Hi, HAProxy 2.4-dev6 was released on 2021/01/22. It added 88 new commits after version 2.4-dev5.
These last two weeks have been pretty annoying with a number of regressions popping up into 2.4-dev and slipping into older versions. Most of them are not serious but still, they did affect some people and required to go back to the white board to design better (or incremental) fixes. What's annoying when this situation happens is that it's a spiral loop and it's hard to get away from it: users start to rightfully complain, each problem is urgent and this leaves less time to produce good and durable fixes, so chances are that bugs will pop up again. Given the time spent doing nothing but chasing issues, and the fact that patches are starting to flow from a growing number of contributors (which is great), I'm thinking about extending the feature freeze point to somewhere between mid and end of February. But please be gentle: patch reviews consume a lot of time and prevent progress from being made on features that are initially expected before the freeze point. As I've said, I want the time after that point to be used for tests, bug fixes, cleanups and documentation. This means that if your patches are essentially cleanups with no real impact on the code paths, it's better to send them a bit later so that the dangerous stuff can be completed and doesn't get merged too late. This is particularly true for the HTX+tunnel rework that Christopher is still trying hard to finish and that's been blocking the merging of WebSocket/H2 for about a month now. As a special case, I'll continue to take QUIC development patches after the freeze point as long as they can't break existing code, since it's not used yet and will be marked experimental once released. Thus to whoever still has important stuff to get merged for 2.4, please understand that you still have more than a week but less than a month, and that it may require some prioritizing in your work if you want the important stuff to get there, otherwise it will be for 2.5. And with the current situation everywhere in the world, be realistic, time flies very fast, lucky are those who manage to get some work done by the end of the day. This version addresses a few issues that popped up recently, including one that managed to crash the process once yesterday on haproxy.org using H2, one causing high CPU usage and CLOSE_WAITs on partial H2 frames, a fix for the checks which can cause a crash, and a better version of the DNS fix that previously caused some regressions. The rest should be mostly harmless or rare enough to encounter. I'm aware of a possible (though unlikely) risk of deadlock on "show peers" that Fred discovered, but it has always been there and people use the command all the time so it's not that critical, so it will likely be for next one. Bugs aside, some progress was made in these areas: - the prometheus exporter is getting some rework from William Dauchy to homogenize the way metrics are handled and try to make them easier to add in the future, and to permit requesting certain metrics only. This is an ongoing work, but it's nice if some prometheus users test the changes from time to time and report any unexpected change early. - debugging: "show fd" will now report even more info, including suspicious entries, and BUG_ON() will emit a backtrace in addition to the faulty condition - the cache was slightly simplified by not storing responses with an unknown content-encoding anymore. - William Dauchy's url_enc() converter was finally merged, it performs URL-encoding for use in the query string. - HTTP 501-no-implemented was added to the known response messages, this will be used to reject certain situations that are not handled and make no sense (e.g. an HTTP upgrade request based on a message with a body). - "server" statements in frontends used to only emit warnings, now they are real errors, as they've been the cause of several reports lately, each time in completely absurd situations resulting from copy-paste mistakes, but where the user got confused by the consequences. - more traces in the peers - more regtests. That's about all. With a bit of luck we can merge Christopher's HTX updates and Amaury's Websocket work and idle connection rework next week. This would already be quite a relief given the sensitivity of those areas! I think we'll issue another round of 2.3 and 2.2 later next week to flush the pipe of pending fixes. In the mean time, let's just play with it and report any breakage. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.4/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Adis Nezirovic (1): BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition Baptiste Assmann (1): BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) Bertrand Jacquin (4): MINOR: build: discard echoing in help target BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() MINOR: lua: remove unused variable BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX Christopher Faulet (17): DOC: Add maintainers for the Prometheus exporter Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" BUG/MINOR: check: Don't perform any check on servers defined in a frontend BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities MINOR: server: Forbid server definitions in frontend sections BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context BUG/MEDIUM: mux-h2: Xfer rxbuf to the upper layer when creating a front stream MINOR: http: Add HTTP 501-not-implemented error message MINOR: muxes: Add exit status for errors about not implemented features MINOR: mux-h1: Be prepared to return 501-not-implemented error during parsing MEDIUM: mux-h1: Return a 501-not-implemented for upgrade requests with a body MINOR: contrib/prometheus-exporter: Don't needlessly set empty label for metrics MINOR: contrib/prometheus-exporter: Split the PROMEX_FL_STATS_METRIC flag MINOR: contrib/prometheus-exporter: Add promex_metric struct defining a metric MEDIUM: contrib/prometheus-exporter: Rework matrices defining Promex metrics BUG/MINOR: stream: Don't update counters when TCP to H2 upgrades are performed David CARLIER (1): BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. Frédéric Lécaille (4): MINOR: peers: Add traces for peer control messages. BUG/MINOR: peers: Possible appctx pointer dereference. BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. MINOR: contrib: Make the wireshark peers dissector compile for more distribs. Ilya Shipitsin (4): BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error Jerome Magnin (1): BUG/MINOR: init: enforce strict-limits when using master-worker Remi Tricot-Le Breton (2): BUG/MINOR: sample: Memory leak of sample_expr structure in case of error MINOR: cache: Do not store responses with an unknown encoding Thayne McCombs (5): DOC: fix some spelling issues over multiple files CLEANUP: Fix spelling errors in comments SCRIPTS: announce-release: fix typo in help message CI: github: add a few more words to the codespell ignore list BUG/MINOR: server: Memory leak of proxy.used_server_addr during deinit Tim Duesterhus (7): BUG/MINOR: hlua: Fix memory leak in hlua_alloc MINOR: cache: Remove the `hash` part of the accept-encoding secondary key CLEANUP: cache: Use proper data types in secondary_key_cmp() CLEANUP: Rename accept_encoding_hash_cmp to accept_encoding_bitmap_cmp CI: Pin VTest to a known good commit DOC: Remove space after comma in converter signature DOC: Rename '<var name>' to '<var>' in converter signature William Dauchy (15): MINOR: converter: adding support for url_enc BUILD: Makefile: exclude broken tests by default MINOR: contrib/prometheus-exporter: export build_info CLEANUP: sample: remove uneeded check in json validation MINOR: reg-tests: add a way to add service dependency BUG/MINOR: sample: check alloc_trash_chunk return value in concat() BUG/MINOR: reg-tests: fix service dependency script MINOR: reg-tests: add base prometheus test MINOR: contrib/prometheus-exporter: avoid connection close header MINOR: contrib/prometheus-exporter: use fill_info for process dump MINOR: stats: duplicate 3 fields in bytes in info MINOR: stats: add new start time field MINOR: contrib/prometheus-exporter: merge info description from stats MEDIUM: stats: allow to select one field in `stats_fill_fe_stats` MINOR: contrib/prometheus-exporter: use fill_fe_stats for frontend dump Willy Tarreau (26): BUG/MINOR: sample: fix concat() converter's corruption with non-string variables CLEANUP: pattern: rename pat_ref_commit() to pat_ref_commit_elt() MINOR: pattern: add the missing generation ID manipulation functions BUILD: peers: fix build warning about unused variable BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper CLEANUP: tools: make resolve_sym_name() take a const pointer CLEANUP: cli: make "show fd" use a const connection to access other fields MINOR: cli: make "show fd" also report the xprt and xprt_ctx MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. MINOR: ssl: provide a "show fd" helper to report important SSL information MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known MINOR: cli: give the show_fd helpers the ability to report a suspicious entry MINOR: cli/show_fd: report some easily detectable suspicious states MINOR: ssl/show_fd: report some FDs as suspicious when possible MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls BUG/MEDIUM: mux-h2: fix read0 handling on partial frames MINOR: debug: always export the my_backtrace function MINOR: debug: extract the backtrace dumping code to its own function MINOR: debug: create ha_backtrace_to_stderr() to dump an instant backtrace MEDIUM: debug: now always print a backtrace on CRASH_NOW() and friends MINOR: debug: let ha_dump_backtrace() dump a bit further for some callers BUILD: debug: fix build warning by consuming the write() result ---