll maintain its session alive while it's false. This fixed the problem, and is now available by adding option http-pretend-keepalive to option http-server-close.
  • Jetty's HTTP implementation seems to be the flakiest though. It even manages to send "HTTP/1.1 100 Continue" intermediate responses when the client sends "Expect: 100-continue", but it closes the connection just after that message, resulting in a 502 error for the client.
  • Cyril also fixed an issue with appsession where a cookie whose name begins like the appsession cookie could be mistaken for it. Those issues were enough to justify a new release.
  • Very few other minor fixes were brought there, and a minor feature was added. It consists in being able to bind to a source address found in a header when connecting to a server. Normally this will be the X-Forwarded-For header. This requires use of the Linux kernel TPROXY patches, and makes it possible for backend servers to see the initial client's IP even when several layers of proxies have been passed through.

New in HAproxy 1.4.3 (Apr 2, 2010)

  • [CLEANUP] stats: remove printf format warning in stats_dump_full_sess_to_buffer()
  • [MEDIUM] session: better fix for connection to servers with closed input
  • [DOC] indicate in the doc how to bind to port ranges
  • [BUG] backend: L7 hashing must not be performed on incomplete requests
  • [TESTS] add a simple program to test connection resets
  • [MINOR] cli: "show errors" should display "backend " when backend was not used
  • [MINOR] config: emit warnings when HTTP-only options are used in TCP mode
  • [MINOR] config: allow "slowstart 0s"
  • [BUILD] 'make tags' did not consider files ending in '.c'
  • [MINOR] checks: add the ability to disable a server in the config

New in HAproxy 1.4.2 (Mar 18, 2010)

  • [CLEANUP] product branch update
  • [DOC] Some more documentation cleanups
  • [BUG] clf logs segfault when capturing a non existant header
  • [OPTIM] config: only allocate check buffer when checks are enabled
  • [MEDIUM] checks: support multi-packet health check responses
  • [CLEANUP] session: remove duplicate test
  • [BUG] http: don't wait for response data to leave buffer is client has left
  • [MINOR] proto_uxst: set accept_date upon accept() to the wall clock time
  • [MINOR] stats: don't send empty lines in "show errors"
  • [MINOR] stats: make the data dump function reusable for other purposes
  • [MINOR] stats socket: add show sess to dump details about a session
  • [BUG] stats: connection reset counters must be plain ascii, not HTML
  • [BUG] url_param hash may return a down server
  • [MINOR] force null-termination of hostname
  • [MEDIUM] connect to servers even when the input has already been closed
  • [BUG] don't merge anonymous ACLs !
  • [BUG] config: fix endless loop when parsing "on-error"
  • [MINOR] http: don't mark a server as failed when it returns 501/505
  • [OPTIM] checks: try to detect the end of response without polling again
  • [BUG] checks: don't report an error when recv() returns an error after data
  • [BUG] checks: don't abort when second poll returns an error
  • [MINOR] checks: make shutdown() silently fail
  • [BUG] http: fix truncated responses on chunk encoding when size divides buffer size
  • [BUG] init: unconditionally catch SIGPIPE
  • [BUG] checks: don't wait for a close to start parsing the response

New in HAproxy 1.4.1 (Mar 5, 2010)

  • Some build issues on non-Linux platforms were preventing new 1.4 adopters from trying it. These issues are now fixed. Other issues concerned the appearance of more 502 errors in the logs than with 1.3. This was a bug that caused the status code to be changed to 502 even in case of connection abort during the data transfer. A few new error counters were added to the stats, and other minor issues were fixed. This new version now builds and works on FreeBSD, OpenBSD, OSX, Solaris, AIX and Linux, so let's not wait and release 1.4.1.
  • Also, Solaris users will now be happy, I unpacked and replugged my Ultra5 so the Sparc binary is available again.
  • On a side note, I have removed the link to the haproxy.org mirror because it has been outdated for the last 6 months and even remained 1 week on an expired DNS zone. I failed several times to contact Kevin Kuang there, so I don't even know who manages it now if any. If someone gets in touch with him, please ask him to contact me.

New in HAproxy 1.4 dev7 (Jan 25, 2010)

  • While trying to work on end-to-end keep-alive, I encountered issues that needed to be fixed, so this has delayed dev7 quite a lot, and it does still not have this end-to-end keepalive. Think of it as a much cleaner dev6 instead since many bugs were fixed. The stickiness code sponsored by Exceliance and Loadbalancer.org got merged. Currently, it can almost only learn IP addresses, but it has been designed with an amazing flexibility so that it will be very easy to add stickiness on any request or response criteria. MySQL checks have been introduced and this code will evolve for slightly deeper and more reliable checks. A new "force-persist" statement allows admins to test their servers without opening them to the world, which is very convenient to ensure they're correctly installed and that their customers will not face a lot of crap. And as always, a bunch of bugs in many areas were fixed.

New in HAproxy 1.4 dev6 (Jan 8, 2010)

  • As could be expected, 1.4-dev5 did not work very well. The rule is pretty clear : if you don't like your code, it will fail. Just reread the last post and you'll see that it was destined to fail. With the nice help of Cyril Bonté and Hank A. Paulson, we could spot a lot of bugs and I finally got rid of those parts I found ugly. Now curiously, it works a lot better :-) Also, Krzysztof Oledzki contributed a nice feature he talked about some time ago : the default-server setting. This makes it possible to specify some common settings globally and not have to repeat them for all servers. This is useful for check intervals, maxconn, etc.. So it was time to release 1.4-dev6 so that all those who had a bad experience with 1.4-dev5 can try again. This is the version currently running on the site, so it looks fine.

New in HAproxy 1.3.22 (Oct 15, 2009)

  • This release fixes a regression introduced in 1.3.21 that caused a crash if the stats socket was used.

New in HAproxy 1.4-dev4 (Oct 12, 2009)

  • The stats page was improved a lot with the report of precise health check status.
  • It is now possible to reset the counters without restarting and to change a server's weight live.
  • Consistent hashing was implemented as an optional hashing method.
  • The static round-robin algorithm was reintroduced for people running with more than 4000 servers in a farm.
  • Some ACLs were added to match on queue length.

New in HAproxy 1.3.21 (Oct 12, 2009)

  • Very minor issues were fixed, among which are a timeout which only struck on the second expiration.
  • Support for HTTP 1xx informational messages was added.
  • It is now possible to report the node name on the stats page.
  • Some new ACLs were backported from 1.4 in order to match on IP addresses in headers and on queue length.

New in HAproxy 1.4-dev3 (Sep 24, 2009)

  • The rework of its internal achitecture for more flexibility was continued.
  • This release adds features such as CLF log format, RDP protocol, a new, improved interactive CLI and HTML stats page, support for HTTP+SSL on the same port, more than 64k concurrent connections, smart TCP optimizations to reduce the number of packets in a session, runtime-adjustable buffer size, and support for forcing the TCP MSS on frontends.
  • Keep-alive development has started and SSL integration is planned.
  • The code has stabilized.

New in HAproxy 1.3.20 (Aug 10, 2009)

  • Cristian Ditoiu from transfer.ro reported a major regression when testing 1.3.19. It would crash within a few minutes while 1.3.15.10 was OK. He offered to help so we could run gdb and debug the crash live. We finally found that the crash was the result of a regression introduced by a recent in 1.3.19. I really want to thank him because he spontaneously provided a lot of help and trust to debug this issue which at first glance looked impossible after reading the code and traces, but took less than an hour to spot and fix when caught live in gdb ! It's always pleasant when users show that level of involvement to chase bugs.
  • Another bug was reported by Romuald du Song, who found that option tcplog would log using global parameters if no logger was defined. It can be either helpful or annoying. This is now fixed and a warning is emitted when such a configuration is encountered, so that people running off erroneous configs can easily fix them.
  • This time I expect 1.3.20 to be the good one. It's always a good sign when we fix minor bugs or recent regressions introduced by bug fixes. 1.4-dev2 has also been released to help people track changes in the two versions in parallel.

