HAProxy 2.2-dev11 was released on 2020/06/26. It added 48 new commits
after version 2.2-dev10.

I'm really hoping that this version is the last -dev one. We're still
busy fighting the performance regression observed by William Dauchy,
and while doing so, we've found a number of other bugs and improved
several areas:

  - a crash experienced with latest log changes when using SPOE was fixed

  - a few other crashes when manipulating certificates from the CLI were
    addressed (some only affecting the deinit code on exit).

  - since we've started to suspect that some corner cases of the scheduler
    causing unfairness could be responsible for the performance issues,
    these ones were addressed, resulting in improved fairness and even a
    new option to enforce priorities harder, cutting the average latency
    roughly in half when dealing with hundreds of thousands of connections.

  - several bugs affecting the new line parser used by the config parser
    were addressed. These were mostly affecting empty files, files not
    ending with an LF character, and invalid files generated by fuzzers.

  - a fix from 2.2-dev10 for the loss of MSG_MORE caused internally
    generated responses (100, return, deny, redirects) to be delayed on
    keep-alive responses. This was fixed again.

  - new set of ssl_s_* sample fetch functions to retrieve information
    about a server's SSL certificate.

  - the hdr_ip sample fetch function was bogus, it could parse more
    characters than really present in the sample, occasionally causing
    some trailing digits present in a previous sample to be read.

We've also spotted a few issues around idle connections bookkeeping that
are not trivial to address and will require a little bit of careful work.
To make a long story short, idle server connections are kept based on the
recent activity. But connections marked "private" are kept accounted for
forever. When such connections are enforced by configuration (proxy proto,
source clientip, SNI), it's not a real problem since this measure is not
used. But when mixed traffic happens on the same server (mixed normal and
NTLM responses), this could result in shared connections never being
expired. The sad news is that I don't think this can be related to the
problem William is facing. Still digging :-/

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.2/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/2.2/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Anthonin Bonnefoy (1):
      MINOR: http: Add support for http 413 status

Christopher Faulet (7):
      REGTEST: Add a simple script to tests errorfile directives in proxy 
      BUG/MEDIUM: fcgi-app: Resolve the sink if a fcgi-app logs in a ring buffer
      BUG/MEDIUM: http-ana: Don't loop trying to generate a malformed 500 
      BUG/MINOR: stream-int: Don't wait to send truncated HTTP messages
      BUG/MINOR: http-ana: Set CF_EOI on response channel for generated 
      BUG/MINOR: http-ana: Don't wait to send 1xx responses generated by HAProxy
      MINOR: spoe: Don't systematically create new applets if processing rate 
is low

Ilya Shipitsin (5):
      BUILD: fix ssl_sample.c when building against BoringSSL
      CI: travis-ci: switch BoringSSL builds to ninja
      CI: extend spellchecker whitelist
      DOC: assorted typo fixes in the documentation
      CLEANUP: assorted typo fixes in the code and comments

Miroslav Zagorac (1):
      BUG/MINOR: spoe: correction of setting bits for analyzer

Tim Duesterhus (5):
      BUG/MINOR: cfgparse: Support configurations without newline at EOF
      MINOR: cfgparse: Warn on truncated lines / files
      BUG/MINOR: cfgparse: Fix argument reference in PARSE_ERR_TOOMANY message
      BUG/MINOR: cfgparse: Fix calculation of position for PARSE_ERR_TOOMANY 
      BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL

William Lallemand (13):
      BUG/MEDIUM: ssl: fix ssl_bind_conf double free
      MINOR: ssl: free bind_conf_node in crtlist_free()
      MINOR: ssl: free the crtlist and the ckch during the deinit()
      BUG/MINOR: ssl: fix build with ckch_deinit() and crtlist_deinit()
      BUG/MINOR: ssl/cli: certs added from the CLI can't be deleted
      MINOR: ssl: move the ckch/crtlist deinit to ssl_sock.c
      BUG/MEDIUM: ssl/cli: 'commit ssl cert' crashes when no private key
      MINOR: cli/ssl: handle trailing slashes in crt-list commands
      MINOR: ssl: add the ssl_s_* sample fetches for server side certificate
      DOC: fix some typos in the ssl_s_{s|i}_dn documentation
      REGTEST: ssl: tests the ssl_f_* sample fetches
      REGTEST: ssl: add some ssl_c_* sample fetches test
      DOC: ssl: update the documentation of "commit ssl cert"

Willy Tarreau (16):
      BUG/MINOR: http_ana: clarify connection pointer check on L7 retry
      MINOR: debug: add a new DEBUG_FD build option
      BUG/MINOR: tasks: make sure never to exceed max_processed
      MINOR: task: add a new pointer to current tasklet queue
      BUG/MEDIUM: task: be careful not to run too many tasks at TL_URGENT
      MEDIUM: tasks: apply a fair CPU distribution between tasklet classes
      MINOR: tasks: make current_queue an index instead of a pointer
      MINOR: tasks: add a mask of the queues with active tasklets
      MINOR: tasks: pass the queue index to run_task_from_list()
      MINOR: tasks: make run_tasks_from_lists() scan the queues itself
      MEDIUM: tasks: add a tune.sched.low-latency option
      BUG/MINOR: cfgparse: don't increment linenum on incomplete lines
      MINOR: tools: make parse_line() always terminate the args list
      BUG/MINOR: cfgparse: report extraneous args *after* the string is 
      MINOR: cfgparse: sanitize the output a little bit
      BUG/MINOR: cfgparse: correctly deal with empty lines


Reply via email to