)]}' { "log": [ { "commit": "2bbc66f984d5bb498467456667ea8463fb325039", "tree": "f9f294b9be7526c3e44ae375bc8d027c39b87812", "parents": [ "b957e2a08cf655a78a1a648a4180fc1416f20410" ], "author": { "name": "Leif Hedstrom", "email": "zwoop@apache.org", "time": "Wed May 06 09:10:36 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 06 09:10:36 2026 -0600" }, "message": "Parallelize dir-sync on graceful shutdowns (#12996)\n\n* Parallelize dir-sync on graceful shutdowns\n\nThis will make normal ATS shutdowns come down quicker, specially on\nboxes with a lot of drives. This is similar to the new parallel sync\noptions under normal operations, except this will always Parallelize\nas much as needed.\n\n* Address Copilot\u0027s review comments\n\nFix lambda reference capture bug where all threads processed the last disk\u0027s\nstripes instead of their own; fix shared 0xdeadbeef EThread* sentinel by using\na thread_local variable to give each OS thread a unique identity for\nMUTEX_TAKE_LOCK." }, { "commit": "b957e2a08cf655a78a1a648a4180fc1416f20410", "tree": "43b4486beedc9cc82f058dc78ae3fb9fdad6b604", "parents": [ "07813a3875b51a9191591fb12ad2f7409afb51f9" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Tue May 05 11:48:34 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 05 11:48:34 2026 -0600" }, "message": "Update dependencies for h3 tools (#13136)" }, { "commit": "07813a3875b51a9191591fb12ad2f7409afb51f9", "tree": "8ba3fa8c2a3f739ebadb2593fddbd48b3f161b02", "parents": [ "f83807869d69b84113e66661cd4c0c39a99cd85a" ], "author": { "name": "Damian Meden", "email": "dmeden@apache.org", "time": "Tue May 05 14:09:38 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 05 14:09:38 2026 +0200" }, "message": "Add `_reload` directive support for config reload framework. (#13110)\n\n* Add _reload directive support to config reload framework\n\nConfig handlers need a way to receive operational parameters (e.g.\nscoping a reload to a single entry) without conflating them with\nconfig content. This adds a reserved _reload key inside the configs\nYAML node that the framework extracts before invoking handlers.\n\nFramework: ConfigContext gains reload_directives() getter; the\n_reload node is extracted in ConfigRegistry::execute_reload() and\nstripped from supplied_yaml(). Fixes stale _passed_configs entries\nnot being erased after consumption.\n\nCLI: traffic_ctl config reload gains --directive (-D) flag using\ndot-notation (config_key.directive_key\u003dvalue). Multiple directives\nare space-separated after a single -D.\n\nTests: unit tests for parse_directive and ConfigContext directive\npropagation; autest coverage for directive RPC structure handling.\n\nDocs: developer guide and traffic_ctl reference updated." }, { "commit": "f83807869d69b84113e66661cd4c0c39a99cd85a", "tree": "12373af2369fc0f7065412b7290b0701eec74c76", "parents": [ "79f8b31b2ac3420d1456bbb6f4ff6c1bcd6e0e1c" ], "author": { "name": "Damian Meden", "email": "dmeden@apache.org", "time": "Tue May 05 14:07:25 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 05 14:07:25 2026 +0200" }, "message": "Improve config reload error reporting with severity-aware task logs (#13090)\n\n* Add severity-aware logging to config reload framework\n\nUnify diagnostic logging (diags.log) with ConfigContext task logs\n(traffic_ctl config status) via CfgLoad* macros. Each task log\nentry now carries a DiagsLevel severity, enabling --min-level\nfiltering in traffic_ctl and severity tags in output ([Note],\n[Err], etc). Reload summaries are logged to diags.log after a\ngrace period, with detailed per-subtask dumps under the\nconfig.reload debug tag.\n\nFixes: #12963" }, { "commit": "79f8b31b2ac3420d1456bbb6f4ff6c1bcd6e0e1c", "tree": "486c3446b03edd977951882ea266385cf9ea9675", "parents": [ "83ec495a12b5e8a8795c2feb43289532b5531de7" ], "author": { "name": "Chris McFarlen", "email": "chris@mcfarlen.us", "time": "Mon May 04 17:14:19 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 04 17:14:19 2026 -0500" }, "message": "Fix index issue with records in HostDBRecord::select_best_srv (#13132)\n\n* Fix index issue with records in HostDBRecord::select_best_srv\n\n* review comments" }, { "commit": "83ec495a12b5e8a8795c2feb43289532b5531de7", "tree": "880e02986dae923c8561a6eaf6ac5e9724242410", "parents": [ "060721f3daa4e5da79ff649729f59c2fbcea426d" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Apr 29 14:28:23 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 29 14:28:23 2026 -0500" }, "message": "Remove virtual dispatch from LogData (#13123)\n\nThis addresses a performance regression added by #13059.\n\nMalformed pre-transaction logging introduced an extra virtual data\ninterface on the normal access log path. That made every completed\ntransaction pay for indirection that is only needed for rare\nprotocol-layer failures.\n\nThis replaces the virtual hierarchy with a concrete composed\nTransactionLogData wrapper. This keeps LogAccess using one data object\nwhile routing the common HttpSM path through direct getters and falling\nback to owned pre-transaction data only when no HttpSM exists." }, { "commit": "060721f3daa4e5da79ff649729f59c2fbcea426d", "tree": "b34c1500e937a164c68e3ad332cd65aeab603e09", "parents": [ "dcec715505390b3cab68234ec1c9866a913d8c2c" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Tue Apr 28 14:30:12 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 28 14:30:12 2026 -0500" }, "message": "Propagate PROXY-Protocol src to outbound surfaces (#13120)\n\nOn listeners that receive PROXY-Protocol, the parsed source IP currently\ndoes not reach several origin-facing and operator-visible surfaces: the\noutbound `Client-ip` and `X-Forwarded-For` request headers always carry\nthe immediate TCP peer (the CDN edge), and the outbound TPROXY\nlocal-bind address, the HostDB parent-selection affinity hash, and the\nSlow-Request error log all key off the TCP peer even on listeners that\nhave opted into `:pp-clnt`. The `ssl_has_proxy_v1` debug line is also\nmisleading: it fires for both PPv1 and PPv2 and only logs the\ndestination.\n\nThis aligns those outbound surfaces with the PROXY-Protocol source.\n`HttpTransact::add_client_ip_to_outgoing_request` is updated to\nprefer `pp_info.src_addr` whenever the user-agent connection has a\nparsed PROXY-Protocol header, mirroring\n`add_forwarded_field_to_request`, so the legacy headers agree with\n`Forwarded: for\u003d` regardless of `:pp-clnt`. The outbound TPROXY\nlocal-bind, HostDB parent-selection affinity, and Slow-Request error\nlog in `HttpSM.cc` are migrated to `t_state.effective_client_addr`,\nwhich is `:pp-clnt`-gated by construction so listeners without that\nflag are unaffected. The PP debug line is rewritten to print the\nactual PP version together with both `src` and `dst`.\n\nThis extends the proxy_protocol autest with a PPv2-over-TLS session\nusing a custom `src-addr` to lock in the new outbound-header\nbehavior, and updates the admin-guide PROXY-Protocol page to clarify\nwhich surfaces are `:pp-clnt`-gated and which (`Client-ip`,\n`X-Forwarded-For`, `Forwarded: for\u003d`) are unconditional." }, { "commit": "dcec715505390b3cab68234ec1c9866a913d8c2c", "tree": "c86bc24afd2ab8b1aec283afa239fe8bb0d7bb46", "parents": [ "a26a2d84595c1038a4061d4a7f4a2c4f55178d81" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Tue Apr 28 10:18:23 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 28 10:18:23 2026 -0600" }, "message": "Remove unused error page template (#13122)" }, { "commit": "a26a2d84595c1038a4061d4a7f4a2c4f55178d81", "tree": "99de9d5fb698a6af43126126f99687aee994b2b5", "parents": [ "a65725d423dfc32906e7acec6696ac9acbf91236" ], "author": { "name": "Chris McFarlen", "email": "chris@mcfarlen.us", "time": "Mon Apr 27 17:37:19 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 17:37:19 2026 -0500" }, "message": "Support per-remap geo DB handles in header_rewrite (#13042)\n\nReplace the single global geo DB handle with a cache of handles\nkeyed by path, allowing different remap rules to use different\nMMDB files via --geo-db-path. The handle is threaded through\nRulesConfig -\u003e Resources -\u003e ConditionGeo::get_geo_*() methods.\nThe cache deduplicates when multiple rules share the same path.\n\n\n(cherry picked from commit 8713ad495b4113853216885e31b927b1ccd1999c)\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "a65725d423dfc32906e7acec6696ac9acbf91236", "tree": "52865163b9736dc8de371e0c347f3abd167b952d", "parents": [ "571ee72309a6935e83b017e5618ddb788af019df" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Fri Apr 24 12:58:44 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 24 12:58:44 2026 -0600" }, "message": "Cap uncompressed length in TLS Certificate Compression (#13117)\n\n* Cap uncompressed length in TLS Certificate Compression\n\n* Set a nullptr\n\n* Update the comment" }, { "commit": "571ee72309a6935e83b017e5618ddb788af019df", "tree": "a5c60fd6a36d89d94f8b549398516769c08acabc", "parents": [ "104936ac425e8cda8ea8bd77ba28010b2e72f6bd" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Thu Apr 23 18:06:14 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 18:06:14 2026 -0500" }, "message": "Fix lock-order inversion deadlock in Diags::tag_activated (#13106)" }, { "commit": "104936ac425e8cda8ea8bd77ba28010b2e72f6bd", "tree": "eba13f2709e75bdd6281cd3babda62121fbfdc4d", "parents": [ "02af45126d976d6eadaf6c09de9bcb8570b4a62e" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Thu Apr 23 08:02:21 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 23 08:02:21 2026 +0900" }, "message": "Relocate HostDB tests and benchmark to standard directories (#13115)\n\n* Move unit tests under unit_tests dir\n\n* Cleanup HostDB unit tests and benchmark" }, { "commit": "02af45126d976d6eadaf6c09de9bcb8570b4a62e", "tree": "1953534436ed8463e176cdce7a8a0e65dbd08ada", "parents": [ "801e8d76cc0c13130afee48150af63fadcb82ebb" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Wed Apr 22 14:46:07 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 14:46:07 2026 -0600" }, "message": "Add support for TLS Certificate Compression (RFC 8879) (#13088)\n\nNew settings:\nproxy.config.ssl.server.cert_compression.algorithms\nproxy.config.ssl.client.cert_compression.algorithms\nproxy.config.ssl.server.cert_compression.cache is going to be added on next PR.\n\nNew metrics:\nproxy.process.ssl.cert_compress.\u003calg\u003e\nproxy.process.ssl.cert_compress.\u003calg\u003e_failure\nproxy.process.ssl.cert_decompress.\u003calg\u003e\nproxy.process.ssl.cert_decompress.\u003calg\u003e_failure" }, { "commit": "801e8d76cc0c13130afee48150af63fadcb82ebb", "tree": "9b394dea966210d6002b4cb6d71fcabca6f0f9dc", "parents": [ "0eac5a15f2e9c073c0da34387ce05914a93283c3" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Apr 22 15:41:06 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 15:41:06 2026 -0500" }, "message": "Fix HTTP/3 crash in HQTransaction::_signal_event (#13093)\n\nThis fixes a crash where the assertion at HttpSM.cc:2765 fails:\n\n ink_assert(default_handler !\u003d (HttpSMHandler) nullptr)\n\nThe crash is triggered when VC_EVENT_EOS, VC_EVENT_ERROR, or a\ntimeout propagates from the QUIC stream up to\nHQTransaction::state_stream_open, which calls _signal_event. The\nprevious implementation forwarded the triggering Event* as the data\nargument to HttpSM::handleEvent. HttpSM::main_handler, however, casts\nthat data to VIO* and uses it to look up the vc_table entry. Because\nan Event* never matches any registered VIO, find_entry returns null\nand main_handler falls through to default_handler. When the SM is in\nearly setup or has already been torn down (kill_this clears\ndefault_handler), default_handler is null and the assertion fires.\n\nThis patch passes the appropriate VIO pointer to each handleEvent\ncall, matching the convention used by _signal_read_event,\n_signal_write_event, and the HTTP/2 Http2Stream equivalents. The\noriginal dual-VIO dispatch is preserved so tunnel consumers bound to\nthe write side still receive connection-level events.\n\nFixes: #12112" }, { "commit": "0eac5a15f2e9c073c0da34387ce05914a93283c3", "tree": "65fbe2ddbf85dedd31f6302b4a0a45a086cff889", "parents": [ "992584c6f076eaedc1d4864a97e3f91a44db1d19" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Wed Apr 22 11:14:30 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 11:14:30 2026 -0600" }, "message": "slice: Fix a crash caused by use-after-free (#13113)" }, { "commit": "992584c6f076eaedc1d4864a97e3f91a44db1d19", "tree": "c659245db4e0f081da6ba87b58d57dd4cbacbe50", "parents": [ "da5f4407dc8c1a37d90d8dc3b4b88b52e6d2ec15" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Wed Apr 22 10:28:24 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 10:28:24 2026 +0900" }, "message": "Clarify HostDBInfo state (#13092)\n\n* Clarify HostDBInfo state\n\n* Address comments from Copilot\n\n* Cleanup comments" }, { "commit": "da5f4407dc8c1a37d90d8dc3b4b88b52e6d2ec15", "tree": "cef5f2c3829771a9056e44e814ff39a46c8864d1", "parents": [ "7e9aa23dd1f101e21e6ef99fc3238c19479006e9" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Tue Apr 21 18:48:09 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 18:48:09 2026 -0500" }, "message": "Add doxygen comment guidance to AGENTS.md (#13112)\n\nThis adds a Doxygen Comments section to AGENTS.md describing the\nconventions agents should follow when documenting code with doxygen\nstyle comments." }, { "commit": "7e9aa23dd1f101e21e6ef99fc3238c19479006e9", "tree": "b6b7439b49d0d0cbd307c7176ee5cf1b75b2981a", "parents": [ "450d3f3bfe2f0853ed98738e6783287a51809176" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Wed Apr 22 08:03:39 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 22 08:03:39 2026 +0900" }, "message": "Cleanup set_connect_fail debug log (#13091)\n\n* Cleanup set_connect_fail debug log\n\n* Fix args\n\n* Include swoc header explicitly" }, { "commit": "450d3f3bfe2f0853ed98738e6783287a51809176", "tree": "0c143188490e149fb5bee92a5111902620b935b5", "parents": [ "12fdb0730899ce95d19f4ded25c408390b9faf9d" ], "author": { "name": "Leif Hedstrom", "email": "zwoop@apache.org", "time": "Tue Apr 21 09:59:19 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 09:59:19 2026 -0600" }, "message": "compress; Fixes a regression in protocol parser (#13107)\n\n* compress; Fixes a regression in protocol parser\n\nThis is a regression I think, in 10.2, where we get warnings like\n\n...(Parse)\u003e (compress) WARNING: failed to interpret \"br,gzip\" at line 2\n\nAlso address copilots concerns\n\n* Fix failing autests, after our fixes. This was broken on master before too." }, { "commit": "12fdb0730899ce95d19f4ded25c408390b9faf9d", "tree": "ef402f57f92738e6638e14e0ddc22d5b283b04c5", "parents": [ "2dde15e2b1a6e08e983befb990d86025709253d7" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Fri Apr 17 16:38:05 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 16:38:05 2026 -0600" }, "message": "Fixx autest tls_sni_ticket so it can work with BoringSSL (#13100)\n\nThe per-SNI override is unavailable with BoringSSL. The expected number of tickets should be different for BoringSSL." }, { "commit": "2dde15e2b1a6e08e983befb990d86025709253d7", "tree": "db395f58eb938b06bd1ae611ca8deac94cec1af1", "parents": [ "5b7ab921da845b92ad1c87eec6a3aef25eb7d1ce" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Fri Apr 17 16:05:03 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 16:05:03 2026 -0600" }, "message": "Replace echo command on autest test cases with printf (#13099)\n\nThe -e option is unavailable on echo command on mac." }, { "commit": "5b7ab921da845b92ad1c87eec6a3aef25eb7d1ce", "tree": "17d24bd13a0f991f77e09fbd439dcb11446720f2", "parents": [ "8e6b5092aba8754f3a0a8679f08697d63fe02364" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 17 17:04:43 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 17:04:43 2026 -0500" }, "message": "Guard HTTP/3 test targets with BUILD_TESTING (#13094)\n\nGuard add_catch2_test for h3 with BUILD_TESTING. Otherwise\n-DBUILD_TESTING\u003doff fails when HTTP/3 builds are enabled." }, { "commit": "8e6b5092aba8754f3a0a8679f08697d63fe02364", "tree": "9bab289a548a362ef8cc42b264d67969d0cd381a", "parents": [ "395bbafae5758f6e09e413495de286568cd76469" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Fri Apr 17 09:07:41 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 09:07:41 2026 -0700" }, "message": "Remove unused member variables across multiple subsystems (#13005)\n\nRemove unused member variables and dead code identified by static\nanalysis across core, cache, net, proxy, and plugin subsystems.\n\n* Event.h: drop dead #ifdef ONLY_USED_FOR_FIB_AND_BIN_HEAP block.\n* HttpSM: remove unused m_last_state, prev_hook_start_time, cur_hooks.\n* CacheVC: reorder fields; rename unused open_read_timeout flag.\n* AIO / ink_aiocb: remove unused aio_state, aio__pad[1], and index.\n These were cargo-culted from POSIX struct aiocb; ink_aiocb is\n internal to ATS and never crosses an ABI boundary.\n* LogBuffer: remove unused m_in_network_order and simplify iterator.\n* Http1{Client,Server}Transaction: remove unused outbound_transparent.\n* ConnectingEntry: remove unused NetVCOptions opt field.\n* ParentConsistentHash: remove unused foundParents member.\n* SSLNetVConnection: remove unused protocol_mask_set and protocol_mask\n (unrelated to the TLSValidProtocols mask used by SNI config)." }, { "commit": "395bbafae5758f6e09e413495de286568cd76469", "tree": "c4ce7a663d88d6588a670d608b12b84ecdfcdb03", "parents": [ "afdf454a8d564fd2f0dfde4e8ca1ac00c324879c" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Fri Apr 17 13:26:33 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 13:26:33 2026 +0900" }, "message": "Add connect_down_policy: 4 for empty reply (#13069)\n\n* Add connect_down_policy: 4 for empty reply\n\n* Fix AuTest failure on Linux" }, { "commit": "afdf454a8d564fd2f0dfde4e8ca1ac00c324879c", "tree": "a38e373c9b04029048f6b488cb46adf2869cbc8b", "parents": [ "cb2b336994e5665aeaf8700765fe7de733f16b74" ], "author": { "name": "Robert Clendenin", "email": "Clendenin@protonmail.com", "time": "Thu Apr 16 15:07:59 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 14:07:59 2026 -0600" }, "message": "Allow full CIDR range (1-128) for IPv6 literals in HRW4U grammar (#13077)\n\n* Allow full CIDR range (1-128) for IPv6 literals in HRW4U grammar\n\n* Added AST test file" }, { "commit": "cb2b336994e5665aeaf8700765fe7de733f16b74", "tree": "c0cbe2966460072000b1fd619ca5d5be1cf73aa3", "parents": [ "e7e30bbea9553d34b38247e96d1cc5128d8aaa60" ], "author": { "name": "Kit Chan", "email": "kichan@apache.org", "time": "Thu Apr 16 12:15:50 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 16 12:15:50 2026 -0700" }, "message": "Add shutdown hook function for lua plugin (#13045)\n\n* Add shutdown hook function for lua plugin\n\n* Update lua function name\n\n* update comments\n\n* Fix problem with calling the lua function\n\n* Update plugins/lua/ts_lua.cc\n\nCo-authored-by: Copilot \u003c175728472+Copilot@users.noreply.github.com\u003e\n\n* Apply suggestion from @Copilot\n\nCo-authored-by: Copilot \u003c175728472+Copilot@users.noreply.github.com\u003e\n\n* Fix format\n\n* Change lua function name\n\n* Fix test formatting\n\n---------\n\nCo-authored-by: Copilot \u003c175728472+Copilot@users.noreply.github.com\u003e" }, { "commit": "e7e30bbea9553d34b38247e96d1cc5128d8aaa60", "tree": "8519b31c9f35b861ed9803b5f27596d782e10e5e", "parents": [ "9089a5c79d9ca206198dc42bbf2dca9144934f59" ], "author": { "name": "Chris McFarlen", "email": "chris@mcfarlen.us", "time": "Wed Apr 15 18:07:09 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 18:07:09 2026 -0500" }, "message": "Make sure string metrics are dumped in RecDumpRecords (#13074)" }, { "commit": "9089a5c79d9ca206198dc42bbf2dca9144934f59", "tree": "07b7f0d36e6cfb8596afa36b0137ed35685c03a1", "parents": [ "42fb5702f4a6103c73e18c52aa37311722b23b0f" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Apr 15 13:20:53 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 13:20:53 2026 -0500" }, "message": "Fix cache_read_vc assertion crash in redirect flow (#13089)\n\nThis fixes a crash where the assertion at HttpCacheSM.cc:137 fails:\n\n ink_assert((cache_read_vc \u003d\u003d nullptr) ||\n master_sm-\u003et_state.redirect_info.redirect_in_process)\n\nThe crash occurs when a redirect cache lookup completes after\nredirect_in_process has been cleared, but cache_read_vc from the\noriginal request is still set. The root cause is that reset() only\nresets captive_action but does not close the existing cache_read_vc\nor cancel any pending retry events.