Alright!!! I'll get to reworking the TLS support bp that didn't get too much attention. This is fantastic news, thanks for sharing! ________________________________________ From: Stephen Balukoff [sbaluk...@bluebox.net] Sent: Friday, June 20, 2014 8:01 AM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] and [Octavia] haproxy-1.5.0 is out
The wait is over on this one! ---------- Forwarded message ---------- From: Willy Tarreau <w...@1wt.eu<mailto:w...@1wt.eu>> Date: Thu, Jun 19, 2014 at 12:54 PM Subject: [ANNOUNCE] haproxy-1.5.0 To: hapr...@formilux.org<mailto:hapr...@formilux.org> Hi everyone, The list has been unusually silent today, just as if everyone was waiting for something to happen :-) Today is a great day, the reward of 4 years of hard work. I'm announcing the release of HAProxy 1.5.0. For people who don't follow the development versions, here are the most noticeable features that 1.5 brings over 1.4 : - native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling. - IPv6 and UNIX sockets are supported everywhere - end-to-end HTTP keep-alive for better support of NTLM and improved efficiency in static farms - HTTP/1.1 response compression (deflate, gzip) to save bandwidth - PROXY protocol versions 1 and 2 on both sides - data sampling on everything in request or response, including payload - ACLs can use any matching method with any input sample - maps and dynamic ACLs updatable from the CLI - stick-tables support counters to track activity on any input sample - custom format for logs, unique-id, header rewriting, and redirects - improved health checks (SSL, scripted TCP, check agent, ...) - much more scalable configuration supports hundreds of thousands of backends and certificates without sweating Since dev26, a few bugs were fixed, and some low-importance things were integrated. Basic OCSP stapling support from Dirkjan and Emeric was finally merged. Sasha's header replace actions were merged as well. I've added a few more info in the stats page (avg response times) and CSV output (health check status), added support for PROXY v2 on the accept side, and added the "capture" action on tcp-request in order to log contents such as SNI or payload. Rémi's dh-param was finally integrated. People love numbers, so here are a few : >From 1.4.0 to 1.5.0, we had : - 1574 calendar days (4 yr 3 mon) - 26 development versions (one every 2 months on average) - 540 bugs fixed (387 added during 1.5, 153 affecting 1.4 as well) - 2549 commits - 683 unique commit dates (at least this many days worked) - up to 24 commits per day - 69712 lines removed, 122279 lines added - many extremely useful bug reports (too many to list) - 73 code/doc contributors : Adrian Bridgett, Alex Davies, Aman Gupta, Andreas Kohn, Apollon Oikonomopoulos, Arnaud Cornet, Baptiste Assmann, Bertrand Jacquin, Bhaskar Maddala, Conrad Hoffmann, Cyril Bonté, Daniel Schultze, David BERARD, David Cournapeau, David S, David du Colombier, Delta Yeh, Dirkjan Bussink, Dmitry Sivachenko, Emeric Brun, Emmanuel Hocdet, Evan Broder, Finn Arne Gangstad, Gabor Lekeny, Geoff Bucar, Wei Zhao, Guillaume Castagnino, Guillaume de Lafond, Hervé COMMOWICK, Hiroaki Nakamura, James Voth, Jamie Gloudon, Jarno Huuskonen, Joe Williams, Joshua M. Clulow, Julien Vehent, Justin Karneges, Kevin Hester, Kevin Musker, Kristoffer Grönlund, Krzysztof Piotr Oledzki, Lukas Tribus, Marc-Antoine Perennou, Mark Lamourine, Mathieu Trudel, Michael Scherer, Neil Prockter, Nenad Merdanovic, Nick Chalk, Olivier Burgard, Oskar Stolc, Patrick Mézard, Pieter Baauw, Prach Pongpanich, Rauf Kuliyev, Remi Gacogne, Sagi Bashari, Sasha Pachev, Sean Carey, Sergiy Prykhodko, Simon Horman, Simone Gotti, Stathis Voukelatos, Tait Clarridge, Thierry Fournier, Todd Lyons, Vincent Bernat, William Lallemand, William Turner, Willy Tarreau, Yuxans Yao, Yves Lafon. Additionally, we are very thankful to a few organisations who have sponsored the development of certain advanced features which required to dedicate a person or a team for a significant amount of time (I hope I have not missed any) : - HAProxy Technologies (formerly Exceliance) - Loadbalancer.org - StackOverflow - SmartFile - SmugMug - ImageShack Don't forget to offer a beer to your distro packagers who make your life easier. It's hard to list them all, but if you don't build from sources, you're likely running a package made and maintained by one of these people : - debian: Vincent Bernat, Apollon Oikonomopoulos, Prach Pongpanich - Fedora: Ryan O'hara - OpenSuSE: Marcus Rückert - other? just report yourself! And last, I'd like to assign a special mention to our most active mailing list supporters during that period who make the project a reality by off- loading the support task from developers, and kindly help our 800 permanent subscribers on a daily basis, BIG THANKS to you guys : - Baptiste Assmann - Lukas Tribus - Cyril Bonté - Jonathan Matthews - Thomas Heil For the HAProxy development team here in France, it will be time to do some errands and buy some Champagne to celebrate the event :-) Now the practical things. 1.5 now enters in maintenance status and the development continues with 1.6-dev0 which is the exact equivalent of 1.5.0. The links have been updated below. Note the removal of /devel/ for the sources and the introduction of haproxy-1.5.git since this is not the development tree anymore : Site index : http://www.haproxy.org/ Sources : http://www.haproxy.org/download/1.5/src/ Git repository : http://git.haproxy.org/git/haproxy-1.5.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.5.git Changelog : http://www.haproxy.org/download/1.5/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.com/haproxy-dconv/configuration-1.5.html I'm figuring that tomorrow is Friday. Guys, be reasonable, don't forget the good old principle of not upgrading on Fridays, try to hold on till monday if you can :-) BTW, since I've got this question off-list a number of times now, yes we're going to release updated HAPEE packages very soon, please keep an eye on it : https://www.haproxy.com/products/haproxy-enterprise-edition/ And finally the changelog since 1.5-dev26. Have fun an as usual, please report anything abnormal you'd face up, but after checking the doc. Willy -------- 2014/06/19 : 1.5.0 - MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'. - MEDIUM: ssl: basic OCSP stapling support. - MINOR: ssl/cli: Fix unapropriate comment in code on 'set ssl ocsp-response' - MEDIUM: ssl: add 300s supported time skew on OCSP response update. - MINOR: checks: mysql-check: Add support for v4.1+ authentication - MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits - MEDIUM: ssl: fix detection of ephemeral diffie-hellman key exchange by using the cipher description. - MEDIUM: http: add actions "replace-header" and "replace-values" in http-req/resp - MEDIUM: Break out check establishment into connect_chk() - MEDIUM: Add port_to_str helper - BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. - BUG/MEDIUM: Fix unhandled connections problem with systemd daemon mode and SO_REUSEPORT. - MINOR: regex: fix a little configuration memory leak. - MINOR: regex: Create JIT compatible function that return match strings - MEDIUM: regex: replace all standard regex function by own functions - MEDIUM: regex: Remove null terminated strings. - MINOR: regex: Use native PCRE API. - MINOR: missing regex.h include - DOC: Add Exim as Proxy Protocol implementer. - BUILD: don't use type "uint" which is not portable - BUILD: stats: workaround stupid and bogus -Werror=format-security behaviour - BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new transaction - CLEANUP: http: don't clear CF_READ_NOEXP twice - DOC: fix proxy protocol v2 decoder example - DOC: fix remaining occurrences of "pattern extraction" - MINOR: log: allow the HTTP status code to be logged even in TCP frontends - MINOR: logs: don't limit HTTP header captures to HTTP frontends - MINOR: sample: improve sample_fetch_string() to report partial contents - MINOR: capture: extend the captures to support non-header keys - MINOR: tcp: prepare support for the "capture" action - MEDIUM: tcp: add a new tcp-request capture directive - MEDIUM: session: allow shorter retry delay if timeout connect is small - MEDIUM: session: don't apply the retry delay when redispatching - MEDIUM: session: redispatch earlier when possible - MINOR: config: warn when tcp-check rules are used without option tcp-check - BUG/MINOR: connection: make proxy protocol v1 support the UNKNOWN protocol - DOC: proxy protocol example parser was still wrong - DOC: minor updates to the proxy protocol doc - CLEANUP: connection: merge proxy proto v2 header and address block - MEDIUM: connection: add support for proxy protocol v2 in accept-proxy - MINOR: tools: add new functions to quote-encode strings - DOC: clarify the CSV format - MEDIUM: stats: report the last check and last agent's output on the CSV status - MINOR: freq_ctr: introduce a new averaging method - MEDIUM: session: maintain per-backend and per-server time statistics - MEDIUM: stats: report per-backend and per-server time stats in HTML and CSV outputs - BUG/MINOR: http: fix typos in previous patch - DOC: remove the ultra-obsolete TODO file - DOC: update roadmap - DOC: minor updates to the README - DOC: mention the maxconn limitations with the select poller - DOC: commit a few old design thoughts files ---- -- Stephen Balukoff Blue Box Group, LLC (800)613-4305 x807 _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev