Hi, HAProxy 2.1-dev4 was released on 2019/11/03. It added 37 new commits after version 2.1-dev3.
Things are progressively stabilizing, that's great. A few of us spent a few afternoons enclosed in a meeting room reading long parts of code to try to diagnose and address some outgoing connection issues. That was profitable since we pulled a long string and ended up with a series of fixes, some of which will need to be backported to 2.0 and 1.9. In short, depending on how a server connection error triggers, it could make haproxy enter in an endless loop in 2.0 and 2.1 (ended by the watchdog in fact), or just prevent the connections from being retried in case of a shared mux (outgoing H2). Another 2.0 will have to be emitted to fix this. My understanding is that a part of these patches are currently being studied in the context of legacy HTTP mode (2.0 and before) as dealing with this one there is much trickier than with HTX. It's also possible that a backport to 1.9 may require to backport a significant number of changes, which I don't feel easy with. Since 1.9 is less affected and not long-term maintained, another option might be to just minimally mitigate the issues for the few months if has left. We'll judge once 2.0 is done. Aside this a few early issues in the new "set ssl cert" CLI command were fixed (risk of crash when a dot is missing, unreleased lock in case of early abort, missing alloc check, etc). Some improvements were made to work in "set"/"commit" phases, which will be more future-proof. The stats handler was fixed to properly deal with absolute URIs, as it wouldn't otherwise work with H2. A new srv_name sample fetch function was added, it reports the name of the server which provided a response. The date and http_date fetch and converter now support a unit. Another user-visible change is that we'll now get the possibility to fail to startup if one of the limits set by setrlimit() (typically the file descriptor limit) fails to be upgraded. Till now it was only a warning. This new behavior is not yet enabled by default (add "strict-limits" in the global section for this) but we should change this to become the default mode in 2.3. And as usual some minor doc fixes and updates were merged. I think that's roughly all for this version. I'm going to deploy this version on haproxy.org early in the week so that we have an opportunity to discover any possible regression that escapes the regular testing. I don't expect to develop much this week as I'll have to work a bit to get prepared for the conference the week after. But we may emit another -dev next week-end if sufficient fixes get merged. If things continue to go well like this, I think we can hope for a final release before the end of the month, which would be cool. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.1/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.1/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (2): BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached Damien Claisse (1): MINOR: sample: add us/ms support to date/http_date Emmanuel Hocdet (5): BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl BUG/MINOR: ssl: ckch->chain must be initialized BUG/MINOR: ssl: double free on error for ckch->{key,cert} MINOR: ssl: BoringSSL ocsp_response does not need issuer BUG/MEDIUM: ssl/cli: fix dot research in cli_parse_set_cert Ilya Shipitsin (1): BUILD: CI: comment out cygwin build, upgrade various ssl libraries Jerome Magnin (1): REGTEST: vtest can now enable mcli with its own flag Joao Morais (1): BUG/MINOR: config: Update cookie domain warn to RFC6265 Olivier Houchard (3): MINOR: mux: Add a new method to get informations about a mux. BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready. BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready. Tim Duesterhus (2): DOC: Improve documentation of http-re(quest|sponse) replace-(header|value|uri) DOC: Add GitHub issue config.yml William Dauchy (3): MINOR: doc: fix busy-polling performance reference MINOR: config: allow no set-dumpable config option MINOR: init: always fail when setrlimit fails William Lallemand (6): BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed BUG/MINOR: ssl/cli: cleanup on cli_parse_set_cert error MINOR: ssl/cli: rework the 'set ssl cert' IO handler MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit' CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2) BUG/MINOR: ssl/cli: check trash allocation in cli_io_handler_commit_cert() Willy Tarreau (11): DOC: remove obsolete section about header manipulation BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset() BUG/MINOR: spoe: fix off-by-one length in UUID format string BUILD/MINOR: ssl: shut up a build warning about format truncation BUILD: do not disable -Wformat-truncation anymore MINOR: chunk: add chunk_istcat() to concatenate an ist after a chunk Revert "MINOR: istbuf: add b_fromist() to make a buffer from an ist" BUG/MEDIUM: mux-h2: report no available stream on a connection having errors BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list BUG/MEDIUM: mux-h2: immediately report connection errors on streams BUG/MINOR: stats: properly check the path and not the whole URI vkill (1): MINOR: backend: Add srv_name sample fetche ---