New in HAproxy 1.3.18 (May 11, 2009)

  • [MEDIUM] add support for "balance hdr(name)"
  • [CLEANUP] give a little bit more information in error message
  • [MINOR] add X-Original-To: header
  • [BUG] x-original-to: fix missing initialization to default value
  • [BUILD] spec file: fix broken pipe during rpmbuild and add man file
  • [MINOR] improve reporting of misplaced acl/reqxxx rules
  • [MEDIUM] http: add options to ignore invalid header names
  • [MEDIUM] http: capture invalid requests/responses even if accepted
  • [BUILD] add format(printf) to printf-like functions
  • [MINOR] fix several printf formats and missing arguments
  • [BUG] stats: total and lbtot are unsigned
  • [MINOR] fix a few remaining printf-like formats on 64-bit platforms
  • [CLEANUP] remove unused make option from haproxy.spec
  • [BUILD] make it possible to pass alternative arch at build time
  • [MINOR] switch all stat counters to 64-bit
  • [MEDIUM] ensure we don't recursively call pool_gc2()
  • [CRITICAL] uninitialized response field can sometimes cause crashes
  • [BUG] fix wrong pointer arithmetics in HTTP message captures
  • [MINOR] rhel init script : support the reload operation
  • [MINOR] add basic signal handling functions
  • [BUILD] add signal.o to all makefiles
  • [MEDIUM] call signal_process_queue from run_poll_loop
  • [MEDIUM] pollers: don't wait if a signal is pending
  • [MEDIUM] convert all signals to asynchronous signals
  • [BUG] O(1) pollers should check their FD before closing it
  • [MINOR] don't close stdio fds twice
  • [MINOR] add options dontlog-normal and log-separate-errors
  • [DOC] minor fixes and rearrangements
  • [BUG] fix parser crash on unconditional tcp content rules
  • [DOC] rearrange the configuration manual and add a summary
  • [MINOR] standard: provide a new 'my_strndup' function
  • [MINOR] implement per-logger log level limitation
  • [MINOR] compute the max of sessions/s on fe/be/srv
  • [MINOR] stats: report max sessions/s and limit in CSV export
  • [MINOR] stats: report max sessions/s and limit in HTML stats
  • [MINOR] stats/html: use the arial font before helvetica

New in HAproxy 1.3.17 (Mar 30, 2009)

  • Bart Bobrowski of who's.amung.us reported abnormal CPU usage with the new version 1.3.16. After a full day of tests and code analysis, I failed to reproduce the issue here, and the bug appeared impossible to me. Bart then offered a lot of help with testing many patches, providing hundreds of megs of traces, so that I could finally fix the issue caused by a nasty race condition. I really appreciate it when users with extreme loads accept to take traces in production, with all the risks that this practise implies. Sometimes it's the only way to get a bug fixed.Thanks Bart!.

New in HAproxy 1.3.16 RC2 (Mar 12, 2009)

  • This release brings new long-awaited features, among which are TCP splicing support, conditional redirection, TCP content filtering, session rate reporting and limiting, invalid request/response capture, binding to specific network interfaces, per-process affinity for frontends and backends, a monotonic internal clock, and many others.
  • The internal architecture has been reworked in layers to ease development, enhance reliability, and improve performance.
  • Performance gains of about 10% are to be expected compared to 1.3.15.

New in HAproxy 1.3.15.8 (Mar 12, 2009)

  • Several minor bugs were fixed, mainly configuration parsing oddities.
  • Another bug affected the way servers may track each other.
  • People using the "track" keyword are encouraged to upgrade.
  • The documentation has been largely updated, covering the log format.

New in HAproxy 1.3.15.7 (Dec 7, 2008)

  • Since 1.3.15.4, problems were fixed with hot-restart where the old process would not always stop, cookie capture was fixed (as it was broken since the frontend/backend split), critical startup errors are now reported on the console, and a failing server will no longer consume pending requests from the global queue. This last problem was the cause of many 503 errors for some people.

New in HAproxy 1.3.15.4 (Sep 15, 2008)

  • The connections regulation mechanism could send more connections than the allowed limit to a server when this server had just rejected a connection attempt; for servers with very low connection limits such as mongrel, this could easily trigger timeouts.
  • The slowstart mechanism could return a limit of zero connections for very low maxconn values, causing servers to re-enter the farm a bit late.

New in HAproxy 1.3.15.3 (Sep 8, 2008)

  • Several timeouts were not correctly updated on some rare occasions.
  • A possible segfault when using "url_param check_post" has been fixed.
  • regparm is disabled on gcc versions < 3. "use_backend" would not correctly consider "unless".
  • This last change should probably be the real reason to upgrade, as check_post is rarely used.