Version 1.3.23 of HAproxy
Release Notes: Various minor bugfixes were backported from 1.4, as well as three minor features: the ability to learn a cookie from a request for servers that don't update them upon failover, a new feature to remotely test a server being installed or updated without exposing it to the world, and sending of state information to servers along with health checks so that they know everything about the farm's size and their quality of service. These are probably the last features to be merged into 1.3.
Other releases
Release Notes: This version fixes two possible crashes, one of them remotely triggered (CVE-2013-2175) involving use of a negative occurrence number in hdr_* fetches. Other long-standing improvements were finally merged, such as http-response, dynamic setting of priority, DSCP headers, Netfilter mark and log level, transparent proxy on *BSD, fetching of environment variables, conditional PROXY protocol by ACL, 3 parallel stick-counters instead of 2, reworking of the doc to simplify the search of ACL/fetch keywords, and further-improved configuration error reporting. All 1.5 users must upgrade.
Release Notes: This release fixes a crash which could occur when a configuration made use of hdr_ip(name,-1) or "usesrc hdr_ip(name)", if the client sent a certain number of values of the requested header. CVE-2013-2175 was assigned to this bug. All users of 1.4 must upgrade or apply the fix.
Release Notes: This version fixes a security flaw in the TCP content inspection code when combined with HTTP information. All 1.4 users must upgrade or patch. 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI. Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.
Release Notes: This version fixes a security flaw in TCP content inspection when combined with HTTP. 1.5-dev users must upgrade or patch. Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308. No fewer than 43 bugs were fixed in various areas.
Release Notes: The last known bugs since 1.5-dev15 have been fixed (frozen POSTs, aborted SSL sessions, and occasionally truncated early responses from servers to POST requests). Additionally, a few long-awaited features have been implemented: support for logging anything coming from a sample fetch function using %[] in the log format, as well as passing this to servers in HTTP headers (all SSL information can now be passed this way). The HTML stats page was improved with more detailed information in tips (this was broken in dev16). Users of 1.5-dev12 to 16 are strongly encouraged to upgrade.
