Critical fix - memcached 1.2.8 released

223 views
Skip to first unread message

dormando

unread,
Apr 11, 2009, 3:24:08 AM4/11/09
to memc...@googlegroups.com
Yo,

http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz

If you are running memcached version 1.2.7 in multithreaded mode, it is
*highly recommended* you immediately upgrade to 1.2.8.

A few bugs were fixed that warranted an immediate release of memcached
1.2.8. If you are running memcached prior to 1.2.7, please skip 1.2.7 and
upgrade straight to 1.2.8.

*Please note* that the critical bug noted below only affects memcached
binaries built with --enable-threads. While highly recommended, this is
not the default in the 1.2 series. It is the default in 1.3.

commit b8a39193ea9b62bd0293f345f07dfcd7e942f82f
Author: dormando <dorm...@rydia.net>
Date: Fri Apr 10 23:02:14 2009 -0700

fix resumption of accept loop under multithread

critical fix:
under multithreaded mode, in version 1.2.7, memcached would not resume
accepting connections after hitting the max connections limit.

this is due to a pre-existing bug in the accept_new_conns code, which
was hit when the "fix" was rolled in to ensure listening threads never
did real work.
Previously, at least one closing connection would (randomly) be on the
accepting thread, so the test for (are we the listening thread?) would
still work.

commit 9d3bad493922be9561bb206118bac038d956bd0a
Author: dormando <dorm...@rydia.net>
Date: Fri Apr 10 21:10:36 2009 -0700

-b now works.

commit ef8381733bcc14dc6a916629d862d31ad4e70795
Author: dormando <dorm...@rydia.net>
Date: Fri Apr 10 23:13:50 2009 -0700

remove 'stats maps' command.

(a longshot security issue was reported). If a buffer overrun is ever
found in memcached, and you allow people to run 'stats maps', they
could potentially do evil.

---

I take full responsibility for the botched release of 1.2.7, and apologize
profusely to the memcached community. I understand and highly value the
point of automated testing, but failed to test this feature before
release. I also somehow included a botched version of the -b command.

Full kudos goes to Dustin Sallings for attempting to test the connection
limit issue and running into the problem. Also for dealing with the
mini-freakout I launched into in IRC while trying to decide how to best
deal with the issue.

We will be doing more extensive reworking to the startup codepath for
memcached in the coming days. For this release I have written tests to
verify the features, but the tests are not viable for inclusion in the
test suite. The reason for this is a long and boring so I'll exclude the
discussion from this release announcement.

Thanks,
-Dormando

Reply all
Reply to author
Forward
0 new messages