Haproxy 1.5.7 正式发布,此版本现已提供下载,更新内容如下:
A nasty bug reported by Dmitry Sivachenko can cause
haproxy to die in some rare cases when a monitoring system issues a lot
of "show sess" commands on the CLI and aborts them in the middle of a
transfer. The probability to hit it is so low that it has existed since
v1.4 and was only noticed now.
Cyril Bonté fixed a bug causing wrong
flags to be sometimes reported in the logs for keep-alive requests.
A
bug where the PROXY protocol is used with a banner protocol causes an
extra 200ms delay for the request to leave, slowing down connection
establishment to SMTP or FTP servers.
{敏感词} Ruppert found and fixed a
bug in the way regex are compiled when HAProxy is built with support
for PCRE_JIT but the libpcre is built without.
The way original
connection addresses are detected on a system where connections are
NAT'd by Netfilter was fixed so that we wouldn't report IPv4 destination
addresses for v6-mapped v4 addresses. This used to cause the PROXY
protocol to emit "UNKNOWN" as the address families differred for the
source and destination!
John Leach reported an interesting bug in the
way SSL certificates were loaded : if a certificate with an invalid
subject (no parsable CN) is loaded as the first in the list, its context
will not be updated with the bind line arguments, resulting in such a
certificate to accept SSLv3 despite the "no-sslv3" keyword. That was
diagnosed and fixed by Emeric, who also implemented the global
"ssl-default-bind-options" and "ssl-default-server-options" keywords,
and implemented "ssl_c_der" and "ssl_f_der" to pass the full raw
certificate to the server if needed.
更多内容请看这里。 |