Hi,
HAProxy 2.2.30 was released on 2023/06/12. It added 53 new commits
after version 2.2.29.
In this release, we flush the pipe of the pending fixes :
* The SPOE was fixed to limit the number of idle applets on edge cases. On
sporadic bursts, it was possible to systematically start new applets
because the SPOE processing frequency was lower than the messages rate,
and this independently on the number of idle applets. The idle applets
tracking was improved to be able to properly reuse them.
This fix revealed a flaw in the way synchronous frames were handled,
leading to a raise of the message processing latency. To fix this issue,
in synchronous mode, a SPOE applet will now systematically try to send a
frame when it is woken up, except if it is still waiting for a ACK frame
after a receive attempt.
Finally, a crash for engines configured on disabled proxies was
fixed. SPOE engines must not be released for such proxies during the
startup because some resources may be shared with other engines, for
instance the ACLs.
* The total boot time is now measured. It is used to postpone the startup
of health checks. It is pretty useful for very large configurations
taking up few seconds to start, to not schedule some servers' checks in
past. This also helps to have a better distribution of health-checks
when "spread-checks" option is used. In addition, the spread-checks is
also used at boot time, making the load much smoother from the start.
* The pool_gc() calls that were made a bit too often on stopping proxies
were relaxed. Sometimes they were causing excess memory contention and
were even competing against malloc_trim().
* It was possible to trigger the watchdog purging stick-tables on
soft-stop. To not spend too much time purging expired entries, we now
enforce a budget limitation and the purge is performed in several
steps. In addition, memory is reclaimed only when entries are
released. Indeed, this operation involves a call to malloc_trim() on
glibc, which is rather expensive.
* The read expiration date is now updated on synchronous sends for all
streams except independent ones. This fixed an old bug when a filter is
configured. Write activities on synchronous sends were lost. With slow
clients uploading large object, it was possible to reach the server
timeout.
* An error is now reported during configuration parsing when the "len"
argument of a stick table type contains incorrect characters.
* The strict-sni documentation was updated to state it is possible to
start without certificate on a bind line.
* Aurélien fixed wrong report for tracking servers leaving drain state. He
also centralized proxy and server stats updates on server state
transition to be sure to not miss an update on some transitions.
* An issue affecting the H1 multiplexer was fixed. If the response was
fully transferred before the whole request is read, there was a risk
that the channel is left open without any further processing. In the
end, this caused the stream to enter a spinning loop which triggered an
assertion failure crash.
* Aborting pipelined HTTP/1.1 transfers could sometimes result in a high
CPU usage until the timeout stroke. At first glance, we thought it was
not possible to hit this bug on the 2.2 and 2.0. But, we were wrong. It
could happen when the splicing is in-use on the response. The fix was
thus backported
* In the H2 multiplexer, we now take care to produce log messages on
invalid requests.
Many other minor fixes were fixed of course and this list is not exhaustive.
Take a look at the following changelog if necessary.
If it is ok for everyone, as it was suggested by Tim, the 2.2 could enter in
its final stage by marking it as "Critical fixes only", thus 2 years before
its EOL planned for Q2 2025. Any objection ?
Thanks everyone for your help and your contributions.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.2/src/
Git repository : https://git.haproxy.org/git/haproxy-2.2.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.2.git
Changelog : https://www.haproxy.org/download/2.2/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Aurelien DARRAGON (12):
MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
BUG/MINOR: hlua: unsafe hlua_lua2smp() usage
BUG/MINOR: log: fix memory error handling in parse_logsrv()
BUG/MINOR: proxy: missing free in free_proxy for redirect rules
BUG/MINOR: server: incorrect report for tracking servers leaving drain
MINOR: server: explicitly commit state change in srv_update_status()
BUG/MINOR: server: don't miss proxy stats update on server state
transitions
BUG/MINOR: server: don't miss server stats update on server state
transitions
BUG/MINOR: server: don't use date when restoring last_change from state
file
BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
BUG/MINOR: proxy: add missing interface bind free in free_proxy
Christopher Faulet (15):
DOC: config: Fix description of options about HTTP connection modes
DOC: config: Add the missing tune.fail-alloc option from global listing
DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section
BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format
body
BUG/MINOR: http-check: Skip C-L header for empty body when it's not
mandatory
BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend
BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
BUG/MEDIUM: Update read expiration date on synchronous send
BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set
DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules
MINOR: spoe: Don't stop disabled proxies
BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during
startup
BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones
DOC: config: Fix bind/server/peer documentation in the peers section
BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
David Carlier (1):
BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
Frédéric Lécaille (1):
CONTRIB: Add vi file extensions to .gitignore
Ilia Shipitsin (2):
CI: switch to Fastly CDN to download LibreSSL
BUILD: ssl: switch LibreSSL to Fastly CDN
Ilya Shipitsin (2):
CI: bump "actions/checkout" to v3 for cross zoo matrix
CI: cirrus-ci: bump FreeBSD image to 13-1
Marcos de Oliveira (1):
DOC/MINOR: reformat configuration.txt's "quoting and escaping" table
Mariam John (1):
DOC/MINOR: config: Fix typo in description for `ssl_bc` in
configuration.txt
Remi Tricot-Le Breton (1):
BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
William Lallemand (5):
BUG/MINOR: mworker: stop doing strtok directly from the env
BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master
FD is wrong
BUG/MINOR: mworker: prevent incorrect values in uptime
DOC: config: strict-sni allows to start without certificate
BUG/MINOR: stick_table: alert when type len has incorrect characters
Willy Tarreau (12):
BUG/MINOR: ring: do not realign ring contents on resize
BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it
BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
BUG/MINOR: cfgparse: make sure to include openssl-compat
BUG/MINOR: mux-h2: make sure to produce a log on invalid requests
MINOR: checks: make sure spread-checks is used also at boot time
MINOR: clock: measure the total boot time
BUG/MINOR: checks: postpone the startup of health checks by the boot time
BUILD: checks: fix build failure on macos after last fix
BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of
input
SCRIPTS: publish-release: update the umask to keep group write access
BUG/MINOR: debug: do not emit empty lines in thread dumps
--
Christopher Faulet
