Release Notes: Two major changes: a rework of the whole polling system to implement a real event cache, and HTTP keep-alive is now enabled by default, so users will no longer be confused by the tunnel mode. Other nice updates include SSL handshake optimizations, more debugging info on the stats socket, the ability to rate-limit SSL to protect the resources, sample fetches to retrieve captured headers, automatic stickiness to the same server after 401/407, and the new "tcp-check connect" directive to check multiple ports on a server. 32 bugs were fixed since dev21.
Release Notes: This release fixes a few annoying bugs. Use this version instead of 1.5-dev20 to be safe.
Release Notes: Many new features are included in this version, including server-side keep-alive, maps, use of log-format syntax in redirects, agent-check, tcp-check send/expect, and important memory savings. 71 bugs were fixed. Thanks to the entry of server-side keep-alive, this should be the last development version before the final 1.5 release (unless new bugs appear and require another one).
Release Notes: This version fixes two possible crashes, one of them remotely triggered (CVE-2013-2175) involving use of a negative occurrence number in hdr_* fetches. Other long-standing improvements were finally merged, such as http-response, dynamic setting of priority, DSCP headers, Netfilter mark and log level, transparent proxy on *BSD, fetching of environment variables, conditional PROXY protocol by ACL, 3 parallel stick-counters instead of 2, reworking of the doc to simplify the search of ACL/fetch keywords, and further-improved configuration error reporting. All 1.5 users must upgrade.
Release Notes: This release fixes a crash which could occur when a configuration made use of hdr_ip(name,-1) or "usesrc hdr_ip(name)", if the client sent a certain number of values of the requested header. CVE-2013-2175 was assigned to this bug. All users of 1.4 must upgrade or apply the fix.
Release Notes: This version fixes a security flaw in the TCP content inspection code when combined with HTTP information. All 1.4 users must upgrade or patch. 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI. Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.
Release Notes: This version fixes a security flaw in TCP content inspection when combined with HTTP. 1.5-dev users must upgrade or patch. Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308. No fewer than 43 bugs were fixed in various areas.
Release Notes: The last known bugs since 1.5-dev15 have been fixed (frozen POSTs, aborted SSL sessions, and occasionally truncated early responses from servers to POST requests). Additionally, a few long-awaited features have been implemented: support for logging anything coming from a sample fetch function using % in the log format, as well as passing this to servers in HTTP headers (all SSL information can now be passed this way). The HTML stats page was improved with more detailed information in tips (this was broken in dev16). Users of 1.5-dev12 to 16 are strongly encouraged to upgrade.
Release Notes: The high CPU usage a few users have been experiencing in dev14 is now fixed. A file descriptor leak when logging SSL information was fixed. Some SSL issues with client certs were fixed. SSL handshake errors are now logged. Some incorrect logs of "SD" flags in case of client errors were resolved. The conditions to enable Gzip compression were tightened. Layer 7 information such as the IP address taken from a header can now be tracked. Users of 1.5-dev12..dev14 are encouraged to upgrade.
Release Notes: The SSL stack received many fixes and improvements. It now supports mutual cert authentication, client cert-based ACLs, and a multi-process session cache. Some facilities were offered to support multi-process mode with SSL. Health checks support SSL and the PROXY protocol. HTTP forwarding now supports gzip compression. Recent Linux platforms support TCP FastOpen and accept4(). The "bind" statement now supports "v4v6" and "v6only" keywords to decide on the IPv6 binding policy. Many bugs have been fixed, so those using dev12 and dev13 in production are strongly encouraged to upgrade.