Skip to content

Fluxheim 1.6.8

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 17 Jun 10:07
· 225 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.6.8
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
3334a82
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.6.8 Release Notes

Fluxheim 1.6.8 continues the 1.6 Pingora-exit line by adding native HTTP/1.1
request-head foundations. The active HTTP runtime still uses the Pingora
compatibility adapter in this slice.

Added

  • Added a Fluxheim-owned HTTP/1.0/HTTP/1.1 request-head parser in
    fluxheim-protocol.
  • Added strict parser bounds for total request-head bytes, header count,
    start-line length, and individual header-line length.
  • Rejected obsolete folded header lines, invalid header names, invalid header
    control bytes, malformed request lines, and unsupported HTTP versions at the
    protocol boundary.
  • Added downstream HTTP/1 policy defaults to fluxheim-server so the native
    server plan carries HTTP/1 parser limits before production traffic is moved
    off the Pingora adapter.
  • Added an incremental HTTP/1 request-head buffer for future native socket read
    loops, with fragmented-head support and bounded storage when an incomplete
    head exceeds the configured cap.
  • Added strict HTTP/1 request body-framing classification for Content-Length
    and Transfer-Encoding, including rejection of ambiguous
    Content-Length/Transfer-Encoding combinations.
  • Added HTTP/1.1 required Host boundary validation for the native parser,
    rejecting missing, duplicate, empty, or whitespace-containing host fields.
  • Added HTTP/1 connection persistence classification for the native parser,
    covering HTTP/1.0 close-by-default, HTTP/1.1 persistent-by-default, explicit
    Connection: close, and HTTP/1.0 Connection: keep-alive.
  • Added a bounded complete-buffer HTTP/1 chunked body decoder that writes into
    caller-owned output and enforces chunk-size, total-body, output-buffer, and
    CRLF framing limits.
  • Split the HTTP/1 chunked decoder into a focused fluxheim-protocol module so
    the native HTTP parser stays below the reviewability target while more HTTP
    runtime pieces are added.
  • Added native HTTP/1 request-target classification for origin-form,
    absolute-form, CONNECT authority-form, and OPTIONS asterisk-form requests,
    including percent-encoding and forbidden-fragment/backslash checks.
  • Added a bounded native HTTP/1 response-head parser for future upstream
    response handling, reusing the same strict header-count, line-length, UTF-8,
    and obsolete-folding checks as request-head parsing.
  • Hardened the native HTTP/1 parser by rejecting deprecated authority userinfo,
    non-ASCII obs-text in strict header values and response reason phrases, all
    duplicate Content-Length fields, and unbounded chunked body defaults.
  • Extended the temporary pingora-runtime and pingora-rustls dependency
    policy exceptions to 1.6.9 because 1.6.8 adds parser foundations but does
    not yet replace the active server/listener adapter.

Tests

  • Added fluxheim-protocol unit tests for complete HTTP/1.1 heads, incomplete
    heads, oversized heads, header-count limits, folded headers, invalid controls,
    invalid methods, and unsupported versions.
  • Added fluxheim-protocol unit tests for fragmented request heads and
    oversized incomplete chunks that must not be stored unboundedly.
  • Added fluxheim-protocol unit tests for no-body, fixed-length, chunked, and
    invalid/ambiguous request body framing decisions.
  • Added fluxheim-protocol unit tests for valid, missing, duplicate, empty,
    and malformed Host fields.
  • Added fluxheim-protocol unit tests for HTTP/1.0/HTTP/1.1 connection
    persistence decisions and invalid Connection tokens.
  • Added fluxheim-protocol unit tests for chunked body decoding, incomplete
    chunks, output/body limits, chunk-size limits, and invalid chunk framing.
  • Added fluxheim-protocol unit tests for HTTP/1 request-target classification
    and malformed target rejection.
  • Added fluxheim-protocol unit tests for HTTP/1 response-head parsing,
    incomplete response heads, malformed status lines, and shared header bounds.
  • Added fluxheim-protocol regression tests for authority userinfo rejection,
    obs-text rejection, duplicate Content-Length rejection, and bounded chunked
    body defaults.
  • Added fluxheim-server unit coverage for downstream HTTP/1 bounded defaults.

Verification

  • cargo test --locked -p fluxheim-protocol
  • cargo test --locked -p fluxheim-server
  • cargo fmt --all --check
  • RUSTFLAGS='-D warnings' cargo check --locked -p fluxheim-protocol
  • RUSTFLAGS='-D warnings' cargo check --locked -p fluxheim-server
  • scripts/validate-modularity-policy.sh check

Checksums And Signatures

  • Commit: 3334a82951e6b358c653c48c2c6b07d5759f908a
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • b8e504c064a3cfb4e0f1eca2a3a306febfc87327de44aad49d148d743faed695 fluxheim-1.6.8.tar.gz
    • 7f4d5344b62b1ee32f53bf90d8143f5c6c1e0554fc6822cc4869a99a7fbd5824 fluxheim-1.6.8.zip
  • Binary checksums:
    • x86_64:
      • 4e50fe780a690a584fdabd689eb1e29fb9e6af6cdd07453d41908e2be29ab680 fluxheim-1.6.8-full-x86_64-linux.tar.gz
      • 6fbfb59b838df394e5821e291eeff878bbbba93f2685b219fb162608b2eaa07f fluxheim-1.6.8-cache-x86_64-linux.tar.gz
      • 89b9c06fd91c27add3ca315de0c04bbfcf1e27c9c3a9b1569b05af575853cc9f fluxheim-1.6.8-proxy-x86_64-linux.tar.gz
      • 89640681d951f643c18249b4e15341358bc50c4a74fb5afcb42da4f35ebc4d14 fluxheim-1.6.8-php-x86_64-linux.tar.gz
      • 758263dd2a89c413fa846f6af6f199c5f6646ed31d192fa7bd45b8c5578b5567 fluxheim-1.6.8-load-balancer-x86_64-linux.tar.gz
      • 687bfe3feb6151ef2f9e28181397a88444bb332f149e57f77879d85622c2fede fluxheim-1.6.8-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • 9f0503c141a41ad1f623aa31c77d730764fba925daf2e5055e5483536cf7e2ca fluxheim-1.6.8-full-aarch64-linux.tar.gz
      • 1c1c336c12d53d4db6dac8d1464dcba8fa5b566187ed5d2c3c0c00d0a6faecfa fluxheim-1.6.8-cache-aarch64-linux.tar.gz
      • aacfb5216119b813d64893c81d4eae40cfb7556ed4e7a89515cfdcce454b8485 fluxheim-1.6.8-proxy-aarch64-linux.tar.gz
      • 1afe2c785ef71274a962a1375d90d15cbc70f6d13b068afcd1d1cb1783b41176 fluxheim-1.6.8-php-aarch64-linux.tar.gz
      • e42719761a41178cfacfd65d1b7233cff5ccb75b21a9965feb037d03b74e9ea1 fluxheim-1.6.8-load-balancer-aarch64-linux.tar.gz
      • 738b47d97f6e37e078847471646c2ceb846b35ee4e9d7126c99f9fa0f8cb7e50 fluxheim-1.6.8-config-tester-aarch64-linux.tar.gz
    • macos:
      • 5219a4753b04d8d516efaf436d895678e64d3eb4e21065cc9198d58bb0e921dc fluxheim-1.6.8-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • 4e2bfaa703f2e2dbf371c254e1e503451029a6c7925278055f48c677a6c85b58 fluxheim.spdx.json
    • fd70375db072b9bf011337ab06fc612056e3112ed6d12b5394182d239fc39ebe fluxheim.cyclonedx.json
  • Reproducible build:
    • dd301e1363039e9ee2ff47120391a8d9a16dc7ee9e57bb04fd3599a9aa442b22 x86_64
    • 987cd700634ff66a4dbde5bf8d04f99f4152778c7c5ca3d9bc62b3ee2e9df444 aarch64
    • d6a91ff88aacac3beb55207529ac0610e74894af97d7f3d61827e9534448f1b9 macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:850bb5ff703e397369642b72555a214395fa822695ff1270d2f10620c0d24dd6
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:06588fe495edabec5dadc72082a28c913eef83db536b0c07872a55fd150bae4a
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:038d62951c85fc878d122184f681a6c31dedeb2bc97ddef9abd391ed9d5bd48d
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:508c30b216adf39793c626f6a4d7f2777bfecc14d8d52b89ce53a63e69fb7ba2
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:35844b5e13d8534a1b5ac77aa0143e730a2a2da7ee17d407908c09eb252b471f
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:0822b10c2a896d96fe7177d994ad0a6f2ba18df6bcb00912676b47a5e79de67c
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1f0b9046e885e6d7e5fc2e413f26624a7bbce37d0e3fd83c6e0a25ca4666396e
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:38d6ba38a1bc452c209510ba9809e4456fb20184399f50caa5a0f07edf89c754
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:ee79c4e71c7dfcd37c9bd31bd4cce425c8d428080fd92bd4252bb406be375908
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:1318c01352559eae482c100882afcd39be219edfb371605b1c245e164e8c3609
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1e34276fc795dfc2fbcd3d5f55ac19320e16f439913b43a0e8949d2254bd27ef
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:336012b65f17e6a292c28b24050a8a0fc00fa43c0587ee63c76f4c527db4eb06
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:6a6e9d599d407efa1d758eefa3cce5c1cb913ca605877290dcdb60c3f646cd7c
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:17de1146c79c03d65168606d9bb105f563bc324564d33f03e87a2d7722b6b681
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2346ba58ae3a763381ffc90db117cce2b3242cbd06fb5a79eac9e674eaa75f5e
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:26c616d2c64702edb4e336771ffe5a6b15831ea0f5141168582e86ee2c61a9bc
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:5bbd8552144acd32af46864ec6f8869d6bf20d0e236368274aaf87832d593931
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:7aa4ac548d4f03d9111364079b5735f0b5a31b7ba8b758f0e4822f009491717d
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:3cadbb45574cc354ccaeb0c074e13fa8fa26ba617388b80d38310416ad46d733
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:3e17f3b81d0322242da871046f198a09fff7bb61379390f33cf6c300e82c3586
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion