Hi,

HAProxy 2.8-dev12 was released on 2023/05/17. It added 84 new commits
after version 2.8-dev11.

With this release, we continue to stablize the 2.8 to be able to release a
clean 2.8.0. We are close to the release date now and as far as we can say,
most of known bugs seem to be fixed.

Because we are feature freezed, there is no marvelous feature to announce.
However Willy improved the observability of Haproxy.

The number of startup warnings and the number of times the global maxconn
was reached are now reported in "show info" output via "TotalWarnings" and
"MaxconnReached" fields. These info are also available on the HTML state
page. The listener's protocol is now displayed in stats when "option
socket-stats" is used in a frontend.

On the CLI, an option was added to display the process uptime. Entering
"prompt timed" toggles reporting of the process' uptime in the prompt, which
will report days, hours, minutes and seconds since it was started. this can
be convenient to roughly estimate the time between two outputs, as well as
detecting that a process failed to be reloaded for example. This works both
on the master and workers CLIs. "show fd" command was improved to properly
identified QUIC connections and listeners and report more info about them.

The total boot time is now measured and reported in "show info" output via
"BootTime_ms" field. This boot time is used to postpone the startup of
health checks. It is pretty useful for very large configurations taking up
few seconds to start, to not schedule some servers' checks in past. This
also helps to have a better distribution of health-checks when
"spread-checks" option is used. In addition, the spread-checks is also used
at boot time, making the load much smoother from the start.

An option was added to disable the DNS resolvers for the httpclient.
"httpclient.resolvers.disabled" global option must be set to "on" to do so.

A new sample fetch was added. "ssl_c_r_dn" can now be used to get the DN of
the root CA that was in the chain when client certificate was verified
during SSL handshake.

About issues fixed in this release, we now make sure control frames do not
refresh the idle timeout of H2 connections. Because of this bug, it was
possible for a client to keep a connection active for a while after HAProxy
sent a GOAWAY frame by sending periodically control frames, for instance
PING frames.

Health-checks and resolvers tasks are no longer scheduled during the
stopping stage. This should avoid extra CPU usage just to wake up no-op
tasks. Indeed, when HAProxy is stopping, the health-checks and servers
resolutions are stopped but associated tasks are still alive. On some
configurations, this extra CPU consumption was noticeable.

Finally, as usual since the beginning of the 2.8 development cycle, this
release is shipped with several QUIC/H3 fixes and cleanups. It is hard to me
to describe changes in this area but paraphrasing the QUIC men, all bugs
were fixed (report new bugs on QUIC kindly, there are bottles of champagne
at stake). Joking apart, the QUIC stack is now fairly functional. Please do
not hesitate to enable it to step up the feedback on it.

As said at the beginning, we are close to release the 2.8.0. I guess there
will be one or two more dev releases depending on bug reports. But more tests
there will be from now, more stable the 2.8.0 will be. Thus please give it a
try. Thanks everyone !

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.8/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/2.8/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages


---
Complete changelog :
Abhijeet Rastogi (1):
      MINOR: ssl: add new sample ssl_c_r_dn

Amaury Denoyelle (22):
      BUG/MINOR: mux-quic: do not prevent shutw on error
      BUG/MINOR: mux-quic: do not free frame already released by quic-conn
      BUG/MINOR: mux-quic: no need to subscribe for detach streams
      MINOR: mux-quic: add traces for stream wake
      MINOR: mux-quic: do not send STREAM frames if already subscribe
      MINOR: mux-quic: factorize send subscribing
      MINOR: mux-quic: simplify return path of qc_send()
      MEDIUM: quic: streamline error notification
      MEDIUM: mux-quic: adjust transport layer error handling
      MINOR: htx: add function to set EOM reliably
      MINOR: mux-quic: remove dedicated function to handle standalone FIN
      BUG/MINOR: mux-quic: properly handle buf alloc failure
      BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure
      BUG/MINOR: quic: do not alloc buf count on alloc failure
      BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc
      BUG/MINOR: mux-quic: free task on qc_init() app ops failure
      BUG/MINOR: mux-quic: handle properly Tx buf exhaustion
      BUG/MINOR: h3: missing goto on buf alloc failure
      MINOR: mux-quic: add trace to stream rcv_buf operation
      MINOR: mux-quic: properly report end-of-stream on recv
      MINOR: mux-quic: uninline qc_attach_sc()
      BUG/MEDIUM: mux-quic: fix EOI for request without payload

Aurelien DARRAGON (18):
      BUG/MINOR: hlua_fcn/queue: fix broken pop_wait()
      BUG/MINOR: hlua_fcn/queue: fix reference leak
      CLEANUP: hlua_fcn/queue: make queue:push() easier to read
      BUG/MINOR: proxy: missing free in free_proxy for redirect rules
      MINOR: proxy: add http_free_redirect_rule() function
      BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule()
      CLEANUP: http_act: use http_free_redirect_rule() to clean redirect act
      MINOR: tree-wide: use free_acl_cond() where relevant
      CLEANUP: acl: discard prune_acl_cond() function
      MINOR: ncbuf: missing malloc checks in standalone code
      DOC: lua: fix core.{proxies,frontends,backends} visibility
      EXAMPLES: fix race condition in lua mailers script
      BUG/MINOR: errors: handle malloc failure in usermsgs_put()
      BUG/MINOR: log: fix memory error handling in parse_logsrv()
      CLEANUP: server: remove useless tmptrash assigments in srv_update_status()
      BUG/MINOR: server: memory leak in _srv_update_status_op() on server DOWN
      BUG/MINOR: hlua: SET_SAFE_LJMP misuse in hlua_event_runner()
      BUG/MINOR: debug: fix pointer check in debug_parse_cli_task()

Christopher Faulet (15):
      BUILD: mjson: Fix warning about unused variables
      MINOR: spoe: Don't stop disabled proxies
      BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during 
startup
      BUG/MEDIUM: mux-fcgi: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR
      BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more 
data
      MINOR: stconn: Add a cross-reference between SE descriptor
      MINOR: stconn: Remove useless test on sedesc on detach to release the xref
      BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set
      REGTESTS: log: Reduce response inspect-delay for last_rule.vtc
      DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules
      CLEANUP: check; Remove some useless assignments to NULL
      CLEANUP: fcgi-app; Remove useless assignment to NULL
      REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc
      MEDIUM: checks: Stop scheduling healthchecks during stopping stage
      MEDIUM: resolvers: Stop scheduling resolution during stopping stage

Dragan Dosen (1):
      BUG/MINOR: makefile: use USE_LIBATOMIC instead of USE_ATOMIC

Frédéric Lécaille (2):
      BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function
      BUG/MINOR: quic: Wrong redispatch for external data on connection socket

Ilya Shipitsin (2):
      CI: enable monthly Fedora Rawhide clang builds
      CI: drop Fedora m32 pipeline in favour of cross matrix

William Lallemand (6):
      MINOR: httpclient: allow to disable the DNS resolvers of the httpclient
      MEDIUM: session/ssl: return the SSL error string during a SSL handshake 
error
      MEDIUM: mworker/cli: does not disconnect the master CLI upon error
      MEDIUM: proxy: stop emitting logs for internal proxies when stopping
      BUILD: ssl: ssl_c_r_dn fetches uses  functiosn only available since 1.1.1
      BUILD: ssl: get0_verified chain is available on libreSSL

Willy Tarreau (17):
      DEBUG: list: add DEBUG_LIST to purposely corrupt list heads after delete
      MINOR: stats: report the total number of warnings issued
      MINOR: stats: report the number of times the global maxconn was reached
      MINOR: stats: report the listener's protocol along with the address in 
stats
      BUG/MINOR: cli: don't complain about empty command on empty lines
      MINOR: cli: add an option to display the uptime in the CLI's prompt
      MINOR: master/cli: also implement the timed prompt on the master CLI
      MINOR: cli: make "show fd" identify QUIC connections and listeners
      BUILD: debug: fix build issue on 32-bit platforms in "debug dev task"
      BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle 
timeout
      MINOR: checks: make sure spread-checks is used also at boot time
      CLEANUP: stats: update the trash chunk where it's used
      MINOR: clock: measure the total boot time
      MINOR: stats: report the boot time in "show info"
      BUG/MINOR: checks: postpone the startup of health checks by the boot time
      MINOR: clock: provide a function to automatically adjust now_offset
      BUG/MINOR: clock: automatically adjust the internal clock with the boot 
time

--
Christopher Faulet

Reply via email to