\n\nThis patch adds the missing cleanup to reset(): it now closes any\nexisting cache read VC and cancels pending retry events before\nstarting a new cache operation. This ensures stale state from a\nprevious cache operation cannot interfere with the new one." }, { "commit": "42fb5702f4a6103c73e18c52aa37311722b23b0f", "tree": "7ad6927835a31c9191838a3eca6fb49a1cf895ce", "parents": [ "7bf5877ff8886ff0a042966c0c5fc22186c85df8" ], "author": { "name": "Damian Meden", "email": "dmeden@apache.org", "time": "Wed Apr 15 09:59:29 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 09:59:29 2026 +0200" }, "message": "`plugin.config` to `plugin.yaml` migration. (#13070)\n\n* Add plugin.yaml as YAML alternative to plugin.config\n\nIntroduce plugin.yaml, a YAML-based configuration file for global\nplugins that replaces the legacy line-based plugin.config format.\n\nNew capabilities over plugin.config:\n- enabled: false to disable plugins without removing them\n- load_order for explicit plugin loading priority\n- NOTE-level startup log per plugin with load status\n- traffic_ctl plugin list via JSONRPC for runtime introspection\n- traffic_ctl config convert plugin_config for automated migration\n- Fallback: plugin.yaml takes precedence; plugin.config used if absent\n\n* Add inline config field to plugin.yaml\n\nAdd the \u0027config\u0027 field to plugin.yaml entries, allowing plugin\nconfiguration to be embedded directly using a YAML block scalar (|).\nThe literal text is written to a temporary file at startup and passed\nto the plugin as an argument. Only scalar values are accepted;\nstructured YAML is rejected to preserve quoting semantics that\nplugins like txn_box rely on." }, { "commit": "7bf5877ff8886ff0a042966c0c5fc22186c85df8", "tree": "9cb7bedb400cf53194279b45d95312c325b73b3e", "parents": [ "05554caba9eff692313aa0d0e6eb7fbe1b0f3cea" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Wed Apr 15 07:50:43 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 15 07:50:43 2026 +0900" }, "message": "Fix AuTest with ssl_multicert (#13087)\n\n* Fix AuTest with ssl_multicert\n\n* Fix tunnel_active_timeout\n\n* Rollback ssl_multicert.yaml change" }, { "commit": "05554caba9eff692313aa0d0e6eb7fbe1b0f3cea", "tree": "cbc38a40042cf6dcdfcfb0117ace0c039f1e86cc", "parents": [ "234bb4a2b7c999a2f573614f56ba7e0b38c017d5" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Mon Apr 13 17:18:40 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 17:18:40 2026 -0500" }, "message": "Log malformed HTTP/2 requests (#13059)\n\nUnlike HTTP/1 transactions, malformed HTTP/2 requests are rejected\nbefore HttpSM creation, so they bypassed the normal transaction logging\npath. That left malformed h2 traffic out of squid.log even when similar\nh1 failures were visible.\n\nThis adds a pre-transaction LogAccess path for malformed h2 request\nheaders and emits a best-effort access log entry before resetting the\nstream." }, { "commit": "234bb4a2b7c999a2f573614f56ba7e0b38c017d5", "tree": "209e20e2ba5b373f3f373b6da43f0977939d22ff", "parents": [ "2baa396b90b2550101c5acc2273123afcc1fcb14" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Apr 13 13:57:24 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:57:24 2026 -0700" }, "message": "Fix prev_is_cr flag handling in chunked encoding parser (#13036)\n\nThe prev_is_cr flag in ChunkedHandler::read_size() was being set\nwithin conditional expressions but not consistently updated, which\ncould cause it to retain stale values across parsing iterations.\n\nUpdate the flag at the end of each loop iteration to ensure it\naccurately reflects the current character state. This improves the\ncorrectness of line break validation when parsing chunked transfer\nencoding with strict_chunk_parsing enabled." }, { "commit": "2baa396b90b2550101c5acc2273123afcc1fcb14", "tree": "97afde4f9943c0b4a5cd135ac11fb801f0b93b77", "parents": [ "123b6686ea16e46dc4bbe07477853004f6f9448d" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Apr 13 13:51:20 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:51:20 2026 -0700" }, "message": "Add ERR_TUN_ACTIVE_TIMEOUT squid code for tunnel timeouts (#12786)\n\n* Add ERR_TUN_ACTIVE_TIMEOUT squid code (\u0027T\u0027) so CONNECT\n tunnel timeouts are visible in access logs via the crc\n field instead of only in DEBUG output.\n* Set the code in tunnel_handler_ssl_producer() and\n tunnel_handler_ssl_consumer() on VC_EVENT_ACTIVE_TIMEOUT.\n* Add the code to traffic_logstats switch statements so\n tunnel timeouts count in the errors bucket.\n* Add autest with Python CONNECT client that triggers a\n tunnel timeout and verifies the log entry." }, { "commit": "123b6686ea16e46dc4bbe07477853004f6f9448d", "tree": "298e83dd3fb8042e3f10d6a55261ff710892bf82", "parents": [ "89fd6dbb85fcb7081812a7601ad2f6f1b1fe6056" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Apr 13 13:49:15 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:49:15 2026 -0700" }, "message": "Fix ASAN-detected plugin bugs across five components (#13013)\n\n* Fix heap-buffer-overflow in stats_over_http -- use %.*s\n with string_view length instead of %s.\n* Fix delete type mismatch in ja4_fingerprint -- delete as\n JA4_data* and cast consistently in handle_read_request_hdr.\n* Fix use-after-free in txn_box Config destructor -- reorder\n _arena before _roots so arena outlives directive memory.\n* Fix memory leak in slice plugin -- free urlstr before\n early return on invalid content length.\n* Fix use-after-free in async_engine test plugin -- save\n writefd before OPENSSL_free releases backing memory." }, { "commit": "89fd6dbb85fcb7081812a7601ad2f6f1b1fe6056", "tree": "c66efcb1468426167ee6108659a6850420681d24", "parents": [ "1c9753039c46e83c9e380c9c0146abdfbf3c42f4" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Apr 13 13:42:07 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:42:07 2026 -0700" }, "message": "Add 204 and 308 to heuristically cacheable status codes (#13015)\n\n* Add 204 (No Content) and 308 (Permanent Redirect) to the\n heuristic caching allowlist in is_response_cacheable(),\n per RFC 9110 Section 15.1.\n* Add autest validating all seven RFC 9110 heuristically\n cacheable codes (200, 203, 204, 300, 301, 308, 410) are\n cached with only Last-Modified present, and non-cacheable\n codes (302, 307, 400, 403) are not." }, { "commit": "1c9753039c46e83c9e380c9c0146abdfbf3c42f4", "tree": "7e207d4484537573ee87f2b1b2682109e9b517d2", "parents": [ "77beafaedd43612475f3153760bde662e4f94f31" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Apr 13 13:35:24 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:35:24 2026 -0700" }, "message": "Fix memory leaks in SSL subsystem (#13026)\n\n* Fix SSLOriginSessionCache destructor -- drain all queued\n SSLOriginSession nodes before the map is destroyed. The\n destructor was previously empty.\n* Allocate origin session cache once instead of delete/new on\n reload -- concurrent TLS handshakes hold bare pointers to\n the global. Let entries age out naturally.\n* Free ssl_ocsp_user_agent before overwriting on config reload.\n* Clear BIO_FLAGS_MEM_RDONLY before BIO_free so internal\n BUF_MEM structures are properly released." }, { "commit": "77beafaedd43612475f3153760bde662e4f94f31", "tree": "3a090558f27ef9b0e04384e5066662a2363740bd", "parents": [ "4f97333f2ed8a25719f302d8ec628f42a31cd4e7" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Apr 13 13:21:49 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 13:21:49 2026 -0700" }, "message": "Clean up stale LSAN suppression entries (#13029)\n\n* Fix HTTPHdr leaks in test helpers using ts::PostScript scope\n guards instead of manual destroy() on every error path.\n* Remove goto/done pattern in test_http_hdr_copy_over_aux,\n replace with if-not-error chaining.\n* Remove 3 stale regression LSAN suppressions for deleted or\n Catch2-converted tests.\n* Remove 6 obsolete unit test suppressions for OpenSSL 1.0.2,\n OpenSSL 1.1, ConsCell, and PCRE1.\n* Restore TSHttpConnect suppressions -- generate_request still\n leaks." }, { "commit": "4f97333f2ed8a25719f302d8ec628f42a31cd4e7", "tree": "607c40b36ddf0eeac0255e304f9cd747e23d7e73", "parents": [ "c52cddf6c8553583a163785b7e818e0574f926a6" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Mon Apr 13 09:45:23 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 09:45:23 2026 -0600" }, "message": "Fix use-after-free in ParsedConfigCache for short config strings (#13078)\n\n- Fix use-after-free in ParsedConfigCache when config values are short enough for std::string SSO (Small String Optimization)\n- ParsedValue::parse() returned by value, and emplace moved it into the map — relocating the SSO inline buffer while string_views in TargetedCacheControlHeaders::headers[] still pointed to the old address\n- Make ParsedValue non-movable and use try_emplace + parse_into() so parsing happens directly in the map node\n- Also fixes the same class of bug for HostResData::conf_value and HttpStatusCodeList::conf_value pointers\n\nReproducer: configure conf_remap with a short targeted header value like ACME-Cache-Control (18 chars, within libc++ SSO threshold of 22). The string_views in the per-transaction override become dangling, causing incorrect cache\nbehavior.\n\nThe SSO threshold varies by standard library — libc++ (macOS/clang): 22 bytes, libstdc++ (GCC/Linux): 15 bytes. A value like ACME-Cache-Control (18 chars) triggers SSO on libc++ but uses heap allocation on libstdc++, where the buffer\npointer survives the move. This is why the bug may reproduce on macOS but not on Linux CI with GCC." }, { "commit": "c52cddf6c8553583a163785b7e818e0574f926a6", "tree": "8c0acb6e6fb88dbbb6bddaa245f6069150449a0c", "parents": [ "f37bcf92fbb2f1ccc46a04028dadd12dc8df69fd" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Mon Apr 13 08:28:04 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 08:28:04 2026 +0900" }, "message": "Cleanup: memory cache lookup code (#13060)" }, { "commit": "f37bcf92fbb2f1ccc46a04028dadd12dc8df69fd", "tree": "42df497f0d94824c87ca1a3788daf5ef6f170e11", "parents": [ "18112d81a711c1971ba0a53633a975ab0bf4fec0" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Fri Apr 10 16:59:55 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 16:59:55 2026 -0600" }, "message": "jax_fingerprint: Add --log-field option for custom log fields (#13084)\n\n- Add --log-field \u003csymbol\u003e option to jax_fingerprint plugin that registers a custom log field usable in logging.yaml format strings (e.g., --log-field jaxja4 enables %\u003cjaxja4\u003e)\n- Change TSLogMarshalCallback and LogField::CustomMarshalFunc from raw function pointers tostd::function to support capturing lambdas, enabling plugins to register log field callbacks with state" }, { "commit": "18112d81a711c1971ba0a53633a975ab0bf4fec0", "tree": "c9abbc1aeae73eef98197d8fc6e1947cd0cde576", "parents": [ "1541fb256d18da6cdf4412002239e791f33d54cf" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 10 17:06:25 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 17:06:25 2026 -0500" }, "message": "jax_fingerprint: ja4_common -\u003e common (#13085)\n\nThe jax_fingerprint common directory, over time, will be helpful for\nmore than just sharing between ja4 methods. Changing it to a more\ngeneric name." }, { "commit": "1541fb256d18da6cdf4412002239e791f33d54cf", "tree": "b5a345716018c76088ecfdd3717dd50dfeb17a45", "parents": [ "ad2940c776ee86d9eac24a2ee4dc4d80c91e9991" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 10 16:15:49 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 16:15:49 2026 -0500" }, "message": "jax_fingerprint: Address user arg slot exhaustion (#13082)\n\nWhen multiple jax_fingerprint.so instances are loaded (e.g., one per\nfingerprinting method), each instance was reserving its own user arg\nslot. ATS has a limited number of slots (~4 per type), causing methods\nlike JA3 and JA4 to fail silently when slots were exhausted.\n\nSolution: Share a single user arg slot per type (TS_USER_ARGS_VCONN or\nTS_USER_ARGS_TXN) across all jax_fingerprint instances. A ContextMap\nstores JAxContext instances keyed by method name." }, { "commit": "ad2940c776ee86d9eac24a2ee4dc4d80c91e9991", "tree": "9554b6c15eed4ffe79eaa9c125135d40c66d4b12", "parents": [ "ebb5e3474d403c24e47fb32f5de78fa4ae12699a" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Fri Apr 10 09:33:27 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 10 09:33:27 2026 -0600" }, "message": "Refactor jax_fingerprint plugin for better modularity and fewer allocations (#13072)\n\nEach subdirectory (ja3/, ja4/, ja4h/) now follows a consistent structure: method.cc/.h for the fingerprint method, test.cc for tests, plus algorithm-specific files. Redundant prefixes removed since subdirectories provide context.\n\nTests updated to match. No functional changes." }, { "commit": "ebb5e3474d403c24e47fb32f5de78fa4ae12699a", "tree": "47f6a5301fff50050d7abc99f888db288a726b69", "parents": [ "edb548b572ca22604ce9e1d4e0dd43c73d019aed" ], "author": { "name": "Leif Hedstrom", "email": "zwoop@apache.org", "time": "Thu Apr 09 11:14:51 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 11:14:51 2026 -0600" }, "message": "hrw4u: Fix u4wrh HEADER value resolution missing section context (#13068)\n\n* hrw4u: Fix u4wrh HEADER value resolution missing section context\n\n_handle_set_rm_operation was passing None as the section to\n_rewrite_inline_percents, causing %{HEADER:...} in operator\nvalues to always resolve to the default inbound.resp. prefix\ninstead of the correct context-dependent prefix.\n\n* Address Copilot\u0027s review" }, { "commit": "edb548b572ca22604ce9e1d4e0dd43c73d019aed", "tree": "ba654ea61912bc08fe9cd4e9e9f539f6ab98d30e", "parents": [ "910f3e53e9e1ad1572d23e95532aae946e7c1e1f" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Apr 08 15:32:34 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 15:32:34 2026 -0500" }, "message": "Upgrade bundled RAT to 0.17 (#13071)\n\nThis switches the bundled RAT tool to the official 0.17 release\nand updates the rat target to use the new exclude-file CLI.\n\nThis rewrites the exclusion list for RAT 0.17 path matching so the\nexisting ignored inputs still stay out of the report. It also excludes\nhuge_resp_hdrs.conf because RAT 0.17 misclassifies that fixture as an\nunknown file type despite its ASF header.\n\nCo-authored-by: bneradt \u003cbneradt@yahooinc.com\u003e" }, { "commit": "910f3e53e9e1ad1572d23e95532aae946e7c1e1f", "tree": "8e5f26549ff74562c253f1cf94b7670edd713ae0", "parents": [ "3d5bbd8c943c820383131391b1da57f93b71cd04" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Wed Apr 08 09:40:22 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 09:40:22 2026 -0600" }, "message": "Add jax_fingerprint plugin (#12995)\n\nThis adds an experimental plugin jax_fingerprint. The basic functionality is the same as ja3_fingerprint and ja4_fingerprint, but the configuration is more flexible." }, { "commit": "3d5bbd8c943c820383131391b1da57f93b71cd04", "tree": "d3d8f6bb3d009a0563db24325e846bb9ac239c5e", "parents": [ "e99a83c458d48ce1514ab7e1d73c04a1935422b9" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Apr 08 10:13:53 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 10:13:53 2026 -0500" }, "message": "Ignore uv.lock in RAT exclusions (#13066)\n\nThis updates the RAT exclusion list to ignore generated uv.lock\nfiles. These lockfiles are auto-generated and should not be modified\nto carry project license headers." }, { "commit": "e99a83c458d48ce1514ab7e1d73c04a1935422b9", "tree": "71838a95e009c3d94b1548896e822dd94cc6d92e", "parents": [ "52688fe38698c85fafea750670509d864febe75d" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Wed Apr 08 07:53:41 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 08 07:53:41 2026 +0900" }, "message": "Flush logs before shutdown (#13065)" }, { "commit": "52688fe38698c85fafea750670509d864febe75d", "tree": "212ddc990e112344bc40162f595133ac085b5161", "parents": [ "4f9f3eaaa70d28abc280de5fb32331c7d5af8536" ], "author": { "name": "Chris McFarlen", "email": "chris@mcfarlen.us", "time": "Tue Apr 07 16:38:53 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 07 16:38:53 2026 -0500" }, "message": "Fix MATCH_SET parsing of quoted items and add tests (#13024)\n\n* Fix MATCH_SET parsing of quoted items and add tests\n\nThe set parser was incorrectly advancing \u0027start\u0027 by skip_quotes\nafter a comma, causing the second and subsequent quoted items to\nbe parsed with their leading characters truncated.\n\nAdd a unit test for quoted set parsing and enable the test_matcher\nbuild target (fix linker issue by removing resources.cc and adding\nstubs). Add autest coverage for quoted sets in header_rewrite\nbundle.