Hi, HAProxy 3.0-dev5 was released on 2024/03/09. It added 58 new commits after version 3.0-dev4.
Again mostly fixes for recent regressions dominate this version (ocsp crashes, zero-copy forwarding) and for older bugs (locking issues in Lua, QUIC freezes during handshake, initial settings for "add server"). Among the new features, we finally support draining HTTP/1 requests when we respond early to POST requests (the typical redirect or 401 on POST). Previously we'd send the response, drain pending data and close if not all data were sent. But given that there remain rare cases where this continues to cause trouble to some clients (late incoming data can cause a reset in the TCP stack and destroy the response), and that the mux-based architecture now makes this much easier, it was about time to implement it to get rid of this rare but annoying case. The rest is pretty minor, an AES encryption converter (we used to only have the decryption side), Solaris build fixes, improved "show quic" output to help troubleshooting, improved performance when traces are enabled with an attached reader (previously we used to rely on a lock to make sure to emit the dropped counter, but that approach was wrong and causing everything to work at the speed of the slowest thread). Ah and we got a report of a funny bug affecting the "random" balance algorithm. Internally we have two random generators, a slow one which is suitable for generating UUIDs and and a fast one which is only suitable for statistical randoms. Obviously "balance random" relies on the second one, which produces a predictable sequence for a given thread. It just turns out that the sequence was initialized with the thread number and that incoming connections are distributed by default in round-robin fashion to available threads. The end result of all of this is that when using "balance random", the first request would always be sent to the same server, which creates a visible skew for those who reload very frequently! This was fixed by seeding the fast one with the slow one at boot. Who would have imagined that reloading very frequently would exhibit such design limitations! And as usual, cleanups, doc and CI updates close the list. Over the last two weeks, we've participated to interesting discussions with a few users who explained how some of the limitations regarding the use of dynamic servers affect their usage. Some of them were quickly addressed but what remains was written down in GitHub issues 2469, 2482 and 2483. Those who try to minimize the number of reloads might want to have a look there and possibly feed the design discussions. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.0/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.0/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (8): BUG/MEDIUM: server: fix dynamic servers initial settings MINOR: quic: filter show quic by address MINOR: quic: specify show quic output fields MINOR: quic: add MUX output for show quic BUG/MEDIUM: quic: fix connection freeze on post handshake BUG/MINOR: mux-quic: fix crash on aborting uni remote stream BUG/MEDIUM: quic: fix handshake freeze under high traffic MINOR: quic: always use ncbuf for rx CRYPTO Aurelien DARRAGON (15): LICENSE: event_hdl: fix GPL license version LICENSE: http_ext: fix GPL license version BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load BUG/MINOR: hlua: improper lock usage in hlua_filter_callback() BUG/MINOR: hlua: improper lock usage in hlua_filter_new() BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP() BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe() MINOR: hlua: use SEND_ERR to report errors in hlua_event_runner() CLEANUP: hlua: txn class functions may LJMP CLEANUP: log: fix obsolete comment for add_sample_to_logformat_list() CLEANUP: tree-wide: use proper ERR_* return values for PRE_CHECK fcts BUG/MINOR: cfgparse: report proper location for log-format-sd errors Christopher Faulet (11): BUG/MEDIUM: applet: Fix HTX .rcv_buf callback function to release outbuf buffer BUG/MEDIUM: mux-h1: Fix again 0-copy forwarding of chunks with an unknown size BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego MINOR: mux-h1: Move checks performed before a shutdown in a dedicated function MINOR: mux-h1: Move all stuff to detach a stream in an internal function MAJOR: mux-h1: Drain requests on client side before shut a stream down MEDIUM: htx/http-ana: No longer close connection on early HAProxy response CLEANUP: mux-h2: Fix h2s_make_data() comment about the return value BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel MINOR: hlua: Be able to disable logging from lua Ilya Shipitsin (5): CLEANUP: assorted typo fixes in the code and comments CLEANUP: fix typo in naming for variable "unused" CI: run more smoke tests on config syntax to check memory related issues CI: enable monthly build only test on netbsd-9.3 CI: skip scheduled builds on forks Nenad Merdanovic (2): MINOR: vars: export var_set and var_unset functions MINOR: Add aes_gcm_enc converter William Lallemand (4): BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist DOC: configuration: clarify ciphersuites usage BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description Willy Tarreau (12): BUG/MINOR: tools: seed the statistical PRNG slightly better BUG/MINOR: sink: fix a race condition in the TCP log forwarding code BUILD: thread: move lock label definitions to thread-t.h BUILD: tree-wide: fix a few missing includes in a few files BUILD: buf: make b_ncat() take a const for the source BUILD: ssl: define EVP_CTRL_AEAD_GET_TAG for older versions DOC: design: write first notes about ring-v2 OPTIM: sink: try to merge "dropped" messages faster OPTIM: sink: drop the sink lock used to count drops DEV: haring: make haring not depend on the struct ring itself DEV: haring: split the code between ring and buffer DEV: haring: automatically use the advertised ring header size matthias sweertvaegher (1): BUILD: solaris: fix compilation errors ---