Changes since version 3.1.8 : Amaury Denoyelle (16): BUG/MINOR: config/server: reject QUIC addresses BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream BUG/MEDIUM: h3: do not overwrite interim with final response BUG/MINOR: h3: properly realloc buffer after interim response encoding BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side) MINOR: qmux: change API for snd_buf FIN transmission BUG/MEDIUM: h3: handle interim response properly on FE side BUG/MINOR: hq-interop: fix FIN transmission BUG/MINOR mux-quic: apply correctly timeout on output pending data DOC: list missing global QUIC settings BUG/MINOR: mux-h1: fix wrong lock label BUG/MEDIUM: quic: reset padding when building GSO datagrams BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested BUG/MAJOR: quic: fix INITIAL padding with probing packet only BUG/MINOR: quic: don't coalesce probing and ACK packet of same type MINOR: quic: centralize padding for HP sampling on packet building Aurelien DARRAGON (4): BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options BUG/MINOR: hlua: take default-path into account with lua-load-per-thread BUG/MINOR: logs: fix log-steps extra log origins selection Christopher Faulet (28): DOC: config: Fix a typo in 2.7 (Name format for maps and ACLs) BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available MINOR: cli: handle EOS/ERROR first BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode BUG/MINOR: http-client: Reject any 101-switching-protocols response BUG/MEDIUM: http-client: Drain the request if an early response is received BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort David Carlier (2): BUILD/MEDIUM: deviceatlas: fix when installed in custom locations. DOC: deviceatlas build clarifications Frederic Lecaille (4): BUG/MINOR: quic: Missing SSL session object freeing BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding MINOR: quic: Useless TX buffer size reduction in closing state BUG/MINOR: quic: Wrong source address use on FreeBSD Lukas Tribus (2): DOC: management: fix typo in commit f4f93c56 DOC: config: recommend single quoting passwords Olivier Houchard (4): BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS BUG/MEDIUM: ssl: Fix 0rtt to the server BUG/MEDIUM: ssl: fix build with AWS-LC Remi Tricot-Le Breton (3): BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter DOC: Fix 'jwt_verify' converter doc BUG/MINOR: init: Initialize random seed earlier in the init process Valentine Krasnobaeva (7): DOC: config: prefer-last-server: add notes for non-deterministic algorithms BUG/MINOR: tools: use my_unsetenv instead of unsetenv BUG/MINOR: halog: exit with error when some output filters are set simultaneosly BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR MEDIUM: dns: don't call connect to dest socket for AF_INET* MINOR: dns: dns_connect_nameserver: fix fd leak at error path MINOR: compiler: add __nonstring macro William Lallemand (7): BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers DOC: configuration: add details on prefer-client-ciphers MINOR: ssl: check TLS1.3 ciphersuites again in clienthello with recent AWS-LC BUG/MINOR: httpclient: wrongly named httpproxy flag DOC: management: clarify usage of -V with -c MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory BUG/MEDIUM: mworker: more verbose error upon loading failure Willy Tarreau (9): MINOR: http: add a function to validate characters of :authority BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field BUILD: tools: properly define ha_dump_backtrace() to avoid a build warning SCRIPTS: drop the HTML generation from announce-release BUILD: dev/phash: remove the accidentally committed a.out file BUG/MINOR: listener: really assign distinct IDs to shards BUILD: compat: provide relaxed versions of the MIN/MAX macros BUILD: compat: always set _POSIX_VERSION to ease comparisons