Xrootd

+ **Performance Improvements**
**[XrdHttp]** Avoid calling `stat` on HTTP GET (2299, 2300)
**[XrdPfc]** Fix behavior and improve performance of stat calls (2349)

+ **Major bug fixes**
**[XrdOuc]** Migrate away from `std::regex` to avoid [stack overflow bug](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164) in C++ standard library
**[XrdHttp]** Client plugin returning `XrdCl::errSocketTimeout` triggers near-infinite loop in XrdHttp (2357)
**[XrdHttp]** Invalid chunk framing for HTTP (2351)

+ **Minor bug fixes**
**[Misc]** Fix various issues reported by code scanning tool CodeQL
**[Python]** Do not build in parallel by default to avoid using too many threads (2356)
**[Python]** Fix `RPATH` setting for Python bindings on macOS (2350)
**[Python]** Make environment take precedence over default arguments of `add_job` (1657)
**[XCache]** Add number of bytes prefetched and written to disk to the gstream record (2366)
**[XCache]** Fix errors that happen under high load (2360)
**[XCache]** Reduce verbosity of error messages (2288, 2327, 2370)
**[XrdCl]** xrdfs ls on a directory on a server runs locate (2120)
**[XrdHttpTPC]** Race condition during HTTP TPC request may cause file deletion (2354)
**[XrdHttp]** Redact tokens from additional places to prevent them leaking into logs (2343, 2371)
**[XrdSut]** Fix narrowing conversion on 32-bit systems (2272)
**[XrdSys]** Protect against array index out of bounds (2329)

+ **Miscellaneous**
**[CI]** Update GitHub Actions and GitLab CI, add Alma 10 beta builds
**[CMake]** Support building with Nvidia HPC Toolkit compilers (2361)
**[Doxygen]** Make documentation builds reproducible (2337)
**[Tests]** Avoid test failures when `$RANDOM` returns a multiple of 1024 (2344)
**[Tests]** Increase default timeouts in client/server tests
**[Tests]** More HTTP tests added to the test suite (2375)
**[XrdCl]** Downgrade force disconnect error message to debug level (2370)
**[XrdCl]** Handle `kXR_attrCache` attribute in protocol response
**[XrdCms]** Improve DFS error message to be less confusing (2345)

- [**Full Changelog**](https://github.com/xrootd/xrootd/compare/v5.7.1...v5.7.2)
- [**Issues and Pull Requests**](https://github.com/xrootd/xrootd/milestone/44?closed=1)

+ **New Features**
**[Apps]** Allow cconfig to write out combined config file (issue 1894)
**[Pss]** Allow for API endpoints for fixed remote origins (issue 2068)
**[Server]** Allow server to assume an arbitrary network identity (issue 1855)
**[cmsd]** Allow a redirector to be configured read/only (issue 1764)


+ **Major bug fixes**
**[POSIX]** Do not leak file pointer on open error (issue 2302)
**[Python]** Fix memory leaks when creating Python objects (2324)
**[Secgsi]** Ensure correct certificate is used when passed via cgi with `xrd.gsiusrproxy=...` (issue 2292)
**[XrdCl]** Fix too few arguments to formatting function

+ **Minor bug fixes**
**[POSIX]** Suppress error message when tearing down client connections (issue 2288)
**[Secgsi]** Fix code to follow documentation (issue 1817)
**[Seckrb5]** Improve error messages and use const where needed (issue 1948)
**[Server]** Allow more flexibility in adminpath permissions (issue 2276)
**[XrdCl]** Fix hidden overloaded virtual compilation error (2291)
**[XrdCl]** Redact tokens in client logs (issue 2296)
**[XrdCl]** xrdfs: Fix typos in command line help string (issue 2323)
**[XrdHttp]** Fix CodeQL warning for overrunning write
**[XrdNet]** Avoid network identity failures (issue 1772, 2159)
**[XrdPfc]** Make sure direct vread requests conform to protocol limits (issue 2308)
**[XrdSecgsi]** Fix potential double free in `GetSrvCertEnt()`
**[XrdSecztn]** Fix potential use after free

+ **Miscellaneous**
**[CMake]** Update CMake minimum requirement and supported versions
**[CMake]** Update `test.cmake` options for coverage builds
**[Misc]** Add `SECURITY.md` file describing XRootD security policy
**[Protocol]** Allow `kXR_query` to return proxy origin value, for proxy servers
**[Protocol]** Define readv limits
**[Protocol]** Indicate whether or not server has a cache in `kXR_Protocol` response
**[Pss]** Export the final origin url for subprocess use
**[Tests]** Add new XRootD client/server test configurations
**[XrdApps]** Replace pragma once with header guards
**[XrdClHttp]** Conditionally load Davix grid module
**[XrdCl]** Add flag to optionally suppress force disconnect error messages
**[XrdHttp]** Apply keepalive when redirecting HTTP clients (2290)
**[XrdNet]** Make sure domain value is defined
**[XrdNet]** Use lower case version of host names
**[XrdSys]** Determine `IOV_MAX` at runtime
**[XrdSys]** Dump coverage information on `SIGTERM`
**[XrdTpc]** Replace pragma once with header guards
**[docker]** Update CentOS 7 Dockerfile to use CentOS 7 Vault
**[systemd]** Harden systemd service units for better security

**[ChangeLog](https://github.com/xrootd/xrootd/compare/v5.7.0...v5.7.1)**, **[Issues and Pull requests](https://github.com/xrootd/xrootd/milestone/43)**

+ **New Features**
**[CMake]** Move baseline required C++ standard to C++17
**[OSS]** Add feature setting for Extended Error Text
**[Server]** Add enhanced error message interface
**[Server]** Add method to get sanitized env/cgi string
**[Server]** Implement the `kXR_seqio` open option for sequential I/O
**[XCache]** Add new **`only-if-cached`** cache control option using XrdPfcFsctl (2104)
**[XrdApps,XrdPss]** Add support for `pelican://` protocol (2177, issue 2171)
**[XrdCms]** Add new load balancing algorithm with randomized affinity
**[XrdCrypto,XrdSecgsi]** Update min/default RSA bits to 2048 (2117, issue 2147)
**[XrdHttp]** Add new option to allow for tpc unrestricted redirection (2232, issue 2228)
**[XrdHttp]** External handlers can now be loaded without TLS (2253, issues 2099, 2123)
**[XrdMacaroons]** Support negative directives in macaroons.trace option (issue 2224)
**[XrdOuc]** Extend XrdOucGatherConf to do more boiler plate work and be extendable
**[XrdOuc]** Provide method to get the last line from `XrdOucGatherConf`
**[XrdSciTokens]** Implement ability to have token groups as a separate claim (2176)
**[XrdSciTokens]** New option to configure authorization strategy for tokens (2205, issues 2121, 2254)
**[XrdThrottle]** Add monitoring packet for IO, based on the throttle plugin
**[XrdThrottle]** Improved handling of timing information on macOS (2262)
**[XrdTpc]** Add option to force the destination IP address on a HTTP-TPC (2172)
**[XrdTpc]** Add **`tpc.header2cgi`** configuration option (2285, issue 2283)

+ **Major bug fixes**
**[Server]** Fix buffer overrun in `XrdXrootdProtocol::do_PgRIO()` (issue 2287)
**[XrdCl]** Ensure clean shutdown also when an error occurs (issue 2164)
**[XrdClTls]** Prevent concurrent calls to `InitTLS()` (issue 2220)
**[XrdCrypto]** Fix buffer overrun in XrdCryptosslCipher::Finalize()
**[XrdHttp]** Always create directory path when opening dest file for HTTP TPC (issue 2241)
**[XrdHttp]** HTTP header parsing is now case-insensitive (2266, 2286, issues 1964, 2259, 2273)

+ **Minor bug fixes**
**[Misc]** Fixes for 64 bit `time_t` on 32 bit systems
**[Misc]** Remove `using namespace std;` from all headers and source files
**[Server]** Avoid leaking token information when tracing file open
**[XrdApps, XrdCl]** Fix null pointer dereferences when response handler is nullptr
**[XrdCl]** Add errInternal to list of recoverable errors (issue 2210)
**[XrdCl]** Fix timeout handling for DeepLocate requests
**[XrdCms]** Pass sanitized CGI to cmsd server (issue 2247)
**[XrdHttpTPC]** Make sure we sleep the full amount needed (issue 2274)
**[XrdHttp]** Redact `authz` tokens from output to avoid leaking credentials in logs (2284, issue 2222)
**[XrdHttp]** Reset HTTP request scitag during reset (2244, issue 2243)
**[XrdHttp]** Return a 400 bad request if header line is not `\r\n` terminated
**[XrdOss]** Fix check for option noDread in `XrdOssDir::Readdir()` (2215)
**[XrdOss]** Fix directories appearing as files when using `oss.rsscmd` (2215)
**[XrdPosix]** Correct xml cache summary report (issue 2219)
**[XrdSciTokens]** Fix application of access rules when base path is `/`
**[XrdSecgsi]** Fail CA check when `prococol.gsi -ca:verify` is set
**[XrdTls]** Enable `SSL_OP_IGNORE_UNEXPECTED_EOF` option if available (issue 2252)
**[XrdTls]** Restrict renegotiation for TLSv1.2 and earlier (issue 1689)
**[XrdTpc]** Force HTTP 1.1 for TPC transfers (2216)
**[XrdVoms]** Allow VOMS config to use set variables (issue 2200)

