Hi willy.
Am 06.02.2019 um 15:25 schrieb Willy Tarreau:
> Hi,
>
> HAProxy 1.9.4 was released on 2019/02/06. It added 65 new commits
> after version 1.9.3.
Images are updated.
https://hub.docker.com/r/me2digital/haproxy-19-boringssl
https://hub.docker.com/r/me2digital/haproxy19
Maybe this patch was to late for 1.9.4 please can you consider to add it
to 2.0 and later 1.9.5, thanks.
https://www.mail-archive.com/haproxy@formilux.org/msg32693.html
Regards
Aleks
> The main focus in terms of time spent was clearly on end-to-end H2
> correctness, which involves both the H2 protocol itself and the idle
> connections management. It's difficult to enumerate in details all the
> issues that were addressed, but these generally range from not failing
> a connection when failing a stream can be sufficient to counting the
> number of pre-allocated streams on an idle idle outgoing connection to
> make sure it still has stream IDs left. Some server-side idle timeout
> errors could occasionally lead to the whole connection being closed.
>
> One check was added to prevent an HTX frontend from dynamically branching
> to a non-HTX backend (and conversely), as only the static branches were
> addressed till now.
>
> There were some improvements on memory allocation failures, a number of
> places were not tested anymore (or this was new code). Ah and a memory
> leak on the unique_id was addressed (it could happen with TCP instances
> when declared in a defaults section).
>
> Etags are now rewritten from strong to weak by the compression. I had no
> idea this concept of weak vs strong existed at all :-)
>
> And in addition to this, yesterday two other interesting problems were
> reported and addressed :
> - the first one is about using certain L7 features at the load balancing
> layer (such as "balance hdr") in HTX mode which could crash haproxy.
> It was in fact caused by the loss of one patch during the multiple
> liftings of the code prior to the merge. That's now fixed. I'm still
> amazed we managed to lose only one patch in this ocean of code!
>
> - the other one is quite nasty and impacts all supported versions. Haproxy
> currently performs very deep compatibility tests on your rules, frontends
> and backends after parsing the configuration. But a corner case remained
> by which it was possible to have a frontend bound on, say, processes
> 1 and 2, tracking a key stored in a table present only in process 1 that
> would in turn rely on peers on process 1 as well. Here there is a problem,
> when the frontend receives connections on process 2, the resolved pointers
> for the table end up pointing to a completely different location in a
> parallel universe, then peers are activated to push the data while the
> section has been deallocated... So the relevant checks have been added
> to make sure that a process doesn't try to interact with a section that
> is not present for this process. This covers the track-sc* actions, the
> sc_* sample keywords, and SPOE filters. I was extremely cautious to cover
> the strict minimum so as not to impact any harmless config. It *is*
> possible that one of your config will refuse to load if it is already
> bogus. Please note that if this happens, it means this config is wrong
> and already presents the risk of random crashes. *Do not* rollback if
> this happens, please ask for help here instead. (I in fact expect that
> nobody will see these errors, meaning that the amount of complex and
> bogus configs in field is rather low).
>
> The rest is pretty low impact and standard.
>
> Please find the usual URLs below :
>Site index : http://www.haproxy.org/
>Discourse: http://discourse.haproxy.org/
>Slack channel: https://slack.haproxy.org/
>Issue tracker: https://github.com/haproxy/haproxy/issues
>Sources : http://www.haproxy.org/download/1.9/src/
>Git repository : http://git.haproxy.org/git/haproxy-1.9.git/
>Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
>Changelog: http://www.haproxy.org/download/1.9/src/CHANGELOG
>Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
>
> Willy
> ---
> Complete changelog :
> Christopher Faulet (2):
> BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is
> forbidden
> BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with
> HTX
>
> Jérôme Magnin (1):
> DOC: add a missing space in the documentation for bc_http_major
>
> Kevin Zhu (1):
> BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
>
> Olivier Houchard (11):
> BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE.
> MINOR: xref: Add missing barriers.
> BUG/MEDIUM: peers: Handle mux creation failure.
> BUG/MEDIUM: checks: Check that conn_install_mux succeeded.
> BUG/MEDIUM: servers: Only destroy