Am 16.07.2019 um 17:03 schrieb Willy Tarreau:
> Hi,
> HAProxy 2.0.2 was released on 2019/07/16. It added 42 new commits
> after version 2.0.1.
> This version addresses a number of annoying issues that were reported after
> 2.0.1, most of which also affect 1.9, with a few which were only late 2.0
> regressions.
> Without any particular order, I can cite :
>   - a risk of crash if check-alpn was used on a server without SSL
>   - some CLOSE_WAIT connections accumulating on closed idle connections
>     attached to the H1 mux (two fixes)
>   - a problem of processes not dying in external checks because the
>     signals were not unblocked before forking them
>   - some trailers not always removed when forwarding H2 to H1 messages
>     if content-length was used.
>   - chunked responses to HEAD requests not properly dropping their body
>   - another case of incorrectly closed connections to server after a
>     recent fix
>   - risk of crash with checks on two rare races
>   - some occasional invalid responses with the prometheus exporter and Lua
>     in HTX mode
>   - a case of occasionally frozen stream in HTX
>   - failure to upgrade TCP (frontend) to HTX (backend) over SSL
>   - missing support of tfo in default-server and the no-tfo that comes with it
>   - a bug affecting some use-service directives in pure frontends if they 
> require
>     some body due to the lack of forwarding.
>   - missing lock causing random crashes when using "balance first" with 
> threads
>   - data corruption in tunnel mode in H1+HTX mode, affecting Websocket for
>     example.
>   - excessive CPU usage when a stream is woken up after a write event to
>     re-enable reading while the buffer is still full, which wakes up until
>     the data flushes.
>   - occasional connections stuck in CLOSE_WAIT after a redispatch because
>     the previous one was not properly released.
>   - incorrect detection of empty handshakes affecting LibreSSL and OpenSSL.
>   - excessive CPU usage at high connection rates caused by too many threads
>     failing to trylock the listener's FD.
>   - fix sample type in DeviceAtlas causing some randomly wrong samples to
>     be returned.
>   - rare race condition on idle connections which could theorically lead
>     to a crash (never observed yet, found in the code)
>   - thread safety issue when dealing with limited listeners : deadlocks
>     and crashes can happen when the frontend's or process's maxconn were
>     reached on multiple threads and a connection is released by another
>     thread.
>   - L7 retries would sometimes redispatch regardless of the redispatch
>     option depending where the error is detected.
>   - sequences of "tcp-request connect" rules were still broken, instead
>     of ignoring the last one they were ignoring all but the last one.
>   - the cpu-map directive was ignored for entries referencing a single
>     thread and a single process (e.g. cpu-map 1/1 0 did nothing).
> None of them is really dramatic and most users will not notice them (and
> the one running on didn't notice). Still enough users are
> impacted by at least one of these bugs to warrant a release and save
> everyone's time, especially when some issues are created to report already
> known and fixed bugs.
> So please update to 2.0.2 if you're on 2.0.x. Now that we've ironed the
> painful issues that were also plaguing 1.9 I think it will be time to issue
> another round of 1.9 and possibly 1.8 as well since at least the listener
> bug affects it.
> Please find the usual URLs below :
>    Site index       :
>    Discourse        :
>    Slack channel    :
>    Issue tracker    :
>    Sources          :
>    Git repository   :
>    Git Web browsing :
>    Changelog        :
>    Cyril's HTML doc :

HAProxy with tls 1.3+lua+prom is now updated.

HA-Proxy version 2.0.2 2019/07/16 -
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
-Wno-missing-field-initializers -Wtype-limits


Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=1).
Built with OpenSSL version : OpenSSL 1.1.1c  28 May 2019
Running on OpenSSL version : OpenSSL 1.1.1c  28 May 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with the Prometheus exporter as a service

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE     mux=H2
              h2 : mode=HTTP       side=FE        mux=H2
       <default> : mode=HTX        side=FE|BE     mux=H1
       <default> : mode=TCP|HTTP   side=FE|BE     mux=PASS

Available services :

Available filters :
        [SPOE] spoe
        [COMP] compression
        [CACHE] cache
        [TRACE] trace

> Willy

BR aleks

> ---
> Complete changelog :

Reply via email to