\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n* link cripts to test if enabled\n\n* nevermind, that test is cursed\n\n---------\n\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "4f9f3eaaa70d28abc280de5fb32331c7d5af8536", "tree": "0083a476fff0b90845fa6bf213cefd7f73dbe716", "parents": [ "a69cce618d9333a35b264999623bcc805090bebf" ], "author": { "name": "Amir Sarabadani", "email": "Ladsgroup@gmail.com", "time": "Tue Apr 07 21:04:01 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 07 14:04:01 2026 -0500" }, "message": "Fix typos (#13064)\n\nThis is done via a script I wrote to report typos and after I checked them\nmultiple times manually, I applied the correct ones. No AI was used." }, { "commit": "a69cce618d9333a35b264999623bcc805090bebf", "tree": "b1b2c4b9be71a5543c4ab70016dd19583aa55b9e", "parents": [ "da065fb2e22c86478c1c3de842ac00f94a81443b" ], "author": { "name": "Hiroaki Nakamura", "email": "hnakamur@gmail.com", "time": "Tue Apr 07 11:31:58 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 07 11:31:58 2026 +0900" }, "message": "Install rustup instead of cargo to use a newer version of rustc (#13057)\n\nThis is needed to avoid the following error while building the Cloudflare quiche library:\nerror: package `serde_with v3.18.0` cannot be built because it requires rustc 1.88 or newer, while the currently active rustc version is 1.75.0" }, { "commit": "da065fb2e22c86478c1c3de842ac00f94a81443b", "tree": "08f6c89ee427966874f261962f801a8d5bb6a1e5", "parents": [ "efada792bd9c7e0b98ad7ee85ad58b21b9e6b08f" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Sat Apr 04 08:53:15 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Apr 04 08:53:15 2026 +0900" }, "message": "Fix Coverity 1646593-1646605 (#13048)\n\nsrc/config/storage.cc:\n- CID 1646599: span.hash_seed \u003d std::move(hash_seed)\n- CID 1646594: vol_span_map[...].push_back(std::move(path_tok))\n- CID 1646604: return {std::move(result), std::move(errata)} in parse_legacy_storage_config\n- CID 1646603: return {std::move(result), std::move(errata)} in parse_legacy_volume_config\n- CID 1646598: vol.scheme \u003d std::move(s)\n- CID 1646593: both returns in parse_content use std::move(result)\n- CID 1646601: print original string\n\nsrc/config/unit_tests/test_storage.cc:\n- CID 1646605: config.spans.push_back(std::move(span1))\n- CID 1646600: config.volumes.push_back(std::move(vol1)) (YAML test)\n- CID 1646595: config.spans.push_back(std::move(span1))\n- CID 1646602: config.volumes.push_back(std::move(vol1)) (JSON test)\n\nsrc/iocore/cache/unit_tests/test_ConfigVolumes.cc:\n- CID 1646596 \u0026 1646597: Added REQUIRE(vN !\u003d nullptr) guards" }, { "commit": "efada792bd9c7e0b98ad7ee85ad58b21b9e6b08f", "tree": "f842000dd01a28da1052047f2b2938481dd1da28", "parents": [ "c478245dfb6ead66186c2b413371f6ea4cda4d3d" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 03 15:10:22 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 15:10:22 2026 -0500" }, "message": "Add autest for empty POST framing: 411 response (#13055)\n\nAdd a replay-based autest for a POST request that omits both\nContent-Length and Transfer-Encoding. This captures the current\n411 response in ATS and gives us a focused reproducer for issue\n12960.\n\n411 is in compliance with the RFC:\n\nhttps://datatracker.ietf.org/doc/html/rfc9112#section-6.3\n\n A server MAY reject a request that contains a message body but not a\n Content-Length by responding with 411 (Length Required).\n\nFixes: #12960" }, { "commit": "c478245dfb6ead66186c2b413371f6ea4cda4d3d", "tree": "fed5e4f49650dd5acd41e3562fb56fcff925afd7", "parents": [ "49cb7c8e6ec38f39ea44d5ebae4aec4f291beb7a" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 03 12:39:07 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 12:39:07 2026 -0500" }, "message": "Add log field fallbacks (#13018)\n\nAllow custom log formats to fall back between header fields with\n`??` so configs can log a secondary header when the primary one is\nabsent. This keeps the feature in the existing `%\u003c...\u003e` syntax and\npreserves the current distinction between missing and empty values.\n\nThis also:\n\n- Allows overriding the default static fallback from `-` to\nsome user-specified quoted string literal.\n- Adds support for a final non-header log field (e.g., chi, cqup) as \nthe fallback term, letting users write expressions like\n%\u003c{x-remote-ip}cqh??chi\u003e." }, { "commit": "49cb7c8e6ec38f39ea44d5ebae4aec4f291beb7a", "tree": "6f7129e56dadc29314b3b55cce210623aae3f5e5", "parents": [ "bf36ea7b1fce53b74889b79b3427999635a3a361" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 03 12:37:02 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 12:37:02 2026 -0500" }, "message": "tests/gold_tests/headers tests: use ATSReplayTest (#13033)\n\nMove the replay-friendly headers gold tests to ATSReplayTest\nwrappers and describe their ATS, origin, and client setup in\nreplay YAML.\n\nThis keeps the cache, range, redirect, HSTS, and alternate\nhandling coverage while making the tests easier to read and\nmaintain, and removes the old gold files left orphaned by the\nconversion." }, { "commit": "bf36ea7b1fce53b74889b79b3427999635a3a361", "tree": "0cca8b080a036fbc817cdf13ec968b07ee2c1b97", "parents": [ "de776b0b2755f0875283d5d4ce959dfe16cafe9b" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 03 12:20:50 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 12:20:50 2026 -0500" }, "message": "Assert absent proxy requests in replays (#13054)\n\nProxy Verifier v3.1.2 can now assert that ATS does not send an\nupstream request. Update replay transactions that serve from cache or\notherwise respond locally to use proxy-request.expect: absent.\n\nThis makes the no-origin cases explicit across the gold tests and\nturns the old trap server responses into a direct expectation. Leave\nthe cache-control-basic miss transaction alone because it must still go\nupstream to prime the cache, and fix one stale HEAD/GET cache comment\nso the replay text matches the origin behavior.\n\nCo-authored-by: bneradt \u003cbneradt@yahooinc.com\u003e" }, { "commit": "de776b0b2755f0875283d5d4ce959dfe16cafe9b", "tree": "04799a43eaf1016cb233984a1f4389f53cd2ba41", "parents": [ "0719e5fcbaec10f4d6ed56f5112043dd3c882de3" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Apr 03 09:43:59 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 03 09:43:59 2026 -0500" }, "message": "Reject malformed Host header ports (#13050)\n\nReject malformed Host field authorities before ATS reuses them as\nrequest targets or cached host state. Shared Host parsing now requires\nhost or host:port syntax, enforces bracketed IPv6 when a port is\npresent, and rejects invalid or out-of-range ports.\n\nThis patch adds http_parse_host_header, a new host parser function which\nalso validates the required host header format. The patch also updates\nthe various host header parsing logic blocks across ATS to use the new\nparser.\n\nReported-by: Ankit Singh\n\nFixes: #13049" }, { "commit": "0719e5fcbaec10f4d6ed56f5112043dd3c882de3", "tree": "77c7dd29a398745390b5476e48602abb7b5a4ab1", "parents": [ "efeeffaffa661d0befcfaa26b564da6b0d9308b1" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Thu Apr 02 14:15:13 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 14:15:13 2026 -0500" }, "message": "Proxy Verifier v3.1.2 (#13051)\n\nThis updates Proxy Verifier to v3.1.2. This includes a new feature that\ncan verify that a request of a certain key (uuid) does not make it to\nthe origin." }, { "commit": "efeeffaffa661d0befcfaa26b564da6b0d9308b1", "tree": "b353e1a368ee85488a7bcfd7a013b6accbdf1a5e", "parents": [ "a6d60b23b6e0a83a36b71752188957fb2a814710" ], "author": { "name": "Leif Hedstrom", "email": "zwoop@apache.org", "time": "Thu Apr 02 10:14:27 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 10:14:27 2026 -0600" }, "message": "hrw4u/header_rewrite: Add session-scope state variables (#12989)\n\n* hrw4u/header_rewrite: Add session-scope state variables\n\nAdd SESSION-FLAG, SESSION-INT8, and SESSION-INT16 conditions and\ntheir corresponding set-session-flag, set-session-int8, and\nset-session-int16 operators to the header_rewrite plugin. These\nmirror the existing transaction-scoped state variables but persist\nacross keep-alive requests on the same connection, using a\nTS_USER_ARGS_SSN slot. The condition and operator classes are\nparameterized with a TSUserArgType scope argument to avoid code\nduplication. The hrw4u transpiler adds a SESSION_VARS section for\ndeclaring session-scoped variables, and the reverse transpiler\nhandles both scopes. Documentation and tests are included.\n\nCo-Authored-By: Craig Taylor\n\n* Address Copilot review comments\n\nUse SESSION_VARS instead of VARS for session sandbox check.\nReserve user-arg slots lazily per scope in acquire_state_slot().\nFix _state_vars type annotation to include VarScope in key tuple.\n\n* Address bneradt\u0027s review: wire SESSION_VARS into kg and LSP\n\nkg_visitor.py was missing sessionVarSection dispatch in visitSection,\ncausing hrw4u-kg to silently drop SESSION_VARS blocks. lsp/strings.py\nonly detected VARS { ... } for declaration mode, leaving session-scoped\nvariables without hover/type metadata in hrw4u-lsp." }, { "commit": "a6d60b23b6e0a83a36b71752188957fb2a814710", "tree": "d64517aa95520e5ed3b3e447a1bab0c993c83f0f", "parents": [ "16facce691d4c67fadceb09369c7c8b7b19cde4a" ], "author": { "name": "Masaori Koshiba", "email": "masaori@apache.org", "time": "Wed Apr 01 09:59:17 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 01 09:59:17 2026 +0900" }, "message": "Replace storage.config and volume.config with storage.yaml (#13031)\n\n* Replace storage.config \u0026 volume.config by storage.yaml\n\n* Doc: storage.yaml\n\nCo-authored-by: Alan M. Carroll \u003camc@apache.org\u003e\n\n* Fix unit tests with ASan\n\n* Fix cache_volume_features AuTest\n\n* Fix CacheProcessor::diskInitialized\n\n* Minor fixes\n\n* Configuration Parsing Library Support\n\n* Add \u0027traffic_ctl config convert storage\u0027 cmd\n\n* Claenup\n\n---------\n\nCo-authored-by: Alan M. Carroll \u003camc@apache.org\u003e" }, { "commit": "16facce691d4c67fadceb09369c7c8b7b19cde4a", "tree": "492d4bd59c277e0195024e51e2000c6aec9be826", "parents": [ "5f30ce6dc38792b68e99d8dd10df7842717b01d6" ], "author": { "name": "Evan Zelkowitz", "email": "eze@apache.org", "time": "Tue Mar 31 17:17:41 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 17:17:41 2026 -0600" }, "message": "Try to change uid/gid on plugin runtime dir before dropping privs, if POSIX not available (#13046)\n\n* Try to change uid/gid on plugin runtime dir before dropping privs, if POSIX not available\n\nAlso add chown for log dir+files" }, { "commit": "5f30ce6dc38792b68e99d8dd10df7842717b01d6", "tree": "c7ad1d228e5f193f3419e76bd48c9ab63624fd24", "parents": [ "fbf9277c0400be4a9b35b9937de97583952ba699" ], "author": { "name": "Mo Chen", "email": "mochen@apache.org", "time": "Tue Mar 31 14:48:40 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 14:48:40 2026 -0500" }, "message": "[usdt] http_attach_client_session: add args (#13041)\n\nAdd the following USDT arguments to http_attach_client_session: transaction id, netVC id." }, { "commit": "fbf9277c0400be4a9b35b9937de97583952ba699", "tree": "2da690e2e2bf492899d850ecc1eceb7bd7157e9a", "parents": [ "5444571f415bf7318fce2f605cdf024bde5c211f" ], "author": { "name": "Chris McFarlen", "email": "chris@mcfarlen.us", "time": "Tue Mar 31 14:31:30 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 14:31:30 2026 -0500" }, "message": "Fix link_libraries for cripts unit tests (#13047)" }, { "commit": "5444571f415bf7318fce2f605cdf024bde5c211f", "tree": "3de127ae282f1bce60984a74d6779d216a4793aa", "parents": [ "064014b40f2f2388e47eb2c0f69619dccc9b6828" ], "author": { "name": "Chris McFarlen", "email": "chris@mcfarlen.us", "time": "Mon Mar 30 17:31:53 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 17:31:53 2026 -0500" }, "message": "hrw: Refix loading geodb files (#13025)\n\n* Restore old behavior to only call geo init with a geopath\n\n* Split geo init from plugin init" }, { "commit": "064014b40f2f2388e47eb2c0f69619dccc9b6828", "tree": "5d3b5f3e12b0833bcdd9ef2a2b215fd4eca3336f", "parents": [ "7ca87021edd52eb20520864d94becf53ef2fb1c3" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Mon Mar 30 17:10:26 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 17:10:26 2026 -0500" }, "message": "Use AddAwaitFileContainsTestRun more in autests (#13034)\n\nThis switches the migrated gold tests from condwait file polling to\nAddAwaitFileContainsTestRun so they wait for stable log content\nrather than raw file creation.\n\nThis also:\n\n- Makes the await helper safe for regex needles\n- Cleans up stale condwait path leftovers from earlier migrations." }, { "commit": "7ca87021edd52eb20520864d94becf53ef2fb1c3", "tree": "47e9c306581e31b8839e0955557e245400819309", "parents": [ "e16aa16d07e1a8b2c7cae98bbee3bc25233d86c9" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Mar 30 15:00:05 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 15:00:05 2026 -0700" }, "message": "Fix memory leaks in core shutdown path (#13027)\n\n* Fix NetAccept leak in stop_accept() — delete objects after\n stopping and clear naVec.\n\n* Fix acceptor objects leak — delete SSLNextProtocolAccept,\n ProtocolProbeSessionAccept, and plugin accepts in\n stop_HttpProxyServer().\n\n* Fix AIOCallback leak for API-originated AIO ops — add\n from_api flag, delete callback in io_complete and on\n error path." }, { "commit": "e16aa16d07e1a8b2c7cae98bbee3bc25233d86c9", "tree": "fb65a5beba2002c6aaa9a9eee237593dbbb61e0d", "parents": [ "72ad8fbdc01b21679b6bedf63ea9223e6319da17" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Mar 30 14:56:56 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 14:56:56 2026 -0700" }, "message": "Fix memory leaks in plugins (#13028)\n\n* Fix leak in client_context_dump — free results array after\n iterating context names in CB_context_dump.\n\n* Fix leak in s3_auth ConfigCache — add destructor to delete\n all cached S3Config pointers on shutdown.\n\n* Fix leak in stale_response — free log_info.filename in\n ConfigInfo destructor when strdup()d." }, { "commit": "72ad8fbdc01b21679b6bedf63ea9223e6319da17", "tree": "1043f186e3112850cf910c12b373cdaccd248364", "parents": [ "d3ef5233aa07a0873c2f139ec4222f86e2ab89c1" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Mar 30 14:54:31 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 14:54:31 2026 -0700" }, "message": "Fix three high-impact Coverity defects (#13030)\n\n* CID 1644226: Fix use-after-free in slice plugin — move\n TSfree() after last use of urlstr in DEBUG_LOG.\n\n* CID 1644298: Fix OOB write in IpAllow — break after\n MAX_SUBJECTS exceeded instead of continuing.\n\n* CID 1644219: Fix missing null terminator in slice plugin —\n replace strncpy() with memcpy() + explicit null terminator.\n\n* Add gold tests for IpAllow subjects overflow and slice\n long ETag edge cases." }, { "commit": "d3ef5233aa07a0873c2f139ec4222f86e2ab89c1", "tree": "5a032e1175e257d0f65c8e4a42af2024d74c1c2e", "parents": [ "15e879bb97a7f30efaabae808c3d4a8776fa55ea" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Mon Mar 30 16:05:57 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 16:05:57 2026 -0500" }, "message": "HttpSM - make sure we have a valid buffer to write on. (#13040)\n\nAdd a check to make sure we have a valid buffer for tunnel producer to\nwrite on." }, { "commit": "15e879bb97a7f30efaabae808c3d4a8776fa55ea", "tree": "65b871eacceeb5bc19adc8248fbc8434de1cb60f", "parents": [ "4a5f558fe9cf7bda84d37302f641e95fa699964b" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Mar 27 17:35:42 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 27 17:35:42 2026 -0500" }, "message": "sigusr2 autest: simplify Process and Ready objects (#13021)\n\nRewrite the sigusr2 autest to drive each scenario from a single\nshell helper script instead of a chain of AuTest Processes.\n\nThis removes the Ready-condition races from the old test, keeps the\nsignal and log rotation ordering in one place, and makes the log file\nexpectations easier to follow. This should address flakiness in the\ntest that has been seen in CI.\n\nCo-authored-by: bneradt \u003cbneradt@yahooinc.com\u003e" }, { "commit": "4a5f558fe9cf7bda84d37302f641e95fa699964b", "tree": "3bb8e6605a537b3c242e286458889a8b1592d71a", "parents": [ "a08ece9b05348c5c2094915c97b1492b585687e3" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Thu Mar 26 18:30:24 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 26 18:30:24 2026 -0700" }, "message": "tools: Add traffic_grapher for real-time ATS metrics visualization (#12848)\n\n* Add traffic_grapher.py, a Python tool that displays\n real-time graphs of RPS, latency, cache hit rate, and\n connections via JSONRPC Unix socket. Supports 1-4 hosts\n with multi-host comparison.\n\n* Renders matplotlib charts inline in iTerm2 via imgcat\n with dark theme. Optional GUI mode with keyboard\n navigation (h/l or arrows) across 4 metric pages.\n\n* Auto-discovers JSONRPC socket path on target hosts.\n Configurable refresh interval and history window." }, { "commit": "a08ece9b05348c5c2094915c97b1492b585687e3", "tree": "36c3e5db64ac9dd0e281f2c9eef77de2bc47d318", "parents": [ "33800d2f41dba13dfa1085af9ee25404813dd1e2" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 25 18:10:46 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 25 18:10:46 2026 -0700" }, "message": "Initialize uninitialized pointer and scalar members in QUIC and tscpp classes (#13023)\n\nAdd default member initializers for pointer, scalar, and enum members\nthat Coverity flagged as uninitialized:\n\n- QUICStreamError::stream (nullptr)\n- QUICSentPacketInfo: packet_number, ack_eliciting, in_flight,\n sent_bytes, time_sent, type, pn_space\n- QUICSentPacketInfo::FrameInfo::_generator (nullptr)\n- QUICTransferProgressProviderSA::_adapter (nullptr)\n- InterceptPlugin::state_ (nullptr)\n- AsyncTimer::state_ (nullptr)" }, { "commit": "33800d2f41dba13dfa1085af9ee25404813dd1e2", "tree": "ae7c5147fa0256898371a60727d594d72a922b78", "parents": [ "aee8084fbb318c70ed70967f4edcff71a0466c68" ], "author": { "name": "Mo Chen", "email": "mochen@apache.org", "time": "Wed Mar 25 17:37:17 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 25 17:37:17 2026 -0500" }, "message": "Add HTTP result code to USDT milestone_sm_finish (#12937)" }, { "commit": "aee8084fbb318c70ed70967f4edcff71a0466c68", "tree": "5f2bfe0562801e6f86615e2af803f12dd91be8b6", "parents": [ "ff31470a8c46ef6eb45e32d8cb75f6a1ed1a8d61" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Mar 25 17:33:12 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 25 17:33:12 2026 -0500" }, "message": "log-milestone-fields: stabilize across ms truncation (#13019)\n\nUpdate the log-milestone-fields validator script to use a tolerance that\nmatches per-field millisecond truncation. Also wait for the content of\nthe expectred log lines, not just the existence of the log itself,\nbefore validating to ensure that the log entries are present when the\nvalidator runs." }, { "commit": "ff31470a8c46ef6eb45e32d8cb75f6a1ed1a8d61", "tree": "4aadf98c79ecd88a5f3545d53030b08ac9907833", "parents": [ "1252ea460dd5e007c6368b0ecadb5c5fb939b745" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 25 13:25:44 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 25 13:25:44 2026 -0700" }, "message": "Fix flaky autests for timeout, sigusr2, and thread_config (#13012)\n\n* Handle SIGPIPE in ssl-delay-server to prevent helper death\n when a client disconnects during TLS handshake delay.\n* Retry accept() on EINTR under heavy parallel load instead\n of treating the interruption as a fatal error.\n* Fix accept() error check to use \u003c 0 instead of \u003c\u003d 0 since\n fd 0 is a valid descriptor when stdin is closed.\n* Add cmdline matching fallback in check_threads.py for ASAN\n where the process CWD differs from expected ts_path." }, { "commit": "1252ea460dd5e007c6368b0ecadb5c5fb939b745", "tree": "c6c49c7752c2321ac0ee00dd637357282c7b0747", "parents": [ "9da84544f092122b209de6236112ac2810cbddde" ], "author": { "name": "Serris Santos", "email": "serrisnlew@gmail.com", "time": "Wed Mar 25 11:22:03 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 25 11:22:03 2026 -0700" }, "message": "Check valid parent selection hash string (#12985)\n\n* Check valid parent selection hash string\n\n* add regression test\n\n* off by one" }, { "commit": "9da84544f092122b209de6236112ac2810cbddde", "tree": "aa5b54bf8ac2761809de21cd02b6adbeb641045f", "parents": [ "d81de6c7898066abe699f16bf7a8e4732279f7a1" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Tue Mar 24 17:44:14 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 17:44:14 2026 -0600" }, "message": "Fix possible crashes on OCSP request timeout (#12982)\n\n* Fix possible crashes on OCSP request timeout\n\n* Acquire lock in do_io_shutdown" }, { "commit": "d81de6c7898066abe699f16bf7a8e4732279f7a1", "tree": "6aeba9bcee95540c658253c1712a00f12a532225", "parents": [ "ac96eae1d23c704c8c47ec4218a347afa9e9e8de" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Tue Mar 24 14:10:34 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 14:10:34 2026 -0500" }, "message": "autest: print worker diagnostics for exceptions (#13017)\n\nParallel autest runs can fail with worker exceptions that are not tied\nto a specific failed test. In CI that currently leaves only the summary\ncounts, which makes the failure hard to diagnose.\n\nPrint worker diagnostics whenever a worker reports exceptions or exits\nnon-zero without attributing the problem to failed tests. Also accept\nplural summary keys while parsing autest output.\n\nCo-authored-by: bneradt \u003cbneradt@yahooinc.com\u003e" }, { "commit": "ac96eae1d23c704c8c47ec4218a347afa9e9e8de", "tree": "1a6c368d536d964195e3d76a758f0af49d9caeac", "parents": [ "b7db7b8190ad90ae11a2200bebc025270c2a3736" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Mon Mar 23 17:44:10 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 23 17:44:10 2026 -0500" }, "message": "AGENTS.md has to be at the root of the repo (#13001)\n\nI thought Codex would use .codex/AGENTS.md, but it actually only checks\nfor the repo root AGENTS.md." }, { "commit": "b7db7b8190ad90ae11a2200bebc025270c2a3736", "tree": "6a32b169a8c8519e1574d224985c880dbca70cb3", "parents": [ "9ca028f30d32218f6592a4b54bfa441bec9613cc" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Mar 23 14:07:23 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 23 14:07:23 2026 -0700" }, "message": "Test: add msdms milestone logging field validation autest (#12899)\n\nAdd end-to-end autest for msdms milestone timing log fields.\n\n* New test sends a cacheable request twice (miss then hit) and\n validates all Phase 1 msdms fields in the log output.\n* Reusable verify_milestone_fields.py checks: all 16 fields\n present, values are integers with no epoch-length garbage,\n miss-path chain sums to c_ttfb within 2ms tolerance, and\n hit-path fields (hit_proc, hit_xfer) are non-negative.\n* Allow up to -10ms jitter on the dns field to handle\n millisecond-granularity overlap between SERVER_FIRST_CONNECT\n and CACHE_OPEN_READ_END." }, { "commit": "9ca028f30d32218f6592a4b54bfa441bec9613cc", "tree": "11a2a7ad56f43354820c0c6d3237341ae87b9ade", "parents": [ "ffd8d8ba3409bdff2de4a80c8c476f05409af520" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Mon Mar 23 12:57:44 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 23 12:57:44 2026 -0700" }, "message": "Fix remaining uninitialized variable and field Coverity defects (#13004)\n\n* Initialize previously uninitialized fields in HttpVCTableEntry, HostStatRec, ChunkedHandler, and TLSSNISupport::ClientHello so core HTTP/TLS paths start from deterministic state.\n* Initialize local variables in cache_fill and txn_box to eliminate undefined behavior flagged by Coverity.\n* Remove HttpVCTable memset and rely on proper member initialization to avoid non-portable initialization of pointer-to-member-function types.\n\nCIDs: 1021690, 1508845, 1533658, 1534712, 1544456, 1645800." }, { "commit": "ffd8d8ba3409bdff2de4a80c8c476f05409af520", "tree": "e86265249f3528752e69bfcb3942601d8f234d32", "parents": [ "8d75849e0e3574748f25fd682001e0566d75bd18" ], "author": { "name": "Evan Zelkowitz", "email": "eze@apache.org", "time": "Mon Mar 23 10:07:33 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 23 10:07:33 2026 -0600" }, "message": "Parallell ssl cert load (#12998)\n\n* Add parallel ssl cert loading" }, { "commit": "8d75849e0e3574748f25fd682001e0566d75bd18", "tree": "2b4238331bc75908b35956b2e30cd56be95e1047", "parents": [ "2021eda2a1bfbe61fdf564395ed6325d5baa1e88" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Sat Mar 21 10:32:00 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 21 10:32:00 2026 -0500" }, "message": "Add sni.yaml session ticket overrides (#13006)\n\nAdd ssl_ticket_enabled and ssl_ticket_number as sni.yaml overrides, apply them during SNI handling so they affect TLS 1.2 resumption and TLS 1.3 ticket issuance, and add unit and AuTest coverage plus docs and sample config updates.\n\nFixes #12953" }, { "commit": "2021eda2a1bfbe61fdf564395ed6325d5baa1e88", "tree": "d0dbc78a36a3045a023cf0aa8bc5a1d8706fcadb", "parents": [ "33cb77a81e3275e665eabcadcb9f6cb2089e9452" ], "author": { "name": "Masakazu Kitajo", "email": "maskit@apache.org", "time": "Fri Mar 20 22:04:47 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 20 22:04:47 2026 -0600" }, "message": "Add a setting to adjust the maximum PP header size (#12961)\n\nAdd a setting to adjust the maximum PP header size\n\nThe original hard coded size is too small if PP version2 is used and the header contains many TLV fields.\nThis adds a new setting proxy.config.proxy_protocol.max_header_size to read a larger but limited amount of data to parse PP header.\n\nThis also adds a quick check to detect whether PP header exists. The check avoids copying a large amount of data if PP is definitely unused." }, { "commit": "33cb77a81e3275e665eabcadcb9f6cb2089e9452", "tree": "69bb39c935957cd6b8b33bef48daa4ef071ffa0f", "parents": [ "3e5eff66c291ff556202f2cde0f24cfa3316d657" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Mar 20 18:15:46 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 20 18:15:46 2026 -0500" }, "message": "cmake: limit GENERAL_NAME bssl probe (#13008)\n\nCMake can report HAVE_GENERAL_NAME_IN_BSSL_NAMESPACE on plain\nOpenSSL builds. In a build, the probe succeeded with\nOpenSSL 3.x even though SSLLIB_IS_BORINGSSL and SSLLIB_IS_AWSLC were\nboth false. That made OCSP stapling in src/iocore/net/OCSPStapling.cc\ntake the bssl::GENERAL_NAME path, and the final traffic_server link\nfailed with an undefined reference to bssl::GENERAL_NAME_it().\n\nThe probe is not safe to run for non-BoringSSL libraries. OpenSSL 3.x\nheaders allow bssl::GENERAL_NAME_it() to be declared syntactically, but\nlibcrypto only exports the global GENERAL_NAME_it symbol, so a\ncompile-only try_compile can false-positive.\n\nOnly run the probe for BoringSSL-family builds and force the cache\nentry off for plain OpenSSL builds." }, { "commit": "3e5eff66c291ff556202f2cde0f24cfa3316d657", "tree": "4bef680f2b59de3c2ee1d9e64703b4f709cc6ba3", "parents": [ "c0cb4774218bfe8b657d81fe2ffc569136458c56" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Mar 20 14:28:08 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 20 14:28:08 2026 -0500" }, "message": "Proxy Verifier: use concise stack protocol specification (#13003)\n\nProxy Verifier v3.0.0 has a more concise `stack` configurable for\n`protocol` specification. This makes use of that over the more verbose\nfull `protocol` sequence." }, { "commit": "c0cb4774218bfe8b657d81fe2ffc569136458c56", "tree": "5b7716d124cd8e1de77f69446f004ab74ebc1426", "parents": [ "13cd1f187e9aab369d9c2eab1f52065b6a2cb8c4" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Fri Mar 20 10:13:40 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 20 10:13:40 2026 -0500" }, "message": "autest: 1.10.4 -\u003e 1.10.6 (#13002)\n\nThis should fix regex warnings we see with Python 3.14." }, { "commit": "13cd1f187e9aab369d9c2eab1f52065b6a2cb8c4", "tree": "dd610bed98b3bb261092528f8c9df406f41b916a", "parents": [ "070e3d426fd63073b1e01a339598b9ee67baa829" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Thu Mar 19 14:44:16 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 14:44:16 2026 -0700" }, "message": "Clarify hostdb host_file.path reload timing and tip usage (#12994)\n\nDocument that host_file.path is reevaluated on the periodic host\nfile check interval (default 86400s), not on an immediate reload.\nAdd a tip about temporarily lowering the interval for faster\nvalidation during testing." }, { "commit": "070e3d426fd63073b1e01a339598b9ee67baa829", "tree": "5bf9cd02f10319f720ab746febac076281241f2b", "parents": [ "7414299d2825c95cf36d1e8062a0ccf00160c972" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Thu Mar 19 14:41:41 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 14:41:41 2026 -0700" }, "message": "Fix uninitialized members and variables flagged by Coverity. (#13000)\n\nUse explicit brace initialization for pointer, scalar, and zlib\nstate members so construction starts from a defined state. Initialize\nlocal Feature values in txn_box to NIL_FEATURE. Remove unused\ntls_server_connection member from SSLConfigParams.\n\nCIDs: 1295339, 1521595, 1521596, 1533662, 1534699, 1534717,\n1534727, 1534732, 1534738, 1587251, 1644248." }, { "commit": "7414299d2825c95cf36d1e8062a0ccf00160c972", "tree": "1b4358aa1f628ca9656c67de99391ec0c61e3869", "parents": [ "3fa4a9c57980a55bf24007ec13186f4c707a092d" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Thu Mar 19 15:27:10 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 15:27:10 2026 -0500" }, "message": "Delay remap table publish until startup completes (#12988)\n\nBuild the initial remap table on a private pointer and publish it only\nafter startup has finished any deferred @volume\u003d initialization. This\nkeeps the shared rewrite table hidden until startup-only remap walks are\ndone.\n\nThat ordering avoids touching the initial table after a reload can swap\nit out, while preserving the existing post-cache-init initialization\npath for cache volume records.\n\nCo-authored-by: bneradt \u003cbneradt@yahooinc.com\u003e" }, { "commit": "3fa4a9c57980a55bf24007ec13186f4c707a092d", "tree": "50b0cc2e513cc0a6b9c651e9e598323355b6cc25", "parents": [ "886e36072f6e1a653ccb63c17be60a6153e88355" ], "author": { "name": "Serris Santos", "email": "serrisnlew@gmail.com", "time": "Thu Mar 19 12:04:18 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 12:04:18 2026 -0700" }, "message": "Support remap.yaml (#12997)\n\n* init remap.yaml\n\n* clang fixes\n\n* memory fix for invalid action config\n\n* use postscript to free\n\n* release postscript on success\n\n* cleanup code and tests\n\n* update ssl_multicert_yaml in remap_yaml autests\n\n* remove plugin param storage\n\n* Allow file deletion to be recognized in reload" }, { "commit": "886e36072f6e1a653ccb63c17be60a6153e88355", "tree": "635c5a3851f1b595b93c9d821c0e9225c6393c45", "parents": [ "c637a2cc3c0df8c7eda5b356f5bfa1b9ca64ca74" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Thu Mar 19 09:58:33 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 09:58:33 2026 -0500" }, "message": "Update to Proxy Verifier v3.0.0 (#12990)\n\nThis updates our use of Proxy Verifier to version v3.0.0.\n\nThis also requires updating cachedDuplicateHeaders.\n\nThe latest proxy-verifier combines duplicate header values during\nequality checks unless the replay uses duplicate-aware\nverification. cachedDuplicateHeaders still expected the older\nrendering, so the AuTest failed even though ATS behavior had not\nchanged.\n\nUpdate the replay expectation to match the current duplicate\nheader matching behavior. This keeps the test validating cached\nheader handling against the latest proxy-verifier semantics." }, { "commit": "c637a2cc3c0df8c7eda5b356f5bfa1b9ca64ca74", "tree": "d14dfe4f15d3cb0aa56b6c04f337e85c40390e5d", "parents": [ "ecf505c01a1a8b8e5fa68326405c7f33b841949a" ], "author": { "name": "Leif Hedstrom", "email": "zwoop@apache.org", "time": "Wed Mar 18 19:16:17 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 20:16:17 2026 -0600" }, "message": "hrw4u: Add code coverage support for tests (#12957)\n\n* hrw4u: Add code coverage support for tests\n\n- Adds some new tests, for additional coverage (e.g. debug runs)\n- Eliminates some dead code discovered when there\u0027s no way to\n get the coverage over such code.\n\n* Address bneradt\u0027s review comments\n\nAdd gen dependency to test and coverage targets so both work from a\nclean checkout without needing to run gen manually first." }, { "commit": "ecf505c01a1a8b8e5fa68326405c7f33b841949a", "tree": "38d5abb17443f6308a11bee55a8f50db1bb1d989", "parents": [ "0e3357b77b67c05a1a345c62bccc78f7ce564e89" ], "author": { "name": "Brian Neradt", "email": "brian.neradt@gmail.com", "time": "Wed Mar 18 16:51:20 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 16:51:20 2026 -0500" }, "message": "Align AuTests with latest proxy-verifier checks (#12986)\n\nThe latest proxy-verifier now fails a run when a verifier server or\nclient is given proxy-side checks for traffic that ATS never produces.\nMost tests only needed stale proxy-request or proxy-response nodes\nremoved, but the shared replay cases below need server-specific files\nso each verifier only owns traffic it can actually observe.\n\n- disable_pristine_host_hdr_server_canary_false.replay.yaml keeps\n the canary server on uuid 1 when pristine_host_hdr stays enabled.\n- disable_pristine_host_hdr_server_canary_true.replay.yaml keeps the\n canary server on uuid 1 when the Host header is rewritten.\n- disable_pristine_host_hdr_server_stable.replay.yaml keeps the\n stable server on uuid 2, which the canary server never receives.\n- escalate_original_server_default.replay.yaml keeps only the\n requests that the default-mode origin server really handles.\n- escalate_failover_server_default.replay.yaml keeps only the GET\n requests that default-mode escalation sends to failover.\n- escalate_original_server_non_get.replay.yaml keeps the origin-side\n subset when --escalate-non-get-methods is enabled.\n- escalate_failover_server_non_get.replay.yaml keeps the failover\n subset, including the escalated HEAD request in that mode.\n- ja4_fingerprint_basic_server.replay.yaml limits the non-preserve\n test to its one real request instead of preserve-only checks.\n- traffic_dump_server.yaml keeps origin verification only for the\n sessions that really reach origin in the main traffic_dump test.\n- traffic_dump_ip_filter_server.yaml keeps only the /one request\n used by the traffic_dump IP filter test.\n\nThese per-server replays preserve fallback server-response directives\nand client-side coverage while dropping only the proxy-side checks\nthat latest proxy-verifier now correctly reports as unprocessed." }, { "commit": "0e3357b77b67c05a1a345c62bccc78f7ce564e89", "tree": "517afb15a3f57f92e5d39668118d0c5b79df000b", "parents": [ "eeb4600d1dc03052699403893a62e6f04d189af3" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 18 13:34:30 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 13:34:30 2026 -0700" }, "message": "Fix uninitialized variables in test and benchmark code (#12981)\n\nAdd default member initializers using brace initialization:\n- AIO_Device: path, fd, id, buf, time_start, time_end, seq_reads,\n seq_writes, rand_reads, mode (CID 1523656)\n- StartDNS: is_callback (CID 1587260)\n- PluginDebugObject: input_ih, fail (CID 1497312)" }, { "commit": "eeb4600d1dc03052699403893a62e6f04d189af3", "tree": "4bea7f2c27ce8e297e050b7a46efa5fbdc27c974", "parents": [ "df007abdaf81abbd82facf55086dd7a93f2d82be" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 18 12:17:41 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 12:17:41 2026 -0700" }, "message": "Add CAP_CHOWN to permitted capability set (#12908)\n\nAdd CAP_CHOWN support to ATS privilege elevation path\n\nRetain `CAP_CHOWN` in the permitted capability set after privilege drop\nso plugins can set ownership on cert-related backup files (e.g. root:root\n600 workflows). As with `CAP_DAC_OVERRIDE`, this remains permitted-only\nand must be explicitly raised to effective before use.\n\nAdd `CHOWN_PRIVILEGE` (`0x10u`) to `ElevateAccess::privilege_level` and\nwire it through `acquirePrivilege()` so plugins can request ownership\nelevation via the standard ATS privilege API.\n\nAlso fix the `acquirePrivilege()` bounds assertion to compare against\narray element count (not byte size)." }, { "commit": "df007abdaf81abbd82facf55086dd7a93f2d82be", "tree": "3cae87f3ee716b6c81135febeb400dc2cf407d49", "parents": [ "94ed147b31483dfebc1ddf35de180f3ba9f8bf8a" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 18 12:15:58 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 12:15:58 2026 -0700" }, "message": "Initialize uninitialized local variables in core production code (#12975)\n\nFix Coverity high-severity \"Uninitialized scalar variable\" defects:\n- CID 1497238: `DiagsConfig::reconfigure_diags` (initialize loop index and booleans)\n- CID 1644237: `HttpConfig::load_server_session_sharing_match` (initialize value before session-sharing mask computation)\n- CID 1497363: `BaseMetaInfo` single-arg ctor (initialize `_creation_time` and `_log_object_signature` before `_read_from_file`)\n\nAlso initialize `BaseMetaInfo::_filename` to `nullptr` for safety and\nconstructor consistency." }, { "commit": "94ed147b31483dfebc1ddf35de180f3ba9f8bf8a", "tree": "69146f8f0c0ef569c0563cd7a12329b33d8f4374", "parents": [ "82a4e62742e2004ec8a6e5feb2e53e02b7b21d23" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 18 12:14:35 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 12:14:35 2026 -0700" }, "message": "Fix uninitialized pointer/field members in core classes (#12976)\n\nInitialize members flagged by Coverity:\n- CID 1497424: `HttpTransact::_ResponseAction` (value-init `TSResponseAction`)\n- CID 1497385, CID 1497345: `ProxySession::accept_options` -\u003e `nullptr`\n- CID 1021718: `FetchSM::callback_events` (value-init `TSFetchEvent`)\n- CID 1508857: `HTTPStatsConfig::cont` -\u003e `nullptr`" }, { "commit": "82a4e62742e2004ec8a6e5feb2e53e02b7b21d23", "tree": "fbd7800319cd93dae9b8f3675d32273ef5761c15", "parents": [ "e3fbff0cbed2afab84f7ae74c38d2e0bf06ee197" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 18 12:12:15 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 12:12:15 2026 -0700" }, "message": "Fix uninitialized fields in header_rewrite and ja4_fingerprint plugins (#12977)\n\nInitialize fields flagged by Coverity:\n- CID 1497355: OperatorSetHttpCntl::_cntl_qual\n- CID 1644243: OperatorSetPluginCntl::_name\n- CID 1587255: TLSClientHelloSummary::protocol\n\nAlso initialize OperatorSetPluginCntl::_value, add missing `TSError`\nlogging for unknown plugin control names, and clarify these defaults are\nsafety initializers overwritten during parsing/call setup." }, { "commit": "e3fbff0cbed2afab84f7ae74c38d2e0bf06ee197", "tree": "177a6306987589fa751ff1514cbf9128c87f4648", "parents": [ "25ef95f22a1210e6f843a9dcdced8ad11baf0d34" ], "author": { "name": "Bryan Call", "email": "bcall@apache.org", "time": "Wed Mar 18 12:10:25 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 12:10:25 2026 -0700" }, "message": "Fix uninitialized variables in txn_box plugin (#12979)\n\nValue-initialize FeatureView and time_point members that Coverity\nflagged as uninitialized:\n\n- Ex_HTTP.cc: value-init FeatureView in 3 extract functions\n (CID 1534699, 1534717, 1534727, 1534732, 1534738)\n- text_block.cc: value-init _last_modified member (CID 1644248)\n- Context.cc: value-init FeatureView in extract_view" } ], "next": "25ef95f22a1210e6f843a9dcdced8ad11baf0d34" }