Hi, HAProxy 2.8-dev12 was released on 2023/05/17. It added 84 new commits after version 2.8-dev11.
With this release, we continue to stablize the 2.8 to be able to release a clean 2.8.0. We are close to the release date now and as far as we can say, most of known bugs seem to be fixed. Because we are feature freezed, there is no marvelous feature to announce. However Willy improved the observability of Haproxy. The number of startup warnings and the number of times the global maxconn was reached are now reported in "show info" output via "TotalWarnings" and "MaxconnReached" fields. These info are also available on the HTML state page. The listener's protocol is now displayed in stats when "option socket-stats" is used in a frontend. On the CLI, an option was added to display the process uptime. Entering "prompt timed" toggles reporting of the process' uptime in the prompt, which will report days, hours, minutes and seconds since it was started. this can be convenient to roughly estimate the time between two outputs, as well as detecting that a process failed to be reloaded for example. This works both on the master and workers CLIs. "show fd" command was improved to properly identified QUIC connections and listeners and report more info about them. The total boot time is now measured and reported in "show info" output via "BootTime_ms" field. This boot time is used to postpone the startup of health checks. It is pretty useful for very large configurations taking up few seconds to start, to not schedule some servers' checks in past. This also helps to have a better distribution of health-checks when "spread-checks" option is used. In addition, the spread-checks is also used at boot time, making the load much smoother from the start. An option was added to disable the DNS resolvers for the httpclient. "httpclient.resolvers.disabled" global option must be set to "on" to do so. A new sample fetch was added. "ssl_c_r_dn" can now be used to get the DN of the root CA that was in the chain when client certificate was verified during SSL handshake. About issues fixed in this release, we now make sure control frames do not refresh the idle timeout of H2 connections. Because of this bug, it was possible for a client to keep a connection active for a while after HAProxy sent a GOAWAY frame by sending periodically control frames, for instance PING frames. Health-checks and resolvers tasks are no longer scheduled during the stopping stage. This should avoid extra CPU usage just to wake up no-op tasks. Indeed, when HAProxy is stopping, the health-checks and servers resolutions are stopped but associated tasks are still alive. On some configurations, this extra CPU consumption was noticeable. Finally, as usual since the beginning of the 2.8 development cycle, this release is shipped with several QUIC/H3 fixes and cleanups. It is hard to me to describe changes in this area but paraphrasing the QUIC men, all bugs were fixed (report new bugs on QUIC kindly, there are bottles of champagne at stake). Joking apart, the QUIC stack is now fairly functional. Please do not hesitate to enable it to step up the feedback on it. As said at the beginning, we are close to release the 2.8.0. I guess there will be one or two more dev releases depending on bug reports. But more tests there will be from now, more stable the 2.8.0 will be. Thus please give it a try. Thanks everyone ! Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.8/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Abhijeet Rastogi (1): MINOR: ssl: add new sample ssl_c_r_dn Amaury Denoyelle (22): BUG/MINOR: mux-quic: do not prevent shutw on error BUG/MINOR: mux-quic: do not free frame already released by quic-conn BUG/MINOR: mux-quic: no need to subscribe for detach streams MINOR: mux-quic: add traces for stream wake MINOR: mux-quic: do not send STREAM frames if already subscribe MINOR: mux-quic: factorize send subscribing MINOR: mux-quic: simplify return path of qc_send() MEDIUM: quic: streamline error notification MEDIUM: mux-quic: adjust transport layer error handling MINOR: htx: add function to set EOM reliably MINOR: mux-quic: remove dedicated function to handle standalone FIN BUG/MINOR: mux-quic: properly handle buf alloc failure BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure BUG/MINOR: quic: do not alloc buf count