Skip to content

Fluxheim 1.6.15

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 19 Jun 06:38
· 197 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.6.15
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
79081df
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.6.15 Release Notes

Fluxheim 1.6.15 continues the Pingora-exit line by adding the first
Fluxheim-owned native HTTP/2 upstream client primitive. The production proxy
still keeps Pingora as the compatibility fallback for HTTP/2 cutover, but the
server crate now has a tested upstream h2 request/response path with the safety
bounds needed for the staged migration.

Added

  • Added fluxheim-server native HTTP/2 upstream request and response types.
  • Added a native HTTP/2 upstream send_on_io path over the h2 crate with
    bounded request headers, bounded request body size, bounded response headers,
    bounded response body size, request trailer sending, response trailer
    preservation, and absolute write/read deadlines.
  • Added in-memory h2 upstream tests for gRPC-style trailer pass-through,
    oversized upstream response rejection, response header-count rejection, and
    upstream stream reset surfacing, and request flow-control write timeout
    handling.

Changed

  • Shared native HTTP/2 prohibited response-header validation between the
    downstream stack probe and the new upstream client path.
  • Shared the native HTTP/2 bounded DATA sender between downstream responses and
    upstream request bodies.

Security

  • The native HTTP/2 upstream client fails closed on oversized responses,
    excessive decoded response headers, prohibited HTTP/2 response headers, and
    stalled request-body writes caused by upstream flow-control holds.
  • Native HTTP/2 upstream request bodies are now staged in zeroizing memory
    before being copied into h2 DATA frames.
  • Native HTTP/2 upstream response body reads now have a dedicated
    response-body timeout instead of reusing the downstream request-body timeout.
  • The current native HTTP/2 upstream client documents its intentional
    one-request connection-driver abort so that future pooled HTTP/2 upstream
    connections use a graceful teardown design instead.

Compatibility

  • HTTP/2 production proxy cutover remains gated. The native HTTP/2 upstream
    client is available for staged parity work, but official production profiles
    still use the existing compatibility path until pre-routing HPACK/header-count
    allocation bounds and full proxy integration are proven.

Checksums And Signatures

  • Commit: 79081df74e14ae6b077c4414881b1c4e20b9b424
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • 6bc13f66363fb2cc3516b0d08b5714bc47a2b95f25070288e4f51bc63fbb803a fluxheim-1.6.15.tar.gz
    • a39b4b67bdbf451ebceffdd1ae8584a0bece3b366e38b7312396a091b6f389e1 fluxheim-1.6.15.zip
  • Binary checksums:
    • x86_64:
      • 87c45326d1f63aa7f1cec9b78850c9281b12bac3d8e54e9e2caa1a87c04bbf37 fluxheim-1.6.15-full-x86_64-linux.tar.gz
      • 8f592bf75c5c53c296e0b7bdead1d5e5861858dea230a28ade853d2968dcb9b6 fluxheim-1.6.15-cache-x86_64-linux.tar.gz
      • a342fe906aa85f4214e3e97bfb7fc094758ee3f348199766b82dc2d951f86546 fluxheim-1.6.15-proxy-x86_64-linux.tar.gz
      • f6941d2be5438524d0f6ea735322856d2a7ff2676ac00485f1aad4334e45ba11 fluxheim-1.6.15-php-x86_64-linux.tar.gz
      • da95d307208bc6757d634cd5315ad788ce07c1c00bcb3a9ce5746a118d57655b fluxheim-1.6.15-load-balancer-x86_64-linux.tar.gz
      • a43bb390ac26a1c7e97b2a294c84d0c8c7fde8d344e6340976cef6bdb3ee8276 fluxheim-1.6.15-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • b29178feaf1e146f3f34564be323948d031d233ff229e98a2d4a5b40d547d78c fluxheim-1.6.15-full-aarch64-linux.tar.gz
      • a9f219e630c8dc402e17d14f9109fe1f602a65a41cdb8b5833e53b9dc6314c7c fluxheim-1.6.15-cache-aarch64-linux.tar.gz
      • 518d0b55fbac3e8320f25a5c84065e99d846034b53c11d5a7b4f68d2e59a131a fluxheim-1.6.15-proxy-aarch64-linux.tar.gz
      • ac0e711c720e72750326d4965aa37ce9c5638ef808679a1319de08d86db126cf fluxheim-1.6.15-php-aarch64-linux.tar.gz
      • 5fcaba05c8f701903c415f8879f3424ef9599a2a634065fcf9d81728fd02baf5 fluxheim-1.6.15-load-balancer-aarch64-linux.tar.gz
      • ac2e1fda211b3d5c1adb09d442aa550844f55f497f780aee15d30dc355fd3c51 fluxheim-1.6.15-config-tester-aarch64-linux.tar.gz
    • macos:
      • 1b253432997bf03a99f5af58bf2e996a12360720cc78bd49557dc8bb28a91201 fluxheim-1.6.15-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • 3e10a32ac4568016a7871c9f22e0cd339b833d601244a8faf91af18683808e4d fluxheim.spdx.json
    • cc61a79b21ab471229a924704b9bbb778e0da39cb91d20eb62fbb1240eba2bde fluxheim.cyclonedx.json
  • Reproducible build:
    • 4a9d30de3a67428cf2843334632d5772d6f77f124e398f68e0c2c69375aec24f x86_64
    • a3e0bc29c0948158d42f32f39a49d188509a5694be5c969592cf8a1aa796bf30 aarch64
    • fbaf4d20c744a2fc360b6feedf85e485cbe252256a39e4d31caf2b8f068fc25d macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:99fd42b4c1df3914863119e089d323e5fa99b3cf483beb807a36801d45f605b1
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:86b560d880e79e9d3621cc04a6e42f8a3f516b82fad3b97bc9e96eb5f9436746
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:cead45ce7192b88df799192ead04eee0a62196360d1e1ba539a69df378abf522
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:329c5e1cfeb438e0e01c734bdc62b58e1847ee1d309ed69cb79dc09a0c9a8cf9
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:e13666a0a9aac6ffbf6b034956c2138a61c0b53250a18b324842470d629b8222
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:091a1bb62d079a3616d030cc089e7df6fbb98c07506e40e4c96a775d09678a45
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:564aec65887ec3bbd4adfc391ec9ddff421f5c5d693e25b56f96940da7787312
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:3776b4b7a5f6d64cda21850d5db8bb5a99343b234bc225571a62d7cb22cb2439
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2c7504f96839aea3b1d678383567235fbcbbd973843f9b5c430a55c690c7ee06
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:45673712de42f8f0c0951150619448a73cb8bf6296fcf52853705cc02888a57f
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:41ffdfd0ef40bdd442180d0968e529615e9509da40cd5ec1bdf990eced9615d2
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:5aff78110bee219b74e2db77e21c9ed9b449227715939f5cf3e710f713ab5b2b
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:9ca5367cf837121ae9855e08a019eed9dfa4a0d174c720685e653a4257662e2e
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:5cb4205e635ea8e2bf1f09afe4021b25afe71041e89c5b7a6ed520be9d9cc69d
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2e82123ef816ce67b7b263e76f6e04ba1b693a63e111543b54dc9b86c02f104c
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:02972166c90614cc771c683e8802df8f2b77402e3c1526e67d4bf3a928ce643f
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:041a190188b62aa9d60df634b73c6416ea86a8ea44c79c266ccc6cb47bfad986
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:72047e7be3aaf4f388736f68b027e9e92e66c374e54cea03a16d50e3234f7ab1
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:3d586c44c977a2a2a20b0429c9c2138992da103b347dcf4b46e78ede59491307
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:08c0677b0381ec71b4f8c3377c708343b68f257ccfac7f278c19b8289abe03c6
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion