Hi, HAProxy 2.0.2 was released on 2019/07/16. It added 42 new commits after version 2.0.1.
This version addresses a number of annoying issues that were reported after 2.0.1, most of which also affect 1.9, with a few which were only late 2.0 regressions. Without any particular order, I can cite : - a risk of crash if check-alpn was used on a server without SSL - some CLOSE_WAIT connections accumulating on closed idle connections attached to the H1 mux (two fixes) - a problem of processes not dying in external checks because the signals were not unblocked before forking them - some trailers not always removed when forwarding H2 to H1 messages if content-length was used. - chunked responses to HEAD requests not properly dropping their body - another case of incorrectly closed connections to server after a recent fix - risk of crash with checks on two rare races - some occasional invalid responses with the prometheus exporter and Lua in HTX mode - a case of occasionally frozen stream in HTX - failure to upgrade TCP (frontend) to HTX (backend) over SSL - missing support of tfo in default-server and the no-tfo that comes with it - a bug affecting some use-service directives in pure frontends if they require some body due to the lack of forwarding. - missing lock causing random crashes when using "balance first" with threads - data corruption in tunnel mode in H1+HTX mode, affecting Websocket for example. - excessive CPU usage when a stream is woken up after a write event to re-enable reading while the buffer is still full, which wakes up until the data flushes. - occasional connections stuck in CLOSE_WAIT after a redispatch because the previous one was not properly released. - incorrect detection of empty handshakes affecting LibreSSL and OpenSSL. - excessive CPU usage at high connection rates caused by too many threads failing to trylock the listener's FD. - fix sample type in DeviceAtlas causing some randomly wrong samples to be returned. - rare race condition on idle connections which could theorically lead to a crash (never observed yet, found in the code) - thread safety issue when dealing with limited listeners : deadlocks and crashes can happen when the frontend's or process's maxconn were reached on multiple threads and a connection is released by another thread. - L7 retries would sometimes redispatch regardless of the redispatch option depending where the error is detected. - sequences of "tcp-request connect" rules were still broken, instead of ignoring the last one they were ignoring all but the last one. - the cpu-map directive was ignored for entries referencing a single thread and a single process (e.g. cpu-map 1/1 0 did nothing). None of them is really dramatic and most users will not notice them (and the one running on haproxy.org didn't notice). Still enough users are impacted by at least one of these bugs to warrant a release and save everyone's time, especially when some issues are created to report already known and fixed bugs. So please update to 2.0.2 if you're on 2.0.x. Now that we've ironed the painful issues that were also plaguing 1.9 I think it will be time to issue another round of 1.9 and possibly 1.8 as well since at least the listener bug affects it. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (18): BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max() BUG/MINOR: hlua: Don't use channel_htx_recv_max() BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit() BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks MINOR: action: Add the return code ACT_RET_DONE for actions BUG/MEDIUM: http/applet: Finish request processing when a service is registered BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred MINOR: stream-int: Factorize processing done after sending data in si_cs_send() BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to send Dave Pirotte (1): BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are used David Carlier (1): BUG/MEDIUM: da: cast the chunk to string. Frédéric Lécaille (1): MINOR: server: Add "no-tfo" option. John Roesler (1): DOC: Fix typos and grammer in configuration.txt Lukas Tribus (1): BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2 Olivier Houchard (11): BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL. BUG/MEDIUM: connections: Always call shutdown, with no linger. BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed. BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux. BUG/MEDIUM: servers: Authorize tfo in default-server. BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions. BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it. BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection. BUG/MEDIUM: servers: Fix a race condition with idle connections. BUG/MEDIUM: streams: Don't give up if we couldn't send the request. BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set. William Lallemand (1): BUG/MINOR: mworker/cli: don't output a \n before the response Willy Tarreau (7): BUG/MEDIUM: checks: unblock signals in external checks BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept MINOR: task: introduce work lists BUG/MAJOR: listener: fix thread safety in resume_listener() BUG/MINOR: mux-pt: do not pretend there's more data after a read0 BUG/MEDIUM: tcp-check: unbreak multiple connect rules again BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored ---