Hi everyone,
The list has been unusually silent today, just as if everyone was
waiting
for something to happen :-)
Today is a great day, the reward of 4 years of hard work. I'm
announcing the
release of HAProxy 1.5.0.
For people who don't follow the development versions, here are the most
noticeable features that 1.5 brings over 1.4 :
- native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling.
- IPv6 and UNIX sockets are supported everywhere
- end-to-end HTTP keep-alive for better support of NTLM and improved
efficiency in static farms
- HTTP/1.1 response compression (deflate, gzip) to save bandwidth
- PROXY protocol versions 1 and 2 on both sides
- data sampling on everything in request or response, including
payload
- ACLs can use any matching method with any input sample
- maps and dynamic ACLs updatable from the CLI
- stick-tables support counters to track activity on any input sample
- custom format for logs, unique-id, header rewriting, and redirects
- improved health checks (SSL, scripted TCP, check agent, ...)
- much more scalable configuration supports hundreds of thousands of
backends
and certificates without sweating
Since dev26, a few bugs were fixed, and some low-importance things were
integrated. Basic OCSP stapling support from Dirkjan and Emeric was
finally merged. Sasha's header replace actions were merged as well.
I've
added a few more info in the stats page (avg response times) and CSV
output (health check status), added support for PROXY v2 on the accept
side, and added the "capture" action on tcp-request in order to log
contents such as SNI or payload. Rémi's dh-param was finally
integrated.
People love numbers, so here are a few :
From 1.4.0 to 1.5.0, we had :
- 1574 calendar days (4 yr 3 mon)
- 26 development versions (one every 2 months on average)
- 540 bugs fixed (387 added during 1.5, 153 affecting 1.4 as well)
- 2549 commits
- 683 unique commit dates (at least this many days worked)
- up to 24 commits per day
- 69712 lines removed, 122279 lines added
- many extremely useful bug reports (too many to list)
- 73 code/doc contributors :
Adrian Bridgett, Alex Davies, Aman Gupta, Andreas Kohn,
Apollon Oikonomopoulos, Arnaud Cornet, Baptiste Assmann, Bertrand
Jacquin,
Bhaskar Maddala, Conrad Hoffmann, Cyril Bonté, Daniel Schultze,
David BERARD, David Cournapeau, David S, David du Colombier, Delta
Yeh,
Dirkjan Bussink, Dmitry Sivachenko, Emeric Brun, Emmanuel Hocdet,
Evan Broder, Finn Arne Gangstad, Gabor Lekeny, Geoff Bucar, Wei Zhao,
Guillaume Castagnino, Guillaume de Lafond, Hervé COMMOWICK,
Hiroaki Nakamura, James Voth, Jamie Gloudon, Jarno Huuskonen,
Joe Williams, Joshua M. Clulow, Julien Vehent, Justin Karneges,
Kevin Hester, Kevin Musker, Kristoffer Grönlund, Krzysztof Piotr
Oledzki,
Lukas Tribus, Marc-Antoine Perennou, Mark Lamourine, Mathieu Trudel,
Michael Scherer, Neil Prockter, Nenad Merdanovic, Nick Chalk,
Olivier Burgard, Oskar Stolc, Patrick Mézard, Pieter Baauw,
Prach Pongpanich, Rauf Kuliyev, Remi Gacogne, Sagi Bashari, Sasha
Pachev,
Sean Carey, Sergiy Prykhodko, Simon Horman, Simone Gotti,
Stathis Voukelatos, Tait Clarridge, Thierry Fournier, Todd Lyons,
Vincent Bernat, William Lallemand, William Turner, Willy Tarreau,
Yuxans Yao, Yves Lafon.
Additionally, we are very thankful to a few organisations who have
sponsored
the development of certain advanced features which required to dedicate
a
person or a team for a significant amount of time (I hope I have not
missed
any) :
- HAProxy Technologies (formerly Exceliance)
- Loadbalancer.org
- StackOverflow
- SmartFile
- SmugMug
- ImageShack
Don't forget to offer a beer to your distro packagers who make your
life
easier. It's hard to list them all, but if you don't build from
sources,
you're likely running a package made and maintained by one of these
people :
- debian: Vincent Bernat, Apollon Oikonomopoulos, Prach Pongpanich
- Fedora: Ryan O'hara
- OpenSuSE: Marcus Rückert
- other? just report yourself!
And last, I'd like to assign a special mention to our most active
mailing
list supporters during that period who make the project a reality by
off-
loading the support task from developers, and kindly help our 800
permanent
subscribers on a daily basis, BIG THANKS to you guys :
- Baptiste Assmann
- Lukas Tribus
- Cyril Bonté
- Jonathan Matthews
- Thomas Heil
For the HAProxy development team here in France, it will be time to do
some errands and buy some Champagne to celebrate the event :-)
Now the practical things. 1.5 now enters in maintenance status and the
development continues with 1.6-dev0 which is the exact equivalent of
1.5.0. The links have been updated below. Note the removal of /devel/
for the sources and the introduction of haproxy-1.5.git since this is
not the development tree anymore :
Site index : http://www.haproxy.org/
Sources : http://www.haproxy.org/download/1.5/src/
Git repository : http://git.haproxy.org/git/haproxy-1.5.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.5.git
Changelog :
http://www.haproxy.org/download/1.5/src/CHANGELOG
Cyril's HTML doc :
http://cbonte.github.com/haproxy-dconv/configuration-1.5.html
I'm figuring that tomorrow is Friday. Guys, be reasonable, don't forget
the
good old principle of not upgrading on Fridays, try to hold on till
monday
if you can :-)
BTW, since I've got this question off-list a number of times now, yes
we're
going to release updated HAPEE packages very soon, please keep an eye
on it :
https://www.haproxy.com/products/haproxy-enterprise-edition/
And finally the changelog since 1.5-dev26.
Have fun an as usual, please report anything abnormal you'd face up,
but
after checking the doc.
Willy
--------
2014/06/19 : 1.5.0
- MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
- MEDIUM: ssl: basic OCSP stapling support.
- MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl
ocsp-response'
- MEDIUM: ssl: add 300s supported time skew on OCSP response
update.
- MINOR: checks: mysql-check: Add support for v4.1+ authentication
- MEDIUM: ssl: Add the option to use standardized DH parameters >=
1024 bits
- MEDIUM: ssl: fix detection of ephemeral diffie-hellman key
exchange by using the cipher description.
- MEDIUM: http: add actions "replace-header" and "replace-values"
in http-req/resp
- MEDIUM: Break out check establishment into connect_chk()
- MEDIUM: Add port_to_str helper
- BUG/MEDIUM: fix ignored values for half-closed timeouts
(client-fin and server-fin) in defaults section.
- BUG/MEDIUM: Fix unhandled connections problem with systemd
daemon mode and SO_REUSEPORT.
- MINOR: regex: fix a little configuration memory leak.
- MINOR: regex: Create JIT compatible function that return match
strings
- MEDIUM: regex: replace all standard regex function by own
functions
- MEDIUM: regex: Remove null terminated strings.
- MINOR: regex: Use native PCRE API.
- MINOR: missing regex.h include
- DOC: Add Exim as Proxy Protocol implementer.
- BUILD: don't use type "uint" which is not portable
- BUILD: stats: workaround stupid and bogus
-Werror=format-security behaviour
- BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new
transaction
- CLEANUP: http: don't clear CF_READ_NOEXP twice
- DOC: fix proxy protocol v2 decoder example
- DOC: fix remaining occurrences of "pattern extraction"
- MINOR: log: allow the HTTP status code to be logged even in TCP
frontends
- MINOR: logs: don't limit HTTP header captures to HTTP frontends
- MINOR: sample: improve sample_fetch_string() to report partial
contents
- MINOR: capture: extend the captures to support non-header keys
- MINOR: tcp: prepare support for the "capture" action
- MEDIUM: tcp: add a new tcp-request capture directive
- MEDIUM: session: allow shorter retry delay if timeout connect is
small
- MEDIUM: session: don't apply the retry delay when redispatching
- MEDIUM: session: redispatch earlier when possible
- MINOR: config: warn when tcp-check rules are used without option
tcp-check
- BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN
protocol
- DOC: proxy protocol example parser was still wrong
- DOC: minor updates to the proxy protocol doc
- CLEANUP: connection: merge proxy proto v2 header and address
block
- MEDIUM: connection: add support for proxy protocol v2 in
accept-proxy
- MINOR: tools: add new functions to quote-encode strings
- DOC: clarify the CSV format
- MEDIUM: stats: report the last check and last agent's output on
the CSV status
- MINOR: freq_ctr: introduce a new averaging method
- MEDIUM: session: maintain per-backend and per-server time
statistics
- MEDIUM: stats: report per-backend and per-server time stats in
HTML and CSV outputs
- BUG/MINOR: http: fix typos in previous patch
- DOC: remove the ultra-obsolete TODO file
- DOC: update roadmap
- DOC: minor updates to the README
- DOC: mention the maxconn limitations with the select poller
- DOC: commit a few old design thoughts files
----