Hi, HAProxy 2.7-dev5 was released on 2022/09/02. It added 79 new commits after version 2.7-dev4.
This version contains almost only bug fixes since 2.7-dev4, which seems to reflect pretty well the team's activity over the last two weeks. The most visible one for some users is the fix for the regression affecting the startup in master mode without master CLI after the log-forward fix. The rest is spread all over the code, but I'll try to mention those most likely to be met: - cpu-map was not setting the affinity correctly when thread 1 was specified - trying to access a slow site using the CLI httpclient command could crash if the CLI closed before the site responded - server-side idle connections were often left in TIME_WAIT due to an undesired shutdown() being performed before closing them, resulting in more outgoing ports being used than really necessary. - aborting pipelined HTTP/1.1 transfers could sometimes result in a high CPU usage until the timeout stroke. - reloading peers could compete on the local one and slow down or block the replication. - reloading peers could interrupt a resync in progress if the retry timer triggered before the end. - in certain cases, a misbehaving SPOA agent in asynchronous mode could cause some errors not to be correctly processed, and dead connections not being killed, with new ones being opened to replace them and eating resources. - some ca-file elements could leak during "commit ssl ca-file" - some config parsing error in http-request rules could lead to a segfault during exit when trying to free a rule that was not fully initialized. - the http client couldn't perform DNS resolution on URLs having an explicit port. - the http client would also always work in http-close mode due to its server pool size remaining set to zero. Now connection reuse works as expected. - quite a number of small QUIC issues were addressed, some of which were causing crashes, some leaks, and some just being bad behaviors. At least we could close long-lasting issue #1808. There's still a rare case that causes some streams not to be closed but the conditions needed for it to happen are too complicated to understand and the risk of breaking stuff is high, so we'll wait for Amaury to be back :-) - the master process could create the "default" resolver when reexecuting, leading to a warning on startup when resolv.conf is not available. - using haproxy built with PCRE2_JIT with a lib built without would fail to match. Now it will fall back to the regular match. - agent-check could be delayed by ~200ms due to TCP QUICKACK being disabled by default. And the improvements: - the httpclient now enables ALPN for https connections with "h2,http/1.1" and will thus be able to communicate with servers over HTTP/2 (which would be nice for APIs and various low-latency services in general). - a new pair of "host_only" and "port_only" converters can be used to parse an address and extract the host part or the port part respectively without having to rely on multiple rules. - the peers applet will now limit the number of updates sent at once so as not to cause unbearable latencies when large buffers are configured. - "http-reuse safe" (the default one) will now support to also use pure idle connections (i.e. not double-validated ones) if l7 retries are configured to address the failure case that reuse-safe was designed for (server closing while sending the request). It should result in a higher reuse ratio on setups with l7 retries. This was part of the reason why the HTTP client couldn't support keep-alive. - some debugging improvements ("show sess all" now dumps the mux state, more QUIC traces) There were a few other minor fixes/improvements that I don't remember about anymore, please check the change log below for more info. I hope next week will be calmer in terms of bugs so that we can get back to doing real work. The encouraging point is that most of the issues above were not specific to 2.7 nor 2.6 so we can hope for calmer times. We'll produce a new series of stable releases shortly. Please find the usual URLs below : Site index : http://www.haproxy.org/ Documentation : http://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.7/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.7/src/CHANGELOG Pending bugs : http://www.haproxy.org/l/pending-bugs Reviewed bugs : http://www.haproxy.org/l/reviewed-bugs Code reports : http://www.haproxy.org/l/code-reports Latest builds : http://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Brad Smith (1): BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD Christopher Faulet (11): BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect REGTESTS: Fix prometheus script to perform HTTP health-checks BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode BUG/MEDIUM: peers: Add connect and server timeut to peers proxy BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support REGTESTS: http_request_buffer: Add a barrier to not mix up log messages Emeric Brun (1): BUG/MAJOR: mworker: fix infinite loop on master with no proxies. Frédéric Lécaille (22): BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data BUG/MINOR: quix: Memleak for non in flight TX packets BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() BUG/MINOR: quic: Safer QUIC frame builders MINOR: quic: Replace MT_LISTs by LISTs for RX packets. Revert "BUG/MINOR: quix: Memleak for non in flight TX packets" BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup) CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet) CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv() MINOR: quic: Remove useless traces about references to TX packets Revert "MINOR: quic: Remove useless traces about references to TX packets" BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace BUG/MINOR: quic: Frames added to packets even if not built. BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2) MINOR: quic: Add a trace to distinguish the datagram from the packets inside MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event BUG/MINOR: quic: TX frames memleak BUG/MINOR: quic: Do not ack when probing MINOR: quic: Add TX frames addresses to traces to several trace events MINOR: quic: Trace typo fix in qc_release_frm() BUG/MINOR: quic: Frames leak during retransmissions William Lallemand (12): REGTESTS: launch http_reuse_always in mworker mode BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() BUG/MINOR: mworker: does not create the "default" resolvers in wait mode MINOR: resolvers: shut the warning when "default" resolvers is implicit DOC: configuration: do-resolve doesn't work with a port in the string MINOR: sample: add the host_only and port_only converters BUG/MINOR: httpclient: fix resolution with port DOC: configuration.txt: do-resolve must use host_only to remove its port. BUG/MINOR: ssl: fix deinit of the ca-file tree BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() BUG/MINOR: ssl: revert two wrong fixes with ckhi_link BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2 Willy Tarreau (32): BUG/MEDIUM: cpu-map: fix thread 1's affinity affecting all threads MINOR: cpu-map: remove obsolete diag warning about combined ranges BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler BUG/MINOR: applet: make the call_rate only count the no-progress calls MEDIUM: peers: limit the number of updates sent at once BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input BUG/MINOR: epoll: do not actively poll for Rx after an error MINOR: raw-sock: don't try to send if an error was already reported BUG/MINOR: dev/udp: properly preset the rx address size BUILD: debug: make sure debug macros are never empty MINOR: sink/ring: rotate non-empty file-backed contents only BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools MINOR: backend: always satisfy the first req reuse rule with l7 retries BUG/MINOR: h2: properly set the direction flag on HTX response BUG/MEDIUM: httpclient: always detach the caller before self-killing BUG/MINOR: httpclient: only ask for more room on failed writes BUG/MINOR: httpclient: keep-alive was accidentely disabled MEDIUM: httpclient: enable ALPN support on outgoing https connections BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber DEBUG: stream: minor rearrangement of a few fields in struct stream. MINOR: debug: report applet pointer and handler in crashes when known MINOR: mux-h2: extract the stream dump function out of h2_show_fd() MINOR: mux-h2: extract the connection dump function out of h2_show_fd() MINOR: muxes: add a "show_sd" helper to complete "show sess" dumps MINOR: mux-h2: provide a "show_sd" helper to output stream debugging info MINOR: mux-h2: insert line breaks in "show sess all" output for legibility MINOR: mux-quic: provide a "show_sd" helper to output stream debugging info MINOR: mux-h1: split "show_fd" into connection and stream MINOR: mux-h1: provide a "show_sd" helper to output stream debugging info BUG/MINOR: http-act: initialize http fmt head earlier ---