7 **2016-02-18 - PgBouncer 1.7.1 - "Forward To Five Friends Or Else"**
9 WARNING: Since version 1.7, `server_reset_query` is not executed when
10 database is in transaction-pooling mode. Seems this was not highlighted
11 enough in 1.7 announcement. If your apps depend on that happening, use
12 `server_reset_query_always` to restore previous behaviour.
14 Otherwise main work of this release was to track down TLS-related memory
15 leak, which turned out to not exist. Instead there is libssl build in
16 Debian/wheezy which has 600k overhead per connection (without leaking)
17 instead expected 20-30k. Something to keep an eye on when using TLS.
21 * TLS: Rename sslmode "disabled" to "disable" as that is what
24 * TLS: `client_tls_sslmode=verify-ca/-full` now reject
25 connections without client certificate.
26 (`#104 <https://github.com/pgbouncer/pgbouncer/issues/104>`_)
28 * TLS: `client_tls_sslmode=allow/require` do validate client
29 certificate if sent. Previously they left cert validation
30 unconfigured so connections with client cert failed.
31 (`#105 <https://github.com/pgbouncer/pgbouncer/issues/105>`_)
33 * Fix memleak when freeing database.
35 * Fix potential memleak in tls_handshake().
37 * Fix EOF handling in tls_handshake().
39 * Fix too small memset in asn1_time_parse compat.
41 * Fix non-TLS (`--without-openssl`) build.
42 (`#101 <https://github.com/pgbouncer/pgbouncer/issues/101>`_)
44 * Fix various issues with Windows build.
45 (`#100 <https://github.com/pgbouncer/pgbouncer/issues/100>`_)
49 * TLS: Use SSL_MODE_RELEASE_BUFFERS to decrease memory usage
50 of inactive connections.
52 * Clean allocated memory on exit. Helps to run memory-leak checkers.
54 * Improve `server_reset_query` documentation.
55 (`#110 <https://github.com/pgbouncer/pgbouncer/issues/110>`_)
57 * Add TLS options to sample config.
59 **2015-12-18 - PgBouncer 1.7 - "Colors Vary After Resurrection"**
63 * Support TLS connections. OpenSSL/LibreSSL is used
64 as backend implementation.
66 * Support authentication via TLS client certificate.
68 * Support "peer" authentication on Unix sockets.
70 * Support Host Based Access control file, like
71 `pg_hba.conf <http://www.postgresql.org/docs/9.4/static/auth-pg-hba-conf.html>`_
72 in Postgres. This allows to configure TLS for network connections and "peer"
73 authentication for local connections.
77 * Set `query_wait_timeout` to 120s by default. Current default
78 (0) causes infinite queueing, which is not useful. That
79 means if client has pending query and has not been
80 assigned to server connection, the client connection will
83 * Disable `server_reset_query_always` by default. Now reset
84 query is used only in pools that are in session mode.
86 * Increase pkt_buf to 4096 bytes. Improves performance with TLS.
87 The behaviour is probably load-specific, but it should be
88 safe to do as since v1.2 the packet buffers are split
89 from connections and used lazily from pool.
91 * Support pipelining count expected ReadyForQuery packets.
92 This avoids releasing server too early. Fixes
93 `#52 <https://github.com/pgbouncer/pgbouncer/issues/52>`_.
95 * Improved sbuf_loopcnt logic - socket is guarateed to be
96 reprocessed even if there are no event from socket.
97 Required for TLS as it has it's own buffering.
99 * Adapt system tests to work with modern BSD and MacOS.
102 * Remove **crypt** auth. It's obsolete and not supported
103 by PostgreSQL since 8.4.
105 * Fix plain "--with-cares" configure option - without argument
111 **2015-09-03 - PgBouncer 1.6.1 - "Studio Audience Approves"**
115 * New setting: `server_reset_query_always`. When set,
116 disables `server_reset_query` use on non-session pools.
117 PgBouncer introduces per-pool pool_mode, but session-pooling
118 and transaction-pooling should not use same reset query.
119 In fact, transaction-pooling should not use any reset query.
121 It is set in 1.6.x, but will be disabled in 1.7.
125 * [SECURITY] Remove invalid assignment of `auth_user`. (#69)
126 When `auth_user` is set and client asks non-existing username,
127 client will log in as `auth_user`. Not good.
