Feature update for haproxy

Announcement ID:	SUSE-FU-2023:2117-1
Rating:	moderate
References:	bsc#1207181 bsc#1208132 jsc#PED-3821
Cross-References:	CVE-2023-0056 CVE-2023-25725
CVSS scores:	CVE-2023-0056 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0056 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-25725 ( SUSE ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L CVE-2023-25725 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves two vulnerabilities and contains one feature can now be installed.

Description:

This update for haproxy fixes the following issues:

Update to version 2.0.31 (jsc#PED-3821):

BUG/CRITICAL: http: properly reject empty http header field names
CI: github: don't warn on deprecated openssl functions on windows
DOC: proxy-protocol: fix wrong byte in provided example
DOC: config: 'http-send-name-header' option may be used in default section
DOC: config: fix option spop-check proxy compatibility
BUG/MEDIUM: cache: use the correct time reference when comparing dates
BUG/MEDIUM: stick-table: do not leave entries in end of window during purge
BUG/MEDIUM: ssl: wrong eviction from the session cache tree
BUG/MINOR: http-ana: make set-status also update txn->status
BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state
BUG/MINOR: promex: Don't forget to consume the request on error
BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action
BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
BUILD: makefile: sort the features list
BUILD: makefile: build the features list dynamically
BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats
BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set
LICENSE: wurfl: clarify the dummy library license.
BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout
BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers
BUG/MINOR: ssl: Fix potential overflow
BUG/MEDIUM: ssl: Verify error codes can exceed 63
CI: github: change "ubuntu-latest" to "ubuntu-20.04"
SCRIPTS: announce-release: add a link to the data plane API
[RELEASE] Released version 2.0.30
Revert "CI: determine actual LibreSSL version dynamically"
DOC: config: clarify the -m dir and -m dom pattern matching methods
DOC: config: clarify the fact that "retries" is not just for connections
DOC: config: explain how default matching method for ACL works
DOC: config: clarify the fact that SNI should not be used in HTTP scenarios
DOC: config: provide some configuration hints for "http-reuse"
BUILD: listener: fix build warning on global_listener_rwlock without threads
BUILD: peers: Remove unused variables
BUG/MEDIUM: peers: messages about unkown tables not correctly ignored
BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task
CI: emit the compiler's version in the build reports
CI: add monthly gcc cross compile jobs
BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task
BUG/MAJOR: stick-table: don't process store-response rules for applets
DOC: management: add forgotten "show startup-logs"
CI: Replace the deprecated ::set-output command by writing to $GITHUB_OUTPUT in workflow definition
CI: Replace the deprecated ::set-output command by writing to $GITHUB_OUTPUT in matrix.py
BUG/MAJOR: stick-tables: do not try to index a server name for applets
DOC: configuration: missing 'if' in tcp-request content example
BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os
BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth()
BUG/MEDIUM: lua: handle stick table implicit arguments right.
BUILD: cfgparse: Fix GCC warning about a variable used after realloc
BUILD: fix compilation for OpenSSL-3.0.0-alpha17
BUG/MINOR: log: improper behavior when escaping log data
SCRIPTS: announce-release: update some URLs to https
BUG/MEDIUM: captures: free() an error capture out of the proxy lock
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
BUG/MINOR: signals/poller: ensure wakeup from signals
BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals
BUG/MINOR: h1: Support headers case adjustment for TCP proxies
REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date
BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
DOC: configuration: do-resolve doesn't work with a port in the string
BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config()
BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
BUILD: http: silence an uninitialized warning affecting gcc-5
BUG/MEDIUM: proxy: Perform a custom copy for default server settings
REORG: server: Export srv_settings_cpy() function
MINOR: server: Constify source server to copy its settings
BUG/MINOR: peers: Use right channel flag to consider the peer as connected
BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer
BUG/MINOR: ssl: free the fields in srv->ssl_ctx
BUG/MINOR: sockpair: wrong return value for fd_send_uxst()
BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
BUG/MINOR: peers: fix possible NULL dereferences at config parsing
BUG/MINOR: peers/config: always fill the bind_conf's argument
BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch
BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created
BUG/MINOR: server: do not enable DNS resolution on disabled proxies
BUILD: compiler: implement unreachable for older compilers too
REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients
REGTESTS: abortonclose: Add a barrier to not mix up log messages
BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
DOC: peers: fix port number and addresses on new peers section format
DOC: peers: clarify when entry expiration date is renewed.
DOC: peers: indicate that some server settings are not usable
SCRIPTS: make publish-release try to launch make-releases-json
SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs
BUG/MEDIUM: sample: Fix adjusting size in word converter
BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section
BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections
BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols
BUG/MINOR: peers: fix error reporting of "bind" lines
REGTESTS: abortonclose: Fix some race conditions
BUILD: fix build warning on solaris based systems with __maybe_unused.
CI: determine actual LibreSSL version dynamically
[RELEASE] Released version 2.0.29
BUG/MINOR: ssl: fix build on development versions of openssl-1.1.x
CLEANUP: mux-h1: Fix comments and error messages for global options
BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized
BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
DOC: fix typo "ant" for "and" in INSTALL
BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init
BUG/MINOR: map/cli: protect the backref list during "show map" errors
BUG/MEDIUM: cli: make "show cli sockets" really yield
BUG/MINOR: mux-h2: mark the stream as open before processing it not after
SCRIPTS: announce-release: add URL of dev packages
CI: github actions: update LibreSSL to 3.5.2
BUILD: sockpair: do not set unused flag
BUILD: proto_uxst: do not set unused flag
BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all()
REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
DOC: remove my name from the config doc
BUG/MINOR: cache: Disable cache if applet creation fails
SCRIPTS: announce-release: add shortened links to pending issues
DOC: lua: update a few doc URLs
SCRIPTS: announce-release: update the doc's URL
BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive
BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
BUG/MINOR: cache: do not display expired entries in "show cache"
BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
CI: Update to actions/cache@v3
CI: Update to actions/checkout@v3
BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
DOC: reflect H2 timeout changes
BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
MEDIUM: mux-h2: slightly relax timeout management rules
BUG/MEDIUM: stream-int: do not rely on the connection error once established
BUG/MINOR: tools: url2sa reads too far when no port nor path
BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
CI: github actions: switch to LibreSSL-3.5.1
BUILD: dns: fix backport of previous dns fix
BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket
Revert "BUG/MAJOR: mux-pt: Always destroy the backend connection on detach"
BUG/MINOR: tools: fix url2sa return value with IPv4
[RELEASE] Released version 2.0.28
DOC: Fix usage/examples of deprecated ACLs
BUG/MINOR: stream: make the call_rate only count the no-progress calls
DOC: use the req.ssl_sni in examples
DOC: ssl: req_ssl_sni needs implicit TLS
BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: cli: shows correct mode in "show sess"
BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
CLEANUP: atomic: add a fetch-and-xxx variant for common operations
CI: github actions: use cache for SSL libs
CI: github actions: add the output of $CC -dM -E-
BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
BUG/MINOR: tools: url2sa reads ipv4 too far
BUG/MINOR: mailers: negotiate SMTP, not ESMTP
CI: ssl: keep the old method for ancient OpenSSL versions
CI: ssl: do not needlessly build the OpenSSL docs
CI: ssl: enable parallel builds for OpenSSL on Linux
BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
BUG/MEDIUM: mworker: close unused transferred FDs on load failure
MINOR: sock: move the unused socket cleaning code into its own function
BUG/MAJOR: spoe: properly detach all agents when releasing the applet
BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
BUG/MINOR: mworker: does not erase the pidfile upon reload
BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
BUG/MEDIUM: mcli: do not try to parse empty buffers
BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
MINOR: channel: add new function co_getdelim() to support multiple delimiters
MEDIUM: cli: yield between each pipelined command
[RELEASE] Released version 2.0.27
BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
BUG/MEDIUM: cli: Never wait for more data on client shutdown
BUILD/MINOR: fix solaris build with clang.
BUG/MEDIUM: mworker: don't use _getsocks in wait mode
BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
BUG/MINOR: cli: fix _getsocks with musl libc
CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free
BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
DOC: fix misspelled keyword "resolve_retries" in resolvers
BUILD: ssl: unbreak the build with newer libressl
BUILD: cli: clear a maybe-unused warning on some older compilers
BUG/MINOR: http: fix recent regression on authorization in legacy mode
Revert "BUG/MEDIUM: resolvers: always check a valid item in query_list"
BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose
BUG/MINOR: backend: do not set sni on connection reuse
BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
DOC: config: Specify %Ta is only available in HTTP mode
DOC: spoe: Clarify use of the event directive in spoe-message section
MINOR: ssl: make tlskeys_list_get_next() take a list element
CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next()
CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next()
BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
MINOR: cli: "show version" displays the current process version
BUILD: general: always pass unsigned chars to is* functions
CLEANUP: peers: Remove unused static function free_dcache_tx
CLEANUP: peers: Remove unused static function free_dcache
REGTESTS: mark the abns test as broken again
BUILD: scripts/build-ssl.sh: use "uname" instead of ${TRAVIS_OS_NAME}
BUILD: makefile: add entries to build common debugging tools
CI: Github Actions: temporarily disable BoringSSL builds
CI: Github Actions: switch to LibreSSL-3.3.3
CI: github actions: update LibreSSL to 3.2.5
Revert "CI: Pin VTest to a known good commit"
CI: github actions: switch to stable LibreSSL release
CI: Fix the coverity builds
CI: Fix DEBUG_STRICT definition for Coverity
CI: Pin VTest to a known good commit
CI: github actions: build several popular "contrib" tools
CI: GitHub Actions: enable daily Coverity scan
CI: github actions: enable 51degrees feature
CI: github actions: update LibreSSL to 3.3.0
CI: Clean up Windows CI
CI: Pass the github.event_name to matrix.py
CI: Github Action: run "apt-get update" before packages restore
CI: Github Actions: enable BoringSSL builds
CI: Github Actions: remove LibreSSL-3.0.2 builds
CI: Github Actions: enable prometheus exporter
CI: Stop hijacking the hosts file
CI: Expand use of GitHub Actions for CI
[RELEASE] Released version 2.0.26
BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found
BUG/MINOR: shctx: do not look for available blocks when the first one is enough
BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found
BUG/MEDIUM: mux-h2: always process a pending shut read
BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3
CLEANUP: ssl: Release cached SSL sessions on deinit
MINOR: mux-h2: perform a full cycle shutdown+drain on close
MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close
BUG/MINOR: stick-table/cli: Check for invalid ipv6 key
BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent
BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value
BUG/MINOR: mworker: doesn't launch the program postparser
BUG/MEDIUM: conn-stream: Don't reset CS flags on close
BUG/MINOR: http-ana: Apply stop to the current section for http-response rules
DOC: config: Fix typo in ssl_fc_unique_id description
BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value
BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
MINOR: htx: Add a function to know if the free space wraps
MINOR: htx: Add an HTX flag to know when a message is fragmented
BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
MINOR: stream: Improve dump of bogus streams
DOC: config: Fix alphabetical order of fc_* samples
BUG/MINOR: http: Authorization value can have multiple spaces after the scheme
BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration
CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT
CLEANUP: always initialize the answer_list
CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records()
BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame
BUG/MEDIUM: resolvers: always check a valid item in query_list
BUILD: resolvers: avoid a possible warning on null-deref
MINOR: resolvers: merge address and target into a union "data"
BUG/MEDIUM: resolvers: use correct storage for the target address
BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix
MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero
BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records
BUG/MEDIUM: resolver: make sure to always use the correct hostname length
MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero
BUG/MEDIUM: sample: properly verify that variables cast to sample
MINOR: sample: provide a generic var-to-sample conversion function
CLEANUP: sample: uninline sample_conv_var2smp_str()
CLEANUP: sample: rename sample_conv_var2smp() to *_sint
BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error
BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames
BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
BUG/MINOR: filters: Set right FLT_END analyser depending on channel
BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
BUG/MAJOR: lua: use task_wakeup() to properly run a task once
BUG/MEDIUM: lua: fix wakeup condition from sleep()
DOC: peers: fix doc "enable" statement on "peers" sections
BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
BUG/MINOR: server: allow 'enable health' only if check configured
Revert "REGTESTS: mark http_abortonclose as broken"
BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
MEDIUM: actions: Fix block ACL.
BUG/MINOR: stats: fix the POST requests processing in legacy mode
BUG/MEDIUM: http: check for a channel pending data before waiting
BUG/MINOR: cli/payload: do not search for args inside payload
BUG/MINOR: compat: make sure __WORDSIZE is always defined
BUG/MINOR: systemd: ExecStartPre must use -Ws
[RELEASE] Released version 2.0.25
REGTESTS: mark http_abortonclose as broken
MINOR: action: Use a generic function to check validity of an action rule list
Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive"
BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
CLEANUP: htx: remove comments about "must be < 256 MB"
BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
DOC: configuration: remove wrong tcp-request examples in tcp-response
CLEANUP: Add missing include guard to signal.h
BUG/MINOR: tools: Fix loop condition in dump_text()
BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
MINOR: compiler: implement an ONLY_ONCE() macro
BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
REGTESTS: abortonclose: after retries, 503 is expected, not close
BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3-
[RELEASE] Released version 2.0.24
REGTESTS: add a test to prevent h2 desync attacks
BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header
DOC/MINOR: fix typo in management document
MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade
DOC: config: Fix 'http-response send-spoe-group' documentation
DOC: Improve the lua documentation
BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued
BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released
MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure
BUG/MINOR: server: update last_change on maint->ready transitions too
BUG/MINOR: connection: Add missing error labels to conn_err_code_str
BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames
BUG/MINOR: mux-h2: Obey dontlognull option during the preface
BUG/MINOR: systemd: must check the configuration using -Ws
BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs
BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
BUILD: add detection of missing important CFLAGS
BUG/MEDIUM: tcp-check: Do not dereference inexisting connection
[RELEASE] Released version 2.0.23
BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled
BUG/MINOR: server-state: load SRV resolution only if params match the config
CLEANUP: pools: remove now unused seq and pool_free_list
BUG/MAJOR: pools: fix possible race with free() in the lockless variant
MEDIUM: pools: use a single pool_gc() function for locked and lockless
MEDIUM: memory: make pool_gc() run under thread isolation
BUG/MEDIUM: pools: Always update free_list in pool_gc().
MINOR: pools: do not maintain the lock during pool_flush()
BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS
Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules"
BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response()
BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
DOC: config: use CREATE USER for mysql-check
DOC: peers: fix the protocol tag name in the doc
DOC: stick-table: add missing documentation about gpt0 stored type
BUG/MINOR: stick-table: fix several printf sign errors dumping tables
BUG/MINOR: cli: fix server name output in "show fd"
BUG/MEDIUM: sock: make sure to never miss early connection failures
BUG/MINOR: server/cli: Fix locking in function processing "set server" command
BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
BUG/MINOR: resolvers: answser item list was randomly purged or errors
DOC: config: Add missing actions in "tcp-request session" documentation
MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function
BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken
MINOR: mux-h2: obey http-ignore-probes during the preface
BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
BUG/MINOR: mworker: fix typo in chroot error message
BUG/MINOR: ssl: use atomic ops to update global shctx stats
BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
DOC: lua: Add a warning about buffers modification in HTTP
BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
BUG/MEDIUM: dns: reset file descriptor if send returns an error
BUG/MEDIUM: compression: Add a flag to know the filter is still processing data
BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree
BUG/MINOR: http: Missing calloc return value check in make_arg_list
BUG/MINOR: http: Missing calloc return value check while parsing redirect rule
BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list
BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo
BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response
BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture
BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
BUG/MINOR: peers: Missing calloc return value check in peers_register_table
BUG/MINOR: server: Missing calloc return value check in srv_parse_source
BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts
BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
REGTESTS: Add script to test abortonclose option
MEDIUM: mux-h1: Don't block reads when waiting for the other side
BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive
MINOR: channel: Rely on HTX version if appropriate in channel_may_recv()
BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port
BUG/MINOR: stream: Reset stream final state and si error type on L7 retry
BUG/MINOR: stream: properly clear the previous error mask on L7 retries
BUG/MINOR: stream: Decrement server current session counter on L7 retry
BUG/MEDIUM: cli: prevent memory leak on write errors
BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers
MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode
MINOR: peers: add informative flags about resync process for debugging
BUG/MEDIUM: peers: reset tables stage flags stages on new conns
BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly
BUG/MEDIUM: peers: reset commitupdate value in new conns
BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected
BUG/MEDIUM: peers: stop considering ack messages teaching a full resync
BUG/MEDIUM: peers: register last acked value as origin receiving a resync req
BUG/MEDIUM: peers: initialize resync timer to get an initial full resync
BUG/MINOR: applet: Notify the other side if data were consumed by an applet
BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message
BUG/MEDIUM: peers: re-work refcnt on table to protect against flush
BUG/MEDIUM: peers: re-work connection to new process during reload.
