Hi,

HAProxy 2.1-dev4 was released on 2019/11/03. It added 37 new commits
after version 2.1-dev3.

Things are progressively stabilizing, that's great. 

A few of us spent a few afternoons enclosed in a meeting room reading
long parts of code to try to diagnose and address some outgoing
connection issues. That was profitable since we pulled a long string and
ended up with a series of fixes, some of which will need to be backported
to 2.0 and 1.9. In short, depending on how a server connection error
triggers, it could make haproxy enter in an endless loop in 2.0 and 2.1
(ended by the watchdog in fact), or just prevent the connections from
being retried in case of a shared mux (outgoing H2). Another 2.0 will
have to be emitted to fix this. My understanding is that a part of these
patches are currently being studied in the context of legacy HTTP mode
(2.0 and before) as dealing with this one there is much trickier than
with HTX. It's also possible that a backport to 1.9 may require to
backport a significant number of changes, which I don't feel easy with.
Since 1.9 is less affected and not long-term maintained, another option
might be to just minimally mitigate the issues for the few months if has
left. We'll judge once 2.0 is done.

Aside this a few early issues in the new "set ssl cert" CLI command were
fixed (risk of crash when a dot is missing, unreleased lock in case of
early abort, missing alloc check, etc). Some improvements were made to
work in "set"/"commit" phases, which will be more future-proof. The stats
handler was fixed to properly deal with absolute URIs, as it wouldn't
otherwise work with H2.

A new srv_name sample fetch function was added, it reports the name of
the server which provided a response. The date and http_date fetch and
converter now support a unit. Another user-visible change is that we'll
now get the possibility to fail to startup if one of the limits set by
setrlimit() (typically the file descriptor limit) fails to be upgraded.
Till now it was only a warning. This new behavior is not yet enabled by
default (add "strict-limits" in the global section for this) but we
should change this to become the default mode in 2.3.

And as usual some minor doc fixes and updates were merged. I think that's
roughly all for this version. I'm going to deploy this version on
haproxy.org early in the week so that we have an opportunity to discover
any possible regression that escapes the regular testing.

I don't expect to develop much this week as I'll have to work a bit to
get prepared for the conference the week after. But we may emit another
-dev next week-end if sufficient fixes get merged. If things continue to
go well like this, I think we can hope for a final release before the
end of the month, which would be cool.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.1/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/2.1/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Christopher Faulet (2):
      BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if 
nothing sent
      BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is 
reached

Damien Claisse (1):
      MINOR: sample: add us/ms support to date/http_date

Emmanuel Hocdet (5):
      BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl
      BUG/MINOR: ssl: ckch->chain must be initialized
      BUG/MINOR: ssl: double free on error for ckch->{key,cert}
      MINOR: ssl: BoringSSL ocsp_response does not need issuer
      BUG/MEDIUM: ssl/cli: fix dot research in cli_parse_set_cert

Ilya Shipitsin (1):
      BUILD: CI: comment out cygwin build, upgrade various ssl libraries

Jerome Magnin (1):
      REGTEST: vtest can now enable mcli with its own flag

Joao Morais (1):
      BUG/MINOR: config: Update cookie domain warn to RFC6265

Olivier Houchard (3):
      MINOR: mux: Add a new method to get informations about a mux.
      BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready.
      BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully 
ready.

Tim Duesterhus (2):
      DOC: Improve documentation of http-re(quest|sponse) 
replace-(header|value|uri)
      DOC: Add GitHub issue config.yml

William Dauchy (3):
      MINOR: doc: fix busy-polling performance reference
      MINOR: config: allow no set-dumpable config option
      MINOR: init: always fail when setrlimit fails

William Lallemand (6):
      BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed
      BUG/MINOR: ssl/cli: cleanup on cli_parse_set_cert error
      MINOR: ssl/cli: rework the 'set ssl cert' IO handler
      MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit'
      CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2)
      BUG/MINOR: ssl/cli: check trash allocation in cli_io_handler_commit_cert()

Willy Tarreau (11):
      DOC: remove obsolete section about header manipulation
      BUILD/MINOR: tools: shut up the format truncation warning in 
get_gmt_offset()
      BUG/MINOR: spoe: fix off-by-one length in UUID format string
      BUILD/MINOR: ssl: shut up a build warning about format truncation
      BUILD: do not disable -Wformat-truncation anymore
      MINOR: chunk: add chunk_istcat() to concatenate an ist after a chunk
      Revert "MINOR: istbuf: add b_fromist() to make a buffer from an ist"
      BUG/MEDIUM: mux-h2: report no available stream on a connection having 
errors
      BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle 
list
      BUG/MEDIUM: mux-h2: immediately report connection errors on streams
      BUG/MINOR: stats: properly check the path and not the whole URI

vkill (1):
      MINOR: backend: Add srv_name sample fetche

---

Reply via email to