Am 16.07.2019 um 17:03 schrieb Willy Tarreau: > Hi, > > HAProxy 2.0.2 was released on 2019/07/16. It added 42 new commits > after version 2.0.1. > > This version addresses a number of annoying issues that were reported after > 2.0.1, most of which also affect 1.9, with a few which were only late 2.0 > regressions. > > Without any particular order, I can cite : > - a risk of crash if check-alpn was used on a server without SSL > - some CLOSE_WAIT connections accumulating on closed idle connections > attached to the H1 mux (two fixes) > - a problem of processes not dying in external checks because the > signals were not unblocked before forking them > - some trailers not always removed when forwarding H2 to H1 messages > if content-length was used. > - chunked responses to HEAD requests not properly dropping their body > - another case of incorrectly closed connections to server after a > recent fix > - risk of crash with checks on two rare races > - some occasional invalid responses with the prometheus exporter and Lua > in HTX mode > - a case of occasionally frozen stream in HTX > - failure to upgrade TCP (frontend) to HTX (backend) over SSL > - missing support of tfo in default-server and the no-tfo that comes with it > - a bug affecting some use-service directives in pure frontends if they > require > some body due to the lack of forwarding. > - missing lock causing random crashes when using "balance first" with > threads > - data corruption in tunnel mode in H1+HTX mode, affecting Websocket for > example. > - excessive CPU usage when a stream is woken up after a write event to > re-enable reading while the buffer is still full, which wakes up until > the data flushes. > - occasional connections stuck in CLOSE_WAIT after a redispatch because > the previous one was not properly released. > - incorrect detection of empty handshakes affecting LibreSSL and OpenSSL. > - excessive CPU usage at high connection rates caused by too many threads > failing to trylock the listener's FD. > - fix sample type in DeviceAtlas causing some randomly wrong samples to > be returned. > - rare race condition on idle connections which could theorically lead > to a crash (never observed yet, found in the code) > - thread safety issue when dealing with limited listeners : deadlocks > and crashes can happen when the frontend's or process's maxconn were > reached on multiple threads and a connection is released by another > thread. > - L7 retries would sometimes redispatch regardless of the redispatch > option depending where the error is detected. > - sequences of "tcp-request connect" rules were still broken, instead > of ignoring the last one they were ignoring all but the last one. > - the cpu-map directive was ignored for entries referencing a single > thread and a single process (e.g. cpu-map 1/1 0 did nothing). > > None of them is really dramatic and most users will not notice them (and > the one running on haproxy.org didn't notice). Still enough users are > impacted by at least one of these bugs to warrant a release and save > everyone's time, especially when some issues are created to report already > known and fixed bugs. > > So please update to 2.0.2 if you're on 2.0.x. Now that we've ironed the > painful issues that were also plaguing 1.9 I think it will be time to issue > another round of 1.9 and possibly 1.8 as well since at least the listener > bug affects it. > > Please find the usual URLs below : > Site index : http://www.haproxy.org/ > Discourse : http://discourse.haproxy.org/ > Slack channel : https://slack.haproxy.org/ > Issue tracker : https://github.com/haproxy/haproxy/issues > Sources : http://www.haproxy.org/download/2.0/src/ > Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ > Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git > Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG > Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
HAProxy with tls 1.3+lua+prom is now updated. https://hub.docker.com/r/me2digital/haproxy20-centos ``` HA-Proxy version 2.0.2 2019/07/16 - https://haproxy.org/ Build options : TARGET = linux-glibc CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE +PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 -ZLIB +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=1). Built with OpenSSL version : OpenSSL 1.1.1c 28 May 2019 Running on OpenSSL version : OpenSSL 1.1.1c 28 May 2019 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with network namespace support. Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with libslz for stateless compression. Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : yes Encrypted password support via crypt(3): yes Built with the Prometheus exporter as a service Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE mux=H2 h2 : mode=HTTP side=FE mux=H2 <default> : mode=HTX side=FE|BE mux=H1 <default> : mode=TCP|HTTP side=FE|BE mux=PASS Available services : prometheus-exporter Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace ``` > Willy BR aleks > --- > Complete changelog : [snipp]