Release Notes: A new logging subsystem with customizable log formats, a unique-ID generator, a full rework of the buffers and HTTP message storage, a merge of the ACL and pattern fetch code, ACL support for IPv6 addresses, cookies, URL parameters, and arbitrary payload, support for specifying a precise occurrence in fetch functions, much better error reporting for ACL parsing errors, the long-awaited "use-server" directive, minor improvements to the error capture reports, and a significant number of bugfixes.
Release Notes: This version fixes two possible crashes, one of them remotely triggered (CVE-2013-2175) involving use of a negative occurrence number in hdr_* fetches. Other long-standing improvements were finally merged, such as http-response, dynamic setting of priority, DSCP headers, Netfilter mark and log level, transparent proxy on *BSD, fetching of environment variables, conditional PROXY protocol by ACL, 3 parallel stick-counters instead of 2, reworking of the doc to simplify the search of ACL/fetch keywords, and further-improved configuration error reporting. All 1.5 users must upgrade.
Release Notes: This release fixes a crash which could occur when a configuration made use of hdr_ip(name,-1) or "usesrc hdr_ip(name)", if the client sent a certain number of values of the requested header. CVE-2013-2175 was assigned to this bug. All users of 1.4 must upgrade or apply the fix.
Release Notes: This version fixes a security flaw in the TCP content inspection code when combined with HTTP information. All 1.4 users must upgrade or patch. 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI. Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.
Release Notes: This version fixes a security flaw in TCP content inspection when combined with HTTP. 1.5-dev users must upgrade or patch. Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308. No fewer than 43 bugs were fixed in various areas.
Release Notes: The last known bugs since 1.5-dev15 have been fixed (frozen POSTs, aborted SSL sessions, and occasionally truncated early responses from servers to POST requests). Additionally, a few long-awaited features have been implemented: support for logging anything coming from a sample fetch function using % in the log format, as well as passing this to servers in HTTP headers (all SSL information can now be passed this way). The HTML stats page was improved with more detailed information in tips (this was broken in dev16). Users of 1.5-dev12 to 16 are strongly encouraged to upgrade.