Skip to content

v14.0.0+2.8.9

Compare
Choose a tag to compare
@CFN-CI CFN-CI released this 08 May 04:47
· 113 commits to master since this release

Announcements

  • We deprecate support for disable_tls_10, disable_tls_11, disable_tls_12 and disable_tls_13, move to ssl_min_ver and ssl_max_ver instead. The deprecated configuration might be removed with the next major release.

Fixes

  • ⚠️ Default health check behavior for Proxy Protocol scenarios was changed: Proxy Protocol is now also enabled for the health check endpoint by default. Use disable_health_check_proxy: true to disable it again, see #633 (thanks @a18e) ⚠️

New Features

  • For mTLS scenarios, the root CA DN (ssl_c_r_dn) is now sent besides other client certificate headers, see #659 (thanks @Mrizwanshaik)
  • Rate limiting now also works for IPv6 client IP addresses, see #633 (thanks @a18e)
  • SSL versions can be properly set via ssl_min_ver and ssl-max-ver as a successor of e.g. no-tlsv10, see #657 (thanks @kinjelom)
  • An additional pre-start script can be defined via pre_start_script, see #657 (thanks @kinjelom)
  • Authentication for the /stats endpoint can be disabled by defining stats_user empty, see #657 (thanks @kinjelom)
  • Well formatted raw config can be appended via raw_blocks as per spec, see #652. Additional config before raw_blocks can be actively switched using config_mode, see #657 (thanks @kinjelom)

Upgrades

  • Minor version bumps

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.9
keepalived 2.2.8
Lua 5.4.6
PCRE 10.43
socat 1.7.4.4

Deployment

releases:
- name: "haproxy"
  version: "14.0.0+2.8.9"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.0.0+2.8.9/haproxy-14.0.0+2.8.9.tgz"
  sha1: "d7c4b82b8cd8f9dcb32610949f2b6084e82d0e4d"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:beae6c34c4aed3b59d6f852f463ea4c13602929fa844201ec5567dacb9d5132c"

Deployment (patched)

releases:
- name: "haproxy"
  version: "14.0.0+2.8.9-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.0.0+2.8.9/haproxy-14.0.0+2.8.9-patched.tgz"
  sha1: "24cf797a460bd28d408cfd86c0d3df5480ad9fc1"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:01853783dd2f5f06ae8f2ac0c05a77df3e09694b3d26a1534c4953e555a517f7"