Skip to content

PgBouncer 1.17.0
Compare
Choose a tag to compare
@petere petere released this 23 Mar 10:42
· 190 commits to master since this release
pgbouncer_1_17_0
9a346b0

2022-03-23 - PgBouncer 1.17.0 - "A line has been drawn"

  • Features

    • A database definition can specify a comma-separated host list. The hosts will be connected to in a round-robin manner.
    • When connecting to a non-existing database, the error ("no such database") is now reported after authentication. This prevents unauthenticated clients from probing what databases exist. (This is similar to the change in version 1.15.0 to report missing users after authentication.)
    • Don't send server disconnect errors to the client before login. This could reveal not-quite-public information, such as configuration details, to a client that is not logged in yet.
    • Increase maximum password length again. Apparently, the last increase wasn't enough for long enough.
    • Remove automatic auth_file reload. The auth_file is now reread only on configuration file reload, no longer automatically as soon as it is changed.
    • The Windows build now includes a version-information resource file.
    • The Windows builds created on CI are now statically linked, so they can be used directly without requiring any dependencies.

  • Fixes

    • OpenSSL 3 support has been fixed. Previous releases would crash.
    • Don't apply fast-fail at connect time. This is part of the above-mentioned change to not report server errors before authentication. It also fixes a particular situation with SCRAM pass-through authentication, where we need to allow the client-side authentication exchange in order to be able to fix the server-side connection by re-authenticating. The fast-fail mechanism still applies right after authentication, so the effective observed behavior will be the same in most situations.
    • Change auth_type in sample pgbouncer.ini to md5 to match the built-in default. Some deploy this file as the default configuration file, so check if this changed configuration still makes sense for you.
    • Fix crash at exit in assert-enabled builds.
    • Improve tcp_defer_accept documentation and behavior. The documentation was incorrect and misleading about the default. In some cases the wrong value was showing in "show config". Also, if it's set but not supported, give an error instead of ignoring, similar to how other platform-specific socket options are handled.
    • Fix build with c-ares on Windows. c-ares >=1.18.0 is now required on Windows.

  • Cleanups

    • Most deprecation warnings from Autoconf >=2.70 have been cleaned up. Older Autoconf versions are still supported.
    • Cirrus CI use has been expanded to more platforms.
    • Travis CI support has been removed.
    • Update locations to search for default root CA file, to cover more platforms, such as Fedora/RHEL/CentOS.
    • Python scripts now all use python3 by default. Python 2 compatibility is no longer maintained.
    • The test suite scripts use command -v instead of which, which is deprecated.
    • Several error messages have been reworded to make it clearer which command or configuration setting they relate to.
    • The test suite scripts no longer require GNU sed.
    • make check now works on Windows (but not the SSL test suite yet).
    • Document that the admin console only supports the simple query protocol, and give better error messages about this.
Assets 5