Hi, HAProxy 1.9.8 was released on 2019/05/13. It added 53 new commits after version 1.9.7.
The most important bugs fall into 3 main categories here : - a possible crash in multi-threads when issuing "show map" or "show acl" on the CLI in parallel to "clear map" or "clear acl" on another CLI session ; - an incorrect handling in H2 of the HTX end-of-message mark after the response trailers which can lead to an endless loop between the caller seeing there's still something to send and the callee seeing it cannot send this block alone. This one gave a few of us some difficulties and helped us see how we can improve HTX for future versions by making certain cases more straightforward. Thanks to Patrick Hemmer for providing backtraces exhibiting the issue. - multiple incorrect list handling in the H2 mux resulting in endless loops for some users with large objects. The assumptions that once were granted in this code evolved several times during 1.9-dev and have led to situations where the presence of an element in the send list was not guarded anymore by some previous conditions. Multiple iterations of fixes were only pushing the problem forward to the next point. Now that these issues were addressed, we've figured how certain parts can be simplified to significantly reduce the probability that similar issues appear in the future. We owe a big thanks to Maciej Zdeb for testing countless patches and reporting detailed traces, and even core dumps. There were some other annoying issues among which : - occasionally a 100% CPU condition (but traffic not interrupted) on certain fragmented H2 HEADER frames. Thanks go to Yves Lafon for providing cores and traces. - missing locks on source port ranges occasionally causing connections running on different threads to pick the same outgoing source port, resulting in connection failures. - a missing lock on the server slowstart code causing deadlocks on the roundrobin algorithm when using threads and slowstart. The rest is either a bit less important or became confuse to me after having dealt with the ones above, to be honest. I'm quite confident this one works way better than previous ones, and at the same time that someone will soon raise their hand saying "I think I have a problem". Having said that, with 305 bugs fixed since 1.9.0 was released, you have no valid reason for still using an earlier release now that this one is available. I would generally like to thank all the early adopters who are running on 1.9, because they are the ones going through all the problems above and taking the risks for others, and thanks to them we can expect a much calmer 2.0. So please continue to report any issue you'll meet! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.9/src/ Git repository : http://git.haproxy.org/git/haproxy-1.9.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Chris Packham (1): BUILD: threads: Add __ha_cas_dw fallback for single threaded builds Christopher Faulet (13): BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request MINOR: spoe: Use the sample context to pass frag_ctx info during encoding MINOR: examples: Use right locale for the last changelog date in haproxy.spec BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled MINOR: config: Test validity of tune.maxaccept during the config parsing CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1 BUG/MEDIUM: spoe: Be sure the sample is found before setting its context BUG/MINOR: mux-h1: Fix the parsing of trailers BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks() MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX message BUG/MINOR: stream: Attach the read side on the response as soon as possible BUG/MEDIUM: http: Use pointer to the begining of input to parse message headers MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are checked Dragan Dosen (4): BUG/MINOR: haproxy: fix rule->file memory leak BUG/MINOR: log: properly free memory on logformat parse error and deinit() BUG/MINOR: checks: free memory allocated for tasklets BUG/MEDIUM: pattern: fix memory leak in regex pattern functions Ilya Shipitsin (1): BUG/MEDIUM: servers: fix typo "src" instead of "srv" Kevin Zhu (1): BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed Olivier Houchard (11): MINOR: threads: Implement HA_ATOMIC_LOAD(). BUG/MEDIUM: port_range: Make the ring buffer lock-free. BUG/MEDIUM: channels: Don't forget to reset output in channel_erase(). BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown. BUG/MEDIUM: ssl: Use the early_data API the right way. BUG/MEDIUM: streams: Don't add CF_WRITE_ERROR if early data were rejected. BUG/MEDIUM: ssl: Don't attempt to use early data with libressl. MINOR: doc: Document allow-0rtt on the server line. BUG/MEDIUM: h2: Revamp the way send subscriptions works. BUG/MEDIUM: h2: Make sure we set send_list to NULL in h2_detach(). BUG/MEDIUM: h2: Don't check send_wait to know if we're in the send_list. Rob Allen (1): BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload Tim Duesterhus (2): DOC: Fix typo in keyword matrix BUG/MINOR: vars: Fix memory leak in vars_check_arg Willy Tarreau (17): BUG/MEDIUM: mux-h2: properly deal with too large headers frames BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI BUG/MEDIUM: checks: make sure the warmup task takes the server lock CLEANUP: task: report calls as unsigned in show sess BUG/MINOR: activity: always initialize the profiling variable MINOR: connection: make the debugging helper functions safer BUG/MINOR: logs/threads: properly split the log area upon startup BUG/MINOR: mux-h2: rely on trailers output not input to turn them to empty data BUG/MEDIUM: h2/htx: always fail on too large trailers MEDIUM: mux-h2: discard contents that are to be sent after a shutdown BUG/MEDIUM: mux-h2/htx: never wait for EOM when processing trailers BUG/MEDIUM: h2/htx: never leave a trailers block alone with no EOM block BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend BUILD: ssl: fix again a libressl build failure after the openssl FD leak fix BUILD: threads: fix again the __ha_cas_dw() definition BUG/MAJOR: mux-h2: do not add a stream twice to the send list BUG/MINOR: htx: make sure to always initialize the HTTP method when parsing a buffer Yann Cézard (2): DOC: contrib/modsecurity: Typos and fix the reject example BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it ---