2020-06-11 - PgBouncer 1.14.0 - "La ritrovata magia"
auth_query) for logging into servers.
Add support for Unix-domain sockets on Windows.
Add an alternative smaller sample configuration file
pgbouncer-minimal.ini for testing or deployment.
2020-04-27 - PgBouncer 1.13.0 - "My favourite game"
tcp_user_timeout, to set the corresponding socket option.
server_tls_protocolsnow default to
secure, which means only TLS 1.2 and TLS 1.3 are enabled. Older versions are still supported, they are just not turned on by default.
Add support for systemd service notifications. Right now, this allows using
Type=notify service units. More integration is planned for future versions.
Handle null user names returned from
auth_query properly (#340)
debianhave been removed. It is recommended to use the packages from https://apt.postgresql.org/.
The libevent API use was updated to use version 2 style interfaces and to no longer use deprecated interfaces from version 1.
2019-10-17 - PgBouncer 1.12.0 - "It's about learning and getting better"
This release contains a variety of minor enhancements and fixes.
SO_REUSEPORTsocket option. On some operating systems, this allows running multiple PgBouncer instances on the same host listening on the same port and having the kernel distribute the connections automatically.
resolv.conffile separate from the operating system. This allows setting custom DNS servers and perhaps other DNS options.
Send the output of
SHOW VERSION as a normal result row instead of a NOTICE message. This makes it easier to consume and is consistent with other
bigint. This avoids some client libraries failing on values that overflow the
bigintrange. (#360, #401)
Fix compilation with newer versions of musl-libc (used by Alpine Linux).
make checktarget. This allows running all the tests from a single command.
Fix some warnings from LLVM scan-build.
2019-08-27 - PgBouncer 1.11.0 - "Instinct for Greatness"
auth_type=passwordwhen the stored password is md5, like a PostgreSQL server would. (#129)
log_statsto disable printing stats to log. (#287)
auth_user. This would either crash or report garbage values for wait time. (#393)
[users]section and add to example config file. (#330)
2019-07-01 - PgBouncer 1.10.0 - "Afraid of the World"
idle_transaction_timeoutcalculation (#125). The bug would lead to premature timeouts in specific situations.
2018-08-13 - PgBouncer 1.9.0 - "Chaos Survival"
2017-12-20 - PgBouncer 1.8.1 - "Ground-and-pound Mentality"
include/pam.hinto distribution tarball. This prevented the 1.8 tarball from building at all.
2017-12-19 - PgBouncer 1.8 - "Confident at the Helm"
SHOW STATS. The fields
avg_queryhave been replaced by new fields.
pg_hba.conf, keep parsing after erroneous lines instead of rejecting the whole file. (#118)
auth_usersetting is now also allowed globally, not only per database. (#142)
2016-02-26 - PgBouncer 1.7.2 - "Finally Airborne"
2016-02-18 - PgBouncer 1.7.1 - "Forward To Five Friends Or Else"
WARNING: Since version 1.7,
server_reset_query is not executed when database is in transaction-pooling mode. Seems this was not highlighted enough in 1.7 announcement. If your apps depend on that happening, use
server_reset_query_always to restore previous behaviour.
Otherwise main work of this release was to track down TLS-related memory leak, which turned out to not exist. Instead there is libssl build in Debian/wheezy which has 600k overhead per connection (without leaking) instead expected 20-30k. Something to keep an eye on when using TLS.
client_tls_sslmode=verify-ca/-fullnow reject connections without client certificate. (#104)
client_tls_sslmode=allow/requiredo validate client certificate if sent. Previously they left cert validation unconfigured so connections with client cert failed. (#105)
--without-openssl) build. (#101)
2015-12-18 - PgBouncer 1.7 - "Colors Vary After Resurrection"
query_wait_timeoutto 120s by default. Current default
server_reset_query_alwaysby default. Now reset query is used only in pools that are in session mode.
2015-09-03 - PgBouncer 1.6.1 - "Studio Audience Approves"
server_reset_query_always. When set, disables
server_reset_query use on non-session pools. PgBouncer introduces per-pool pool_mode, but session-pooling and transaction-pooling should not use same reset query. In fact, transaction-pooling should not use any reset query.
It is set in 1.6.x, but will be disabled in 1.7.
[SECURITY] Remove invalid assignment of
auth_user. (#69) When
auth_user is set and client asks non-existing username, client will log in as
auth_user. Not good.
Skip NoticeResponce in handle_auth_response. Otherwise verbose log levels on server cause login failures.
auth_user when auth_type=any. Otherwise logging can crash (#67).
Various portability fixes (OpenBSD, Solaris, OSX).
2015-08-01 - PgBouncer 1.6 - "Zombies of the future"
Load user password hash from postgres database. New parameters:
auth_user user to use for connecting same db and fetching user info. Can be set per-database too.
auth_query SQL query to run under auth_user. Default: "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"
Pooling mode can be configured both per-database and per-user. (Cody Cutrer)
Per-database and per-user connection limits: max_db_connections and max_user_connections. (Cody Cutrer / Pavel Stehule)
Add DISABLE/ENABLE commands to prevent new connections. (William Grant)
New DNS backend: c-ares. Only DNS backend that supports all interesting features: /etc/hosts with refresh, SOA lookup, large replies (via TCP/EDNS+UDP), IPv6. It is the preferred backend now, and probably will be only backend in the future, as it's pointless to support zoo of inadequate libraries.
SNAFU: c-ares versions <= 1.10 have bug which breaks CNAME-s support when IPv6 has been enabled. (Fixed upstream.) As a workaround, c-ares <= 1.10 is used IPv4-only. So PgBouncer will drop other backends only when c-ares >1.10 (still unreleased) has been out some time...
Show remote_pid in SHOW CLIENTS/SERVERS. Available for clients that connect over unix sockets and both tcp and unix socket server. In case of tcp-server, the pid is taken from cancel key.
Add separate config param (dns_nxdomain_ttl) for controlling negative dns caching. (Cody Cutrer)
Add the client host IP address and port to application_name. This is enabled by a config parameter application_name_add_host which defaults to 'off'. (Andrew Dunstan)
Config files have '%include FILENAME' directive to allow configuration to be split into several files. (Andrew Dunstan)
Fix spelling mistakes in log messages and comments. (Dmitriy Olshevskiy)
Disable server_idle_timeout when server count gets below min_pool (#60) (Marko Kreen)
2015-04-09 - PgBouncer 1.5.5 - "Play Dead To Win"
2012-11-28 - PgBouncer 1.5.4 - "No Leaks, Potty-Training Successful"
2012-09-12 - PgBouncer 1.5.3 - "Quantum Toaster"
Too long database names can lead to crash, which is remotely triggerable if autodbs are enabled.The original checks assumed all names come from config files, thus using fatal() was fine, but when autodbs are enabled
In case of unparseable packet header, show it in hex in log and error message.
config.txt: show that all timeouts can be set in floats. This is well-hidden feature introduced in 1.4.
2012-05-29 - PgBouncer 1.5.2 - "Don't Chew, Just Swallow"
2012-04-17 - PgBouncer 1.5.1 - "Abort, Retry, Ignore?"
2012-01-05 - PgBouncer 1.5 - "Bouncing Satisified Clients Since 2007"
If you use more than 8 IPs behind one DNS name, you now need to use EDNS0 protocol to query. Only getaddrinfo_a()/getaddrinfo() and UDNS backends support it, libevent 1.x/2.x does not. To enable it for libc, add 'options edns0' to /etc/resolv.conf.
GNU Make 3.81+ is required for building.
2011-06-16 - PgBouncer 1.4.2 - "Strike-First Algorithm"
Affected OS-es: *BSD, Solaris, Win32.
2011-04-01 - PgBouncer 1.4.1 - "It Was All An Act"
console: Send PgBouncer version as 'server_version' to client.
Disable getaddrinfo_a() on glibc < 2.9 as it crashes on older versions.
Notable affected OS'es: RHEL/CentOS 5.x (glibc 2.5), Ubuntu 8.04 (glibc 2.7). Also Debian/lenny (glibc 2.7) which has non-crashing getaddrinfo_a() but we have no good way to detect it.
Please use libevent 2.x on such OS'es, fallback getaddrinfo_a() is not meant for production systems. And read new 'DNS lookup support' section in README to see how DNS backend is picked.
(Hubert Depesz Lubaczewski, Dominique Hermsdorff, David Sommerseth)
Default to --enable-evdns if libevent 2.x is used.
Turn on tcp_keepalive by default, as that's what Postgres also does. (Hubert Depesz Lubaczewski)
Set default server_reset_query to DISCARD ALL to be compatible with Postgres by default.
win32: Fix crashes with NULL unix socket addr. (Hiroshi Saito)
Fix autodb cleanup: old cleanup code was mixing up databases and pools: as soon as one empty pool was found, the database was tagged as 'idle', potentially later killing database with active users.
Reported-By: Hubert Depesz Lubaczewski
Various minor portability fixes in libusual.
2011-01-11 - PgBouncer 1.4 - "Gore Code"
Async DNS lookup - instead of resolving hostnames at reload time, the names are now resolved at connect time, with configurable caching. (See dns_max_ttl parameter.)
By default it uses getaddrinfo_a() (glibc) as backend, if it does not exist, then getaddrinfo_a() is emulated via blocking(!) getaddrinfo().
When --enable-evdns argument to configure, libevent's evdns is used as backend. It is not used by default, because libevent 1.3/1.4 contain buggy implementation. Only evdns in libevent 2.0 seems OK.
New config var: syslog_ident, to tune syslog name.
Proper support for
application_name startup parameter.
Command line long options (Guillaume Lelarge)
Solaris portability fixes (Hubert Depesz Lubaczewski)
New config var: disable_pqexec. Highly-paranoid environments can disable Simple Query Protocol with that. Requires apps that use only Extended Query Protocol.
Postgres compat: if database name is empty in startup packet, use user name as database.
Console: send datetime, timezone and stdstr server params to client.
Remove fixed-length limit from server params.
2010-09-09 - PgBouncer 1.3.4 - "Bouncer is always right"
2010-05-10 - PgBouncer 1.3.3 - "NSFW"
2010-03-15 - PgBouncer 1.3.2 - "Boomerang Bullet"
New config var 'query_wait_timeout'. If client does not get server connection in this many seconds, it will be killed.
If no server connection in pool and last connect failed, then don't put client connections on hold but send error immediately.
This together with previous fix avoids unnecessary stalls if a database has gone down.
Track libevent state in sbuf.c to avoid double event_del(). Although it usually is safe, it does not seem to work 100%. Now we should always know whether it has been called or not.
Disable maintenance during SUSPEND. Otherwise with short timeouts the old bouncer could close few connections after sending them over.
Apply client_login_timeout to clients waiting for welcome packet (first server connection). Otherwise they can stay waiting infinitely, unless there is query_timeout set.
win32: Add switch -U/-P to -regservice to let user pick account to run service under. Old automatic choice between Local Service and Local System was not reliable enough.
console: Remove from end of text columns. It was hard to notice, as C clients were fine with it.
Documentation improvements. (Greg Sabino Mullane)
Clarify few login-related log messages.
Change logging level for pooler-sent errors (usually on disconnect) from INFO to WARNING, as they signify problems.
Change log message for query_timeout to "query timeout".
2009-07-06 - PgBouncer 1.3.1 - "Now fully conforming to NSA monitoring requirements"
2009-02-18 - PgBouncer 1.3 - "New Ki-Smash Finishing Move"
IANA has assigned port 6432 to be official port for PgBouncer. Thus the default port number has changed to 6432. Existing individual users do not need to change, but if you distribute packages of PgBouncer, please change the package default to official port.
Dynamic database creation (David Galoyan)
Now you can define database with name "*". If defined, it's connect string will be used for all undefined databases. Useful mostly for test / dev environments.
Windows support (Hiroshi Saito)
PgBouncer runs on Windows 2000+ now. Command line usage stays same, except it cannot run as daemon and cannot do online reboot. To run as service, define parameter service_name in config. Then:
> pgbouncer.exe config.ini -regservice > net start SERVICE_NAME
To stop and unregister:
> net stop SERVICE_NAME > pgbouncer.exe config.ini -unregservice
To use Windows Event Log, event DLL needs to be registered first:
> regsrv32 pgbevent.dll
Afterwards you can set "syslog = 1" in config.
Database names in config file can now be quoted with standard SQL ident quoting, to allow non-standard characters in db names.
New tunables: 'reserve_pool_size' and 'reserve_pool_timeout'. In case there are clients in pool that have waited more that 'reserve_pool_timeout' seconds, 'reserve_pool_size' specifies the number of connections that can be added to pool. It can also set per-pool with 'reserve_pool' connection variable.
New tunable 'sbuf_loopcnt' to limit time spent on one socket.
In some situations - eg SMP server, local Postgres and fast network - pgbouncer can run recv()->send() loop many times without blocking on either side. But that means other connections will stall for a long time. To make processing more fair, limit the times of doing recv()->send() one socket. If count reaches limit, just proceed processing other sockets. The processing for that socket will resume on next event loop.
Thanks to Alexander Schöcke for report and testing.
crypt() authentication is now optional, as it was removed from Postgres. If OS does not provide it, pgbouncer works fine without it.
Add milliseconds to log timestamps.
Replace old MD5 implementation with more compact one.
Update ISC licence with the FSF clarification.
In case event_del() reports failure, just proceed with cleanup. Previously pgbouncer retried it, in case the failure was due ENOMEM. But this has caused log floods with inifinite repeats, so it seems libevent does not like it.
Why event_del() report failure first time is still mystery.
--enable-debug now just toggles whether debug info is stripped from binary. It no longer plays with -fomit-frame-pointer as it's dangerous.
Fix include order, as otherwise system includes could come before internal ones. Was problem for new md5.h include file.
Include COPYRIGHT file in .tgz...
2008-08-08 - PgBouncer 1.2.3 - "Carefully Selected Bytes"
Thanks to Devrim GÜNDÜZ and Bjoern Metzdorf for problem reports and testing.
2008-08-06 - PgBouncer 1.2.2 - "Barf-bag Included"
2008-08-04 - PgBouncer 1.2.1 - "Waterproof"
2008-07-29 - PgBouncer 1.2 - "Ordinary Magic Flute"
PgBouncer 1.2 now requires libevent version 1.3b or newer. Older libevent versions crash with new restart code.
Command line option (-u) and config parameter (user=) to support user switching at startup. Also now pgbouncer refuses to run as root.
More descriptive usage text (-h). (Jacob Coby)
New database option: connect_query to allow run a query on new connections before they are taken into use.
New config var 'ignore_startup_parameters' to allow and ignore extra parameters in startup packet. By default only 'database' and 'user' are allowed, all others raise error. This is needed to tolerate overenthusiastic JDBC wanting to unconditionally set 'extra_float_digits=2' in startup packet.
Logging to syslog: new parameters syslog=0/1 and syslog_facility=daemon/user/local0.
Less scary online restart (-R)
Move FD loading before fork, so it logs to console and can be canceled by ^C
Keep SHUTDOWN after fork, so ^C would be safe
A connect() is attempted to unix socket to see if anyone is listening. Now -R can be used even when no previous process was running. If there is previous process, but -R is not used, startup fails.
New console commands:
SHOW TOTALS that shows stats summary (as goes to log) plus mem usage.
SHOW ACTIVE_SOCKETS - like show sockets; but filter only active ones.
Less visible features
suspend_timeout - drop stalled conns and long logins. This brings additional safety to reboot.
When remote database throws error on logging in, notify clients.
Removing a database from config and reloading works - all connections are killed and the database is removed.
Fake some parameters on console SHOW/SET commands to be more Postgres-like. That was needed to allow psycopg to connect to console. (client_encoding/default_transaction_isolation/datestyle/timezone)
Make server_lifetime=0 disconnect server connection immediately after first use. Previously "0" made PgBouncer ignore server age. As this behavior was undocumented, there should not be any users depending on it.
Packet buffers are allocated lazily and reused. This should bring huge decrease in memory usage. This also makes realistic to use big pktbuf with lot of connections.
Lot's of error handling improvements, PgBouncer should now survive OOM situations gracefully.
Use slab allocator for memory management.
Lots of code cleanups.
Solaris compatibility fixes (Magne Mæhre)
2007-12-10 - PgBouncer 1.1.2 - "The Hammer"
2007-10-26 - PgBouncer 1.1.1 - "Breakdancing Bee"
2007-10-09 - PgBouncer 1.1 - "Mad-Hat Toolbox"
Keep track of following server parameters:
client_encoding datestyle, timezone, standard_conforming_strings
Database connect string enhancements:
Local connection endpoint info in SHOW SERVERS/CLIENTS/SOCKETS.
Wrapper struct for current pkt info. Removes lot of compexity.
auth_file modification check was broken, which made pgbouncer reload it too often.
2007-06-18 - PgBouncer 1.0.8 - "Undead Shovel Jutsu"
2007-04-19 - PgBouncer 1.0.7 - "With Vitamin A-Z"
2007-04-12 - PgBouncer 1.0.6 - "Daily Dose"
2007-04-11 - PgBouncer 1.0.5 - "Enough for today"
2007-04-11 - PgBouncer 1.0.4 - "Last 'last' bug"
2007-04-11 - PgBouncer 1.0.3 - "Fearless Fork"
Create core when Assert() triggers.
Config var: client_login_timeout to kill dead connections in login phase that could stall SUSPEND and thus online restart.
2007-03-28 - PgBouncer 1.0.2 - "Supersonic Spoon"
2007-03-15 - PgBouncer 1.0.1 - "Alien technology"
Delay server release until everything is guaranteed to be sent.
Various code cleanups.
2007-03-13 - PgBouncer 1.0 - "Tuunitud bemm"