Hi,

HAProxy 1.9.4 was released on 2019/02/06. It added 65 new commits
after version 1.9.3.

The main focus in terms of time spent was clearly on end-to-end H2
correctness, which involves both the H2 protocol itself and the idle
connections management. It's difficult to enumerate in details all the
issues that were addressed, but these generally range from not failing
a connection when failing a stream can be sufficient to counting the
number of pre-allocated streams on an idle idle outgoing connection to
make sure it still has stream IDs left. Some server-side idle timeout
errors could occasionally lead to the whole connection being closed.

One check was added to prevent an HTX frontend from dynamically branching
to a non-HTX backend (and conversely), as only the static branches were
addressed till now.

There were some improvements on memory allocation failures, a number of
places were not tested anymore (or this was new code). Ah and a memory
leak on the unique_id was addressed (it could happen with TCP instances
when declared in a defaults section).

Etags are now rewritten from strong to weak by the compression. I had no
idea this concept of weak vs strong existed at all :-)

And in addition to this, yesterday two other interesting problems were
reported and addressed :
  - the first one is about using certain L7 features at the load balancing
    layer (such as "balance hdr") in HTX mode which could crash haproxy.
    It was in fact caused by the loss of one patch during the multiple
    liftings of the code prior to the merge. That's now fixed. I'm still
    amazed we managed to lose only one patch in this ocean of code!
 
  - the other one is quite nasty and impacts all supported versions. Haproxy
    currently performs very deep compatibility tests on your rules, frontends
    and backends after parsing the configuration. But a corner case remained
    by which it was possible to have a frontend bound on, say, processes
    1 and 2, tracking a key stored in a table present only in process 1 that
    would in turn rely on peers on process 1 as well. Here there is a problem,
    when the frontend receives connections on process 2, the resolved pointers
    for the table end up pointing to a completely different location in a
    parallel universe, then peers are activated to push the data while the
    section has been deallocated... So the relevant checks have been added
    to make sure that a process doesn't try to interact with a section that
    is not present for this process. This covers the track-sc* actions, the
    sc_* sample keywords, and SPOE filters. I was extremely cautious to cover
    the strict minimum so as not to impact any harmless config. It *is*
    possible that one of your config will refuse to load if it is already
    bogus. Please note that if this happens, it means this config is wrong
    and already presents the risk of random crashes. *Do not* rollback if
    this happens, please ask for help here instead. (I in fact expect that
    nobody will see these errors, meaning that the amount of complex and
    bogus configs in field is rather low).

The rest is pretty low impact and standard.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/1.9/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.9.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
   Changelog        : http://www.haproxy.org/download/1.9/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Christopher Faulet (2):
      BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is 
forbidden
      BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with 
HTX

Jérôme Magnin (1):
      DOC: add a missing space in the documentation for bc_http_major

Kevin Zhu (1):
      BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit

Olivier Houchard (11):
      BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE.
      MINOR: xref: Add missing barriers.
      BUG/MEDIUM: peers: Handle mux creation failure.
      BUG/MEDIUM: checks: Check that conn_install_mux succeeded.
      BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated.
      BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle list.
      BUG/MEDIUM: checks: Don't try to set ALPN if connection failed.
      BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf.
      BUG/MEDIUM: servers: Close the connection if we failed to install the mux.
      BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for 
allocation.
      BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().

Tim Duesterhus (2):
      BUG/MEDIUM: compression: Rewrite strong ETags
      DOC: compression: Update the reasons for disabled compression

Willy Tarreau (48):
      SCRIPTS: add the issue tracker URL to the announce script
      BUG/MINOR: server: fix logic flaw in idle connection list management
      BUG/MINOR: stream: don't close the front connection when facing a backend 
error
      DOC: htx: make it clear that htxbuf() and htx_from_buf() always return 
valid pointers
      MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty()
      MEDIUM: stream-int: always mark pending outgoing SI_ST_CON
      MINOR: stream: don't wait before retrying after a failed connection reuse
      MEDIUM: h2: always parse and deduplicate the content-length header
      BUG/MINOR: mux-h2: always compare content-length to the sum of DATA frames
      BUG/MEDIUM: mux-h2: only close connection on request frames on closed 
streams
      BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window 
update
      BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
      BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
      BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them
      BUG/MINOR: mux-h2: make sure response HEADERS are not received in other 
states than OPEN and HLOC
      MINOR: h2: add a generic frame checker
      MEDIUM: mux-h2: check the frame validity before considering the stream 
state
      CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity
      CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing
      CLEANUP: mux-h2: remove stream ID and frame length checks from the frame 
parsers
      BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't 
break the connection
      MINOR: mux-h2: consistently rely on the htx variable to detect the mode
      BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing 
the connection
      MINOR: stream-int: add a new flag to mention that we want the connection 
to be killed
      MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
      BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
      MINOR: mux-h2: max-concurrent-streams should be unsigned
      MINOR: mux-h2: make sure to only check concurrency limit on the frontend
      MINOR: mux-h2: learn and store the peer's advertised 
MAX_CONCURRENT_STREAMS setting
      BUG/MEDIUM: mux-h2: properly consider the peer's advertised 
max-concurrent-streams
      BUG/MEDIUM: backend: always release the previous connection into its own 
target srv_list
      BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend rules
      BUG/MINOR: backend: check srv_conn before dereferencing it
      BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method
      BUG/MEDIUM: mux-h2: always set :authority on request output
      BUG/MINOR: config: fix bind line thread mask validation
      BUG/MINOR: compression: properly report compression stats in HTX mode
      BUG/MINOR: task: close a tiny race in the inter-thread wakeup
      BUG/MAJOR: config: verify that targets of track-sc and stick rules are 
present
      BUG/MAJOR: spoe: verify that backends used by SPOE cover all their 
callers' processes
      MINOR: backend: move url_param_name/len to lbprm.arg_str/len
      MINOR: backend: make headers and RDP cookie also use arg_str/len
      MINOR: backend: add new fields in lbprm to store more LB options
      MINOR: backend: make the header hash use arg_opt1 for use_domain_only
      MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3}
      MINOR: backend: move hash_balance_factor out of chash
      MEDIUM: backend: move all LB algo parameters into an union
      BUG/MINOR: config: make sure to count the error on incorrect 
track-sc/stick rules

---

Reply via email to