BUG/MINOR: peers: remove useless table check if initial resync is finished
BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data
BUG/MINOR: mworker: don't use oldpids[] anymore for reload
BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases
BUG/MEDIUM: config: fix cpu-map notation with both process and threads
BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames
BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers
BUG/MINOR: server: free srv.lb_nodes in free_server
BUG/MINOR: mux-h1: Release idle server H1 connection if data are received
BUG/MINOR: logs: Report the true number of retries if there was no connection
BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function
BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded
BUG/MEDIUM: threads: Ignore current thread to end its harmless period
BUG/MEDIUM: sample: Fix adjusting size in field converter
DOC: clarify that compression works for HTTP/2
BUG/MINOR: tools: fix parsing "us" unit for timers
DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options
[RELEASE] Released version 2.0.22
BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks
MINOR: resolvers: Directly call srvrq_update_srv_state() when possible
MINOR: resolvers: Add function to change the srv status based on SRV resolution
MINOR: resolvers: Purge answer items when a SRV resolution triggers an error
MINOR: resolvers: Use a function to remove answers attached to a resolution
BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution
BUG/MAJOR: dns: disabled servers through SRV records never recover
BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
BUG/MINOR: tcp: fix silent-drop workaround for IPv6
BUG/MINOR: stats: Apply proper styles in HTML status page.
BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent
BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters
MINOR: tools: make url2ipv4 return the exact number of bytes parsed
BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless
BUG/MEDIUM: time: make sure to always initialize the global tick
BUG/MEDIUM: lua: Always init the lua stack before referencing the context
BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback
MINOR: lua: Slightly improve function dumping the lua traceback
MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket
BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable
MINOR: time: also provide a global, monotonic global_now_ms timer
[RELEASE] Released version 2.0.21
BUG/MINOR: freq_ctr/threads: make use of the last updated global time
MINOR: time: export the global_now variable
BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames
BUG/MINOR: resolvers: Reset server address on DNS error only on status change
BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error
CLEANUP: tcp-rules: add missing actions in the tcp-request error message
BUG/MINOR: session: Add some forgotten tests on session's listener
BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters
BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached
BUG/MEDIUM: session: NULL dereference possible when accessing the listener
BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode
BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring()
BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive
BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout
DOC: spoe: Add a note about fragmentation support in HAProxy
BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1
BUG/MINOR: connection: Use the client's dst family for adressless servers
BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule
BUG/MINOR: http-ana: Only consider dst address to process originalto option
BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf()
BUG/MEDIUM: resolvers: Reset address for unresolved servers
BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records
BUG/MINOR: resolvers: new callback to properly handle SRV record errors
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal
BUG/MEDIUM: cli/shutdown sessions: make it thread-safe
BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop
BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe
BUG/MINOR: sample: secure convs that accept base64 string and var name as args
BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok
BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line
BUG/MINOR: server: Init params before parsing a new server-state line
BUG/MINOR: sample: Always consider zero size string samples as unsafe
BUG/MINOR: checks: properly handle wrapping time in __health_adjust()
BUG/MINOR: session: atomically increment the tracked sessions counter
BUG/MINOR: server: Remove RMAINT from admin state when loading server state
CLEANUP: channel: fix comment in ci_putblk.
BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL
BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines
BUG/MEDIUM: config: don't pick unset values from last defaults section
CLEANUP: deinit: release global and per-proxy server-state variables on deinit
BUG/MINOR: server: Fix server-state-file-name directive
BUG/MINOR: backend: hold correctly lock when killing idle conn
BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints()
BUG/MINOR: server: re-align state file fields number
BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state
BUG/MEDIUM: mux-h2: Be sure to enter in demux loop even if dbuf is empty
BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED
BUG/MEDIUM: mux-h2: handle remaining read0 cases
BUILD: Makefile: move REGTESTST_TYPE default setting
BUG/MINOR: xxhash: make sure armv6 uses memcpy()
BUG/MEDIUM: ssl: check a connection's status before computing a handshake
BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
DOC: management: fix "show resolvers" alphabetical ordering
BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown
BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
BUG/MINOR: sample: Memory leak of sample_expr structure in case of error
BUG/MINOR: sample: check alloc_trash_chunk return value in concat()
[RELEASE] Released version 2.0.20
BUG/MINOR: sample: fix concat() converter's corruption with non-string variables
DOC: Add maintainers for the Prometheus exporter
SCRIPTS: announce-release: fix typo in help message
DOC: fix some spelling issues over multiple files
MINOR: contrib/prometheus-exporter: export build_info
BUILD: Makefile: exclude broken tests by default
BUG/MINOR: srv: do not init address if backend is disabled
SCRIPTS: make announce release support preparing announces before tag exists
SCRIPTS: improve announce-release to support different tag and versions
BUG/MINOR: cfgparse: Fail if the strdup() for rule->be.name for use_backend fails
MINOR: atomic: don't use ; to separate instruction on aarch64.
BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
BUILD: plock: remove dead code that causes a warning in gcc 11
CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
CONTRIB: halog: mark the has_zero* functions unused
CONTRIB: halog: fix build issue caused by %L printf format
BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric
CLEANUP: lua: Remove declaration of an inexistant function
BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
BUG/MINOR: tools: Reject size format not starting by a digit
BUG/MINOR: tools: make parse_time_err() more strict on the timer validity
DOC: email change of the DeviceAtlas maintainer
BUG/MEDIUM: spoa/python: Fixing references to None
BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments
BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails
BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations
DOC: spoa/python: Fixing typos in comments
DOC: spoa/python: Rephrasing memory related error messages
DOC: spoa/python: Fixing typo in IP related error messages
BUG/MAJOR: spoa/python: Fixing return None
DOC/MINOR: Fix formatting in Management Guide
BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times
MINOR: cli: add a function to look up a CLI service description
MINOR: actions: add a function returning a service pointer from its name
MINOR: actions: Export actions lookup functions
BUG/MINOR: lua: Some lua init operation are processed unsafe
BUG/MINOR: lua: Post init register function are not executed beyond the first one
BUG/MINOR: lua: lua-load doesn't check its parameters
MINOR: plock: use an ARMv8 instruction barrier for the pause instruction
DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section
BUG/MAJOR: peers: fix partial message decoding
BUG/MAJOR: filters: Always keep all offsets up to date during data filtering
BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests
BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering
BUILD: http-htx: fix build warning regarding long type in printf
MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error.
MINOR: spoe: Don't close connection in sync mode on processing timeout
BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet
BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches
BUG/MINOR: http-fetch: Extract cookie value even when no cookie name
BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages
BUG/MINOR: peers: Missing TX cache entries reset.
BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries.
BUG/MINOR: lua: set buffer size during map lookups
BUG/MINOR: pattern: a sample marked as const could be written
[RELEASE] Released version 2.0.19
BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L
MINOR: http-htx: Add understandable errors for the errorfiles parsing
BUG/MEDIUM: stick-table: limit the time spent purging old entries
BUG/MINOR: filters: Skip disabled proxies during startup only
BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade
MINOR: server: Copy configuration file and line for server templates
BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup
BUG/MEDIUM: filters: Don't try to init filters for disabled proxies
BUG/MINOR: cache: Inverted variables in http_calc_maxage function
BUG/MINOR: lua: initialize sample before using it
BUG/MINOR: server: fix down_time report for stats
BUG/MINOR: server: fix srv downtime calcul on starting
BUG/MINOR: log: fix memory leak on logsrv parse error
BUG/MINOR: extcheck: add missing checks on extchk_setenv()
BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible
BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests
BUG/MEDIUM: server: support changing the slowstart value from state-file
BUG/MINOR: queue: properly report redistributed connections
BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions.
BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn
BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages
BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided
BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once
MINOR: fd: report an error message when failing initial allocations
BUG/MINOR: mux-h2: do not stop outgoing connections on stopping
BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited
BUG/MEDIUM: h1: Always try to receive more in h1_rcv_buf().
BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses
BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams
BUG/MINOR: mux-h1: Always set the session on frontend h1 stream
BUG/MINOR: peers: Inconsistency when dumping peer status codes.
MINOR: hlua: Display debug messages on stderr only in debug mode
BUG/MINOR: stats: fix validity of the json schema
MINOR: counters: fix a typo in comment
BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe
BUG/MINOR: Fix several leaks of 'log_tag' in init().
BUILD: makefile: Fix building with closefrom() support enabled
DOC: ssl: crt-list negative filters are only a hint
[RELEASE] Released version 2.0.18
REGTEST: make map_regm_with_backref require 1.7
REGTEST: make abns_socket.vtc require 1.8
REGTEST: fix host part in balance-uri-path-only.vtc
REGTESTS: add a few load balancing tests
DOC: agent-check: fix typo in "fail" word expected reply
DOC: spoa-server: fix false friends actually
BUG/MEDIUM: listeners: do not pause foreign listeners
BUG/MINOR: config: Fix memory leak on config parse listen
BUG/MINOR: Fix memory leaks cfg_parse_peers
BUG/MEDIUM: h2: report frame bits only for handled types
BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch
BUG/MINOR: server: report correct error message for invalid port on "socks4"
BUG/MINOR: ssl: verifyhost is case sensitive
BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate
BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers
BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned
BUILD: threads: better workaround for late loading of libgcc_s
BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections
BUG/MINOR: auth: report valid crypto(3) support depending on build options
CLEANUP: Update .gitignore
MINOR: Commit .gitattributes
BUILD: thread: limit the libgcc_s workaround to glibc only
BUG/MINOR: threads: work around a libgcc_s issue with chrooting
BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp()
BUG/MEDIUM: doc: Fix replace-path action description
BUG/MINOR: startup: haproxy -s cause 100% cpu
BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address
BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure
BUG/MINOR: contrib/spoa-server: Do not free reference to NULL
BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed
BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak
DOC: cache: Use '<name>' instead of '<id>' in error message
BUG/MINOR: reload: do not fail when no socket is sent
BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction
BUG/MINOR: stats: use strncmp() instead of memcmp() on health states
BUG/MINOR: snapshots: leak of snapshots on deinit()
BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation
BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation
BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime
BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send
BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response
SCRIPTS: git-show-backports: emit the shell command to backport a commit
SCRIPTS: git-show-backports: make -m most only show the left branch
[RELEASE] Released version 2.0.17
SCRIPTS: announce-release: add the link to the wiki in the announce messages
MINOR: stream-int: Be sure to have a mux to do sends and receives
MINOR: connection: Preinstall the mux for non-ssl connect
BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
MEDIUM: lua: Add support for the Lua 5.4
BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received
BUG/MEDIUM: mux-h1: Wakeup the H1C in h1_rcv_buf() if more data are expected
BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
BUG/MAJOR: dns: Make the do-resolve action thread-safe
BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete
BUG/MEDIUM: resolve: fix init resolving for ring and peers section.
BUG/MINOR: cfgparse: don't increment linenum on incomplete lines
BUILD: thread: add parenthesis around values of locking macros
MINOR: pools: increase MAX_BASE_POOLS to 64
BUG/MINOR: threads: Don't forget to init each thread toremove_lock.
REGEST: Add reg tests about error files
BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp()
[RELEASE] Released version 2.0.16
BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
BUG/MEDIUM: log: issue mixing sampled to not sampled log servers.
BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
CONTRIB: da: fix memory leak in dummy function da_atlas_open()
BUG/MINOR: sample: Free str.area in smp_check_const_meth
BUG/MINOR: sample: Free str.area in smp_check_const_bool
DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x
BUG/MEDIUM: stream-int: Disable connection retries on plain HTTP proxy mode
BUG/MAJOR: stream: Mark the server address as unset on new outgoing connection
MINOR: http: Add support for http 413 status
BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server
BUG/MEDIUM: connection: Continue to recv data to a pipe when the FD is not ready
MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only
BUG/MEDIUM: mux-h1: Subscribe rather than waking up in h1_rcv_buf()
BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received
BUG/MINOR: mux-h1: Disable splicing only if input data was processed
BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive
BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode
BUG/MINOR: http_act: don't check capture id in backend (2)
DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd-ratio
DOC: configuration: add missing index entries for tune.pool-{low,high}-fd-ratio
BUG/MINOR: proxy: always initialize the trash in show servers state
BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash
BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible
DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list
MINOR: cli: make "show sess" stop at the last known session
BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL
REGTEST: ssl: add some ssl_c_* sample fetches test
REGTEST: ssl: tests the ssl_f_* sample fetches
MINOR: spoe: Don't systematically create new applets if processing rate is low
BUG/MINOR: http_ana: clarify connection pointer check on L7 retry
BUG/MINOR: spoe: correction of setting bits for analyzer
REGTEST: Add a simple script to tests errorfile directives in proxy sections
BUG/MINOR: systemd: Wait for network to be online
MEDIUM: map: make the "clear map" operation yield
REGTEST: http-rules: test spaces in ACLs with master CLI
REGTEST: http-rules: test spaces in ACLs
BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI
BUG/MINOR: mworker/cli: fix the escaping in the master CLI
BUG/MINOR: cli: allow space escaping on the CLI
BUG/MINOR: spoe: add missing key length check before checking key names
BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks
BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness
MINOR: http: Add 404 to http-request deny
MINOR: http: Add 410 to http-request deny
[RELEASE] Released version 2.0.15
REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used
BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0
REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation
REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv
BUG/MEDIUM: pattern: fix thread safety of pattern matching
BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor
BUG/MINOR: mworker: fix a memleak when execvp() failed
BUG/MEDIUM: mworker: fix the reload with an -- option
BUG/MINOR: init: -S can have a parameter starting with a dash
BUG/MINOR: init: -x can have a parameter starting with a dash
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
BUILD: makefile: adjust the sed expression of "make help" for solaris
BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version
BUG/MEDIUM: logs: fix trailing zeros on log message.
BUG/MINOR: logs: prevent double line returns in some events.
BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics
BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations
BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action
BUG/MINOR: peers: fix internal/network key type mapping.
SCRIPTS: publish-release: pass -n to gzip to remove timestamp
Revert "BUG/MEDIUM: connections: force connections cleanup on server changes"
BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
BUG/MINOR: lua: Add missing string length for lua sticktable lookup
BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
BUILD: select: only declare existing local labels to appease clang
BUG/MINOR: soft-stop: always wake up waiting threads on stopping
BUG/MINOR: pollers: remove uneeded free in global init
BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
BUG/MINOR: http-ana: fix NTLM response parsing again
BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
BUG/MINOR: sample: Set the correct type when a binary is converted to a string
CLEANUP: connections: align function declaration
BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
BUG/MEDIUM: connections: force connections cleanup on server changes
BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure
BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
BUG/MINOR: checks: Remove a warning about http health checks
BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks
BUG/MEDIUM: checks: Always initialize checks before starting them
BUG/MINOR: checks/server: use_ssl member must be signed
BUG/MEDIUM: server/checks: Init server check during config validity check
Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections"
BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection
REGTEST: ssl: test the client certificate authentication
MINOR: stream: report the list of active filters on stream crashes
BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
BUG/MEDIUM: shctx: really check the lock's value while waiting
BUG/MINOR: debug: properly use long long instead of long for the thread ID
MINOR: threads: export the POSIX thread ID in panic dumps
BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
BUG/MEDIUM: capture: c