Hi,
HAProxy 2.7.9 was released on 2023/06/07. It added 118 new commits
after version 2.7.8.
This release, as the previous one, is a bit huge. We were busy to release
the 2.8.0. It is high time for us to emit new releases for other stable
versions. The 2.7.9 is the first one of a long series.
In this release, Amaury and Fred continued to stabilize the QUIC stack. It
is now pretty stable, but it is probably better to deploy the 2.8 to use QUIC
in production because it is a LTS version. The 2.7 will still receive bug
fixes, but most of improvements will not be backported. In this release, some
patches fixed the report of the end of the request to upper layer, mainly to
conform to the stream-connector layer refactoring. Few minor bugs on error
paths were also addressed, and comments were added at various places to help
understand some BUG_ON(). Fred also added a number of event counters that
had been missing over the last few troubleshooting sessions.
The SPOE was fixed to limit the number of idle applets on edge cases. On
sporadic bursts, it was possible to systematically start new applets because
the SPOE processing frequency was lower than the messages rate, and this
independently on the number of idle applets. The idle applets tracking was
improved to be able to properly reuse them.
This fix revealed a flaw in the way synchronous frames were handled, leading
to a raise of the message processing latency. To fix this issue, in
synchronous mode, a SPOE applet will now systematically try to send a frame
when it is woken up, except if it is still waiting for a ACK frame after a
receive attempt.
Finally, a crash for engines configured on disabled proxies was fixed. SPOE
engines must not be released for such proxies during the startup because
some resources may be shared with other engines, for instance the ACLs.
Two issues were fixes in the H2 multiplexer:
* First, we now take care to not refresh the idle timeout when control
frames are received. Because of this bug, it was possible to keep a
connection alive by sending periodically control frames, like PING or
PRIORITY, even after GOAWAY frame was sent. Among other things, it was
possible to hit this bug during a soft-stop or a reload.
* Then, the request state at the H2 stream level is now properly reported
to upper layer when the stream-connector is created. This bug was
introduced in 2.4. A request may be fully received when the
stream-connector is created. In this case, all subsequent receives may
be skipped. It was an issue when an error was also detected because the
upper layer was not aware of it and the session could be frozen.
The FCGI multiplexer was fixed to be sure to never request more room to the
channel when the mux is waiting for more data. It is especially important to
not do so if the channel buffer is empty. Otherwise, the situation cannot
evolved and the session remains stuck.
A race condition was fixed in the thread isolation that can allow a thread
that was running under isolation to continue running while another one
enters isolation.
The total boot time is now measured. It is used to postpone the startup of
health checks. It is pretty useful for very large configurations taking up
few seconds to start, to not schedule some servers' checks in past. This
also helps to have a better distribution of health-checks when
"spread-checks" option is used. In addition, the spread-checks is also used
at boot time, making the load much smoother from the start.
More actions were added to the "http-after-response" (set-map,
set-log-level, sc-inc-gpc etc)
Finally, as usual, several minor bugs were fixed. The doc was improved. Most
notably, a section about side format was added in the configuration
manual. And the development tools were extended. A script to decode most
flags in the "show sess all" output was added.
If you are running a 2.7, please upgrade. But keep in mind it is not a LTS
version. Now the 2.8.0 was released, it could be good to start to evaluate
it. However keep cool, there is no rush to upgrade. You have 1 year to do
so ;)
Thanks everyone for you help and your contributions !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.7/src/
Git repository : https://git.haproxy.org/git/haproxy-2.7.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.7.git
Changelog : https://www.haproxy.org/download/2.7/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Aleksandar Lazic (1):
DOC: configuration: add info about ssl-engine for 2.6
Amaury Denoyelle (47):
MINOR: quic: use real sending rate measurement
BUG/MINOR: mux-quic: prevent quic_conn error code to be overwritten
MINOR: mux-quic: add trace event for local error
MINOR: mux-quic: wake up after recv only if avail data
MINOR: mux-quic: adjust local error API
MINOR: mux-quic: report local error on stream endpoint asap
MINOR: mux-quic: close connection asap on local error
MINOR: quic: add format argument for "show quic"
MINOR: quic: implement oneline format for "show quic"
BUG/MINOR: mux-quic: fix transport VS app CONNECTION_CLOSE
BUG/MEDIUM: mux-quic: wakeup tasklet to close on error
BUG/MINOR: mux-quic: do not prevent shutw on error
BUG/MINOR: mux-quic: do not free frame already released by quic-conn
BUG/MINOR: mux-quic: no need to subscribe for detach streams
MINOR: mux-quic: add traces for stream wake
MINOR: mux-quic: do not send STREAM frames if already subscribe
MINOR: mux-quic: factorize send subscribing
MINOR: mux-quic: simplify return path of qc_send()
MEDIUM: quic: streamline error notification
MEDIUM: mux-quic: adjust transport layer error handling
MINOR: htx: add function to set EOM reliably
MINOR: mux-quic: remove dedicated function to handle standalone FIN
BUG/MINOR: mux-quic: properly handle buf alloc failure
BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure
BUG/MINOR: quic: do not alloc buf count on alloc failure
BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc
BUG/MINOR: mux-quic: free task on qc_init() app ops failure
BUG/MINOR: mux-quic: handle properly Tx buf exhaustion
BUG/MINOR: h3: missing goto on buf alloc failure
MINOR: mux-quic: add trace to stream rcv_buf operation
MINOR: mux-quic: properly report end-of-stream on recv
MINOR: mux-quic: uninline qc_attach_sc()
BUG/MEDIUM: mux-quic: fix EOI for request without payload
CLEANUP: mux-quic/h3: complete BUG_ON with comments
MINOR: quic: remove return val of quic_aead_iv_build()
MINOR: quic: use WARN_ON for encrypt failures
BUG/MINOR: quic: handle Tx packet allocation failure properly
MINOR: quic: fix alignment of oneline show quic
MINOR: mux-quic: set both EOI EOS for stream fin
MINOR: mux-quic: only set EOS on RESET_STREAM recv
MINOR: mux-quic: report error on stream-endpoint earlier
CLEANUP: mux-quic: remove unneeded fields in qcc
MINOR: mux-quic: remove nb_streams from qcc
MINOR: quic: fix stats naming for flow control BLOCKED frames
BUG/MEDIUM: mux-quic: only set EOI on FIN
CLEANUP: mux-quic: rename functions for mux_ops
CLEANUP: mux-quic: rename internal functions
Artur Pydo (1):
DOC: quic: fix misspelled tune.quic.socket-owner
Aurelien DARRAGON (9):
BUG/MINOR: proxy: missing free in free_proxy for redirect rules
MINOR: proxy: add http_free_redirect_rule() function
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule()
BUG/MINOR: errors: handle malloc failure in usermsgs_put()
BUG/MINOR: log: fix memory error handling in parse_logsrv()
BUG/MINOR: hlua: unsafe hlua_lua2smp() usage
DOC: config: fix jwt_verify() example using var()
BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
BUG/MINOR: proxy: add missing interface bind free in free_proxy
Christopher Faulet (16):
BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones
BUG/MINOR: resolvers: Use sc_need_room() to wait more room when dumping
stats
BUILD: mjson: Fix warning about unused variables
MINOR: spoe: Don't stop disabled proxies
BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during
startup
MINOR: http-rules: Add missing actions in http-after-response ruleset
BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more
data
BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set
REGTESTS: log: Reduce response inspect-delay for last_rule.vtc
DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules
REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc
MINOR: mux-h2: Set H2_SF_ES_RCVD flag when decoding the HEADERS frame
MINOR: mux-h2: Add a function to propagate termination flags from h2s to
SE
BUG/MEDIUM: mux-h2: Propagate termination flags when frontend SC is
created
DOC: config: Fix bind/server/peer documentation in the peers section
BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
Daniel Epperson (1):
DOC: add size format section to manual
Frédéric Lécaille (18):
CLEANUP: quic: No more used q_buf structure
CLEANUP: quic: Rename several <buf> variables in quic_frame.(c|h)
CLEANUP: quic: Typo fix for quic_connection_id pool
BUG/MINOR: quic: Wrong key update cipher context initialization for
encryption
BUG/MINOR: quic: Possible crash when dumping version information
BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function
BUG/MINOR: quic: Wrong redispatch for external data on connection socket
MINOR: quic: Add low level traces (addresses, DCID)
BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token())
BUG/MINOR: quic: Missing Retry token length on receipt
MINOR: quic: Align "show quic" command help information
CLEANUP: quic: Indentation fix quic_rx_pkt_retrieve_conn()
CLEANUP: quic: Useless tests in qc_rx_pkt_handle()
MINOR: quic: Add some counters at QUIC connection level
MINOR: quic: Add a counter for sent packets
MINOR: quic: Add QUIC connection statistical counters values to "show
quic"
BUG/MINOR: quic: Possible crash when SSL session init fails
CONTRIB: Add vi file extensions to .gitignore
Ilia Shipitsin (2):
CI: switch to Fastly CDN to download LibreSSL
BUILD: ssl: switch LibreSSL to Fastly CDN
Ilya Shipitsin (1):
CI: drop Fedora m32 pipeline in favour of cross matrix
Mariam John (1):
DOC/MINOR: config: Fix typo in description for `ssl_bc` in
configuration.txt
William Lallemand (2):
BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found
BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0
Willy Tarreau (19):
DEV: haring: automatically disable DEBUG_STRICT
DEV: haring: update readme to suggest using the same build options for
haring
BUG/MINOR: debug: fix incorrect profiling status reporting in show threads
BUG/MINOR: debug: do not emit empty lines in thread dumps
BUILD: debug: do not check the isolated_thread variable in non-threaded
builds
BUILD: quic: fix build warning when threads are disabled
BUILD: thread: implement thread_harmless_end_sig() for threadless builds
BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle
timeout
MINOR: clock: measure the total boot time
BUG/MINOR: checks: postpone the startup of health checks by the boot time
MINOR: checks: make sure spread-checks is used also at boot time
DEV: flags: add a script to decode most flags in the "show sess all"
output
DEV: flags: add missing stream flags to show-sess-to-flags
DEV: flags/show-sess-to-flags: only retrieve hex digits from hex fields
DEV: flags/show-sess-to-flags: add support for color output
SCRIPTS: publish-release: update the umask to keep group write access
BUG/MEDIUM: threads: fix a tiny race in thread_isolate()
BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty
MINOR: quic/cli: clarify the "show quic" help message
--
Christopher Faulet
