Hi,

HAProxy 2.0.2 was released on 2019/07/16. It added 42 new commits
after version 2.0.1.

This version addresses a number of annoying issues that were reported after
2.0.1, most of which also affect 1.9, with a few which were only late 2.0
regressions.

Without any particular order, I can cite :
  - a risk of crash if check-alpn was used on a server without SSL
  - some CLOSE_WAIT connections accumulating on closed idle connections
    attached to the H1 mux (two fixes)
  - a problem of processes not dying in external checks because the
    signals were not unblocked before forking them
  - some trailers not always removed when forwarding H2 to H1 messages
    if content-length was used.
  - chunked responses to HEAD requests not properly dropping their body
  - another case of incorrectly closed connections to server after a
    recent fix
  - risk of crash with checks on two rare races
  - some occasional invalid responses with the prometheus exporter and Lua
    in HTX mode
  - a case of occasionally frozen stream in HTX
  - failure to upgrade TCP (frontend) to HTX (backend) over SSL
  - missing support of tfo in default-server and the no-tfo that comes with it
  - a bug affecting some use-service directives in pure frontends if they 
require
    some body due to the lack of forwarding.
  - missing lock causing random crashes when using "balance first" with threads
  - data corruption in tunnel mode in H1+HTX mode, affecting Websocket for
    example.
  - excessive CPU usage when a stream is woken up after a write event to
    re-enable reading while the buffer is still full, which wakes up until
    the data flushes.
  - occasional connections stuck in CLOSE_WAIT after a redispatch because
    the previous one was not properly released.
  - incorrect detection of empty handshakes affecting LibreSSL and OpenSSL.
  - excessive CPU usage at high connection rates caused by too many threads
    failing to trylock the listener's FD.
  - fix sample type in DeviceAtlas causing some randomly wrong samples to
    be returned.
  - rare race condition on idle connections which could theorically lead
    to a crash (never observed yet, found in the code)
  - thread safety issue when dealing with limited listeners : deadlocks
    and crashes can happen when the frontend's or process's maxconn were
    reached on multiple threads and a connection is released by another
    thread.
  - L7 retries would sometimes redispatch regardless of the redispatch
    option depending where the error is detected.
  - sequences of "tcp-request connect" rules were still broken, instead
    of ignoring the last one they were ignoring all but the last one.
  - the cpu-map directive was ignored for entries referencing a single
    thread and a single process (e.g. cpu-map 1/1 0 did nothing).

None of them is really dramatic and most users will not notice them (and
the one running on haproxy.org didn't notice). Still enough users are
impacted by at least one of these bugs to warrant a release and save
everyone's time, especially when some issues are created to report already
known and fixed bugs.

So please update to 2.0.2 if you're on 2.0.x. Now that we've ironed the
painful issues that were also plaguing 1.9 I think it will be time to issue
another round of 1.9 and possibly 1.8 as well since at least the listener
bug affects it.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.0/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.0.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git
   Changelog        : http://www.haproxy.org/download/2.0/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Christopher Faulet (18):
      BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was 
reported
      BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
      BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
      BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
      BUG/MINOR: hlua: Don't use channel_htx_recv_max()
      BUG/MEDIUM: channel/htx: Use the total HTX size in 
channel_htx_recv_limit()
      BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
      BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are 
sent
      BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
      MINOR: action: Add the return code ACT_RET_DONE for actions
      BUG/MEDIUM: http/applet: Finish request processing when a service is 
registered
      BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
      BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are 
formatted
      BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
      MINOR: stream-int: Factorize processing done after sending data in 
si_cs_send()
      BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock 
opposite si
      BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections
      BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to 
send

Dave Pirotte (1):
      BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are 
used

David Carlier (1):
      BUG/MEDIUM: da: cast the chunk to string.

Frédéric Lécaille (1):
      MINOR: server: Add "no-tfo" option.

John Roesler (1):
      DOC: Fix typos and grammer in configuration.txt

Lukas Tribus (1):
      BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2

Olivier Houchard (11):
      BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
      BUG/MEDIUM: connections: Always call shutdown, with no linger.
      BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is 
closed.
      BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the 
mux.
      BUG/MEDIUM: servers: Authorize tfo in default-server.
      BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
      BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse 
it.
      BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection.
      BUG/MEDIUM: servers: Fix a race condition with idle connections.
      BUG/MEDIUM: streams: Don't give up if we couldn't send the request.
      BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't 
set.

William Lallemand (1):
      BUG/MINOR: mworker/cli: don't output a \n before the response

Willy Tarreau (7):
      BUG/MEDIUM: checks: unblock signals in external checks
      BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept
      MINOR: task: introduce work lists
      BUG/MAJOR: listener: fix thread safety in resume_listener()
      BUG/MINOR: mux-pt: do not pretend there's more data after a read0
      BUG/MEDIUM: tcp-check: unbreak multiple connect rules again
      BUG/MEDIUM: threads: cpu-map designating a single thread/process are 
ignored

---

Reply via email to