Hi,
HAProxy 2.5.6 was released on 2022/04/26. It added 86 new commits
after version 2.5.5.
As usual, several bugs were fixed in this release:
* An internal issue leading to truncated messages. When data were mixed
with an error report, connection errors could be handled too early by the
stream-interface. Now connection errors are only considered by the
stream-interface during the connection establishment. After that, it
relies on the conn-stream to be notified of any error.
* An issue in the pass-through multiplexer, exposed by the previous fix,
and that may lead to a loop at 100% CPU. Connection error was not
properly reported to the conn-stream on the sending path.
* An issue in the idle connections management code. It's extremely hard to
hit but it could randomly crash the process under high contention on the
server side due to a missing lock.
* An issue with the FCGI multiplexer when the response is compressed. The
FCGI application was rewriting the response headers modifying HTX flags
while the compression filter was doing so by modifying the HTTP message
flags. Thus some modification performed on a side were not detected by
the other, leading to produce invalid responses. Now, the flags of both
structures are systematically updated.
* An issue with responses to HEAD requests sent to FCGI servers. A
"Content-Length: 0" header was erroneously added on the bodyless
responses while it should not. Indeed, if the expected payload size is
not specified by the server, HAProxy must not add this header because it
cannot know it. In addition, still in the FCGI multiplexer, the parsing
of headers and trailers was fixed to properly handle parsing errors.
* Two issues in the H1 multiplexer. First, Connection error was reported to
early, when there were still pending data for the stream. Because of this
bug, last pending data could be truncated. Now the connection error is
reported only if there is no pending data. The second issue is a problem
about full buffer detection during the trailers parsing. Because of this
bug, it was possible to block the message parsing till the timeout
expiration.
* A design issue with the HTX. When EOM HTX block was replaced by a flag,
we tried hard to be sure the flag was always set with the last HTX block.
It works pretty well for all messages received from a client or a
server. But for internal messages, it was not always true, especially for
messages produced by applets. Some workarounds were found to fix this
design issue on stable versions. But a more elegant solution must be
found for the 2.6. Prometheus exporter, the stats applet and lua HTTP
applets were concerned.
* Some issues in the H2 multiplexers. First the GOAWAY frame is no longer
sent if SETTINGS were not sent. Then, as announced, the "timeout
http-keep-alive" and "timeout http-request" are now respected and work as
documented, so that it will finally be possible to force such connections
to be closed when no request comes even if they're seeing control traffic
such as PING frames. This can typically happen in some server-to-server
communications whereby the client application makes use of PING frames to
make sure the connection is still alive.
* Issues with captures defined in defaults sections. Since the 2.5, it is
possible to declare TCP/HTTP rules in defaults sections. However,
captures were not properly working. It is still pretty tricky to use
captures, but it doesn't crash anymore.
* Several issues in the HTTP client. An end callback was added to prevent
lua code to be stuck, response message is now properly consumed and the
host header is used to generate a SNI expression, mandatory for SSL
connections.
* A crash when HAproxy is compiled without the PCRE/PCRE2 support if it
tries to replace part of the uri while the path is invalid or not
specified.
* An issue with url_enc() converter. It was able to crush HTTP headers. It
is now fixed.
* Expired entries were displayed in "show cache" output. These entries are
now evicted instead of being listed.
In addition to these fixes, some improvements were backported:
* The server queue management was made way more scalable with threads. Till
now dequeuing would wake up next pending entry which could run on a
different thread, resulting in a lot of entries in the shared run queue
when many threads were running, causing a lot of contention on the
scheduler's lock, thus slowing down the dequeuing and adding in turn
contention on the queue's lock, to the point that a few users were seeing
similar performance with N threads as with a single thread when queues
were highly solicited. A small change was made both in the scheduler
and in the dequeuing code to bypass this locking and completely address
this issue.
* The automatic frontend connection closing mechanism on reload that was
brought into 2.5 caused some concerns to some users, leading to an option
to disable it. Now there's a new global setting, "close-spread-time",
which can be used to indicate that the closure of idle connections should
be randomly spread over that interval, so that reconnecting clients don't
all rush at the same time on the new process. This applies both to
passive close ("connection: close" on responses), and to active close of
idle connections. For best efficiency, the interval should obviously be
shorter than the one used in "hard-stop-after" if any. We'll also see how
to extend the mechanism to allow never to close at all as there's also
some demand for this.
* Opentracing was updated. In 2.5 we had to disable the use of variables
between the plugin and the haproxy core because the code was relying on
an original misfeature of the variables which was that they would never
disappear after being created, and this misfeature was fixed in 2.5,
breaking that part of Opentracing. Miroslav finally found the time to
address this and rework it in an elegant way so that the module is fully
functional again.
* Support for MQTT 3.1 was added.
* Another improvement which is not related to the code, with the precious
help of Tim and Cyril, we could finally set up an automatic generation of
the HTML documentation. It's performed daily and published on github
pages at http://docs.haproxy.org.
As usual, people using the 2.5 branch are encouraged to migrate to this
version. Thanks everyone for your help and your contributions!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Documentation : http://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.5/src/
Git repository : http://git.haproxy.org/git/haproxy-2.5.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.5.git
Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG
Pending bugs : http://www.haproxy.org/l/pending-bugs
Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs
Code reports : http://www.haproxy.org/l/code-reports
---
Complete changelog :
Aleksandar Lazic (1):
DOC: remove double blanks in configuration.txt
Christopher Faulet (21):
BUG/MINOR: rules: Initialize the list element when allocating a new rule
DOC: config: Explictly add supported MQTT versions
BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers
parsing
BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message
parsing
BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP
applet
BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is
reached
BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be
added
BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
BUG/MINOR: cache: Disable cache if applet creation fails
BUG/MAJOR: connection: Never remove connection from idle lists outside
the lock
BUG/MINOR: rules: Forbid captures in defaults section if used by a backend
BUG/MEDIUM: rules: Be able to use captures defined in defaults section
BUG/MINOR: rules: Fix check_capture() function to use the right rule
arguments
Revert "CI: github actions: disable -Wno-deprecated"
REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
Dhruv Jain (1):
MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for
MQTTv3.1
Ilya Shipitsin (4):
CI: github actions: switch to LibreSSL-3.5.1
REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert
check
CI: github actions: update OpenSSL to 3.0.2
CI: cirrus: switch to FreeBSD-13.0
Lukas Tribus (1):
DOC: reflect H2 timeout changes
Miroslav Zagorac (16):
BUG/MINOR: opentracing: setting the return value in function
flt_ot_var_set()
BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
EXAMPLES: opentracing: refined shell scripts for testing filter
performance
DOC: opentracing: corrected comments in function descriptions
CLEANUP: opentracing: removed unused function flt_ot_var_unset()
CLEANUP: opentracing: removed unused function flt_ot_var_get()
Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from
'sess' to 'txn'"
MINOR: opentracing: only takes the variables lock on shared entries
CLEANUP: opentracing: added flt_ot_smp_init() function
CLEANUP: opentracing: added variable to store variable length
MINOR: opentracing: improved normalization of context variable names
DEBUG: opentracing: show return values of all functions in the debug
output
CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
DEBUG: opentracing: display the contents of the err variable after setting
MAJOR: opentracing: reenable usage of vars to transmit opentracing context
Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at
compile time"
Remi Tricot-Le Breton (3):
BUG/MINOR: ssl/cli: Remove empty lines from CLI output
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on
time window
BUG/MINOR: connection: "connection:close" header added despite
'close-spread-time'
Tim Duesterhus (2):
CI: Update to actions/checkout@v3
CI: Update to actions/cache@v3
William Lallemand (12):
BUG/MINOR: tools: fix url2sa return value with IPv4
BUG/MINOR: httpclient/lua: stuck when closing without data
MINOR: server: export server_parse_sni_expr() function
BUG/MINOR: httpclient: send the SNI using the host header
BUILD: httpclient: fix build without SSL
BUG/MINOR: server/ssl: free the SNI sample expression
BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA
BUG/MINOR: httpclient: process the response when received before the end
of the request
BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with
channel_is_empty()
BUG/MINOR: tools: url2sa reads too far when no port nor path
BUG/MINOR: httpclient: end callback in applet release
CI: github actions: disable -Wno-deprecated
Willy Tarreau (25):
BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
BUG/MEDIUM: stream-int: do not rely on the connection error once
established
BUG/MEDIUM: trace: avoid race condition when retrieving session from
conn->owner
MEDIUM: mux-h2: slightly relax timeout management rules
BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
BUG/MINOR: samples: add missing context names for sample fetch functions
BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
BUG/MINOR: stats: define the description' background color in dark color
scheme
BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
BUG/MINOR: cache: do not display expired entries in "show cache"
BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
BUG/MINOR: mux-h2: use timeout http-request as a fallback for
http-keep-alive
BUILD: sched: workaround crazy and dangerous warning in Clang 14
BUILD: compiler: use a more portable set of asm(".weak") statements
BUG/MEDIUM: stream: do not abort connection setup too early
SCRIPTS: announce-release: update the doc's URL
DOC: lua: update a few doc URLs
SCRIPTS: announce-release: add shortened links to pending issues
BUILD: calltrace: fix wrong include when building with TRACE=1
MINOR: task: add a new task_instant_wakeup() function
MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
DOC: remove my name from the config doc
BUG/MINOR: sample: add missing use_backend/use-server contexts in
smp_resolve_args
--
Christopher Faulet
