Hi willy.

Am 06.02.2019 um 15:25 schrieb Willy Tarreau:
> Hi,
> HAProxy 1.9.4 was released on 2019/02/06. It added 65 new commits
> after version 1.9.3.

Images are updated.


Maybe this patch was to late for 1.9.4 please can you consider to add it
to 2.0 and later 1.9.5, thanks.



> The main focus in terms of time spent was clearly on end-to-end H2
> correctness, which involves both the H2 protocol itself and the idle
> connections management. It's difficult to enumerate in details all the
> issues that were addressed, but these generally range from not failing
> a connection when failing a stream can be sufficient to counting the
> number of pre-allocated streams on an idle idle outgoing connection to
> make sure it still has stream IDs left. Some server-side idle timeout
> errors could occasionally lead to the whole connection being closed.
> One check was added to prevent an HTX frontend from dynamically branching
> to a non-HTX backend (and conversely), as only the static branches were
> addressed till now.
> There were some improvements on memory allocation failures, a number of
> places were not tested anymore (or this was new code). Ah and a memory
> leak on the unique_id was addressed (it could happen with TCP instances
> when declared in a defaults section).
> Etags are now rewritten from strong to weak by the compression. I had no
> idea this concept of weak vs strong existed at all :-)
> And in addition to this, yesterday two other interesting problems were
> reported and addressed :
>   - the first one is about using certain L7 features at the load balancing
>     layer (such as "balance hdr") in HTX mode which could crash haproxy.
>     It was in fact caused by the loss of one patch during the multiple
>     liftings of the code prior to the merge. That's now fixed. I'm still
>     amazed we managed to lose only one patch in this ocean of code!
>   - the other one is quite nasty and impacts all supported versions. Haproxy
>     currently performs very deep compatibility tests on your rules, frontends
>     and backends after parsing the configuration. But a corner case remained
>     by which it was possible to have a frontend bound on, say, processes
>     1 and 2, tracking a key stored in a table present only in process 1 that
>     would in turn rely on peers on process 1 as well. Here there is a problem,
>     when the frontend receives connections on process 2, the resolved pointers
>     for the table end up pointing to a completely different location in a
>     parallel universe, then peers are activated to push the data while the
>     section has been deallocated... So the relevant checks have been added
>     to make sure that a process doesn't try to interact with a section that
>     is not present for this process. This covers the track-sc* actions, the
>     sc_* sample keywords, and SPOE filters. I was extremely cautious to cover
>     the strict minimum so as not to impact any harmless config. It *is*
>     possible that one of your config will refuse to load if it is already
>     bogus. Please note that if this happens, it means this config is wrong
>     and already presents the risk of random crashes. *Do not* rollback if
>     this happens, please ask for help here instead. (I in fact expect that
>     nobody will see these errors, meaning that the amount of complex and
>     bogus configs in field is rather low).
> The rest is pretty low impact and standard.
> Please find the usual URLs below :
>    Site index       : http://www.haproxy.org/
>    Discourse        : http://discourse.haproxy.org/
>    Slack channel    : https://slack.haproxy.org/
>    Issue tracker    : https://github.com/haproxy/haproxy/issues
>    Sources          : http://www.haproxy.org/download/1.9/src/
>    Git repository   : http://git.haproxy.org/git/haproxy-1.9.git/
>    Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
>    Changelog        : http://www.haproxy.org/download/1.9/src/CHANGELOG
>    Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
> Willy
> ---
> Complete changelog :
> Christopher Faulet (2):
>       BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is 
> forbidden
>       BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with 
> Jérôme Magnin (1):
>       DOC: add a missing space in the documentation for bc_http_major
> Kevin Zhu (1):
>       BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
> Olivier Houchard (11):
>       BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE.
>       MINOR: xref: Add missing barriers.
>       BUG/MEDIUM: peers: Handle mux creation failure.
>       BUG/MEDIUM: checks: Check that conn_install_mux succeeded.
>       BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated.
>       BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle 
> list.
>       BUG/MEDIUM: checks: Don't try to set ALPN if connection failed.
>       BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf.
>       BUG/MEDIUM: servers: Close the connection if we failed to install the 
> mux.
>       BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for 
> allocation.
>       BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
> Tim Duesterhus (2):
>       BUG/MEDIUM: compression: Rewrite strong ETags
>       DOC: compression: Update the reasons for disabled compression
> Willy Tarreau (48):
>       SCRIPTS: add the issue tracker URL to the announce script
>       BUG/MINOR: server: fix logic flaw in idle connection list management
>       BUG/MINOR: stream: don't close the front connection when facing a 
> backend error
>       DOC: htx: make it clear that htxbuf() and htx_from_buf() always return 
> valid pointers
>       MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty()
>       MEDIUM: stream-int: always mark pending outgoing SI_ST_CON
>       MINOR: stream: don't wait before retrying after a failed connection 
> reuse
>       MEDIUM: h2: always parse and deduplicate the content-length header
>       BUG/MINOR: mux-h2: always compare content-length to the sum of DATA 
> frames
>       BUG/MEDIUM: mux-h2: only close connection on request frames on closed 
> streams
>       BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window 
> update
>       BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
>       BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
>       BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them
>       BUG/MINOR: mux-h2: make sure response HEADERS are not received in other 
> states than OPEN and HLOC
>       MINOR: h2: add a generic frame checker
>       MEDIUM: mux-h2: check the frame validity before considering the stream 
> state
>       CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity
>       CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing
>       CLEANUP: mux-h2: remove stream ID and frame length checks from the 
> frame parsers
>       BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't 
> break the connection
>       MINOR: mux-h2: consistently rely on the htx variable to detect the mode
>       BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing 
> the connection
>       MINOR: stream-int: add a new flag to mention that we want the 
> connection to be killed
>       MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
>       BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
>       MINOR: mux-h2: max-concurrent-streams should be unsigned
>       MINOR: mux-h2: make sure to only check concurrency limit on the frontend
>       MINOR: mux-h2: learn and store the peer's advertised 
>       BUG/MEDIUM: mux-h2: properly consider the peer's advertised 
> max-concurrent-streams
>       BUG/MEDIUM: backend: always release the previous connection into its 
> own target srv_list
>       BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend 
> rules
>       BUG/MINOR: backend: check srv_conn before dereferencing it
>       BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method
>       BUG/MEDIUM: mux-h2: always set :authority on request output
>       BUG/MINOR: config: fix bind line thread mask validation
>       BUG/MINOR: compression: properly report compression stats in HTX mode
>       BUG/MINOR: task: close a tiny race in the inter-thread wakeup
>       BUG/MAJOR: config: verify that targets of track-sc and stick rules are 
> present
>       BUG/MAJOR: spoe: verify that backends used by SPOE cover all their 
> callers' processes
>       MINOR: backend: move url_param_name/len to lbprm.arg_str/len
>       MINOR: backend: make headers and RDP cookie also use arg_str/len
>       MINOR: backend: add new fields in lbprm to store more LB options
>       MINOR: backend: make the header hash use arg_opt1 for use_domain_only
>       MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3}
>       MINOR: backend: move hash_balance_factor out of chash
>       MEDIUM: backend: move all LB algo parameters into an union
>       BUG/MINOR: config: make sure to count the error on incorrect 
> track-sc/stick rules
> ---

Reply via email to