129 `CVE-2015-6817 <https://access.redhat.com/security/cve/cve-2015-6817>`_
131 * Skip NoticeResponce in handle_auth_response. Otherwise verbose
132 log levels on server cause login failures.
134 * console: Fill `auth_user` when auth_type=any. Otherwise
135 logging can crash (#67).
137 * Various portability fixes (OpenBSD, Solaris, OSX).
139 **2015-08-01 - PgBouncer 1.6 - "Zombies of the future"**
143 * Load user password hash from postgres database.
147 user to use for connecting same db and fetching user info.
148 Can be set per-database too.
151 SQL query to run under auth_user.
152 Default: "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"
156 * Pooling mode can be configured both per-database and per-user.
159 * Per-database and per-user connection limits: max_db_connections and
160 max_user_connections.
161 (Cody Cutrer / Pavel Stehule)
163 * Add DISABLE/ENABLE commands to prevent new connections.
166 * New DNS backend: c-ares. Only DNS backend that supports all
167 interesting features: /etc/hosts with refresh, SOA lookup,
168 large replies (via TCP/EDNS+UDP), IPv6. It is the preferred
169 backend now, and probably will be **only** backend in the future,
170 as it's pointless to support zoo of inadequate libraries.
172 SNAFU: c-ares versions <= 1.10 have bug which breaks CNAME-s support
173 when IPv6 has been enabled. (Fixed upstream.) As a workaround,
174 c-ares <= 1.10 is used IPv4-only. So PgBouncer will drop other backends
175 only when c-ares >1.10 (still unreleased) has been out some time...
177 * Show remote_pid in SHOW CLIENTS/SERVERS. Available for clients that
178 connect over unix sockets and both tcp and unix socket server.
179 In case of tcp-server, the pid is taken from cancel key.
181 * Add separate config param (dns_nxdomain_ttl) for controlling
182 negative dns caching.
185 * Add the client host IP address and port to application_name.
186 This is enabled by a config parameter application_name_add_host
187 which defaults to 'off'.
190 * Config files have '%include FILENAME' directive to allow configuration
191 to be split into several files.
196 * log: wrap ipv6 address with []
198 * log: On connect to server, show local ip and port
200 * win32: use gnu-style for long args: --foo
202 * Allow numbers in hostname, always try to parse with inet_pton
204 * Fix deallocate_all() in FAQ
206 * Fix incorrect keyword in example config file
209 * Allow comments (with ';') in auth files.
212 * Fix spelling mistakes in log messages and comments.
217 * fix launching new connections during maintenance
220 * don't load auth file twice at boot
223 * Proper invalidation for autodbs
225 * ipv6: Set IPV6_V6ONLY on listen socket.
227 * win32: Don't set SO_REUSEADDR on listen socket.
229 * Fix IPv6 address memcpy
231 * Fix cancellation of of waiting clients.
234 * Small bug fix, must check calloc result
237 * Add newline at the end of the PID file
240 * Don't allow new server connections when PAUSE <db> was issued.
243 * Fix 'bad packet' during login when header is delayed.
244 (Michał Trojnara, Marko Kreen)
246 * Fix errors detected by Coverty.
249 * Disable server_idle_timeout when server count gets below min_pool (#60)
255 **2015-04-09 - PgBouncer 1.5.5 - "Play Dead To Win"**
259 * Fix remote crash - invalid packet order causes lookup of NULL
260 pointer. Not exploitable, just DoS.
262 **2012-11-28 - PgBouncer 1.5.4 - "No Leaks, Potty-Training Successful"**
266 * DNS: Fix memory leak in getaddrinfo_a() backend.
268 * DNS: Fix memory leak in udns backend.
270 * DNS: Fix stats calculation.
272 * DNS: Improve error message handling for getaddrinfo_a().
276 * Fix compiler dependency support check in configure.
278 * Few documentation fixes.
280 **2012-09-12 - PgBouncer 1.5.3 - "Quantum Toaster"**
284 * Too long database names can lead to crash, which
285 is remotely triggerable if autodbs are enabled.
287 The original checks assumed all names come from config files,
288 thus using fatal() was fine, but when autodbs are enabled
289 - by '*' in [databases] section - the database name can come
290 from network thus making remote shutdown possible.
292 `CVE-2012-4575 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4575>`_
296 * max_packet_size - config parameter to tune maximum packet size
297 that is allowed through. Default is kept same: (2G-1), but now
298 it can be made smaller.
300 * In case of unparseable packet header, show it in hex in log and
305 * AntiMake: it used $(relpath) and $(abspath) to manupulate pathnames,
306 but the result was build failure when source tree path contained
307 symlinks. The code is now changed to work on plain strings only.
309 * console: now SET can be used to set empty string values.
311 * config.txt: show that all timeouts can be set in floats.
312 This is well-hidden feature introduced in 1.4.
314 **2012-05-29 - PgBouncer 1.5.2 - "Don't Chew, Just Swallow"**
318 * Due to mistake, reserve_pool_timeout was taken in microseconds,
319 not seconds, effectively activating reserve pool immediately
320 when pool got full. Now use it as seconds, as was intended.
321 (Noticed by Keyur Govande)
323 **2012-04-17 - PgBouncer 1.5.1 - "Abort, Retry, Ignore?"**
327 * Parameters to tune permissions on unix socket:
328 unix_socket_mode=0777, unix_socket_group=''.
332 * Allow empty string for server-side variable - this is
333 needed to get "application_name" properly working, as it's
334 the only parameter that does not have server-side default.
336 * If connect string changes, require refresh of server parameters.
337 Previously PgBouncer continued with old parameters,
338 which breaks in case of Postgres upgrade.
340 * If autodb connect string changes, drop old connections.
342 * cf_setint: Use strtol() instead atoi() to parse integer config
343 parameters. It allows hex, octal and better error detection.
345 * Use sigqueue() to detect union sigval existence - fixes
348 * Remove 'git' command from Makefile, it throws random errors
349 in case of plain-tarball build.
351 * Document stats_period parameter. This tunes the period for
354 * Require Asciidoc >= 8.4, seems docs are not compatible with
355 earlier versions anymore.
357 * Stop trying to retry on EINTR from close().
359 **2012-01-05 - PgBouncer 1.5 - "Bouncing Satisified Clients Since 2007"**
361 If you use more than 8 IPs behind one DNS name, you now need to
362 use EDNS0 protocol to query. Only getaddrinfo_a()/getaddrinfo()
363 and UDNS backends support it, libevent 1.x/2.x does not.
364 To enable it for libc, add 'options edns0' to /etc/resolv.conf.
366 GNU Make 3.81+ is required for building.
370 * Detect DNS reply changes and invalidate connections to IPs no longer
371 present in latest reply.
374 * DNS zone serial based hostname invalidation. When option
375 dns_zone_check_period is set, all DNS zones will be queried
376 for SOA, and when serial has changed, all hostnames
377 will be queried. This is needed to get deterministic
378 connection invalidation, because invalidation on lookup
379 is useless when no lookups are performed.
380 Works only with new UDNS backend.
382 * New SHOW DNS_HOSTS, SHOW DNS_ZONES commands to examine DNS cache.
384 * New param: min_pool_size - avoids dropping all connections
385 when there is no load.
386 (Filip Rembiałkowski)
388 * idle_in_transaction_timeout - kill transaction if idle too long.
391 * New libudns backend for DNS lookups. More featureful than evdns.
392 Use --with-udns to activate. Does not work with IPv6 yet.
394 * KILL command, to immediately kill all connections for one database.
397 * Move to Antimake build system to have better looking Makefiles.
398 Now GNU Make 3.81+ is required for building.
402 * DNS now works with IPv6 hostnames.
404 * Don't change connection state when NOTIFY arrives from server.
406 * Various documentation fixes.
409 * Console: Support ident quoting with "". Originally we did not
410 have any commands that took database names, so no quoting was needed.
412 * Console: allow numbers at the stard of word regex. Trying
413 to use strict parser makes things too complex here.
415 * Don't expire auto DBs that are paused.
418 * Create auto databases as needed when doing PAUSE.
421 * Fix wrong log message issued by RESUME command.
424 * When user= without password= is in database connect string,
425 password will be taken from userlist.
427 * Parse '*' properly in takeover code.
429 * autogen.sh: work with older autoconf/automake.
431 * Fix run-as-service crash on win32 due to bad basename() from
432 mingw/msvc runtime. Now compat basename() is always used.
437 **2011-06-16 - PgBouncer 1.4.2 - "Strike-First Algorithm"**
439 Affected OS-es: \*BSD, Solaris, Win32.
443 * Give CFLAGS to linker. Needed when using pthread-based
444 getaddrinfo_a() fallback.
446 * lib/find_modules.sh: Replace split() with index()+substr().
447 This should make it work with older AWKs.
449 * <usual/endian.h>: Ignore system htoX/Xtoh defines. There
450 may be only subset of macros defined.
452 * <usual/signal.h>: Separate compat sigval from compat sigevent
454 * <usual/socket.h>: Include <sys/uio.h> to get iovec
456 * <usual/time.h>: Better function autodetection on win32
458 * <usual/base_win32.h>: Remove duplicate sigval/sigevent declaration
460 **2011-04-01 - PgBouncer 1.4.1 - "It Was All An Act"**
464 * Support listening/connect for IPv6 addresses.
467 * Multiple listen addresses in 'listen_addr'. For each getaddrinfo()
468 is called, so names can also be used.
470 * console: Send PgBouncer version as 'server_version' to client.
474 * Disable getaddrinfo_a() on glibc < 2.9 as it crashes on older versions.
476 Notable affected OS'es: RHEL/CentOS 5.x (glibc 2.5), Ubuntu 8.04 (glibc 2.7).
477 Also Debian/lenny (glibc 2.7) which has non-crashing getaddrinfo_a()
478 but we have no good way to detect it.
480 Please use libevent 2.x on such OS'es, fallback getaddrinfo_a() is not
481 meant for production systems. And read new 'DNS lookup support' section
482 in README to see how DNS backend is picked.
484 (Hubert Depesz Lubaczewski, Dominique Hermsdorff, David Sommerseth)
486 * Default to --enable-evdns if libevent 2.x is used.
488 * Turn on tcp_keepalive by default, as that's what Postgres also does.
489 (Hubert Depesz Lubaczewski)
491 * Set default server_reset_query to DISCARD ALL to be compatible
492 with Postgres by default.
494 * win32: Fix crashes with NULL unix socket addr.
497 * Fix autodb cleanup: old cleanup code was mixing up databases and pools:
498 as soon as one empty pool was found, the database was tagged as 'idle',
499 potentially later killing database with active users.
501 Reported-By: Hubert Depesz Lubaczewski
505 * Make compat getaddrinfo_a() non-blocking, by using single parallel
506 thread to do lookups.
508 * Enable pthread compilation if compat getaddrinfo_a is used.
510 * release_server missed setting ->last_lifetime_disconnect on lifetime disconnect.
513 * win32: fix auth file on DOS line endings - load_file() did not take
514 account of file shringage when loading.
517 * <usual/endian.h>: add autoconf detection for enc/dec functions
518 so it would not create conflicts on BSD.
521 * Don't crash when config file does not exist.
524 * Don't crash on DNS lookup failure when logging on noise level (-v -v).
525 (Hubert Depesz Lubaczewski, Dominique Hermsdorff)
527 * Use backticks instead of $(cmd) in find_modules.sh to make it more portable.
530 * Use 'awk' instead of 'sed' in find_modules.sh to make it more portable.
533 * Log active async DNS backend info on startup.
535 * Fix --disable-evdns to mean 'no' instead 'yes'.
537 * Mention in docs that -R requires unix_socket_dir.
539 * Discuss server_reset_query in faq.txt.
541 * Restore lost memset in slab allocator
543 * Various minor portability fixes in libusual.
545 **2011-01-11 - PgBouncer 1.4 - "Gore Code"**
549 * Async DNS lookup - instead of resolving hostnames at reload time,
550 the names are now resolved at connect time, with configurable caching.
551 (See dns_max_ttl parameter.)
553 By default it uses getaddrinfo_a() (glibc) as backend, if it does not
554 exist, then getaddrinfo_a() is emulated via blocking(!) getaddrinfo().
556 When --enable-evdns argument to configure, libevent's evdns is used
557 as backend. It is not used by default, because libevent 1.3/1.4
558 contain buggy implementation. Only evdns in libevent 2.0 seems OK.
560 * New config var: syslog_ident, to tune syslog name.
562 * Proper support for `application_name` startup parameter.
564 * Command line long options (Guillaume Lelarge)
566 * Solaris portability fixes (Hubert Depesz Lubaczewski)
568 * New config var: disable_pqexec. Highly-paranoid environments
569 can disable Simple Query Protocol with that. Requires apps
570 that use only Extended Query Protocol.
572 * Postgres compat: if database name is empty in startup packet,
573 use user name as database.
577 * DateStyle and TimeZone server params need to use exact case.
579 * Console: send datetime, timezone and stdstr server params to client.
583 * Use libusual library for low-level utility functions.
585 * Remove fixed-length limit from server params.
590 **2010-09-09 - PgBouncer 1.3.4 - "Bouncer is always right"**
594 * Apply fast-fail logic at connect time. So if server is failing,
595 the clients get error when connecting.
597 * Don't tag automatically generated databases for checking on reload time,
598 otherwise they get killed, because they don't exist in config.
600 * Ignore application_name parameter by default. This avoids the need
601 for all Postgres 9.0 users to add it into ignore_startup_parameters=
604 * Correct pg_auth quoting. '\' is not used there.
606 * Better error reporting on console, show incoming query to user.
608 * Support OS'es (OpenBSD) where tv_sec is not time_t.
610 * Avoid too noisy warnings on gcc 4.5.
612 **2010-05-10 - PgBouncer 1.3.3 - "NSFW"**
616 * Make listen(2) argument configurable: listen_backlog. This is
617 useful on OS'es, where system max allowed is configurable.
619 * Improve disconnect messages to show what username or dbname caused
624 * Move fast-fail relaunch logic around. Old one was annoying in case of
625 permanently broken databases or users, by trying to retry even if
626 there is no clients who want to login.
628 * Make logging functions keep old errno, otherwise pgbouncer may act funny
629 on higher loglevels and logging problems.
631 * Increase the size of various startup-related buffers to handle
632 EDB more noisy startup.
634 * Detect V2 protocol startup request and give clear reason for disconnect.
636 **2010-03-15 - PgBouncer 1.3.2 - "Boomerang Bullet"**
640 * New config var 'query_wait_timeout'. If client does not get
641 server connection in this many seconds, it will be killed.
643 * If no server connection in pool and last connect failed, then
644 don't put client connections on hold but send error immediately.
646 This together with previous fix avoids unnecessary stalls if
647 a database has gone down.
649 * Track libevent state in sbuf.c to avoid double event_del(). Although
650 it usually is safe, it does not seem to work 100%. Now we should always
651 know whether it has been called or not.
653 * Disable maintenance during SUSPEND. Otherwise with short timeouts
654 the old bouncer could close few connections after sending them over.
656 * Apply client_login_timeout to clients waiting for welcome packet
657 (first server connection). Otherwise they can stay waiting
658 infinitely, unless there is query_timeout set.
660 * win32: Add switch -U/-P to -regservice to let user pick account
661 to run service under. Old automatic choice between Local Service and
662 Local System was not reliable enough.
664 * console: Remove \0 from end of text columns. It was hard to notice,
665 as C clients were fine with it.
667 * Documentation improvements. (Greg Sabino Mullane)
669 * Clarify few login-related log messages.
671 * Change logging level for pooler-sent errors (usually on disconnect) from INFO
672 to WARNING, as they signify problems.
674 * Change log message for query_timeout to "query timeout".
676 **2009-07-06 - PgBouncer 1.3.1 - "Now fully conforming to NSA monitoring requirements"**
680 * Fix problem with sbuf_loopcnt which could make connections hang.
681 If query or result length is nearby of multiple of (pktlen*sbuf_loopcnt)
682 [10k by default], it could stay waiting for more data which will not
685 * Make database reconfigure immediate. Currently old connections
686 could be reused after SIGHUP.
688 * Fix SHOW DATABASES which was broken due to column addition.
690 * Console access was disabled when "auth_mode=any" as pgbouncer dropped username.
691 Fix: if "auth_mode=any", allow any user to console as admin.
693 * Fix bad CUSTOM_ALIGN macro. Luckily it's unused if OS already
694 defines ALIGN macro thus seems the bug has not happened in wild.
696 * win32: call WSAStartup() always, not only in daemon mode
697 as config parsing wants to resolve hosts.
699 * win32: put quotes around config filename in service
700 cmdline to allow spaces in paths. Executable path
701 does not seem to need it due to some win32 magic.
703 * Add STATS to SHOW HELP text.
705 * doc/usage.txt: the time units in console results are in
706 microseconds, not milliseconds.
