This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues:
Security issue fixed:
- CVE-2019-14241: Fixed a cookie memory corruption problem. (bsc#1142529)
The update to 2.0.5 brings lots of features and bugfixes:
- new internal native HTTP representation called HTX, was already in 1.9 and is now enabled by default in 2.0
- end-to-end HTTP/2 support including trailers and continuation frames, as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using the H2 preface;
- server connection pooling and more advanced reuse, with ALPN protocol negotiation (already in 1.9)
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers as well as on the frontend
- much more scalable multi-threading, which is even enabled by default on platforms where it was successfully tested ; by default, as many threads are started as the number of CPUs haproxy is allowed to run on. This removes a lot of configuration burden in VMs and containers
- automatic maxconn setting for the process and the frontends, directly based on the number of available FDs (easier configuration in containers and with systemd)
- logging to stdout for use in containers and systemd (already in 1.9). Logs can now provide micro-second resolution for some events
- peers now support SSL, declaration of multiple stick-tables directly in the peers section, and synchronization of server names, not just IDs
- In master-worker mode, the master process now exposes its own CLI and can communicate with all other processes (including the stopping ones), even allowing to connect to their CLI and check their state. It is also possible to start some sidecar programs and monitor them from the master, and the master can automatically kill old processes that survived too many reloads
- the incoming connections are load-balanced between all threads depending on their load to minimize the processing time and maximize the capacity (already in 1.9)
- the SPOE connection...