Skip to content

Fluxheim 1.6.9

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 17 Jun 15:37
· 224 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.6.9
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
396c17d
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

Fluxheim 1.6.9 Release Notes

Fluxheim 1.6.9 continues the 1.6 Pingora-exit line by adding the first
Fluxheim-owned native HTTP/1.1 server runtime boundary. The active production
HTTP runtime still uses the Pingora compatibility adapter until routing,
proxying, cache, PHP-FPM, ACME, observability, and failure-semantics parity are
green on the native path.

Added

  • Added fluxheim-server native HTTP/1 connection handling over Tokio IO using
    the bounded HTTP/1 parser from fluxheim-protocol.
  • Added a native HTTP/1 listener accept loop with explicit shutdown future and
    per-connection tasks.
  • Added a small async handler boundary returning NativeHttp1Response, giving
    the later proxy/static/PHP adapter work a Fluxheim-owned runtime target.
  • Added a staged native static-file adapter that reuses Fluxheim's existing
    safe web-root resolver, conditional-response planner, and body reader while
    writing through the native HTTP/1 response type. This is tested but not yet
    selected by the production listener path.
  • Added fixed-length and chunked request-body reads with the existing
    Fluxheim-owned body-size and chunk-decoding limits.
  • Mapped existing [server.limits] request-head, URI, header-count, and
    request-body limits into the native downstream HTTP/1 policy.

Hardened

  • HTTP/1.1 requests without a valid Host header receive a bounded
    400 Bad Request response on the native path.
  • Request bodies exceeding the configured server body limit receive
    413 Payload Too Large before being handed to the handler.
  • Handler-supplied response headers cannot override Content-Length or
    Connection; those framing headers are owned by the native runtime writer.
  • Native responses can advertise an explicit Content-Length independent of
    body bytes, preserving HEAD and static conditional-response semantics.
  • Native HTTP/1 request-head and request-body reads now have explicit policy
    deadlines so slowloris and slow-body clients cannot hold staged native tasks
    indefinitely.
  • Native HTTP/1 listener accepts are bounded by a policy connection cap and
    drop over-budget connections before spawning per-connection work.
  • A zero native HTTP/1 connection cap is treated as the default cap instead of
    silently dropping all accepted connections.
  • Native HTTP/1 responses now own the Date header and ignore handler-supplied
    Date overrides, matching the runtime-owned framing model.
  • Handler-supplied response headers are validated before writing so invalid
    names or control/obs-text bytes cannot produce response splitting.
  • Native static 500 responses no longer include internal filesystem or OS error
    details in the HTTP body; details are kept in server logs.
  • Native request-body reads preserve IO errors distinctly from HTTP parse
    failures for later admin/logging semantics.
  • The native HTTP/1 head-buffer secondary guard now fails at the configured
    limit instead of allowing one extra read chunk of overshoot.
  • The native HTTP/1 chunked-body secondary raw-buffer guard now uses the same
    fail-at-limit behavior as the head-buffer guard.
  • Tight [server.limits] configurations now preserve the invariant that the
    derived HTTP/1 start-line limit never exceeds the total head limit.

Tests

  • Added real TCP socket tests for native HTTP/1 keep-alive, explicit close,
    fixed-length request bodies, chunked request bodies, listener shutdown,
    configured body-limit rejection, missing-host rejection, and response framing
    header ownership.
  • Added native HTTP/1 tests for peer-address propagation, slow request-head
    timeout, slow request-body timeout, over-budget listener drops, runtime-owned
    Date headers, and tight head/start-line limit derivation.
  • Added tests for zero connection-cap fallback and positive-cap over-budget
    shedding.
  • Added real TCP socket tests for native static file serving, HEAD
    Content-Length preservation, and directory listings.
  • Added server-plan tests proving [server.limits] feeds the native HTTP/1
    policy instead of hard-coded parser defaults.

Verification

  • cargo test --locked -p fluxheim-server
  • cargo fmt --all --check
  • RUSTFLAGS='-D warnings' cargo check --locked -p fluxheim-server -p fluxheim-protocol
  • cargo test --locked native_static --features profile-full --lib
  • RUSTFLAGS='-D warnings' cargo check --locked --features profile-full --lib
  • cargo check --locked --workspace --all-targets
  • scripts/validate-modularity-policy.sh check

Checksums And Signatures

  • Commit: 396c17d23da83f183b450d558cee706300e41418
  • Local gate: GitHub CI green before tag; local release metadata checks passed
  • CodeQL/code scanning: no open release-blocking alerts before tag
  • Source archive checksums:
    • 7ea8b4802adb8aae5dd95f85dfef1c0ce94e4d7835345e5c14d15f9a883a0606 fluxheim-1.6.9.tar.gz
    • 91fcd6699515639d9feeddea2832c873a6c8a6463a43bcbb5fcaaa7d65c201a1 fluxheim-1.6.9.zip
  • Binary checksums:
    • x86_64:
      • 8494c5a55f5df4b03be06326d2a9973ad4df7cf0b1a061bcca67e1204647e19d fluxheim-1.6.9-full-x86_64-linux.tar.gz
      • 0dfad9f4dfc099f298c6c0a0f351a9ed4596d6c5af9b266339b8fbd4389f8b64 fluxheim-1.6.9-cache-x86_64-linux.tar.gz
      • 21863c85bac08f3fef2a9c5c8022ff3399b3fa5801e27a58c1087b0e7dee1e80 fluxheim-1.6.9-proxy-x86_64-linux.tar.gz
      • d3b5625afe4b657dbc87e196666f5ed9afbd6e8b694fa56e9362a37d82da00ff fluxheim-1.6.9-php-x86_64-linux.tar.gz
      • 80564a3a3f00f8d814734a610e97a889395480629141d4a30ec73da2faafae02 fluxheim-1.6.9-load-balancer-x86_64-linux.tar.gz
      • 8c4ea6130109d1e7ecf301198a22ead2cc2fef4f513f1f9aec68e4726426b673 fluxheim-1.6.9-config-tester-x86_64-linux.tar.gz
    • aarch64:
      • 336891c01bb9f45db103e9c8836db0ebe0926cd5671bf4f2c04eb9b49b4442ea fluxheim-1.6.9-full-aarch64-linux.tar.gz
      • b26bc3b47d088f3ddcf1af16dd377d7bc5fd776e599b84d19f310cca447e2187 fluxheim-1.6.9-cache-aarch64-linux.tar.gz
      • 41e4d236caba6a66cdab379f6339ff26bdfcd701d8dc751c18180881b440a0a6 fluxheim-1.6.9-proxy-aarch64-linux.tar.gz
      • 84a56b2774f2bc06f23613be7ecdaf7a8487922d2fb0d65cd75e8df531307eed fluxheim-1.6.9-php-aarch64-linux.tar.gz
      • c57bf23bd2625377c46834ecd8505c0e1926b78b5fb3effd823cea420c16e5ff fluxheim-1.6.9-load-balancer-aarch64-linux.tar.gz
      • 99da13c4db2f8829df0189922c48254fc7829e9081f2020f810dbb2919367766 fluxheim-1.6.9-config-tester-aarch64-linux.tar.gz
    • macos:
      • b9bf96820f1350aea0fbccab601c3ed3668a63dfee010f3bb6e3f8b413816dca fluxheim-1.6.9-dev-aarch64-macos.tar.gz
  • SBOM checksums:
    • 58c475dab7541a7b856f81074b055066c8b2fe910b32ee140351b9f120ec7411 fluxheim.spdx.json
    • d8526e65730ca95bcb9d8c7f4ae4c6581ae961fa9ec089d5edfcd6d72b79b97c fluxheim.cyclonedx.json
  • Reproducible build:
    • 7adccf9007d9017e476ff065f9a164e1a5e0919baec17210362e313eb55a5834 x86_64
    • 9bb9979ac7e7a2ed8ad0adfa9dac74fc8cb5d28e76c98d40f05e4b23a83186b9 aarch64
    • 1f2a0723c11264e23056286253a654cf290302665bc9230fb3bc3c689003e7f0 macos
  • Full Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:8284ef056e5e949904dd51571c76f50e4f53ff16a439fff9150cd331ed692c39
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:0962bb311ab1b2e64be15f7c7eebdac5ae3793c1472cffd1643e49f799942971
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1df91471e31d6c160d904c0cfe546138977f832310f20cb0b8f0ff29575502cc
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:2b0bbc0af935a99be48cad1c29ce990be1d39c65238ab3d69b617a7ea76b10eb
  • Cache Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:5333b9c57f98f9cba7dca1ae0360e483cbdcc6d71ffbc0771000f485b721cbd8
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:52a1f7fc033f2020883b3a9f405b8e904c5b6cb6f23052eaefd02088d1f9074d
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:14450f564cc2231ec7e39b386d41446f26ea472f428dbe1c96c8d608dbac3701
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:85636ba0bb04d2e8e0f72dd6164d7b23e5ec85addc01c2f09560e1863e1d549e
  • Proxy Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:59e935f8d9f170907b716fd9da97a56dfc79b7727d35cbd6501b19b2ad5dcdf5
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:9ec844b42176a6f0b3ba938581382049c0e5024a7c0a93ade9928861b2133910
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1ee4c267ff38b7c4ab81b52f1ed82a05251f0423211c89a9b7bb912b464f59ac
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:9ee2dd4bf7735731803ca22af844f8cf16de1a18d701b8122e9772738863876a
  • PHP Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:3f041975e701c9d918a17002d4ea54a12db6c16ac9a84cf18e27a0303e5772da
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:6eefeb937440a711ad72c38d4714fcfaa4c8b0e1ef1593d1f8d891803b22014e
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:5b85e5aab31b043c27e94cde58cbf718643174aeee1e68ea7e0b83baf94be0ff
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:9f7c10e863ea6e049e12f9c9e7fb60778794f7d5222c4564ceb8e91c2d295583
  • Load Balancer Build Container digests:
    • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:6e73062ee4bebaf381add88c5331fc9918e5a77d9c53e4b62f30cd6cb159282b
    • Alpine: ghcr.io/valkyoth/fluxheim@sha256:44199d27f5651e60c2c09f09cd4709a85926e00888c926e731b139e9c04d94e7
    • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:a76da042604e8e511881f50b7b7400c9d66fad606dfdb14853435a9bd198d980
    • Debian: ghcr.io/valkyoth/fluxheim@sha256:19a2e2f9a3e47ec008e9d26e849b813ac31daaa697a8d810e3ce8fa2c48bff5b
  • Tag signature:
    • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Assets 16
Loading
0 Join discussion