708 **2009-02-18 - PgBouncer 1.3 - "New Ki-Smash Finishing Move"**
712 * IANA has assigned port 6432 to be official port for PgBouncer.
713 Thus the default port number has changed to 6432. Existing
714 individual users do not need to change, but if you distribute
715 packages of PgBouncer, please change the package default
718 * Dynamic database creation (David Galoyan)
720 Now you can define database with name "*". If defined, it's connect
721 string will be used for all undefined databases. Useful mostly
722 for test / dev environments.
724 * Windows support (Hiroshi Saito)
726 PgBouncer runs on Windows 2000+ now. Command line usage stays same,
727 except it cannot run as daemon and cannot do online reboot.
728 To run as service, define parameter service_name in config. Then::
730 > pgbouncer.exe config.ini -regservice
731 > net start SERVICE_NAME
733 To stop and unregister::
735 > net stop SERVICE_NAME
736 > pgbouncer.exe config.ini -unregservice
738 To use Windows Event Log, event DLL needs to be registered first::
740 > regsrv32 pgbevent.dll
742 Afterwards you can set "syslog = 1" in config.
746 * Database names in config file can now be quoted with standard SQL
747 ident quoting, to allow non-standard characters in db names.
749 * New tunables: 'reserve_pool_size' and 'reserve_pool_timeout'.
750 In case there are clients in pool that have waited more that
751 'reserve_pool_timeout' seconds, 'reserve_pool_size' specifies
752 the number of connections that can be added to pool. It can also
753 set per-pool with 'reserve_pool' connection variable.
755 * New tunable 'sbuf_loopcnt' to limit time spent on one socket.
757 In some situations - eg SMP server, local Postgres and fast network -
758 pgbouncer can run recv()->send() loop many times without blocking
759 on either side. But that means other connections will stall for
760 a long time. To make processing more fair, limit the times
761 of doing recv()->send() one socket. If count reaches limit,
762 just proceed processing other sockets. The processing for
763 that socket will resume on next event loop.
765 Thanks to Alexander Schöcke for report and testing.
767 * crypt() authentication is now optional, as it was removed from Postgres.
768 If OS does not provide it, pgbouncer works fine without it.
770 * Add milliseconds to log timestamps.
772 * Replace old MD5 implementation with more compact one.
774 * Update ISC licence with the FSF clarification.
778 * In case event_del() reports failure, just proceed with cleanup.
779 Previously pgbouncer retried it, in case the failure was due ENOMEM.
780 But this has caused log floods with inifinite repeats, so it seems
781 libevent does not like it.
783 Why event_del() report failure first time is still mystery.
785 * --enable-debug now just toggles whether debug info is stripped from binary.
786 It no longer plays with -fomit-frame-pointer as it's dangerous.
788 * Fix include order, as otherwise system includes could come before
789 internal ones. Was problem for new md5.h include file.
791 * Include COPYRIGHT file in .tgz...
796 **2008-08-08 - PgBouncer 1.2.3 - "Carefully Selected Bytes"**
800 * Disable SO_ACCEPTFILTER code for BSDs which did not work.
801 * Include example etc/userlist.txt in tgz.
802 * Use '$(MAKE)' instead 'make' for recursion (Jørgen Austvik)
803 * Define _GNU_SOURCE as glibc is useless otherwise.
804 * Let the libevent 1.1 pass link test so we can later report "1.3b+ needed"
805 * Detect stale pidfile and remove it.
807 Thanks to Devrim GÃœNDÃœZ and Bjoern Metzdorf for problem reports and testing.
809 **2008-08-06 - PgBouncer 1.2.2 - "Barf-bag Included"**
813 * Remove 'drop_on_error', it was a bad idea. It was added as workaround
814 for broken plan cache behaviour in Postgres, but can cause damage
815 in common case when some queries always return error.
817 **2008-08-04 - PgBouncer 1.2.1 - "Waterproof"**
821 * New parameter 'drop_on_error' - if server throws error the connection
822 will not be reused but dropped after client finished with it. This is
823 needed to refresh plan cache. Automatic refresh does not work even in 8.3.
828 * SHOW SOCKETS/CLIENTS/SERVERS: Don't crash if socket has no buffer.
829 * Fix infinite loop on SUSPEND if suspend_timeout triggers.
833 * Use <sys/uio.h> for 'struct iovec'.