+ **Miscellaneous**
**[CMake]** Add new option to allow disabling server tests
**[CMake]** Allow overriding the default C++ standard (1929)
**[CMake]** Conditionally append private include directory
**[CMake]** Enable XrdEc by default and use isa-l from the system
**[DEB]** Update packaging and add Ubuntu 24.04 to supported platforms
**[Docs]** Add XRootD icon and logos to use with doxygen
**[Docs]** Update doxygen configuration
**[Server]** Harden `kXR_seqio` implementation
**[Server]** Pass the `kXR_seqio` option all the way to the Oss plugin
**[Tests]** Complete migration to GoogleTest, remove CppUnit tests (2189, issue 2051)
**[Utils]** Add sample shell script for third-party copy transfers
**[XrdCeph]** Migrate tests to GoogleTest and run with ctest
**[XrdCeph]** Better build system integration, now uses **`-DENABLE_CEPH=ON`** option
**[XrdCl]** Use `long` for dirOffset in `IndexRemote`
**[XrdCrypto]** Avoid some repeated calls of `EVP_PKEY_check`
**[XrdHttp]** Increase default read timeouts to 1min/5min
**[XrdOuc]** Make `XrdOucGatherConf.hh` a public header (issue 2214)
**[XrdSciTokens]** Warn if something goes wrong when parsing token groups
**[XrdTpcTPC]** Connect packet marking curl socket at socket creation (2242, issue 2201)
**[XrdTpcTPC]** Improved curl error reporting to the client (issue 2067)

**Full Changelog**: https://github.com/xrootd/xrootd/compare/v5.6.9...v5.7.0

+ **Minor bug fixes**
**[Python]** Check list of files in prepare to ensure they are strings
**[Python]** Fix iteration over a file with Python3
**[Python]** Use int for 'force' in File::Stat (2208)
**[Utils]** Correct comparison that wrongly missed reaping certain directives
**[XrdCl]** Fix logic error when upgrading connections to TLS
**[XrdCl]** Stop Poller before TaskManager (fixes rare crashes at shutdown)
**[XrdHttpTPC]** Fix 500 server response code if X-Number-Of-Streams > 100 (issue 2186)
**[XrdSciTokens]** Add stat permissions to create, modify and write operations (issue 2185)
**[XrdSciTokens]** Allow creation of parent directories if necessary (2184)
**[XrdSciTokens]** Fix bug when scope includes basepath or `/` (issue 2132)

+ **Miscellaneous**
**[Tests]** Optimize cluster configuration to speedup tests

**Full Changelog**: https://github.com/xrootd/xrootd/compare/v5.6.8...v5.6.9

+ **Minor bug fixes**
**[RPM]** Create systemd tmpfiles at post-install step
**[XrdCl]** Only claim to be TLS capable if TLS initialization succeeds (issue 2020)
**[XrdCl]** Only consider an endpoint TLS-enabled if the connection is encrypted
**[XrdCl]** Remove duplicates from URL list to avoid undefined behavior
**[XrdHttpTPC]** Fix infinite loop when scitags packet marking is enabled (issue 2192)
**[XrdPosix,XrdSecztn]** Fix build on FreeBSD (issue 2090)
**[XrdTls]** Fix automatic renewal of server certificate with OpenSSL>=1.1 (issue 1678)

+ **Miscellaneous**
**[CMake]** Use CTest module in test.cmake and optionally submit to [CDash](https://my.cdash.org/index.php?project=XRootD)
**[RPM]** Install the client as dependency of main RPM
**[Server]** Fix clang compile warnings

**Full Changelog**: https://github.com/xrootd/xrootd/compare/v5.6.7...v5.6.8

+ **Major bug fixes**
**[XrdCl]** Fix crash at teardown when using copies with multiple streams (issue 2164)
**[XrdSecsss]** Fix buffer overrun when serializing credentials (issue 2143)

+ **Minor bug fixes**
**[XrdCl]** Fix TPC initialization to take into account control stream (issue 2164)
**[XrdPosix]** Fix ordering of debug levels in pss.setop DebugLevel (2183)
**[XrdTpc]** Properly handle creation of packet marking handles when socket is not yet connected (2179)

+ **Miscellaneous**
**[XrdHeaders]** Install XrdSfsFAttr.hh as private header

**Full Changelog**: https://github.com/xrootd/xrootd/compare/v5.6.6...v5.6.7