Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reconcile dev after merge to main for v1.43.2 #4912

Merged
merged 4 commits into from
Apr 4, 2024
Merged

Reconcile dev after merge to main for v1.43.2 #4912

merged 4 commits into from
Apr 4, 2024

Conversation

Geal
Copy link
Contributor

@Geal Geal commented Apr 4, 2024

Follow-up to the v1.43.2 being officially released, bringing version bumps and changelog updates into the dev branch.

Geal and others added 4 commits April 3, 2024 21:02
@Geal
Security fix: update h2 dependency
e2a9c05
@Geal
prep release: v1.43.2-rc.0
190ba90
@tninesling
prep release: v1.43.2 (#4909)
8086eeb 
## 🐛 Fixes

### Security fix: update h2 dependency

References:
- https://rustsec.org/advisories/RUSTSEC-2024-0332
- https://seanmonstar.com/blog/hyper-http2-continuation-flood/
- https://www.kb.cert.org/vuls/id/421644

The router's performance could be degraded when receiving a flood of
HTTP/2 CONTINUATION frames, when the Router is set up to terminate TLS
for client connections.

By [@Geal](https://github.com/geal)
@Geal
release: v1.43.2
229fcc4
@Geal Geal requested a review from a team April 4, 2024 10:33
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 4, 2024

@Geal, please consider creating a changeset entry in /.changesets/. These instructions describe the process and tooling.

@router-perf
Copy link

router-perf bot commented Apr 4, 2024

CI performance tests

  • reload - Reload test over a long period of time at a constant rate of users
  • events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
  • events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
  • large-request - Stress test with a 1 MB request payload
  • const - Basic stress test that runs with a constant number of users
  • no-graphos - Basic stress test, no GraphOS.
  • step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
  • events - Stress test for events with a lot of users and deduplication ENABLED
  • events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
  • events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
  • events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
  • xxlarge-request - Stress test with 100 MB request payload
  • xlarge-request - Stress test with 10 MB request payload
  • step - Basic stress test that steps up the number of users over time

@Geal Geal enabled auto-merge April 4, 2024 10:35
@Geal Geal merged commit d7dcd31 into dev Apr 4, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@o0Ignition0o o0Ignition0o o0Ignition0o approved these changes

Assignees

@Geal Geal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Geal @o0Ignition0o @tninesling