Release Notes: Four important issues were fixed since dev24 (crashes on out-of-memory, crashes on FreeBSD when using a shared session cache, pauses in HTTP request body transfers when using the balance url_param, and the arguments "-i" and "-n" being ignored on ACLs since dev23). Some pending changes were completed, as well. Half-closed timeouts and server-side Unix sockets are now supported. Per-listener process binding is finally possible using the "process" keyword on "bind" lines, which makes it possible to have one stats socket per process. Version 2 of the PROXY protocol was implemented on the server side.
Release Notes: This version fixes three major regressions: truncated transfers, crashes on certain redirects, and an SSL slowdown. Other minor issues were fixed as well. The stats page now supports chunked mode, keep-alive, and compression. Health checks can be started within a smaller delay. http-request/response now support set-map/del-map/add-acl/del-acl to add/remove pattern entries to maps and ACLs on the fly based on data extracted from the traffic. Heartbleed attacks (CVE-2014-0160) are detected and blocked even on vulnerable OpenSSL implementations.
Release Notes: This new version addresses half of the remaining changes before -final. use_backend now supports log-format expressions. Maps and ACLs now share the same pattern lists which are dynamically updatable from the CLI. SSL supports ALPN and Web sites now load faster thanks to dynamic record size adjustments. Compression of chunked HTTP responses was fixed and enabled again. Other minor features were added and about 35 bugs were fixed.
Release Notes: Two major changes: a rework of the whole polling system to implement a real event cache, and HTTP keep-alive is now enabled by default, so users will no longer be confused by the tunnel mode. Other nice updates include SSL handshake optimizations, more debugging info on the stats socket, the ability to rate-limit SSL to protect the resources, sample fetches to retrieve captured headers, automatic stickiness to the same server after 401/407, and the new "tcp-check connect" directive to check multiple ports on a server. 32 bugs were fixed since dev21.
Release Notes: This release fixes a few annoying bugs. Use this version instead of 1.5-dev20 to be safe.
Release Notes: Many new features are included in this version, including server-side keep-alive, maps, use of log-format syntax in redirects, agent-check, tcp-check send/expect, and important memory savings. 71 bugs were fixed. Thanks to the entry of server-side keep-alive, this should be the last development version before the final 1.5 release (unless new bugs appear and require another one).
Release Notes: This version fixes two possible crashes, one of them remotely triggered (CVE-2013-2175) involving use of a negative occurrence number in hdr_* fetches. Other long-standing improvements were finally merged, such as http-response, dynamic setting of priority, DSCP headers, Netfilter mark and log level, transparent proxy on *BSD, fetching of environment variables, conditional PROXY protocol by ACL, 3 parallel stick-counters instead of 2, reworking of the doc to simplify the search of ACL/fetch keywords, and further-improved configuration error reporting. All 1.5 users must upgrade.
Release Notes: This release fixes a crash which could occur when a configuration made use of hdr_ip(name,-1) or "usesrc hdr_ip(name)", if the client sent a certain number of values of the requested header. CVE-2013-2175 was assigned to this bug. All users of 1.4 must upgrade or apply the fix.
Release Notes: This version fixes a security flaw in the TCP content inspection code when combined with HTTP information. All 1.4 users must upgrade or patch. 25 other bugs were fixed since 1.4.22, including a risk of memory corruption by monitoring systems abusing of the "show sess" command on the CLI. Poll() was enabled by default on all platforms, and select() limited to 1024 fds only, in order to workaround a recent glibc change that causes runtime crashes due to extra controls in FD_SET/FD_CLR/FD_ISSET.
Release Notes: This version fixes a security flaw in TCP content inspection when combined with HTTP. 1.5-dev users must upgrade or patch. Other big changes include a richer address parser that supports environment variables, the convergence of ACLs and samples allowing more powerful combinations of patterns analysis, support for systemd, a new health check agent protocol, PCRE JIT support, TLS ALPN, and HTTP redirects 307 and 308. No fewer than 43 bugs were fixed in various areas.