CHANGELOG-v0.10.md

CHANGELOG v0.10 branch

• Major improvements
• Contributors
• v0.10.12
  • Reference
  • Release notes
  • Fixes and improvements
• v0.10.11
  • Reference
  • Release notes
  • Fixes and improvements
• v0.10.10
  • Reference
  • Release notes
  • Fixes and improvements
• v0.10.9
  • Reference
  • Release notes
  • Fixes and improvements
• v0.10.8
  • Reference
  • Fixes and improvements
• v0.10.7
  • Reference
  • Fixes and improvements
• v0.10.6
  • Reference
  • Fixes and improvements
• v0.10.5
  • Reference
  • Fixes and improvements
• v0.10.4
  • Reference
  • Fixes and improvements
• v0.10.3
  • Reference
  • Fixes and improvements
• v0.10.2
  • Reference
  • Fixes and improvements
• v0.10.1
  • Reference
  • Fixes and improvements
• v0.10
  • Reference
  • Fixes and improvements
• v0.10-beta.3
  • Reference
  • Fixes and improvements
• v0.10-beta.2
  • Reference
  • Fixes and improvements
• v0.10-beta.1
  • Reference
  • Improvements
  • Fixes
• v0.10-snapshot.5
  • Reference
  • Improvements
• v0.10-snapshot.4
  • Reference
  • Improvements
  • Fixes
• v0.10-snapshot.3
  • Reference
  • Improvements
• v0.10-snapshot.2
  • Reference
  • Improvements
• v0.10-snapshot.1
  • Reference
  • Improvements

Major improvements

Highlights of this version:

• HAProxy upgrade from 1.9 to 2.0
• Metrics:
  • HAProxy's internal Prometheus exporter, see the doc
  • HAProxy Ingress exporter for Prometheus
  • HAProxy Ingress dashboard for Grafana, see the metrics example

Contributors

• Alexis Dufour (AlexisDuf)
• Anton Carlos (antcs)
• Colin Deasy (coldeasy)
• Eliot Hautefeuille (hileef)
• Joao Morais (jcmoraisjr)
• KKlapper (KKlapper)
• pawelb (pbabilas)
• Robert Agbozo (RobertTheProfessional)
• Sankul (dark-shade)
• Tadeu Andrade (mtatheonly)

v0.10.12

Reference (r12)

• Release date: 2021-09-16
• Helm chart: --version 0.10.12
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.12
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.12
• Embedded HAProxy version: 2.0.25
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.12

Release notes (r12)

This release fixes a regression introduced in #820: a globally configured config-backend snippet wasn't being applied in the final configuration. Annotation based snippets weren't impacted.

Fixes and improvements (r12)

Fixes and improvements since v0.10.11:

• Fix global config-backend snippet config #856 (jcmoraisjr)

v0.10.11

Reference (r11)

• Release date: 2021-09-08
• Helm chart: --version 0.10.11
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.11
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.11
• Embedded HAProxy version: 2.0.25
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.11

Release notes (r11)

This release updates the embedded HAProxy version from 2.0.24 to 2.0.25, which fixes a HAProxy's vulnerability with the Content-Length HTTP header. CVE-2021-40346 was assigned. The following announce from the HAProxy's mailing list has the details and possible workaround: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html

Also, a misconfigured oauth (e.g. a missing service name) was allowing requests to reach the backend instead of deny the requests.

Fixes and improvements (r11)

Fixes and improvements since v0.10.10:

• always deny requests if oauth is misconfigured 1ff88ec (Joao Morais)
• update embedded haproxy from 2.0.24 to 2.0.25 01631b4 (Joao Morais)

v0.10.10

Reference (r10)

• Release date: 2021-08-17
• Helm chart: --version 0.10.10
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.10
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.10
• Embedded HAProxy version: 2.0.24
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.10

Release notes (r10)

This release updates the embedded HAProxy version from 2.0.22 to 2.0.24, which fixes some HAProxy's HTTP/2 vulnerabilities. A malicious request can abuse the H2 :method pseudo-header to forge malformed HTTP/1 requests, which can be accepted by some vulnerable backend servers. The following announce from the HAProxy's mailing list has the details: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html

Fixes and improvements (r10)

Fixes and improvements since v0.10.9:

• update embedded haproxy from 2.0.22 to 2.0.24 1a44f00 (Joao Morais)

v0.10.9

Reference (r9)

• Release date: 2021-07-11
• Helm chart: --version 0.10.9
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.9
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.9
• Embedded HAProxy version: 2.0.22
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.9

Release notes (r9)

This release adds some security options: --disable-external-name can be used to not allow backend server discovery using an external domain; --disable-config-keywords can be used to partially or completely disable configuration snippets via ingress or service annotations.

Also, a warning will be emitted if the configured global ConfigMap does not exist.

There is no urge to update, except if some of the new options seem useful.

Fixes and improvements (r9)

Fixes and improvements since v0.10.8:

• Ensure that configured global ConfigMap exists #804 (jcmoraisjr)
• Add disable-external-name command-line option #816 (jcmoraisjr) - doc
  • Command-line options:
    • --disable-external-name
• Add disable-config-keywords command-line options #820 (jcmoraisjr) - doc
  • Command-line options:
    • --disable-config-keywords
• build: remove travis-ci configs 8c7fc79 (Joao Morais)

v0.10.8

Reference (r8)

• Release date: 2021-06-20
• Helm chart: --version 0.10.8
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.8
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.8
• Embedded HAProxy version: 2.0.22
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.8

Fixes and improvements (r8)

Fixes and improvements since v0.10.7:

• Use the port name on DNS resolver template #796 (jcmoraisjr)
• Fix reading of tls secret without crt or key #799 (jcmoraisjr)
• build: move from travis to github actions 7a81577 (Joao Morais)

v0.10.7

Reference (r7)

• Release date: 2021-04-16
• Helm chart: --version 0.10.7
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.7
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.7
• Embedded HAProxy version: 2.0.22
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.7

Fixes and improvements (r7)

Fixes and improvements since v0.10.6:

• Fix default host if configured as ssl-passthrough #764 (jcmoraisjr)
• Update embedded haproxy from 2.0.21 to 2.0.22 9a57a6c (Joao Morais)

v0.10.6

Reference (r6)

• Release date: 2021-03-27
• Helm chart: --version 0.10.6
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.6
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.6
• Embedded HAProxy version: 2.0.21
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.6

Fixes and improvements (r6)

Fixes and improvements since v0.10.5:

• Fix incorrect reload if endpoint list grows #746 (jcmoraisjr)
• Fix backend matches if hostname uses wildcard #752 (jcmoraisjr)
• Update haproxy from 2.0.20 to 2.0.21 and fixes CVE-2021-3450 (OpenSSL). 01708b9 (Joao Morais)
• Update go from 1.13.4 to 1.13.15 5bd13b6 (Joao Morais)

v0.10.5

Reference (r5)

• Release date: 2021-02-28
• Helm chart: --version 0.10.5
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.5
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.5
• Embedded HAProxy version: 2.0.20
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.5

Fixes and improvements (r5)

Fixes and improvements since v0.10.4:

• Improve crt validation with ssl_c_verify #743 (jcmoraisjr)
• Fix initial weight configuration #742 (jcmoraisjr)

v0.10.4

Reference (r4)

• Release date: 2021-02-03
• Helm chart: --version 0.10.4
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.4
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.4
• Embedded HAProxy version: 2.0.20
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.4

Fixes and improvements (r4)

Fixes and improvements since v0.10.3:

• Fix reload failure if admin socket refuses connection #719 (jcmoraisjr)
• Readd haproxy user in the docker image #718 (jcmoraisjr)
• Update embedded haproxy to 2.0.20 ae3cc40 (Joao Morais)

Other

• Fix prometheus config #723 (jcmoraisjr)

v0.10.3

Reference (r3)

• Release date: 2020-12-13
• Helm chart: --version 0.10.3
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.3
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.3
• Embedded HAProxy version: 2.0.19
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.3

Fixes and improvements (r3)

Fixes and improvements since v0.10.2:

• Use default certificate only if provided SNI isn't found #700 (jcmoraisjr)
• Add path scope #705 (jcmoraisjr)
• Fix duplication of userlist #701 (jcmoraisjr)

v0.10.2

Reference (r2)

• Release date: 2020-11-16
• Helm chart: --version 0.10.2
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.2
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.2
• Embedded HAProxy version: 2.0.19
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.2

Fixes and improvements (r2)

Fixes and improvements since v0.10.1:

• Fix line too long on backend parsing #683 (jcmoraisjr)
• Allow signer to work with wildcard dns certs #695 (pbabilas)
• Update embedded haproxy from 2.0.18 to 2.0.19 b7b0ca9 (Joao Morais)

v0.10.1

Reference (r1)

• Release date: 2020-10-20
• Helm chart: --version 0.10.1
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10.1
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10.1
• Embedded HAProxy version: 2.0.18
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10.1

Fixes and improvements (r1)

Fixes and improvements since v0.10:

• Fix rewrite target match #668 (jcmoraisjr)
• Implement sort-backends #677 (jcmoraisjr)
• Update embedded haproxy to 2.0.18 d9ac2c8 (Joao Morais)

v0.10

Reference (r0)

• Release date: 2020-09-07
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10
• Embedded HAProxy version: 2.0.17
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10

Fixes and improvements (r0)

Fixes and improvements since v0.10-beta.3:

• v0.10 is binary compatible with v0.10-beta.3.

v0.10-beta.3

Reference (b3)