on alloc failure BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc BUG/MINOR: mux-quic: free task on qc_init() app ops failure BUG/MINOR: mux-quic: handle properly Tx buf exhaustion BUG/MINOR: h3: missing goto on buf alloc failure MINOR: mux-quic: add trace to stream rcv_buf operation MINOR: mux-quic: properly report end-of-stream on recv MINOR: mux-quic: uninline qc_attach_sc() BUG/MEDIUM: mux-quic: fix EOI for request without payload Aurelien DARRAGON (18): BUG/MINOR: hlua_fcn/queue: fix broken pop_wait() BUG/MINOR: hlua_fcn/queue: fix reference leak CLEANUP: hlua_fcn/queue: make queue:push() easier to read BUG/MINOR: proxy: missing free in free_proxy for redirect rules MINOR: proxy: add http_free_redirect_rule() function BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() CLEANUP: http_act: use http_free_redirect_rule() to clean redirect act MINOR: tree-wide: use free_acl_cond() where relevant CLEANUP: acl: discard prune_acl_cond() function MINOR: ncbuf: missing malloc checks in standalone code DOC: lua: fix core.{proxies,frontends,backends} visibility EXAMPLES: fix race condition in lua mailers script BUG/MINOR: errors: handle malloc failure in usermsgs_put() BUG/MINOR: log: fix memory error handling in parse_logsrv() CLEANUP: server: remove useless tmptrash assigments in srv_update_status() BUG/MINOR: server: memory leak in _srv_update_status_op() on server DOWN BUG/MINOR: hlua: SET_SAFE_LJMP misuse in hlua_event_runner() BUG/MINOR: debug: fix pointer check in debug_parse_cli_task() Christopher Faulet (15): BUILD: mjson: Fix warning about unused variables MINOR: spoe: Don't stop disabled proxies BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup BUG/MEDIUM: mux-fcgi: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more data MINOR: stconn: Add a cross-reference between SE descriptor MINOR: stconn: Remove useless test on sedesc on detach to release the xref BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set REGTESTS: log: Reduce response inspect-delay for last_rule.vtc DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules CLEANUP: check; Remove some useless assignments to NULL CLEANUP: fcgi-app; Remove useless assignment to NULL REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc MEDIUM: checks: Stop scheduling healthchecks during stopping stage MEDIUM: resolvers: Stop scheduling resolution during stopping stage Dragan Dosen (1): BUG/MINOR: makefile: use USE_LIBATOMIC instead of USE_ATOMIC Frédéric Lécaille (2): BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function BUG/MINOR: quic: Wrong redispatch for external data on connection socket Ilya Shipitsin (2): CI: enable monthly Fedora Rawhide clang builds CI: drop Fedora m32 pipeline in favour of cross matrix William Lallemand (6): MINOR: httpclient: allow to disable the DNS resolvers of the httpclient MEDIUM: session/ssl: return the SSL error string during a SSL handshake error MEDIUM: mworker/cli: does not disconnect the master CLI upon error MEDIUM: proxy: stop emitting logs for internal proxies when stopping BUILD: ssl: ssl_c_r_dn fetches uses functiosn only available since 1.1.1 BUILD: ssl: get0_verified chain is available on libreSSL Willy Tarreau (17): DEBUG: list: add DEBUG_LIST to purposely corrupt list heads after delete MINOR: stats: report the total number of warnings issued MINOR: stats: report the number of times the global maxconn was reached MINOR: stats: report the listener's protocol along with the address in stats BUG/MINOR: cli: don't complain about empty command on empty lines MINOR: cli: add an option to display the uptime in the CLI's prompt MINOR: master/cli: also implement the timed prompt on the master CLI MINOR: cli: make "show fd" identify QUIC connections and listeners BUILD: debug: fix build issue on 32-bit platforms in "debug dev task" BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle timeout MINOR: checks: make sure spread-checks is used also at boot time CLEANUP: stats: update the trash chunk where it's used MINOR: clock: measure the total boot time MINOR: stats: report the boot time in "show info" BUG/MINOR: checks: postpone the startup of health checks by the boot time MINOR: clock: provide a function to automatically adjust now_offset BUG/MINOR: clock: automatically adjust the internal clock with the boot time -- Christopher Faulet