Set up a separate user, previous PGUSER/PGGROUP integration didn't
make sense.
2016-02-26 - PgBouncer 1.7.2 - "Finally Airborne"
- Fix crash on stale pidfile removal. Problem introduced in 1.7.1.
- Disable cleanup - it breaks takeover and is not useful for
production loads. Problem introduced in 1.7.1.
- After takeover, wait until pidfile is gone before booting. Slow
shutdown due to memory cleanup exposed existing race. (#113)
- Make build reproducible by dropping DBGVER handling. (#112)
- Antimake: Sort file list from $(wildcard), newer gmake does not
sort it anymore. (#111)
- Show libssl version in log.
- deb: Turn on full hardening.
2016-02-18 - PgBouncer 1.7.1 - "Forward To Five Friends Or Else"
- WARNING: Since version 1.7, server_reset_query is not executed
when database is in transaction-pooling mode. Seems this was not
highlighted enough in 1.7 announcement. If your apps depend on
that happening, use server_reset_query_always to restore previous
behaviour.
- TLS: Rename sslmode "disabled" to "disable" as that is what
PostgreSQL uses.
- TLS: client_tls_sslmode=verify-ca/-full now reject connections
without client certificate. (#104)
- TLS: client_tls_sslmode=allow/require do validate client
certificate if sent. Previously they left cert validation
unconfigured so connections with client cert failed. (#105)
- Fix memleak when freeing database.
- Fix potential memleak in tls_handshake().
- Fix EOF handling in tls_handshake().
- Fix too small memset in asn1_time_parse compat.
- Fix non-TLS (--without-openssl) build. (#101)
- Fix various issues with Windows build. (#100)
- TLS: Use SSL_MODE_RELEASE_BUFFERS to decrease memory usage of
inactive connections.
- Clean allocated memory on exit. Helps to run memory-leak
checkers.
- Improve server_reset_query documentation. (#110)
- Add TLS options to sample config.
2015-12-18 - PgBouncer 1.7 - "Colors Vary After Resurrection"
- Support TLS connections. OpenSSL/LibreSSL is used as backend
implementation.
- Support authentication via TLS client certificate.
- Support "peer" authentication on Unix sockets.
- Support Host Based Access control file, like pg_hba.conf in
Postgres. This allows to configure TLS for network connections
and "peer" authentication for local connections.
- Set query_wait_timeout to 120s by default. Current default (0)
causes infinite queueing, which is not useful. That means if
client has pending query and has not been assigned to server
connection, the client connection will be dropped.
- Disable server_reset_query_always by default. Now reset query is
used only in pools that are in session mode.
- Increase pkt_buf to 4096 bytes. Improves performance with TLS.
The behaviour is probably load-specific, but it should be safe
to do as since v1.2 the packet buffers are split from connections
and used lazily from pool.
- Support pipelining count expected ReadyForQuery packets. This
avoids releasing server too early. Fixes#52.
- Improved sbuf_loopcnt logic - socket is guarateed to be
reprocessed even if there are no event from socket. Required for
TLS as it has it's own buffering.
- Adapt system tests to work with modern BSD and MacOS. (Eric
Radman)
- Remove crypt auth. It's obsolete and not supported by PostgreSQL
since 8.4.
- Fix plain "--with-cares" configure option - without argument it
was broken.
Update home page & master site, clean up.
PgBouncer 1.6.1.
- Security fix for CVE-2015-6817.
- Per-pool pooling mode vs. reset query.
Details:
http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
PgBouncer 1.6.0
Main new features:
- Load user password hash from postgres database.
- Pooling mode can be configured both per-database and per-user.
- Per-database and per-user connection limits: max_db_connections and
max_user_connections.
- Add DISABLE/ENABLE commands to prevent new connections.
- New preferred DNS backend: c-ares.
- Config files have %include FILENAME directive to allow configuration
to be split into several files.
Details:
http://pgbouncer.github.io/2015/08/pgbouncer-1-6/
PgBouncer 1.5.5
- Fix remote crash - invalid packet order causes lookup of NULL pointer.
Not exploitable, just DoS.
pgbouncer is a lightweight connection pooler for PostgreSQL that provides
the following features:
* Several levels of brutality when rotating connections.
* Low memory requirements.
* It is not tied to one backend server, the destination databases
can reside on different hosts.
* Supports online reconfiguration for most of the settings.
* Supports online restart/upgrade.