• Release date: 2020-08-02
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-beta.3
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-beta.3
• Embedded HAProxy version: 2.0.17
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10-beta.3

Fixes and improvements (b3)

Fixes and improvements since v0.10-beta.2:

• Update haproxy from 2.0.15 to 2.0.17
• Add service event handler #633
• Configure default crt on ingress parsing phase #634

v0.10-beta.2

Reference (b2)

• Release date: 2020-06-13
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-beta.2
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-beta.2
• Embedded HAProxy version: 2.0.15
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10-beta.2

Fixes and improvements (b2)

Fixes and improvements since v0.10-beta.1:

• Allow overriding CPU Map #588 - doc
  • Configuration keys:
    • cpu-map
    • use-cpu-map
• TCP Services : SSL : Optionally Verify Client #589 - doc
• Update haproxy from 2.0.14 to 2.0.15

v0.10-beta.1

Reference (b1)

• Release date: 2020-05-18
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-beta.1
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-beta.1
• Embedded HAProxy version: 2.0.14
• GitHub release: https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.10-beta.1

Improvements (b1)

New features and improvements since v0.10-snapshot.5:

• Add check interval on tcp service #576
  • Command-line option:
    • --tcp-services-configmap (update) - doc
• Add use-forwarded-proto config key #577
  • Configuration keys:
    • use-forwarded-proto - doc

Fixes (b1)

• Fix logging messages #559
• Fix server-alias on http/80 #570
• Fix permission using watch-namespace #578

v0.10-snapshot.5

Reference (s5)

• Release date: 2020-04-02
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-snapshot.5
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-snapshot.5
• Embedded HAProxy version: 2.0.14

Improvements (s5)

New features and improvements since v0.10-snapshot.4:

• Update HAProxy from 2.0.13 to 2.0.14, which fixes CVE-2020-11100

v0.10-snapshot.4

Reference (s4)

• Release date: 2020-03-24
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-snapshot.4
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-snapshot.4
• Embedded HAProxy version: 2.0.13

Improvements (s4)

New features and improvements since v0.10-snapshot.3:

• Update to haproxy 2.0.13 #521
• Ignore ingresses without specified class #527 - doc
  • Command-line options:
    • --ignore-ingress-without-class
• Improve certificate sign logs #533
• Add cert signing metrics #535
• Add buckets-response-time command-line option #537 - doc
  • Command-line options:
    • --buckets-response-time
• Add external call to certificate check #539 - doc
• docs: add crt signing metrics in the dashboard #540 - doc

Fixes (s4)

• Fix TLS handshake on backend #520
• Update crt metric if date changes #524
• Clear acme work queue on stopped leading #526
• Restart the leader elector when stop leading #532
• Fix race on failure rate limit queue #534
• Fix processing count metric name #536
• Fix label naming of cert signing metric #538

v0.10-snapshot.3

Reference (s3)

• Release date: 2020-02-06
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-snapshot.3
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-snapshot.3
• Embedded HAProxy version: 2.0.12

Improvements (s3)

New features and improvements since v0.10-snapshot.2:

• Sort tcp services by name and port #506
• Add backend-server-naming key #507 - doc
  • Configuration keys:
    • backend-server-naming
• Add ssl-redirect-code global config key #511 - doc
  • Configuration keys:
    • ssl-redirect-code
• Add modsecurity timeout connect/server #512 - doc
  • Configuration keys:
    • modsecurity-timeout-connect
    • modsecurity-timeout-server
• Add ssl-fingerprint-lower config key #515 - doc
  • Configuration keys:
    • ssl-fingerprint-lower
• Remove haproxy warning filter #514
• Create frontends even without ingress #516
• Add auth-tls-strict configuration key #513 - doc
  • Configuration keys:
    • auth-tls-strict
• Update to haproxy 2.0.12 #518

v0.10-snapshot.2

Reference (s2)

• Release date: 2020-01-19
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-snapshot.2
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-snapshot.2
• Embedded HAProxy version: 2.0.11

Improvements (s2)

New features and improvements since v0.10-snapshot.1:

• Change unix sockets user to haproxy #504
• Add CN label in the cert_expire metric #501

v0.10-snapshot.1

Reference (s1)

• Release date: 2019-12-30
• Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.10-snapshot.1
• Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.10-snapshot.1
• Embedded HAProxy version: 2.0.11

Improvements (s1)

New features and improvements since v0.9-beta.1:

• Update to haproxy 2.0.11 #414
• Remove v0.7 controller #483
• Add frontend to the internal prometheus exporter #486
  • Configuration keys:
    • bind-ip-addr-prometheus - doc
    • prometheus-port - doc
• Defaults to not create prometheus listener #491
• Metric collector and exporter #487 - doc
  • Command-line options:
    • --healthz-port
    • --profiling
    • --stats-collect-processing-period