834 * Cancel shutdown (from SIGINT) on RESUME/SIGUSR2,
835 otherwise it will trigger on next PAUSE.
836 * Proper log message if console operation is canceled.
838 **2008-07-29 - PgBouncer 1.2 - "Ordinary Magic Flute"**
840 PgBouncer 1.2 now requires libevent version 1.3b or newer.
841 Older libevent versions crash with new restart code.
845 * Command line option (-u) and config parameter (user=) to support user
846 switching at startup. Also now pgbouncer refuses to run as root.
850 * More descriptive usage text (-h). (Jacob Coby)
852 * New database option: connect_query to allow run a query on new
853 connections before they are taken into use.
857 * New config var 'ignore_startup_parameters' to allow and ignore
858 extra parameters in startup packet. By default only 'database'
859 and 'user' are allowed, all others raise error. This is needed
860 to tolerate overenthusiastic JDBC wanting to unconditionally
861 set 'extra_float_digits=2' in startup packet.
863 * Logging to syslog: new parameters syslog=0/1 and
864 syslog_facility=daemon/user/local0.
866 * Less scary online restart (-R)
868 - Move FD loading before fork, so it logs to console and can be canceled by ^C
870 - Keep SHUTDOWN after fork, so ^C would be safe
872 - A connect() is attempted to unix socket to see if anyone is listening.
873 Now -R can be used even when no previous process was running. If there
874 is previous process, but -R is not used, startup fails.
876 * New console commands:
878 - SHOW TOTALS that shows stats summary (as goes to log) plus mem usage.
880 - SHOW ACTIVE_SOCKETS - like show sockets; but filter only active ones.
882 - Less visible features
884 * suspend_timeout - drop stalled conns and long logins. This brings
885 additional safety to reboot.
887 * When remote database throws error on logging in, notify clients.
889 * Removing a database from config and reloading works - all connections
890 are killed and the database is removed.
892 * Fake some parameters on console SHOW/SET commands to be more Postgres-like.
893 That was needed to allow psycopg to connect to console.
894 (client_encoding/default_transaction_isolation/datestyle/timezone)
896 * Make server_lifetime=0 disconnect server connection immediately
897 after first use. Previously "0" made PgBouncer ignore server age.
898 As this behavior was undocumented, there should not be any users
901 * Internal improvements:
903 - Packet buffers are allocated lazily and reused. This should bring
904 huge decrease in memory usage. This also makes realistic to use
905 big pktbuf with lot of connections.
907 - Lot's of error handling improvements, PgBouncer should now
908 survive OOM situations gracefully.
910 - Use slab allocator for memory management.
912 - Lots of code cleanups.
916 * Only single accept() was issued per event loop which could
917 cause connection backlog when having high amount of connection
918 attempts. Now the listening socket is always drained fully,
919 which should fix this.
920 * Handle EINTR from connect().
921 * Make configure.ac compatible with autoconf 2.59.
922 * Solaris compatibility fixes (Magne Mæhre)
927 **2007-12-10 - PgBouncer 1.1.2 - "The Hammer"**
931 * Disconnects because of server_lifetime are now separated by
932 (server_lifetime / pool_size) seconds. This avoids pgbouncer
933 causing reconnect floods.
937 * Online upgrade 1.0 -> 1.1 problems:
939 - 1.0 does not track server parameters, so they stay NULL
940 but 1.1 did not expect it and crashed.
942 - If server params are unknown, but client ones are set,
943 then issue a SET for them, instead complaining.
945 * Remove temp debug statements that were accidentally left
946 in code on INFO level, so they polluted logs.
948 * Unbroke debian/changelog
952 * reorder struct SBuf fields to get better alignment for buffer.
954 **2007-10-26 - PgBouncer 1.1.1 - "Breakdancing Bee"**
958 * Server parameter cache could stay uninitialized, which caused
959 unnecessary SET of them. This caused problem on 8.1 which
960 does not allow touching standard_conforming_strings.
961 (Thanks to Dimitri Fontaine for report & testing.)
965 * Include doc/fixman.py in .tgz.
967 **2007-10-09 - PgBouncer 1.1 - "Mad-Hat Toolbox"**
971 * Keep track of following server parameters::
973 client_encoding datestyle, timezone, standard_conforming_strings
975 * Database connect string enhancements:
977 - Accept hostname in host=
978 - Accept custom unix socket location in host=
979 - Accept quoted values: password=' asd''foo'
981 * New config var: server_reset_query, to be sent immidiately after release
982 * New config var: server_round_robin, to switch between LIFO and RR.
983 * Cancel pkt sent for idle connection does not drop it anymore.
984 * Cancel with ^C from psql works for SUSPEND / PAUSE.
985 * Print FD limits on startup.
986 * When suspending, try to hit packet boundary ASAP.
987 * Add 'timezone' to database parameters.
988 * Use longlived logfile fd. Reopened on SIGHUP / RELOAD;
989 * Local connection endpoint info in SHOW SERVERS/CLIENTS/SOCKETS.
993 * More debug log messages include socket info.
994 * Magic number removal and error message cleanup. (David Fetter)
995 * Wrapper struct for current pkt info. Removes lot of compexity.
999 * Detect invalid pkt headers better.
1000 * auth_file modification check was broken, which made pgbouncer
1001 reload it too often.
1006 **2007-06-18 - PgBouncer 1.0.8 - "Undead Shovel Jutsu"**
1010 * Fix crash in cancel packet handling. (^C from psql)
1014 * PAUSE <db>; RESUME <db>; works now.
1015 * Cleanup of console command parsing.
1016 * Disable expensive in-list assert check.
1018 **2007-04-19 - PgBouncer 1.0.7 - "With Vitamin A-Z"**
1022 * Several error/notice packets with send() blocking between
1023 triggered assert. Fix it by removing flushing logic altogether.
1024 As pgbouncer does not actively buffer anything, its not needed.
1025 It was a remnant from the time when buffering was pushed to
1026 kernel with MSG_MORE.
1027 * Additionally avoid calling recv() logic when sending unblocks.
1028 * List search code for admin_users and stats_users
1029 mishandled partial finds. Fix it.
1030 * Standardise UNIX socket peer UID finding to getpeereid().
1032 **2007-04-12 - PgBouncer 1.0.6 - "Daily Dose"**
1036 * The "Disable maintenance during the takeover" fix could
1037 disable maintenance altogether. Fix it.
1038 * Compilation fix for FreeBSD, <sys/ucred.h> requires <sys/param.h> there.
1039 Thanks go to Robert Gogolok for report.
1041 **2007-04-11 - PgBouncer 1.0.5 - "Enough for today"**
1045 * Fix online-restart bugs:
1046 - Set ->ready for idle servers.
1047 - Remove obsolete code from use_client_socket()
1048 - Disable maintenance during the takeover.
1050 **2007-04-11 - PgBouncer 1.0.4 - "Last 'last' bug"**
1054 * Notice from idle server tagged server dirty.
1055 release_server() did not expect it. Fix it
1058 **2007-04-11 - PgBouncer 1.0.3 - "Fearless Fork"**
1062 * Some error handling was missing in login path, so dying
1063 connection there could trigger asserts.
1064 * Cleanup of asserts in sbuf.c to catch problems earlier.
1065 * Create core when Assert() triggers.
1069 * New config vars: log_connections, log_disconnections,
1070 log_pooler_errors to turn on/off noise.
1071 * Config var: client_login_timeout to kill dead connections
1072 in login phase that could stall SUSPEND and thus online restart.
1074 **2007-03-28 - PgBouncer 1.0.2 - "Supersonic Spoon"**
1078 * libevent may report a deleted event inside same loop.
1079 Avoid socket reuse for one loop.
1080 * release_server() from disconnect_client() didnt look
1081 it the packet was actually sent.
1083 **2007-03-15 - PgBouncer 1.0.1 - "Alien technology"**
1087 * Mixed usage of cached and non-cached time, plus unsiged usec_t typedef
1088 created spurious query_timeout errors.
1089 * Fix rare case when socket woken up from send-wait could stay stalling.
1090 * More fair queueing of server connections. Before, a new query could
1091 get a server connections before older one.
1092 * Delay server release until everything is guaranteed to be sent.
1096 * SHOW SOCKETS command to have detailed info about state state.
1097 * Put PgSocket ptr to log, to help tracking one connection.
1098 * In console, allow SELECT in place of SHOW.
1099 * Various code cleanups.
1101 **2007-03-13 - PgBouncer 1.0 - "Tuunitud bemm"**
1103 - First public release.