Hi,
HAProxy 2.0.2 was released on 2019/07/16. It added 42 new commits
after version 2.0.1.
This version addresses a number of annoying issues that were reported after
2.0.1, most of which also affect 1.9, with a few which were only late 2.0
regressions.
Without any particular order, I can cite :
- a risk of crash if check-alpn was used on a server without SSL
- some CLOSE_WAIT connections accumulating on closed idle connections
attached to the H1 mux (two fixes)
- a problem of processes not dying in external checks because the
signals were not unblocked before forking them
- some trailers not always removed when forwarding H2 to H1 messages
if content-length was used.
- chunked responses to HEAD requests not properly dropping their body
- another case of incorrectly closed connections to server after a
recent fix
- risk of crash with checks on two rare races
- some occasional invalid responses with the prometheus exporter and Lua
in HTX mode
- a case of occasionally frozen stream in HTX
- failure to upgrade TCP (frontend) to HTX (backend) over SSL
- missing support of tfo in default-server and the no-tfo that comes with it
- a bug affecting some use-service directives in pure frontends if they
require
some body due to the lack of forwarding.
- missing lock causing random crashes when using "balance first" with threads
- data corruption in tunnel mode in H1+HTX mode, affecting Websocket for
example.
- excessive CPU usage when a stream is woken up after a write event to
re-enable reading while the buffer is still full, which wakes up until
the data flushes.
- occasional connections stuck in CLOSE_WAIT after a redispatch because
the previous one was not properly released.
- incorrect detection of empty handshakes affecting LibreSSL and OpenSSL.
- excessive CPU usage at high connection rates caused by too many threads
failing to trylock the listener's FD.
- fix sample type in DeviceAtlas causing some randomly wrong samples to
be returned.
- rare race condition on idle connections which could theorically lead
to a crash (never observed yet, found in the code)
- thread safety issue when dealing with limited listeners : deadlocks
and crashes can happen when the frontend's or process's maxconn were
reached on multiple threads and a connection is released by another
thread.
- L7 retries would sometimes redispatch regardless of the redispatch
option depending where the error is detected.
- sequences of "tcp-request connect" rules were still broken, instead
of ignoring the last one they were ignoring all but the last one.
- the cpu-map directive was ignored for entries referencing a single
thread and a single process (e.g. cpu-map 1/1 0 did nothing).
None of them is really dramatic and most users will not notice them (and
the one running on haproxy.org didn't notice). Still enough users are
impacted by at least one of these bugs to warrant a release and save
everyone's time, especially when some issues are created to report already
known and fixed bugs.
So please update to 2.0.2 if you're on 2.0.x. Now that we've ironed the
painful issues that were also plaguing 1.9 I think it will be time to issue
another round of 1.9 and possibly 1.8 as well since at least the listener
bug affects it.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.0/src/
Git repository : http://git.haproxy.org/git/haproxy-2.0.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git
Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Christopher Faulet (18):
BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was
reported
BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
BUG/MINOR: hlua: Don't use channel_htx_recv_max()
BUG/MEDIUM: channel/htx: Use the total HTX size in
channel_htx_recv_limit()
BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are
sent
BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
MINOR: action: Add the return code ACT_RET_DONE for actions
BUG/MEDIUM: http/applet: Finish request processing when a service is
registered
BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are
formatted
BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
MINOR: stream-int: Factorize processing done after sending data in
si_cs_send()
BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock
opposite si
BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections
BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to
send
Dave Pirotte (1):
BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are
used
David Carlier (1):
BUG/MEDIUM: da: cast the chunk to string.
Frédéric Lécaille (1):
MINOR: server: Add "no-tfo" option.
John Roesler (1):
DOC: Fix typos and grammer in configuration.txt
Lukas Tribus (1):
BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
Olivier Houchard (11):
BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
BUG/MEDIUM: connections: Always call shutdown, with no linger.
BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is
closed.
BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the
mux.
BUG/MEDIUM: servers: Authorize tfo in default-server.
BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse
it.
BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection.
BUG/MEDIUM: servers: Fix a race condition with idle connections.
BUG/MEDIUM: streams: Don't give up if we couldn't send the request.
BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't
set.
William Lallemand (1):
BUG/MINOR: mworker/cli: don't output a \n before the response
Willy Tarreau (7):
BUG/MEDIUM: checks: unblock signals in external checks
BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept
MINOR: task: introduce work lists
BUG/MAJOR: listener: fix thread safety in resume_listener()
BUG/MINOR: mux-pt: do not pretend there's more data after a read0
BUG/MEDIUM: tcp-check: unbreak multiple connect rules again
BUG/MEDIUM: threads: cpu-map designating a single thread/process are
ignored
---
