Hi, HAProxy 1.9.4 was released on 2019/02/06. It added 65 new commits after version 1.9.3.
The main focus in terms of time spent was clearly on end-to-end H2 correctness, which involves both the H2 protocol itself and the idle connections management. It's difficult to enumerate in details all the issues that were addressed, but these generally range from not failing a connection when failing a stream can be sufficient to counting the number of pre-allocated streams on an idle idle outgoing connection to make sure it still has stream IDs left. Some server-side idle timeout errors could occasionally lead to the whole connection being closed. One check was added to prevent an HTX frontend from dynamically branching to a non-HTX backend (and conversely), as only the static branches were addressed till now. There were some improvements on memory allocation failures, a number of places were not tested anymore (or this was new code). Ah and a memory leak on the unique_id was addressed (it could happen with TCP instances when declared in a defaults section). Etags are now rewritten from strong to weak by the compression. I had no idea this concept of weak vs strong existed at all :-) And in addition to this, yesterday two other interesting problems were reported and addressed : - the first one is about using certain L7 features at the load balancing layer (such as "balance hdr") in HTX mode which could crash haproxy. It was in fact caused by the loss of one patch during the multiple liftings of the code prior to the merge. That's now fixed. I'm still amazed we managed to lose only one patch in this ocean of code! - the other one is quite nasty and impacts all supported versions. Haproxy currently performs very deep compatibility tests on your rules, frontends and backends after parsing the configuration. But a corner case remained by which it was possible to have a frontend bound on, say, processes 1 and 2, tracking a key stored in a table present only in process 1 that would in turn rely on peers on process 1 as well. Here there is a problem, when the frontend receives connections on process 2, the resolved pointers for the table end up pointing to a completely different location in a parallel universe, then peers are activated to push the data while the section has been deallocated... So the relevant checks have been added to make sure that a process doesn't try to interact with a section that is not present for this process. This covers the track-sc* actions, the sc_* sample keywords, and SPOE filters. I was extremely cautious to cover the strict minimum so as not to impact any harmless config. It *is* possible that one of your config will refuse to load if it is already bogus. Please note that if this happens, it means this config is wrong and already presents the risk of random crashes. *Do not* rollback if this happens, please ask for help here instead. (I in fact expect that nobody will see these errors, meaning that the amount of complex and bogus configs in field is rather low). The rest is pretty low impact and standard. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.9/src/ Git repository : http://git.haproxy.org/git/haproxy-1.9.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (2): BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is forbidden BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with HTX Jérôme Magnin (1): DOC: add a missing space in the documentation for bc_http_major Kevin Zhu (1): BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit Olivier Houchard (11): BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE. MINOR: xref: Add missing barriers. BUG/MEDIUM: peers: Handle mux creation failure. BUG/MEDIUM: checks: Check that conn_install_mux succeeded. BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated. BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle list. BUG/MEDIUM: checks: Don't try to set ALPN if connection failed. BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf. BUG/MEDIUM: servers: Close the connection if we failed to install the mux. BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for allocation. BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). Tim Duesterhus (2): BUG/MEDIUM: compression: Rewrite strong ETags DOC: compression: Update the reasons for disabled compression Willy Tarreau (48): SCRIPTS: add the issue tracker URL to the announce script BUG/MINOR: server: fix logic flaw in idle connection list management BUG/MINOR: stream: don't close the front connection when facing a backend error DOC: htx: make it clear that htxbuf() and htx_from_buf() always return valid pointers MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty() MEDIUM: stream-int: always mark pending outgoing SI_ST_CON MINOR: stream: don't wait before retrying after a failed connection reuse MEDIUM: h2: always parse and deduplicate the content-length header BUG/MINOR: mux-h2: always compare content-length to the sum of DATA frames BUG/MEDIUM: mux-h2: only close connection on request frames on closed streams BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them BUG/MINOR: mux-h2: make sure response HEADERS are not received in other states than OPEN and HLOC MINOR: h2: add a generic frame checker MEDIUM: mux-h2: check the frame validity before considering the stream state CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing CLEANUP: mux-h2: remove stream ID and frame length checks from the frame parsers BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't break the connection MINOR: mux-h2: consistently rely on the htx variable to detect the mode BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection MINOR: stream-int: add a new flag to mention that we want the connection to be killed MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection BUG/MEDIUM: mux-h2: do not close the connection on aborted streams MINOR: mux-h2: max-concurrent-streams should be unsigned MINOR: mux-h2: make sure to only check concurrency limit on the frontend MINOR: mux-h2: learn and store the peer's advertised MAX_CONCURRENT_STREAMS setting BUG/MEDIUM: mux-h2: properly consider the peer's advertised max-concurrent-streams BUG/MEDIUM: backend: always release the previous connection into its own target srv_list BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend rules BUG/MINOR: backend: check srv_conn before dereferencing it BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method BUG/MEDIUM: mux-h2: always set :authority on request output BUG/MINOR: config: fix bind line thread mask validation BUG/MINOR: compression: properly report compression stats in HTX mode BUG/MINOR: task: close a tiny race in the inter-thread wakeup BUG/MAJOR: config: verify that targets of track-sc and stick rules are present BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes MINOR: backend: move url_param_name/len to lbprm.arg_str/len MINOR: backend: make headers and RDP cookie also use arg_str/len MINOR: backend: add new fields in lbprm to store more LB options MINOR: backend: make the header hash use arg_opt1 for use_domain_only MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3} MINOR: backend: move hash_balance_factor out of chash MEDIUM: backend: move all LB algo parameters into an union BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules ---