Hi, HAProxy 1.8.5 was released on 2018/03/23. It added 51 new commits after version 1.8.4, about a third of which are moderate bug fixes.
The most important fix concerns the queue management when threads are enabled. Till now, in case connections handled by different threads would be handled by a same server where the maxconn limit is reached, there were some non-thread safe operations during the dequeue, which could cause freezes, memory corruption and crashes. This has been fixed. A small number of other issues were related to threads, and a other ones to HTTP/2. Half of the fixes are mostly annoyance of low importance and affect older versions as well. I won't enumerate all areas as it's spread all over the code. Some known issues remain (we tried to address quite a number of them with this release but delaying forever is not an option). One of them that I want to work on is the fact that we don't use transfer-encoding for HTTP/2 requests that miss a content-length. It requires delicate changes to the H2 code that will be much easy to do in 1.9 than in 1.8 so I'll have to figure how to do them without breaking anything. Some other issues were reported, like a strange memory corruption on HTTP/2, which makes no sense from the code perspective unless it was a side effect of the "dbuf_wait" bug. It looks slightly possible for it to indirectly cause this effect but the conditions to join together are hard to figure. For this reason, I'd really appreciate it if future reports are made on 1.8.5 only : previous ones suffer from a few known bugs making reports unreliable. Overall despite these few remaining issues, we're getting much better. This version should have been emitted earlier. We try to issue them as often as possible but when you're focused on your code, time flies very quickly. Do not hesitate to ping us when you're waiting for a release (and thanks Olivier for the reminder). So don't waste your time in front of TV on a possibly rainy week-end, and have fun upgrading all your instances ;-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Aurélien Nephtali (6): BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd" CLEANUP: ssl: Remove a duplicated #include CLEANUP: cli: Remove a leftover debug message BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage BUG/MINOR: cli: Fix a crash when sending a command with too many arguments Baptiste Assmann (3): BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers BUG/MINOR: tcp-check: use the server's service port as a fallback Bernard Spil (1): BUILD: ssl: Fix build with OpenSSL without NPN capability Christopher Faulet (12): BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible BUG/MINOR: h2: Set the target of dbuf_wait to h2c BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk CLEANUP: .gitignore: Ignore binaries from the contrib directory BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management BUG/MEDIUM: threads/queue: wake up other threads upon dequeue BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected Cyril Bonté (3): BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc BUG/MINOR: force-persist and ignore-persist only apply to backends DOC: log: more than 2 log servers are allowed Emeric Brun (2): BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken. BUG/MINOR: session: Fix tcp-request session failure if handshake. Emmanuel Hocdet (1): Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')" Lukas Tribus (1): DOC: don't suggest using http-server-close Olivier Houchard (3): BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable. BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list. BUG/MINOR: seemless reload: Fix crash when an interface is specified. Thierry FOURNIER (3): DOC: lua: new prototype for function "register_action()" BUG/MINOR: spoa-example: unexpected behavior for more than 127 args BUG/MINOR: lua: return bad error messages Thierry Fournier (1): MINOR/BUILD: fix Lua build on Mac OS X Tim Duesterhus (4): DOC: cfgparse: Warn on option (tcp|http)log in backend MINOR: systemd: Add section for SystemD sandboxing to unit file MINOR: systemd: Add SystemD's Protect*= options to the unit file MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file Willy Tarreau (10): BUG/MINOR: threads: fix missing thread lock labels for 1.8 BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF MINOR: debug/pools: make DEBUG_UAF also detect underflows BUG/MEDIUM: h2: always consume any trailing data after end of output buffers BUILD/MINOR: fix Lua build on Mac OS X (again) BUG/MEDIUM: h2: also arm the h2 timeout when sending MINOR: log: stop emitting alerts when it's not possible to write on the socket BUILD/BUG: enable -fno-strict-overflow by default BUG/MEDIUM: h2: properly account for DATA padding in flow control BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM Yves Lafon (1): MINOR: stats: display the number of threads in the statistics. ---
