Hi, HAProxy 1.9.5 was released on 2019/03/19. It added 81 new commits after version 1.9.4. I'm sorry it took longer than initially expected but the complexity of certain bugs creates some reluctance to issue an intermediary release when you don't fully trust the pending fixes yet. Only well trusted fixes were merged in this version, others are still under observation.
Several of them were rather important bugs that are now fixed in 1.9.5 : - a double free on the unique-id header which can crash the process when this feature is used. This was added as a fix for a memory leak on the same feature. - a bug in the SPOP health check handler which may make haproxy try to use features the agent advertises but which are not implementer, making it crash. - the SPOE per-thread initialization would rely on a wrong agent pointer derivated from the last one known when parsing the configuration, making it fail if more than one agent is declared. - upon exit of the old process, it could happen that a thread quits while a single other one hold a lock and never releases it, causing it to fail acquiring it again later and not being able to quit. Issue reported and fixed by Richard Russo. - a crash may happen upon exit if a thread closes a listener FD at the exact same moment antoher thread tries to accept() a pending connection on it. Issue reported and fixed by Richard Russo. - a crash could happen with an H2 frontend triggering an error in the cache because the error response didn't contain a start line and no analyser was set anymore to add it while the H2 mux used to expect it. - there was a small but serious race condition in H2 by which if both the connection and the upper layer stream close at the exact same instant, the mux might try to dereference a just closed stream and crash the process. It was not witnessed though, only found in the code. - in case a task is migrated to another thread while being moved out of the run queue on another one, the scheduler could leave the run queue spinlock in an inconsistent state. Not observed either but the possibility looks real (e.g. in checks). - a bug affects the stats code from 1.5 and above when POST requests are supported (when admin mode is enabled) : some large POST requests may end up in a situation where the applet waits for more body and the analyser cannot send it because the buffer is considered full. This ultimately freezes the session. Now it is verified that the body length doesn't exceed what can fit in a request buffer. There were a number of less important issues related to per-thread initialization and ordering of initialization depending on the configuration (e.g. some elements which need to know the thread count which were initialized too early). Some sample fetch functions would fail in HTX (body_len, base, and a few others). The MacOS build should be OK now. Interim HTTP 1xx responses were failing in H2+HTX. There was an issue in H2+HTX+chunked H1 messages sometimes causing the END_STREAM flag to be lost and the client or server to time out. Some regex-based HTTP actions would not work well in HTX mode. There was a race in the remote thread wakeup code which could sometimes miss a wakeup, randomly causing excessive delays in certain inter-thread operations like dequeueing pending connections. The rest is less important or doesn't have an immediately visible effect. As usual, everyone is encouraged to upgrade. We still have some difficult changes to do around the abortonclose option and related stuff which depends on the distinction between the end of a request and its abortion. Some of this stuff will eventually have to be backported to 1.9 but don't wait for this to arrive before upgrading as it's not even done for 2.0-dev and once done, it will require some long observation first! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/1.9/src/ Git repository : http://git.haproxy.org/git/haproxy-1.9.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Ben51Degrees (1): BUG: 51d: In Hash Trie, multi header matching was affected by the header names stored globaly. Bertrand Jacquin (2): DOC: ssl: Clarify when pre TLSv1.3 cipher can be used DOC: ssl: Stop documenting ciphers example to use Christopher Faulet (32): BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck BUG/MINOR: config: Reinforce validity check when a process number is parsed BUG/MEDIUM: proto_htx: Fix data size update if end of the cookie is removed BUG/MEDIUM: mux-h2/htx: Always set CS flags before exiting h2_rcv_buf() MINOR: h2/htx: Set the flag HTX_SL_F_BODYLESS for messages without body BUG/MINOR: mux-h1: Add "transfer-encoding" header on outgoing requests if needed BUG/MINOR: mux-h2: Don't add ":status" pseudo-header on trailers BUG/MINOR: proto-htx: Consider a XFER_LEN message as chunked by default BUG/MEDIUM: h2/htx: Correctly handle interim responses when HTX is enabled MINOR: mux-h2: Set HTX extra value when possible BUG/MEDIUM: mux-h1: Report the right amount of data xferred in h1_rcv_buf() BUG/MINOR: channel: Set CF_WROTE_DATA when outgoing data are skipped MINOR: htx: Add function to drain data from an HTX message MINOR: channel/htx: Add function to skips output bytes from an HTX channel BUG/MAJOR: cache/htx: Set the start-line offset when a cached object is served BUG/MEDIUM: cache: Get objects from the cache only for GET and HEAD requests BUG/MINOR: cache/htx: Return only the headers of cached objects to HEAD requests BUG/MINOR: mux-h1: Always initilize h1m variable in h1_process_input() BUG/MEDIUM: proto_htx: Fix functions applying regex filters on HTX messages BUG/MINOR: mux-h1: Don't report an error on EOS if no message was received BUG/MINOR: stats/htx: Call channel_add_input() when response headers are sent BUG/MINOR: lua/htx: Use channel_add_input() when response data are added BUG/MINOR: lua/htx: Don't forget to call htx_to_buf() when appropriate MINOR: stats: Add the status code STAT_STATUS_IVAL to handle invalid requests MINOR: stats: Move stuff about the stats status codes in stats files BUG/MINOR: stats: Be more strict on what is a valid request to the stats applet BUG/MAJOR: spoe: Fix initialization of thread-dependent fields BUG/MAJOR: stats: Fix how huge POST data are read from the channel BUG/MEDIUM: mux-h2: Always wakeup streams with no id to avoid frozen streams MINOR: mux-h2: Set REFUSED_STREAM error to reset a stream if no data was never sent MINOR: muxes: Report the Last read with a dedicated flag MINOR: proto-http/proto-htx: Make error handling clearer during data forwarding Dragan Dosen (3): BUG/MEDIUM: http_fetch: fix the "base" and "base32" fetch methods in HTX mode BUG/MEDIUM: http_fetch: fix "req.body_len" and "req.body_size" fetch methods in HTX mode BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees() Frédéric Lécaille (1): DOC: Remove tabs and fixed punctuation. Lukas Tribus (1): BUG/MINOR: ssl: fix warning about ssl-min/max-ver support Olivier Houchard (11): BUILD/MEDIUM: initcall: Fix build on MacOS. BUG/MEDIUM: servers: Use atomic operations when handling curr_idle_conns. BUG/MEDIUM: servers: Add a per-thread counter of idle connections. BUG/MAJOR: listener: Make sure the listener exist before using it. BUG/MEDIUM: logs: Only attempt to free startup_logs once. MINOR: fd: Remove debugging code. BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL. MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API. BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the global rq. BUG/MEDIUM: tasks: Make sure we wake sleeping threads if needed. MINOR: cfgparse: Add a cast to make gcc happier. Richard Russo (1): BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked Willy Tarreau (29): BUG/MINOR: spoe: do not assume agent->rt is valid on exit BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets BUG/MEDIUM: spoe: initialization depending on nbthread must be done last BUG/MEDIUM: server: initialize the idle conns list after parsing the config CLEANUP: server: fix indentation mess on idle connections BUG/MEDIUM: server: initialize the orphaned conns lists and tasks at the end BUG/MINOR: mux-h1: verify the request's version before dropping connection: keep-alive BUG/MAJOR: stream: avoid double free on unique_id BUILD/MINOR: stream: avoid a build warning with threads disabled BUILD/MINOR: tools: fix build warning in the date conversion functions BUILD/MINOR: peers: remove an impossible null test in intencode() BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline BUG/MEDIUM: htx: count the amount of copied data towards the final count BUG/MEDIUM: mux-h2/htx: send an empty DATA frame on empty HTX trailers BUG/MEDIUM: h2: advertise to servers that we don't support push BUG/MINOR: listener: keep accept rate counters accurate under saturation MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values BUG/MINOR: init: never lower rlim_fd_max BUG/MINOR: checks: make external-checks restore the original rlim_fd_cur/max BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload BUG/MAJOR: mux-h2: fix race condition between close on both ends MINOR: htx: unconditionally handle parsing errors in requests or responses MINOR: mux-h2: always pass HTX_FL_PARSING_ERROR between h2s and buf on RX BUG/MEDIUM: h2/htx: verify that :path doesn't contain invalid chars BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes REGTEST: fix a spurious "nbthread 4" in the connection test BUILD: Makefile: allow the reg-tests target to be verbose BUILD: Makefile: resolve LEVEL before calling run-regtests BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts ---