Skip to content

Fluxheim 1.6.21

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 20 Jun 14:57
· 150 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.6.21
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
f2e5b79
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.6.21 Release Notes

Fluxheim 1.6.21 continues the staged Pingora-exit line by moving internal
background task orchestration toward Fluxheim-owned runtime supervision while
keeping production listener behavior conservative.

Changed

  • Start the native background-service orchestration slice for certificate
    reload, ACME renewal, cache maintenance, observability export, and
    load-balancer refresh tasks.
  • Add fluxheim_runtime::NativeBackgroundSupervisor for Pingora-free
    background service spawning, readiness callbacks, shutdown fan-out, and
    join/abort supervision.
  • Keep the final Pingora-free proof target at 1.6.24 while this release focuses
    on task-supervision boundaries rather than listener/runtime replacement.
  • Update release metadata, RPM metadata, and container tag documentation for
    v1.6.21.

Security

  • Preserve the pingora-compat runtime boundary and dependency-policy gates
    while adding the Fluxheim-owned supervision primitive that internal
    background tasks will use during the remaining runtime/listener cutover.
  • Add native critical background-task watchdog support so critical task exits can
    trigger supervisor shutdown before production task wiring moves off Pingora.
  • Fix native supervisor shutdown delivery for pre-spawn shutdown, last-handle
    drop, and clone-drop edge cases.
  • Harden the native runtime cutover evidence script against unsafe TOML path
    interpolation and missing expected blocker rows in the representative report.
  • Mark background-service threads() as Pingora compatibility-only; the native
    supervisor does not treat it as a per-service thread-pool contract.
  • Keep the first-party zeroize to sanitization migration planned for the
    post-Pingora stabilization release so secret-container API changes are tested
    as a focused hardening pass.

Compatibility Boundary

  • Normal proxy profiles still retain the Pingora compatibility runtime in this
    release. The goal of 1.6.21 is to shrink internal task orchestration
    dependency, not to flip production traffic to a new runtime in one step.

Checksums And Signatures

  • Commit: f2e5b797440247cf6bcae8b5a68c823219c7acf7
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • 419919e2ffcafdb9f39e104ffe53c32230c5bc4a8b5f9324a3f80f3bd4ff5aa4 fluxheim-1.6.21.tar.gz
    • d8a932b997342509b342a24c123273644274b194fb2b88f0627edb023c15be32 fluxheim-1.6.21.zip
  • Binary checksums:
    • x86_64:
      • 50f64aecefd62c7301e98827cab3723e5dc0b725bfbbb856380e04ddb42a2cfa fluxheim-1.6.21-full-x86_64-linux.tar.gz
      • f046452ef3aa57a4be9c8e10140001158c02aea5e5621ee93398234066d4ef4b fluxheim-1.6.21-cache-x86_64-linux.tar.gz
      • 0319d36aeada3c36710e154e2785c0343f5a676558cccb31c64f2d591cf4ac1b fluxheim-1.6.21-proxy-x86_64-linux.tar.gz
      • 44c6657b62a928bad08cdcb563e2408a4d360b54d45a5a9ede14d3012ab236c3 fluxheim-1.6.21-php-x86_64-linux.tar.gz
      • be8b0ef231dc6d2eb1b50e02ecc984f65dc85315bbda452cbbb4783b07a062da fluxheim-1.6.21-load-balancer-x86_64-linux.tar.gz
      • 0effc9f05c093a8dd92a13fff6319026ad5dfd11511916419ab58a6b6f9032e7 fluxheim-1.6.21-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • 6b905523f62de6567718cc094729967aa8f2889eedad534cd61dfed75641163a fluxheim-1.6.21-full-aarch64-linux.tar.gz
      • c9d30f52712b361e933fc1084e1938ca5d7be0052d70698652a018fa63cb328f fluxheim-1.6.21-cache-aarch64-linux.tar.gz
      • 716e52318b6ca78054737280f1e0c73d9df7a5145c48af9c0b7267b7eb19899a fluxheim-1.6.21-proxy-aarch64-linux.tar.gz
      • 2b886ef32f257c9156c2baddb67ff0d6ec096fc40ab2dcaf46f7208a1c281a7a fluxheim-1.6.21-php-aarch64-linux.tar.gz
      • 8aa3dd2b0ef584d79fc25f206778d50c1174530b506014199219dcc393112271 fluxheim-1.6.21-load-balancer-aarch64-linux.tar.gz
      • f0f7e55e6332ee7766c0e700019f96e1838b5b6f42d62792b3864d19a155c862 fluxheim-1.6.21-config-tester-aarch64-linux.tar.gz
    • macos:
      • 4481a03c119b8c7d4c87de92ee5ca099118a471d2bad3619f24c626292a21755 fluxheim-1.6.21-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • 1bfd955bfa2476e0541c88e604993840bd0fb34bb5742d8ee84b19ccb8736650 fluxheim.spdx.json
    • 59bc32fdb7d48a7258b569be3e5fc6f1cb12cf3637b491025857ea321a04197c fluxheim.cyclonedx.json
  • Reproducible build:
    • c18e1d3bda8f047b91016bd3a206f308b65585bc1be7b8025ee326ec3ca82057 x86_64
    • 4b3ef83ad22f9e717fea65b2d10e69daa9b0ebef08d3d1a8c9e9a8ce7621b46a aarch64
    • 7aae16a2f58a98952262f473e78c83d8f52edba87402ae78f3d798f2a916595c macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0b1c599809d861d2477e28a3b90b0a9087676b7e17a4c85b33aa306cb1a77a80
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:d60820841d817097f771d8099caa7dd17a32529e91a163a37245972bb4aaed21
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:488a9798bdb2ea672c21ff63cb56fb2cb4564097ceecb2d0644b59719ed2e435
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:a7d4e084a32beabbf6c5e6f1af6410ae335ce5b3567811cb5d05933a1243a4b4
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2514d7fc3367c745c73fe3b8abd0ea64454325e4894c51e49c5acf0964e2edfe
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:72571e7525e9bee3993422fe7ce457bfd8417e92b3c4249e8b59ed2c11a81e16
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:ba64191559b5622288411a1b5ceeba64954b93ae13707e90e4ba669befd1796d
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:273e2e045e7635d175868812fe285d3452bf18495f45b10f3d8ff9070d6f15f1
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:644baf8bc7cfdf914f206205031c00b110002dddf2b83fe58725aee49e731018
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:bd9dd712570a1a4b8631bc990a3fbafb915d4c801d106f39bd9cbccde8baf67f
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1e7dadb120b173935fb4e30b26cd1cfc1c34927abefde4a51320c089e73f3978
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:7e1c38b0baf604c6ecd69230d96b06c6153391b46763fa14c962460723e3e919
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:709425a1892d550c01406d754867263178e1b551e26a41b613505d9b8a440d1c
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4ffd126c5a1fd4b218a7bddd4568bd0c361ce1aaa3d9882c95b3bbdc6195168b
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:6c5f53e98c7eb8012b2dc63ec3715b46d19d8bf3ca5b8f199f3e9a9563198ce0
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:0287d53c2cbefc5e7fc2ca4211ce3d8a4c9ca7eb0601b13c51c06b5cdede21d5
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:9497ab6a93211b10d5269e428dd1f24af4f4610f6352fcce395e90235a374c85
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:609de3a902d5e90df9d0f8602b9fa2f6e25de8457a84ffee96a306f22f9118de
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2f174de96bbb2b23775cd7c72fd4a51786489d0ff657bde15da20be89b5780e7
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:41e0801edeac66870f2ceb9520a6676179478e37f940824c121fddf17d536ffa
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion