v14.0.0+2.8.9
Announcements
- We deprecate support for
disable_tls_10
,disable_tls_11
,disable_tls_12
anddisable_tls_13
, move tossl_min_ver
andssl_max_ver
instead. The deprecated configuration might be removed with the next major release.
Fixes
⚠️ Default health check behavior for Proxy Protocol scenarios was changed: Proxy Protocol is now also enabled for the health check endpoint by default. Usedisable_health_check_proxy: true
to disable it again, see #633 (thanks @a18e)⚠️
New Features
- For mTLS scenarios, the root CA DN (
ssl_c_r_dn
) is now sent besides other client certificate headers, see #659 (thanks @Mrizwanshaik) - Rate limiting now also works for IPv6 client IP addresses, see #633 (thanks @a18e)
- SSL versions can be properly set via
ssl_min_ver
andssl-max-ver
as a successor of e.g. no-tlsv10, see #657 (thanks @kinjelom) - An additional pre-start script can be defined via
pre_start_script
, see #657 (thanks @kinjelom) - Authentication for the /stats endpoint can be disabled by defining
stats_user
empty, see #657 (thanks @kinjelom) - Well formatted raw config can be appended via
raw_blocks
as per spec, see #652. Additional config beforeraw_blocks
can be actively switched usingconfig_mode
, see #657 (thanks @kinjelom)
Upgrades
- Minor version bumps
Versions
The following versions of upstream components are included in this haproxy-boshrelease:
Component | Version |
---|---|
HAProxy | 2.8.9 |
keepalived | 2.2.8 |
Lua | 5.4.6 |
PCRE | 10.43 |
socat | 1.7.4.4 |
Deployment
releases:
- name: "haproxy"
version: "14.0.0+2.8.9"
url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.0.0+2.8.9/haproxy-14.0.0+2.8.9.tgz"
sha1: "d7c4b82b8cd8f9dcb32610949f2b6084e82d0e4d"
# for deployments with sha256, use the following line instead:
# sha1: "sha256:beae6c34c4aed3b59d6f852f463ea4c13602929fa844201ec5567dacb9d5132c"
Deployment (patched)
releases:
- name: "haproxy"
version: "14.0.0+2.8.9-patched"
url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.0.0+2.8.9/haproxy-14.0.0+2.8.9-patched.tgz"
sha1: "24cf797a460bd28d408cfd86c0d3df5480ad9fc1"
# for deployments with sha256, use the following line instead:
# sha1: "sha256:01853783dd2f5f06ae8f2ac0c05a77df3e09694b3d26a1534c4953e555a517f7"