Skip to content

Fluxheim 1.6.13

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 18 Jun 12:49
· 212 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.6.13
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
1e31573
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.6.13 Release Notes

Fluxheim 1.6.13 continues the Pingora-exit line with the first native HTTP/1.1
upstream connection-pooling slice. The active production proxy still keeps
Pingora as the compatibility fallback for unsupported policy combinations, but
the Fluxheim-owned HTTP/1.1 upstream client can now reuse safe idle origin
connections under bounded pool controls.

Added

  • Added a bounded native HTTP/1.1 upstream idle-connection pool in
    fluxheim-server.
  • Added native pool capacity wiring from server.process.upstream_keepalive_pool_size
    into native HTTP/1 proxy candidates.
  • Added native pool idle-age enforcement from proxy.upstream_idle_timeout_secs.
  • Added real socket tests proving safe connection reuse and idle expiry.
  • Added a proxy-listener regression proving two separate downstream clients can
    reuse one safe pooled origin connection.

Hardened

  • Native HTTP/1.1 pooling only returns sockets for response shapes that are safe
    to reuse today: no-body responses and content-length responses with no extra
    buffered bytes.
  • Native HTTP/1.1 pooling now applies HTTP/1.0 close-by-default semantics before
    returning origin sockets to the idle pool.
  • Native HTTP/1.1 pooling no longer reuses 1xx origin responses, including
    101 Switching Protocols, because the connection state is ambiguous.
  • Native HTTP/1.1 pooling retries once on a fresh origin connection when a
    checked-out idle socket fails with a dead-connection I/O error.
  • Reduced server.process.upstream_keepalive_pool_size maximum to 16384 to
    bound per-native-upstream idle file-descriptor exposure.
  • Native HTTP/1.1 pooling does not reuse close-delimited responses, chunked
    responses, or responses with Connection: close.
  • Unsupported upstream TLS/mTLS, HTTP/2 upstreams, dynamic discovery,
    load-balancing, upstream PROXY protocol, websocket upgrade, and broader
    policy layers remain fail-closed for the native proxy eligibility gate.

Verification

  • cargo test --locked -p fluxheim-server native_http1
  • cargo clippy --locked -p fluxheim-server --all-targets -- -D warnings
  • cargo check --locked --workspace --all-targets
  • scripts/smoke_native_http1_proxy.sh

Checksums And Signatures

  • Commit: 1e315739d9ad172086d645107831d88dc8632040
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • f13460e9bbf838c1ed0d701fd44d3684c8f4a74a8755b0172b23a2234ec6786e fluxheim-1.6.13.tar.gz
    • 1f7a946563d88ccccdfd64b17f484978e63ee063a9503d4ab7b7713831342a6b fluxheim-1.6.13.zip
  • Binary checksums:
    • x86_64:
      • 56a982f6bb68ebc98755847d3510479d62f243789e5a35dff2f22c053c98a700 fluxheim-1.6.13-full-x86_64-linux.tar.gz
      • 3f718a065e562930d2a2133f9e40ac380a156378cb4ef9b23053024ee12b1a10 fluxheim-1.6.13-cache-x86_64-linux.tar.gz
      • bad6fa7412364356adec322e7542922a3097d61255cbd903d85a232d32ba9481 fluxheim-1.6.13-proxy-x86_64-linux.tar.gz
      • 05760db035bffe07b1fb10e31bc4be8409a1f2f977e037fc0b63f778ef5a86b8 fluxheim-1.6.13-php-x86_64-linux.tar.gz
      • 8c3ec6dcb1320d0dc5b025a9b02af67f03ce9cb295c32d22a23cd304f4598bb8 fluxheim-1.6.13-load-balancer-x86_64-linux.tar.gz
      • 46367d67bf6798926a878f828c874ac63c12674e546a30b7ea9ddb54bc4ce59c fluxheim-1.6.13-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • a10b571982888cb1aa2e59ad1f2b74e61f38522aa6612702b98cfc5e375f0fcb fluxheim-1.6.13-full-aarch64-linux.tar.gz
      • ba19db5ab65768c72f549f7c832366f004cc769516b076b03a657b7ff35c128e fluxheim-1.6.13-cache-aarch64-linux.tar.gz
      • 18fdee953579c9f2301754e765499782538fd04c20ee71c6884d069ae54c0229 fluxheim-1.6.13-proxy-aarch64-linux.tar.gz
      • 4178e9389b47cda858c5d789ff0fdc180587edf57a59ce5aa19ca706ffad2a82 fluxheim-1.6.13-php-aarch64-linux.tar.gz
      • 57d9dd7ecb72ce4e26702cd5daea020dd006719611554dc9af89c2da5f4ab5cf fluxheim-1.6.13-load-balancer-aarch64-linux.tar.gz
      • 91bf584bd025d3467f610483b2d1bbcb7e16fd5a8ac5d418abfbc775eca10a05 fluxheim-1.6.13-config-tester-aarch64-linux.tar.gz
    • macos:
      • 5808120456189377a785d6d5dea513f7b026b24d4132779af47d64c343be19ae fluxheim-1.6.13-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • 5c29d92229349660cbfab172b5857621b5e42189b628a32e4f55ae9f9d53e1d3 fluxheim.spdx.json
    • 360dc56b05f743e39f0a3de1f6cc363763f286f843c93b02d3e7f96cc03df1f5 fluxheim.cyclonedx.json
  • Reproducible build:
    • 70ee4a2e6dfc26f95b98d561b7b4a0324c255e241c4518f7a7a0b3cdcc3dec0a x86_64
    • ba19453c482729baaa92c153df1b02a952fd1d4b583661a75c15adb1a57bd96b aarch64
    • 043d63852fc4a1dd4a9a1c4576d557e9383e3539b0c440a4309139966d2e84ef macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0a2d5dd86293acdff14c399d26350bb6ab4da6176c56f5f52106525ae2cde187
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:5c823d4f15cb484891f86166b63d5c94a39f83311ca485f14af6ad7fbd2a2a57
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4e68f988a71a1fa8abf762d58c21069895d18614e5f78c6c05879aab817fe190
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:187146486b073388d02b6de69b2663e8488eb0ee827dafb774444d4824e405bd
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:efe10d9577e731dbab669b3af77b2bd7f6aa27febd64ac92594bb778c9ef85cb
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:5e7ebf7a10fea1900757cc88e248b3a545d0a84c8341498e12f274cc43b0e3f2
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:44a4d5156cfb6271883a5263929ff054ed92d647e5bd4e8cb60fca66ea2bb8e8
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:38290e88e2e372ae52f57cb665d1ccde3675aa0417b4c96edad20984f992b756
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:a985334909e7afaccc7965ac59b53bc5377491277e69bcc3b45b47faf1f49097
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:19ab4fd2ea5980c77c1b57070173a4dac6aaa93444b366d0db488f688a6aae8e
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:44201ac7e207c667edf96a0fb66aca05e83ba1430f4d9aa9e29ef0ea44c6c830
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:1503c59532286dbb1a78d61f49c0c2d727445835871d0258b36c52472f4946d2
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:a51508195b23633416e0bc3ec180391f05f48b183ad35f95235d96998d0d74ff
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:1f0b7ac11000354e2d06ac9223a83fff7bd88e4b84d60510342b6f5094e063f3
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:0c55e1185383835f223eb0bd5e3af39bc148bd2ecf73a48c3e6a8ef3762704b1
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:0358dc76365dbe93792bc6be457f171f375772476159e441b84d3b14b8023f8e
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:15e85740cdf9e798bca4cda5420c4c06efed5358cb4d5e44e1ace51b70162f34
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:2aec7416edc9fd23d89e1bf6841fef6e3f3ebbbaf2d502b8d6bfde03491f8d6e
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:58ade68923e05c15eb9dba0b773d7cfdd8958a25de53e070cc58f86ed513e4ae
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:19321c4aff319d5a49ebc417583ec600ebe0041598de9022f1feb5cb4c29f21f
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion