Fluxheim 1.5.16

Fluxheim 1.5.16 Release Notes

Fluxheim 1.5.16 starts the UDP/GSLB exploration line.

This release adds the first reviewed boundary for UDP work: a separate beta
[udp] configuration namespace, an opt-in udp-proxy feature gate, and a
small scoped UDP runtime for DNS-style request/response forwarding and
syslog-style one-way forwarding. It does not turn TCP stream routes into mixed
TCP/UDP routes and it does not ship production UDP/GSLB support yet.

What Changed

• Added udp-proxy as a beta feature gate.
• Added [udp] with enabled and routes fields.
• Added [[udp.routes]] with bounded route mode, listeners, upstreams,
  optional weights, optional aliases, idle/session timeouts, datagram caps, and
  session caps. max_sessions defaults to 4096; 0 remains an explicit
  unlimited setting.
• Added beta UDP listener/runtime support for dns-load-balance and
  syslog-forward.
• Added response_timeout_secs for UDP routes. It defaults to 3 seconds and
  keeps unanswered DNS-style datagrams from occupying route slots for the full
  idle timeout.
• Removed the unused beta max_session_secs UDP field before release. Current
  beta modes handle one datagram at a time; response_timeout_secs is the
  effective cap for DNS-style upstream waits.
• Hardened beta UDP forwarding so oversized upstream responses are dropped
  instead of being forwarded as truncated datagrams.
• Rate-limited high-volume UDP drop warnings for oversized downstream
  datagrams and max_sessions pressure.
• Added explicit reserved route modes for future scoped UDP modules:
  quic-pass-through and game-proxy.
• Added config validation for duplicate route names, duplicate listeners,
  duplicate upstreams, invalid listener/upstream authorities, invalid timeout
  values, oversized datagrams, excessive session caps, and invalid
  weight/alias lists.
• Added unit coverage with real local UDP sockets for request/response and
  one-way forwarding behavior.
• Added scripts/smoke_udp_proxy.sh, an optional local smoke that starts
  Fluxheim with a UDP-only config and proves DNS-style response forwarding plus
  syslog-style one-way delivery.
• Refreshed low-risk dependency and workflow pins: base64-ng 1.0.8, http
  1.4.2, manifest log 0.4.32, and exact current GitHub Action tags for
  checkout and Docker image workflows. Pingora was intentionally left unchanged.
• Kept udp-proxy out of the normal full, proxy, cache, php, and
  load-balancer release profiles until the runtime data plane is added and
  reviewed.

Compatibility

• Existing HTTP proxy, cache, TCP stream proxy, and load-balancer configs are
  unchanged.
• Configs that set udp.enabled = true fail with a clear
  udp.enabled requires building Fluxheim with the udp-proxy feature error in
  normal production builds.
• The UDP namespace is intentionally separate from [stream]; TCP stream
  routing remains TCP-only.
• UDP-only beta configs can validate without HTTP/TLS listeners when built
  with udp-proxy.

Not Included

• No production UDP/GSLB support yet.
• No generic catchall UDP proxy.
• No authoritative DNS server or full GSLB control plane.
• No public-Internet DNS reflector hardening yet. dns-load-balance should be
  bound to loopback or internal interfaces unless the surrounding network
  provides ingress filtering; response rate limiting remains future work.
• No QUIC pass-through or game-server UDP session proxying yet.
• No WAF, VPN/firewall appliance behavior, HTTP/3 ingress, or
  Wasm/iRules/Lua scripting in this release.

Checksums And Signatures

• Commit: 2317f400ab629e4f349528df843e1d4ee3887b27
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • 4fdbe3dd5d99776a0d7eb70b04890785b8273b243b571733510ee5f1342f833a fluxheim-1.5.16.tar.gz
  • 7652deef9e38aed455bf77d4ad5374dd7e59e24a654179470fc1500072aded7a fluxheim-1.5.16.zip
• Binary checksums:
  • x86_64:
    • 5d49fd8f457b551d609091c18407f0cb91f15f8a0a90ef9f28024cdeafe8c2f2 fluxheim-1.5.16-full-x86_64-linux.tar.gz
    • b01b97dd959eef05dab2f372b99c1f67b784801faa4be578fbc6cea94bed5ba7 fluxheim-1.5.16-cache-x86_64-linux.tar.gz
    • 48972e284761eb1a40bbf9181f374535d4c4f112f1abda4fbb9fe4a4f1a40222 fluxheim-1.5.16-proxy-x86_64-linux.tar.gz
    • d28b873f28945cfa2fa2960110f9d020190ac3c438fc96aa8d78a866c73b0885 fluxheim-1.5.16-php-x86_64-linux.tar.gz
    • 191d621626eded6bc4621dcd59f39ddef60c4effadb3d37c14b81a83de3975f1 fluxheim-1.5.16-load-balancer-x86_64-linux.tar.gz
    • 8970d0fe2cb18faa6333c00a7731368f3e01eb49a3187b1534b66d8162a00cf5 fluxheim-1.5.16-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 2e1ad38570154e1a1bfe70d3ad2c567f972f5783541a07d6adfbf78e4691619b fluxheim-1.5.16-full-aarch64-linux.tar.gz
    • c6090f12ff7c603c26e080c89e97c98d80c5eeb994262b5aec42833445a7ba0f fluxheim-1.5.16-cache-aarch64-linux.tar.gz
    • fc45fef67664a281cc8e58da275537b1f7108f2a6079465cb2a62a51f1da5762 fluxheim-1.5.16-proxy-aarch64-linux.tar.gz
    • 541d67b74cc18fedc8d18d94dec9e573ffd5a2ad6ecfc32b0ea48c85a7b28e66 fluxheim-1.5.16-php-aarch64-linux.tar.gz
    • 785291a89dee9c51a248de4a75c41604a3c1fa79e52547597959cbcd0e26bb2c fluxheim-1.5.16-load-balancer-aarch64-linux.tar.gz
    • d9e4a58628602ae2825dddb53cdfe8aa3366d375b54ea8f17c07d696c1a5dacd fluxheim-1.5.16-config-tester-aarch64-linux.tar.gz
  • macos:
    • c7b31df1f7bfd5e5339f6a845757da59ee7953814b3bc320c3dbde6f936fbf10 fluxheim-1.5.16-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • ec2074d032ce064ef7c377d7b8e75592b60c35cb18a1f0f2b91daf43d50c0ad0 fluxheim.spdx.json
  • 9143362bdf5274204e0fcede86f7881481cf8a186633bdbe78db7dc9ca7fbcfb fluxheim.cyclonedx.json
• Reproducible build:
  • abaf5daa060faa3c5f34f0b1216ae7f3f25202a12a6b2edb6b0973b29fbe7e9e x86_64
  • d82462cb6ea39e567b9d526bdb0431368ccb2f86906c24109a6f9c3c4a00ab2c aarch64
  • d2a676eedbfcb48e78365020ad96d0f5db6d1769e8aedd89d1fe74377693abb7 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0d6de4685d300b15492c3099ca149195f59bbc8b192f8c80b7c2d1d72029e210
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:e41fbc532ba0fdc5ecffa6aff7bb0e21e188d9f0aec449fbcb196b758b73e197
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4f9c863e01c8cfb4e04efd3f761d478fb3eb9c34393892c6fb0191a5b60b1dca
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:621ab66186cedaff4885270d91bdc290d22cfbc3691498b04f9916d887eb49f8
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0b616a70a716dfb569db017825c23554a4819a3412b1363af6e55ef957d4f0ce
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:8185980bc380870d79dc09ce6e0da85aa442afe09942fe8437b598ed3af9880a
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:8a0a548da76c8e34df233afdb277f2af5b97b25a653054b9fff14d209ecaf10c
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:82e08f13eb70256bbc56c1de233ec2cdd23af7385df9d79d21b10a911810d2b6
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:287cdd12dd51482af3d52b98b7e5f0194a8852a9492e4c1175666d41d82c2dc4
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:bec8cf76be87b0c3dde7356e017ede8686e311297ef6e52b1c62c3ac2fee8802
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:88edc20a987ee4cc8460d3a80118d0f054d328489cc2649b8650c7bd56d26b02
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:2618b670a621d83bc80544cba6b8acce467a63a2864836c621b60a4d1548e65a
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:9ea00069fe707c3c0e99bdb1edf6c21ed164443231236080a693cfa3467e596b
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:33d17779954a3ae77b9a9f53364e31e2eb8fe980c7bce82dc2b319f2ece7f14b
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4cbc3483ebced4d4d70f2978a8c6a86782cbeab6707e74917ad31c4976e1b48c
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:0ccc8714400d3ba7bfaf0af17d2f24052f1a23b5d7e25bdedba0fc4b1c02d4c5
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:4c2b5e29762c7da67448e85b6c96a1d8cdc312805889da7704dbd5e514970f66
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:06ef2670f9f0777474543da40ac1e7fa3132376314a3825dbfcfa905b95b8ace
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:96ccdbe5240a2a9cd3e97355171af6ed9c147abc88f4c07c38c64730f88b62a5
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:36e0033263a74ece44e81521895c4a6449c0a8b24afa340b0c24ba80c85c7a07
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.15

Fluxheim 1.5.15 Release Notes

Fluxheim 1.5.15 starts the database/protocol-aware health-check line.

This release adds bounded Redis PING, MySQL/MariaDB handshake, and
PostgreSQL SSLRequest active health checks for load-balancer pools where TCP
connect is not enough and an HTTP/gRPC endpoint is not available.

Publishing note: the signed git tag v1.5.15 remains the canonical code tag
for this release. The GitHub Release page is published under
v1.5.15-release because the original immutable GitHub Release object for
v1.5.15 was accidentally deleted; GitHub reserves immutable release tag names
and does not allow the original release page to be restored through the normal
release UI/API.

What Changed

• Added protocol = "redis" for proxy.load_balance.health_check.
• Redis checks open a bounded TCP connection to the selected backend, send one
  fixed RESP PING frame, and require a simple-string +PONG response.
• Redis checks now read until CRLF within the existing 64-byte response cap, so
  fragmented +PONG\r\n responses do not falsely mark healthy Redis backends
  down.
• Added protocol = "mysql" for proxy.load_balance.health_check.
• MySQL checks open a bounded TCP connection to the selected backend, read one
  MySQL server greeting packet, and require a protocol-10 handshake without
  sending a login packet or SQL query.
• Added protocol = "postgres" for proxy.load_balance.health_check.
• PostgreSQL checks open a bounded TCP connection to the selected backend, send
  the PostgreSQL SSLRequest pre-auth handshake, and require a one-byte S or
  N response without sending a StartupMessage or SQL query.
• Redis, MySQL, and PostgreSQL checks use connect_timeout_secs and
  read_timeout_secs, inherit the normal consecutive success/failure
  thresholds, and report their protocol in runtime status.
• Redis, MySQL, and PostgreSQL checks reject HTTP/gRPC matchers, request
  headers, port overrides, connection reuse, host overrides, and parallel
  checking.
• Added examples/load-balancer-redis-health.toml as a validated Redis health
  probe example.
• Added examples/load-balancer-mysql-health.toml as a validated
  MySQL/MariaDB health probe example.
• Added examples/load-balancer-postgres-health.toml as a validated
  PostgreSQL health probe example.
• Added scripts/smoke_redis_health_check.sh, an optional Podman smoke that
  starts Valkey, verifies Fluxheim increments Valkey's Redis PING command
  counter, then stops Valkey and checks that Fluxheim marks the backend
  unhealthy.
• Added scripts/smoke_mysql_health_check.sh, an optional Podman smoke that
  starts MariaDB, verifies Fluxheim increments MariaDB's unauthenticated
  handshake counter, then stops MariaDB and checks that Fluxheim marks the
  backend unhealthy.
• Added scripts/smoke_postgres_health_check.sh, an optional Podman smoke that
  starts PostgreSQL, verifies Fluxheim creates a pre-auth connection observed
  by PostgreSQL connection logging, then stops PostgreSQL and checks that
  Fluxheim marks the backend unhealthy.

Compatibility

• Existing TCP/TLS, HTTP, gRPC, JSON, weighted degraded, and exec health checks
  remain compatible.
• Redis, MySQL, and PostgreSQL checks are health probes only. They do not
  authenticate, run Redis commands beyond PING, send MySQL login packets,
  send PostgreSQL StartupMessages, inspect keys or schemas, execute queries, or
  make Fluxheim a database proxy.
• The MySQL/MariaDB probe intentionally disconnects before authentication. On
  non-loopback database connections, repeated idle probes can count toward the
  server host-cache error budget (max_connect_errors) and block the Fluxheim
  host until FLUSH HOSTS or equivalent cleanup. Use conservative intervals,
  raise max_connect_errors, or use an authenticated exec check such as
  mysqladmin ping for credentialed readiness.
• ACME managed-certificate install recovery now logs cleanup and backup-restore
  failures instead of silently discarding those errors.
• Delay-mode rate limiting and load-balancer persistence warning generation
  received small defensive hardening so local invariants are explicit at the
  panic-sensitive call sites.
• Redis TLS, MySQL TLS/authenticated readiness, PostgreSQL TLS/authenticated
  readiness, SMTP/LDAP send-expect, and authenticated agent checks remain
  future work.

Checksums And Signatures

• Commit: 3bc7f5010a97fee80efd00bde2fe912fbb45b3b0
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • a9cdec906b113e61b36a63c14609780f88d66728b79eebddf5b41d9dce25c2fc fluxheim-1.5.15-release.tar.gz
  • 4524d535a35d363a8cb2fdd6a2baa22fa688a9c149e4439239e59a46d8a39966 fluxheim-1.5.15-release.zip
• Binary checksums:
  • x86_64:
    • 423ea3f48a1f977b4eb4ab79d39a6ec4a277021510c935c59174333b55312021 fluxheim-1.5.15-release-full-x86_64-linux.tar.gz
    • d50928d6a92a89d916396e5d5b25f7586f5719e71730652addb7d9d04c5adc54 fluxheim-1.5.15-release-cache-x86_64-linux.tar.gz
    • dc8f86cd4fd11a3ee3823cea6b0b6efa07a5bbdd4f82b90570f8eb62f44275bf fluxheim-1.5.15-release-proxy-x86_64-linux.tar.gz
    • 3ba946e6652a0ed5e0d69a54163748d0fceb9c28097432bb747a18a9b49dc0e1 fluxheim-1.5.15-release-php-x86_64-linux.tar.gz
    • 12eeeda33ed39ce651b316a043708766888f012fe09d8da117feaa9b6f6541ff fluxheim-1.5.15-release-load-balancer-x86_64-linux.tar.gz
    • d5b2366ffac9c3eb104c4f060a3aaba7a7ba750c468658f2a95eed19d285097b fluxheim-1.5.15-release-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 7599b124903122aae325ddffe4d250b1f32f236611f4bc67f746483be16aace9 fluxheim-1.5.15-release-full-aarch64-linux.tar.gz
    • 1564b9b28fc498c9aaf5ad3f7fdfc3f915f76975a99f8a4df88b3bfc7e43e7dd fluxheim-1.5.15-release-cache-aarch64-linux.tar.gz
    • c851fdada917ad09ba5f9e597fb0179b8f8a57b01012d03fed90ebb31712b009 fluxheim-1.5.15-release-proxy-aarch64-linux.tar.gz
    • 9418078f4b9bde10aeeeec0d0a76687aa32c8f2ef5743f401ea601fb051c9a63 fluxheim-1.5.15-release-php-aarch64-linux.tar.gz
    • c78688fc4a8677426157528fef70f616e92a4c26c1b0f924a7f608831c5fca65 fluxheim-1.5.15-release-load-balancer-aarch64-linux.tar.gz
    • 2d3c5781809598a08c0a07f6edcb6e6814fd540f160bf215f3d5948b0a26511a fluxheim-1.5.15-release-config-tester-aarch64-linux.tar.gz
  • macos:
    • 75ef869c5a56d9fb59f29d2d02857bc40c9ec0ffb220a1cd113f88cc71be7876 fluxheim-1.5.15-release-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • 17d9af6d19ee2f4fa9ca1538013a3a585b5a18ef24ef70cb7c77e2a84e19506f fluxheim.spdx.json
  • 61b3c9bd0bf5f6de7b40d09859749af268a9686e4c322dd710157065f3ad9c36 fluxheim.cyclonedx.json
• Reproducible build:
  • 96d9ab1b4d59fdeb0438ff2c2bcb296c5e78fac1ce0525c7a1aa4bbd5d3e96c0 x86_64
  • f35ce81a560f0a6b62cbe6cd2f3bb642bcb4748a459cbef814ba4403620e33c4 aarch64
  • 3c1710bc0d0f9c7bc4f50f12d07aba3ca1dc2ccce4a5c80b7167b954f00ef26e macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1c5341434d0c2274148e2bba889d1caabd5c02e6b456ecbf3de9445d817d71fc
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:22498e680ef9d2dd2f7942f8a272a1c22f44eab99c38adeba6c8b6dc080e1198
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:549f461872692b648fc75bcae84df12cdec6d5bbd28b8487d1a0799acbd8c363
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:a8de04da8dddb4776d301484cd6733e665a33efc827e1c1d826e92ee27afd926
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:4430d1c1f32214db5960a7838350e32d9c738a9a7d287283ae4f8042bd7befdf
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:0cb825993e93d6885e5e80846becc1472a60f385a9e76f6191ca6f3d76e42add
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:7774613968d23a89a3add8354791366f16acfad8da8ad69b0f693cf60643a17f
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:a0bd8f74323c9c6161188cba6ac5f05a94ae8e1c9dcc3b0bc3d1ed838e3c39b9
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:a842de5a233748fe1dc473d447519b095a4343d2fe5ce2f9dfa29800749e7b24
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4718d0e3ea00dfc3bc09d360f2e12288c12aabbdd40960877c490b4985e110a0
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:60c4d55c88dc70175af81278c3279a360887bdd23ceae84b2a1fbaf6be7f611d
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:5fad889700e9cecdb348d34d6938ca2c41b0ed505776ab213e3022b92c098f31
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2569e9dc65ee1684e31c757539c60829037045950efd51b4f50682cc5f41c198
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:08b9bd504f4d40518251ccfa98edd4737885a007cf7204b2bb568c7e8172290b
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:96457dbadbe32795ee841d8f7c3e866fa3bb71227b1f9d5f5f1e0149e8d0d645
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:48702d67e990d4afa89866656d73501a3e59af718144402eaa226f0acc4b87eb
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1e29a57985856923c0f4ca684e5aaf7bf6c34938978dafc4c19442953525c10a
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:c47776f68b4d2de241487333c6e4ca72ef7101db9fb338aa9d8a428ff9b89362
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:09eefafe60519ab3539df0ae6f167922655444da0b0fc4759017bbe5985d29e2
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:5934523c90aa1409f6e2d202feb37410ba6e0201ee26c3135c17c2665f5675bc
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.14

Fluxheim 1.5.14 Release Notes

Fluxheim 1.5.14 starts the local exec health-check line.

This release adds a bounded opt-in command monitor for load-balancer active
health checks where TCP/TLS, HTTP, gRPC, and JSON checks are not enough.

What Changed

• Added protocol = "exec" for proxy.load_balance.health_check.
• Added exec_command, exec_args, exec_allowed_commands, and
  exec_timeout_secs.
• Exec commands must be absolute paths and must appear exactly in the
  configured allow-list.
• Exec command paths reject . and .. components so allow-list entries stay
  transparent during operator review.
• Exec checks run without a shell, with inherited environment cleared, and with
  stdin/stdout/stderr connected to null devices.
• Fluxheim provides bounded backend context through:
  FLUXHEIM_HEALTH_BACKEND_ADDR, FLUXHEIM_HEALTH_BACKEND_HOST, and
  FLUXHEIM_HEALTH_BACKEND_PORT.
• Load-balancer runtime status now reports the active health-check protocol
  without exposing exec command paths or arguments.
• Exec health-check backend summaries now identify the protocol without
  including the configured command path.
• Added examples/load-balancer-exec-health.toml as a validated local command
  monitor example.

Compatibility

• Existing TCP, HTTP, gRPC, JSON, and weighted degraded health checks remain
  compatible.
• Exec checks are opt-in and are rejected if mixed with HTTP/gRPC request or
  response matcher fields.
• Exec checks run serially per pool in this release; parallel = true is
  rejected for exec checks to avoid spawning many local processes at once.
• Exec command paths and arguments are normal configuration fields. They are
  not exposed in runtime status or backend summaries, but operators should not
  put credentials in argv or allow-list entries.
• Agent checks and database protocol probes remain future work.

Checksums And Signatures

• Commit: be203103956a25306a080c9f5e53348064bedb79
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • 2550ea8d74002feb5fd01d7794855fa0d0c5171fbe5e8436fbf16d865a0f0446 fluxheim-1.5.14.tar.gz
  • db9b889477ac9a68675829e4a4ff83a1a872c06841653d3cd16d2d44496dff1e fluxheim-1.5.14.zip
• Binary checksums:
  • x86_64:
    • 19084d0bb8737a4854a3f17c19d50cf0241eca6cde42207401fdb3ddeb86ea5b fluxheim-1.5.14-full-x86_64-linux.tar.gz
    • 2f0b04d05ee9825a7dae589bac59ae934c424437b19959af5085954ab4e75740 fluxheim-1.5.14-cache-x86_64-linux.tar.gz
    • f60102954e4ec17925dba7198fb9eccfc0152a57dc342a13ba22692188cad555 fluxheim-1.5.14-proxy-x86_64-linux.tar.gz
    • 1868fd5a0a21ada0f4204ced9b6ed62136a1237e15c7ea18769947315483be5f fluxheim-1.5.14-php-x86_64-linux.tar.gz
    • 246c789ec47489081cd6ef4a9124b18674f7c88cb0f3aa0a56a26e291aceb8f5 fluxheim-1.5.14-load-balancer-x86_64-linux.tar.gz
    • c2fcd34261f76766307b624a63a88bdd2aee7dffbf595c8c6bfa3c7c5f673299 fluxheim-1.5.14-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • a4cb86f6d251590cc8ddcfad380a551f25057446943c87f2f6e6894eb514977d fluxheim-1.5.14-full-aarch64-linux.tar.gz
    • 91faf170c0bd7d95dc0513fe5fd026e294dd205f8ed7859e387c6c5e45a262f5 fluxheim-1.5.14-cache-aarch64-linux.tar.gz
    • 0526a706235030880443477ea54c906d76c99522e94cef648df7875ed8f66281 fluxheim-1.5.14-proxy-aarch64-linux.tar.gz
    • d9ea3197197afcfbaa1b287acf03088f3613d56dc3e5776c442f2f6594aa272f fluxheim-1.5.14-php-aarch64-linux.tar.gz
    • 693f2268816763f397361ef3c11ea16a9499c05e23adc8df486dfae133439ca0 fluxheim-1.5.14-load-balancer-aarch64-linux.tar.gz
    • b9d31ddaff7d5caf46b8df0fe44f709f0c1d5670329d1f623ff8170ebee50f48 fluxheim-1.5.14-config-tester-aarch64-linux.tar.gz
  • macos:
    • 8cbe4c0bc7da4038ce792e5443dace45ab6f8aaf87da010d48ac0148833cb62b fluxheim-1.5.14-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • bc1079a867b4db035f0726221a248f6429e6a2be69cfe25be5160002c998e54f fluxheim.spdx.json
  • fca4fe579c3bfbf7ee58bc4e3c6e958ed87238f60aac7603f4a8f51b2b4446d0 fluxheim.cyclonedx.json
• Reproducible build:
  • 856c0ed504e121313b9324013cb645c0ce8dd4f05179dde4d0c986e000feef30 x86_64
  • de74a316cc8939d67e434fc592b888bedf1931c97d5e01fb548ef07be68edd0d aarch64
  • b440627eb3b7fc72e2365bc4af9272467a3101738efbbe6851de33a2e5033acf macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:b73a69eb8f42496319de1da7c91aa07e3acb9392f5a257ffd3388d33295340fb
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:478b23f3e4a35a0b821ba99063f8a2a8d67e2aa3a45b3543c053fad4d0b08016
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:148d749524a988dc0da978089394428920f377e1c9e30c5df731d1c1e1f6185e
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:7e3ee4fe8804dffc05a1e8a97c4daca5114c9366c672caf67fa25a25ae853742
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:72748a5e1899bfe57bf2c1e0ee56daa59ecc8bbb602a5b84f1c7d90cb7651237
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:17d81486c5c391dabc920891907bc775d7ac4b119e9c4ed9744763545a9beba3
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:6376f8f14747643996d476f809c6be07c015ab3c3943022a743f4b945d54b36e
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:2d1bd51780b95453e17dde4e4cb094d1b74216bac361720fcf7468cd6d398a2e
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:581a179da601da1af2e13219531fd58ff6d37ddaeab09bfeaec76b7ee95c960e
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:7c8d614b3fa501c8e4dfcd399098a3878103cc36b73e67279fd778c96ad8410e
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2e13a1e41e58bf0b1399f88d3ada1f34a18f422c035ed28244d1d456e2732797
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:c831a0a0f59eada04b1344fdf030b3978ce556d7228f647245f61c5d654b21f4
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:3ca75f177ffad64745d22548745565eba71beb7101ab926fcf632567a9e247a3
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:1aeac2af9d0a835de66ea89addaf8949b1154a9ae4956af367e6c1fc55a1fa3c
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2376169b4eb5a643a5b055a844218b841901c1b373702bbff90d26ba62c27729
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:5a603b6d1b43bf79080dc87c53d31949373d9735d9ba26098ca5091013fa63d4
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:6da6e278243f0637ce4241fc07da54682ed2ae7323475db7a70a879196b8f846
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4fd03e879ba58b180fbea00145f98881e861c21f8dc75c8f3c77139e423e8a95
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:73b51826c4c4f4e7ddd09fe0fa3fd2562232cdd2a29e4d30095a09ee33ea63c7
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:cc441b46b96e1d2163c66bbce3eb7a6c1526df58929aae18b335bb905d257b70
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.13

Fluxheim 1.5.13 Release Notes

Fluxheim 1.5.13 starts the Fluxheim-owned cache interface line.

This is an internal architecture release. It keeps the shipped cache behavior
stable while moving cache implementations behind Fluxheim-owned traits.

What Changed

• Added FluxCacheStorage, FluxHandleHit, and FluxHandleMiss as the cache
  implementation boundary.
• Moved memory, disk, storage-bin, disk-backend, and tiered cache storage
  implementations to the Fluxheim cache traits.
• Added a narrow Pingora adapter so the current HTTP proxy path can continue to
  use Pingora's session cache machinery without making cache implementations
  depend directly on Pingora's Storage, HandleHit, or HandleMiss traits.
• Moved storage-focused unit coverage onto the Fluxheim cache interface.
• Hardened slice-cache multipart range responses by generating a random
  boundary per response and stripping CR/LF from cached upstream
  Content-Type values before embedding them in MIME part headers.
• Fixed cache-only test imports so cache feature CI paths do not require the
  proxy feature just to compile test scaffolding.

Compatibility

• Existing cache configuration remains compatible.
• Memory, disk, encrypted disk, storage-bin, tiered, purge, stale,
  cache-lock, range/slice, and predictor behavior is intended to match
  1.5.12.
• This release does not change the on-disk cache format.

Privacy Cache

privacy-cache remains planned but disabled. Normal cache is still
incompatible with privacy-mode.

The future design remains limited to explicitly public assets: no client-IP
cache keys, no Cookie or Authorization admission, no per-user variants, no
private/no-store/Set-Cookie storage, strict query-string defaults, and
bounded memory or encrypted short-TTL disk storage.

Checksums And Signatures

• Commit: 78b00f93d051f25b46ddc7f4a709d7a0ca7a172c
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • e08aebecd9da5e3fc140d891bc27a69352a5f6a9d8a2e7ee30352987429484e7 fluxheim-1.5.13.tar.gz
  • fc50b8ec7aa57ca2d0565fe590524be2e9780edc674481ea3cf969348b6828c7 fluxheim-1.5.13.zip
• Binary checksums:
  • x86_64:
    • c15eb4b6b646087d22154901107f7ecf354b4189f0066515d4d48709faf96f32 fluxheim-1.5.13-full-x86_64-linux.tar.gz
    • 2a26841e07f76cd07db98d41759253a574759979be3aaefdd607f9efee0ab668 fluxheim-1.5.13-cache-x86_64-linux.tar.gz
    • b93658fca4170ff0417f5ea228d758db09fe061d2c7db271a3127dfbbb5dba1f fluxheim-1.5.13-proxy-x86_64-linux.tar.gz
    • e6037a4717c3261e96f701c87e3327982bc37e6c7b039cfbaa45b5c7d2661903 fluxheim-1.5.13-php-x86_64-linux.tar.gz
    • ea38efaf38f2ebf75553939cbbcb691f0356391b445cb7cbfba70d1c67780b58 fluxheim-1.5.13-load-balancer-x86_64-linux.tar.gz
    • 8cc5dc1e30b85ebc62fee9724f2830592e70221cf4b2f6904b376809154dab82 fluxheim-1.5.13-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 0ef4ab999627c1fcd7445ce7ce3f06ee2138e231f60014be94c50b5b2c10ee6f fluxheim-1.5.13-full-aarch64-linux.tar.gz
    • 1997c9911577f18c1e17648f8bc599ad31a7d96a57a70571834287b4057cefdc fluxheim-1.5.13-cache-aarch64-linux.tar.gz
    • a2b883acbb9c77a7c268c74417ac712277e256ed668ee6c276f9e405b129537c fluxheim-1.5.13-proxy-aarch64-linux.tar.gz
    • 7f837a5525aefea1460448f9147db46ff3a19232572c24d34af3f3bfb0517d1d fluxheim-1.5.13-php-aarch64-linux.tar.gz
    • 96bc2ba43d23685f6074f3edc854089e9aef057e689753fe76057c431a5bd026 fluxheim-1.5.13-load-balancer-aarch64-linux.tar.gz
    • 5ee6861325a310f91335a219b089883c2983c6dc5dd52ca71ce092c49c3a8437 fluxheim-1.5.13-config-tester-aarch64-linux.tar.gz
  • macos:
    • 585286633b1194d1ccfa3ce318633457e6c61090b6e0e2da1b3aca96dbe4cb0a fluxheim-1.5.13-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • fluxheim.spdx.json
  • fluxheim.cyclonedx.json
• Reproducible build:
  • 304190591c9c3c59ca11b068765274c356b1e0f1d5f6f4769ea2c851e8626175 x86_64
  • d40d2d007145e487d59540545f5c2d1b39a41e336dc31ad105bc50b4fdedd01f aarch64
  • aa98cf0560c2d12242f286e13a981bb2fd772ee8545ab9bd92da98d7de8befa5 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:a7aee7818ea10cfd1c71d46ecf566455f12453d1147a02dc3cce9fa89052844d
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:dd343124e1edf26794441153a34218ed9c3af2b832d840942a547e64792a75ab
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:99752b8fa4231ae21d6f07e0fdfd5817bb5fd27efdc124c7e64c0f44dfe0b893
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:3398412e893dea82e1f9a9d70b5b0096c49f896720e0de7b758658b78b3b5542
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:6ca034ef5249cdd6bcbd51c7377f56e0665cc13e324e225d2337cca016368d75
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:0d90794335e76a86f7e3f7d4192c46c1af0a6ce9fb56e1044400f4d4974f1f1e
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:502f9dfed85e0dda056301df20411ba4bede4ca6820cdf39ffd220fb7cedeed1
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:64b143debc81ceaf44e3344b561d77cd78ee73afd72158ebc155705c7b2855a8
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:515d6e58d5210395060715c130d1549940d70ced31167327ee825b1839b3fe65
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:83b764741f04ab951c89173daac5ee81c2aa456775ceaff0d1ec4eda4a3157aa
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:0670bc439a68c1ae77360c8040cbdf38537e582b43462fdb1bbb7fad49b0139c
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:51c80a5e72aa8e73c0ff6b76549a5149fa3ad40565243b27717062619159eb0d
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2ded6efa3cd287232354ddabe2b4da20c20179ceefe6c9409577d45c1b853447
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:17399611f2862dcb8ecf70cbe19e90cd1a5702e0f1ab4d08ab308ba14b44456d
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:3730484ba57f633c3b64ceee9e97131f642d3e1f479fe61e069a458f5d397777
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:22570a86c3686319dcd34f44423fa318e36390c6366e4d7f4f18facb98f9ba53
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:a3887025ab3fd690fc739b684e7b03c81e02bcd9522e05b8985ed7bc52cc1188
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:58663c56bfdb3fe9947a1a7be92c416ece11fe1708628340486a49af3f2c2181
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:7707dea5d2303810062adbafeaa788d0d7fa5ebc35260fcbe5619b9fb7355e65
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:4afdd0584b9270e72d2c56ec565be8d48f104ff1c7a3453ac518d33dc2276b20
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.12

Fluxheim 1.5.12 Release Notes

Fluxheim 1.5.12 starts the Fluxheim-native background task registry line.

This release is intentionally narrow. It moves Fluxheim-owned background work
behind a Fluxheim adapter while keeping Pingora only as the server registration
boundary for now.

What Changed

• Added src/background.rs with Fluxheim-owned shutdown and readiness wrappers
  for background tasks. Task implementations now see a Tokio watch-based
  shutdown handle and a one-shot readiness callback instead of Pingora
  background-service types.
• Moved cache runtime metrics, stale cache purging, ACME renewal, and the admin
  self-healing watchdog to FluxBackgroundTask.
• Moved load-balancer discovery and health refresh services through the shared
  background adapter while preserving readiness after the initial discovery
  update.
• Added regression coverage for shutdown wakeups, closed shutdown channels,
  readiness idempotence, and load-balancer readiness after the initial
  background update.
• Kept the release boundary clear: no HTTP proxy lifecycle rewrite, no stream
  listener migration, no cache interface rewrite, and no UDP/GSLB, WAF,
  VPN/firewall, or Wasm/iRules/Lua work in this tag.

Operational Notes

• Existing configuration remains compatible.
• Background shutdown behavior remains graceful and cancellation-aware.
• ACME background automation, cache purging, cache metrics, admin watchdog, and
  load-balancer refresh behavior should match 1.5.11 from an operator
  perspective.

Checksums And Signatures

• Commit: 7ff7cfad8423b255df62addaf30e38a86840fcd2
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • 752e8343c6a10f0dd41c9efe32b9bf1d3b1ec7f09dd216ad0cf61dd0991a323c fluxheim-1.5.12.tar.gz
  • 41826cfc9ed548b5093dd33e2d0307f04b49727e4da12211c981faba6d407dd7 fluxheim-1.5.12.zip
• Binary checksums:
  • x86_64:
    • dcde4d5d6d2a4553c271135955b58bf0d7dd84103a091a773675b52ec564680e fluxheim-1.5.12-full-x86_64-linux.tar.gz
    • dd6199e1007d1f24e9a092929c06daef6f378ed7bb33a7ef0bf326eb087fbba4 fluxheim-1.5.12-cache-x86_64-linux.tar.gz
    • 5e52ddc47cfb76d2cc632b74dbf1ed422a2c483359e7ad6feccd9624edbca3c7 fluxheim-1.5.12-proxy-x86_64-linux.tar.gz
    • 9743cad95e70d3e525c3632a4a73c71115de5d5d1420a5c747d21e962bf90e0f fluxheim-1.5.12-php-x86_64-linux.tar.gz
    • c50420c7a7cd0a94b53e3187c07ff1a08246fac40d09a72a2b4e16883741bf90 fluxheim-1.5.12-load-balancer-x86_64-linux.tar.gz
    • a3aed416d9acaa64c5df85e365cdbb9c75dc0abd49d41029186f3ff4032dabaf fluxheim-1.5.12-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • a51635db0881e46367b6afcee4f061493fa722835745fbd3c4033b71e12481d5 fluxheim-1.5.12-full-aarch64-linux.tar.gz
    • 724ba7d6b74c37236becffb60b88a9cf4c31b1be09968bc79150bbdf10c511b6 fluxheim-1.5.12-cache-aarch64-linux.tar.gz
    • c473f0c639bbeec76a02b27d0c181553bc9f67d6054901c0b63e8872cc75c9bc fluxheim-1.5.12-proxy-aarch64-linux.tar.gz
    • fbb5d9e65aa3f57505ee30b5785329da24164ac35a27fa9229dbdf8d92adec9a fluxheim-1.5.12-php-aarch64-linux.tar.gz
    • 9e9d7fbe46188af9b3f8285f8ac47e0f1c487a84064bccd040097418d9c7d9ac fluxheim-1.5.12-load-balancer-aarch64-linux.tar.gz
    • e22683a576604114ab03a62c01ad35ff761c65e6caf5187ffad07ea942543db3 fluxheim-1.5.12-config-tester-aarch64-linux.tar.gz
  • macos:
    • cac15d20ff378fd0e72d98eedfd3f7a185ad9e8e0b4d9428db3edba15af40a12 fluxheim-1.5.12-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • fluxheim.spdx.json
  • fluxheim.cyclonedx.json
• Reproducible build:
  • 98f59f9af39d071d02e98576b7eaa216c19bab0f9a2152d03798b8b3e38b620a x86_64
  • 69644c2c08b8513aa5dd06cccf206a1fc6b4f95e77837f42c1cacb68ec28277b aarch64
  • 065ac73feb474588bfa892af7493cbc56b203c6b0a459314e50cdb587be89883 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:c8c23efcb3c40d8efc409f0715d0c071c6be015b3f69b883a6798844cd22426d
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:32dd45ffaa71918d4bd0a0c6f938174e2435255f3602ad19d959473a93e02040
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1257d2db5026d248b9476137caa13e9b2b54d50577635eee441d7aa07d54059f
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:301c7310402305387f13a6d96f8f8fbdee69a17ba52c4837f61b460bfc950038
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:d2c424312032ab0bb3ae0ec51fd0db9ec2acb3067c29b4ef59c11485eb022583
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:cf1a46d3d6427d571112d875db33fd497231e5a879e6d3183a646d162db42c3e
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:5f54bd2f37ab4932863f97892adb4671d474f50f2bf5a2a5647fb2738df29367
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:775757cae27f5cf3e92373db430d9341943add9d1de051d2e8593994c7cc521a
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:c43e62979bb34be857e613d8be1e8c9fa43c8bfa64c310076ebd2372f508dcb6
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:3805674054b4b18f48bbcdddaf4f7993ae0e4ac4fdcbdd2d909273b83ae7c633
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1e17e5dad339b65a1343c98279528f684916cd1cb704a067d24a42259cb8a526
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:7c4bf2ce4f632f43138eebd46d7b77356e2e93dc956a6536aa400fab56216a60
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:321791f6f2b3f3eef94e3a0718749906b5e2d507e3c9c2a389eb8eca0c27cb30
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:56408e1f14d02cb7b27f79583843bf3bd0e5317c206c77cb2778b21c46a9950e
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2d0b84cc4e4c58eeb71a5fb6f6030911142d39c3b8a85c3499190de71ed83800
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:00d807177204df07e49caea07259e30690ff051cb5f50197c831e91f816f9f94
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:604db7f86e55ffc54a392f88676c5fc37b007424c7e1351597d16ec3f1092cdc
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:016712339edbbfe789768701c73e77a81257afad85df4763c2e4acdadb000aa7
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:7fa6344f0758ee63e748bd2f82068843478006e33b07cf404a416eaa3f71e213
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:79a4699c1d96ed8fcc56363c6ab71e42dc634aa291c40ffb5d1186ede3803ff7
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.11

Fluxheim 1.5.11 Release Notes

Fluxheim 1.5.11 starts the service-discovery and control-plane integration
line.

Planned Scope

• Add one or more bounded discovery adapters such as Kubernetes, Consul, or
  xDS after local DNS/file discovery and runtime backend mutation are stable.
• Keep discovery changes inside clear authentication/trust boundaries, churn
  limits, safe fallback behavior, status visibility, audit/metrics events, and
  reload behavior.
• Do not add UDP/GSLB, WAF, VPN/firewall appliance behavior, or
  Wasm/iRules/Lua scripting in this release.

Changed

• Updated Fluxheim and the vendored pingora-core metrics dependency from
  Prometheus 0.13 to Prometheus 0.14.
• Moved the transitive protobuf dependency from vulnerable 2.x to protobuf
  3.7.2 through the Prometheus update.
• Removed the obsolete RUSTSEC-2024-0437 suppression from cargo audit,
  cargo deny, and release metadata validation.
• Kept Pingora pinned at =0.8.0 so normal dependency refreshes cannot bypass
  Fluxheim's patched vendored Pingora core.
• Hardened downstream HTTP/2 defaults against the HTTP/2 Bomb class by capping
  decoded request header lists at 64 KiB per stream, capping remotely initiated
  concurrent streams at 32 per connection, and defaulting downstream write
  timeout to 30 seconds.
• Added bounded pull-based HTTP upstream discovery for load-balancer pools using
  proxy.upstreams_http_url, optional bearer-token authentication, 64 KiB
  response limits, 2-64 unique authority validation, and 1-300 second refresh
  intervals.
• Added discovery runtime status to load-balancer admin and ops-socket output:
  mode, refresh enablement, update frequency, success/failure counters, last
  success/failure timestamps, and a bounded last-error field.
• Added bounded load-balancer metric events for background discovery refresh
  success and failure, labeled with the existing vhost/route pool identity.
• Hardened reload classification for load-balancer services so static pool
  membership, route-local pools, file/DNS/HTTP discovery sources, refresh
  intervals, and HTTP discovery bearer-token files require the process-upgrade
  path instead of a live snapshot reload.
• Hardened HTTP discovery fetches by advertising Accept: application/json and
  Cache-Control: no-store, rejecting non-JSON Content-Type values when
  present, and rejecting empty or whitespace-bearing bearer-token files before
  constructing the Authorization header.
• Added examples/load-balancer-http-discovery.toml as a minimal
  control-plane-backed load-balancer example.
• Refreshed load-balancer migration boundary documentation so runtime
  add/remove/update behavior, local runtime-state persistence, and HTTP
  discovery limits match the current 1.5.x implementation.
• Hardened HTTP discovery bearer-token handling by zeroizing Fluxheim's
  formatted Authorization header copy after request construction, and checked
  the discovered-upstream cap before allocating the rejected entry.

Checksums And Signatures

• Commit: aa417b684a5d1c833c8f01ea982c3b9718128463
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • 3a44841bc833dea32122f2cccaf983d0d9ed42afb4cf9aaaeba767bf84563b86 fluxheim-1.5.11.tar.gz
  • 52ff8f1ab73c9e57196717e934f902ca7c81e7c233bfa66800db35d203cb6451 fluxheim-1.5.11.zip
• Binary checksums:
  • x86_64:
    • c47e3e7258b6bf1dbba2fb813f6bf979a7d59d2efee24d98b676358eb001386a fluxheim-1.5.11-full-x86_64-linux.tar.gz
    • 5a9ad6c646f51e80aa379b2df9f7bc3a213fc4232cc318fd2a70dbd57bcd183a fluxheim-1.5.11-cache-x86_64-linux.tar.gz
    • 35c8eca2b2739f3bae112793038d5c394f4fcb9b972d8e2e7f8ae0ae58e637c4 fluxheim-1.5.11-proxy-x86_64-linux.tar.gz
    • 15f5428333868b0c740fd4e657281bbb8bd235d9ed0489ebdff911421b67d183 fluxheim-1.5.11-php-x86_64-linux.tar.gz
    • c6e58510eba28768d450460a5919917881e6cfbbd2be77613488728bf01006d2 fluxheim-1.5.11-load-balancer-x86_64-linux.tar.gz
    • 36186de8ea1664e04fc614bb960e92ab2903cc32cf8e89f10737e094f98b3d3b fluxheim-1.5.11-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 22808d817ef75aab2e2f03f13efffb276ea8c8bb7552bd12fac3a55de823d142 fluxheim-1.5.11-full-aarch64-linux.tar.gz
    • 61b0d0b1a49f137963571da23beeb3a87d705018cf6e0461c223d048bdb402cd fluxheim-1.5.11-cache-aarch64-linux.tar.gz
    • 88741ba733b9bc1af31dc25ebf1af67525c47b01a0cde47bcabd339823cc21e3 fluxheim-1.5.11-proxy-aarch64-linux.tar.gz
    • b7bf40f010c8991cd4f2acbb1dfc5266fca20e50c5fc82c740f78159546aca24 fluxheim-1.5.11-php-aarch64-linux.tar.gz
    • 97ad65731ed34323bc736ec944bf50b57f2608685021e314a1ccacba537422f0 fluxheim-1.5.11-load-balancer-aarch64-linux.tar.gz
    • 126c4af7d07cdd153205ca8c9fa5cea88d91dc645020b206994dceb178cded7e fluxheim-1.5.11-config-tester-aarch64-linux.tar.gz
  • macos:
    • fdf06934d133d341cea9a74582457ac701bd508c32d2b4be43fecfce59e4b7a7 fluxheim-1.5.11-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • fluxheim.spdx.json
  • fluxheim.cyclonedx.json
• Reproducible build:
  • 608123b9917d12e59298e2a9c4d5d8341378769bf6f0fe26f0fe68eb3ee79ffa x86_64
  • c15552a51143e8e326461b9023362d23875381ae3e7a80d202c3fbec62302cc2 aarch64
  • 4d700dd4afe20359912c8cc29e1278ee631726bcee83f8852869c5f8c604b598 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:c61639e3af479dd37b66c23be7977e39134b427839a46d2b1f35374948de5c20
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:26497d4990a91c346df035ad37cd00b2c5e73d5b7419a6c7aadef300058a87db
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:62184ea6973648088e9f6a1b13d1f25733b381eb26a887e60b393aff3f81d9a3
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:2c30ecb4c031f5a5b2de66870ebf88eef96a1cd41dfa26c8ead633df18bb6ba2
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1f1d8aaae244beb2b7e0000d77522573e57cff397439f9494581c383f166f99c
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4863f5fd65a5c6cc956de785548264d7de5401ea3e6bc72fbd3594b0d16b7f15
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:c68d26c1c17888beefdf4e2ba9023ec59965390f81ff3f030e711e905e2ab6e6
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:410507f58e19aca9c43552388b25987382cc446b975da3291bb0cd00d2bce1e2
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1b1b832264cb9e83dc320d01778181db8d9318602a77dff22d4e3aaa1c762276
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:0574a7775bebbfb70b9a71b8302f6666c623ce1178c21fc549155aa6fe1e4e0b
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:9f4e006a5fbe3fea953bb76dae172758ae5a73e3fdbb3458fba115ea7865de58
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:952d2a8dc20afecffb46853a8feac3561dfa68a9d4565efbaa1ac5c2a1f7009f
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:5fda32912ddba305d1703d1c790cf5a50e12a40cf117be23d0a855a08e2c9b1d
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:91ed8ca471838f9ccf1d455af1b7e83b7c6ccc0ecb55fbadb13ac798046cd8b8
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:3305e43cfb3d27901ea7ae05b1b6d43cfeadcaf14ff72025c8c9ea16898cda71
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:0a764f3fbf5f283c1602d52d6daa8c05e3b0b724bf0d49fc4065202b5f139644
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:5713b42a72a1868137c0384a8c4d4890f47307fc811e3915affc2f001336fe37
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:6a12b2ad48ee12309950cbcb7eff243a3b2c18e2ca1d4a2c2d7573b12dc5a8ec
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:952bca2ee51f9c0658a8e7fd0c9eb6d4df0912af328fc0e9d2bf84c73c5a4c14
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:81539743ce440cbbb01f79dcc1fbd38a63c6100e449f134b733537f9a6b54ba8
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.10

Fluxheim 1.5.10 Release Notes

Fluxheim 1.5.10 starts the runtime backend-set mutation line.

Planned Scope

• Authenticated add, remove, and update operations for configured
  load-balancer pool members.
• Atomic backend-set swaps so runtime pool changes publish as one coherent
  backend/readiness snapshot.
• Validation, audit events, status and metrics visibility, drain behavior, and
  clear selector limitations for hash, ring, Maglev, and power-of-two policies.

Added

• Authenticated admin endpoints for static load-balancer pools:
  POST /_fluxheim/load-balancer/member-add,
  POST /_fluxheim/load-balancer/member-remove, and
  POST /_fluxheim/load-balancer/member-update.
• Fluxheim-owned runtime backend-set mutation primitives that publish backend
  and readiness state together as one atomic snapshot.
• Conservative removal behavior: members with active in-flight requests must be
  drained before they can be removed or retargeted to a new address.
• Explicit selector/discovery limits: runtime backend-set mutation is rejected
  for DNS/file-discovery pools and for Maglev selectors in this release.
• Privacy-mode mutation responses, logs, and metrics avoid raw backend member
  addresses; they use configured aliases when available and redacted for
  response/log member fields otherwise.
• Explicit remove and address-retarget operations clear stale per-backend
  runtime overrides and passive-health state for the old backend key.
• Retargeted backend addresses start with fresh readiness state rather than
  inheriting health-check state from the previous address.
• Runtime backend-set mutations enforce the "at least one backend remains"
  invariant under the mutation lock, cap runtime backend sets at 256 members,
  save runtime state through the background save path, and warn if a narrow
  post-check race leaves a request completing against a removed or retargeted
  address.

Notes

Backend-set additions, removals, and configured-weight updates are in-memory
control-plane actions and return "persistent": false. The local
proxy.load_balance.runtime_state_file currently persists runtime member-state
overrides, runtime weight overrides, and local persistence tables, not mutated
backend membership.

Runtime-added or retargeted members carry address and configured weight only.
Aliases, tags, backup membership, priority groups, locality metadata, and
per-upstream caps remain static-config fields and need a reload.

Mutation response member fields use the resolved backend address consistently;
configured aliases remain available through the separate alias field when
present.

Checksums And Signatures

• Commit: 3e435070b674b1ea6e9bffea5fed75b7ecff5afd
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • ea66d1bf994d404b082a3e9ca475922fa6549f8dbf2d23d8828cd1a6ed4d5668 fluxheim-1.5.10.tar.gz
  • 05748cf3ee8c131ec2e9d0334a4887686d02accce1e9c62c5b3d8b96aa8f649e fluxheim-1.5.10.zip
• Binary checksums:
  • x86_64:
    • 2bfb3542d5c15fa74cf6c58a15d2392d09a005a51ac0f74521b501432d001c8e fluxheim-1.5.10-full-x86_64-linux.tar.gz
    • 70bcc418d75f7b14eba0473a6243962765d28fe343d6de87b2fc7e87ea06073a fluxheim-1.5.10-cache-x86_64-linux.tar.gz
    • c25624277ac3f6d2358d3158c307adc6b4b8b5a88249b3009ec9375ce8ecd57d fluxheim-1.5.10-proxy-x86_64-linux.tar.gz
    • a0bfe7e289aaa1a993bc63337338bd120c31df0350e92f96b6dd28e73740b9fc fluxheim-1.5.10-php-x86_64-linux.tar.gz
    • a4252cd55e739ba50d0f721fbe1a2e2028257b967718c88f2c6cbd7795d2882c fluxheim-1.5.10-load-balancer-x86_64-linux.tar.gz
    • b55334921bfc480a80e649fb0b83b1a151d01150de2ddc4d30fbb239266daef4 fluxheim-1.5.10-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 13f06ca6b6bdd1db8c2590a40c2f54ec408819185723ffe0ae5d9af8c54a1b2d fluxheim-1.5.10-full-aarch64-linux.tar.gz
    • 504ed4de5226a7bb4aafc770791ba543e70806cd8538b0e6559eb5bc9ec637cd fluxheim-1.5.10-cache-aarch64-linux.tar.gz
    • 600b93116aa3e7aab6f4a7952ea11a5482ce8584c4fad9f40008f9395312ea61 fluxheim-1.5.10-proxy-aarch64-linux.tar.gz
    • a6733bc0d9ecd56c32c2e28c61f7747b469875f93ef8aac85ba43c2d1cd8c415 fluxheim-1.5.10-php-aarch64-linux.tar.gz
    • 05bf499bf0d2573d83ec985d512b7293a60a729c1a1534738ebc73e6ea04a069 fluxheim-1.5.10-load-balancer-aarch64-linux.tar.gz
    • 78aba2c26b6d9260fbb21e532d2fe8c28d24c306c97d653a8e48aaff7dcb22ad fluxheim-1.5.10-config-tester-aarch64-linux.tar.gz
  • macos:
    • 6991616ed2fb4626f8c11cef276d8d5cf59a2478b43a4174ace3ddcb07549875 fluxheim-1.5.10-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • fe21dfa887d9c0286185f860d466593a635b9b8ad75edcc7bda52895e8ba4f8b fluxheim.spdx.json
  • 0aed823784f2259d7058a531f7377c37708e88bec85cc09c3adaa1696eade16c fluxheim.cyclonedx.json
• Reproducible build:
  • b6ac4fd371d58838f1d3f1e240b4732a2583f495dcc16c0d95f17a70a8b2ca4d x86_64
  • 5dd408d4ddb8d38f9dcff6b139e626f53f2acc9871c554a7d5db6689f47227cc aarch64
  • d59c56f0591ee001a584f883a01b131b258b74f08857d4837a34b640802d1cfb macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:08801f7b13826f1c426a60f8d8811d0fde4cdef703133243c8dffa9e14b698fe
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:3bacc996fe6fd0921c0487ba2792703418d2b010bfa027379cff56bcff75abab
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:3bc86a9ab60327823f7b9cfc609fa85f79124ba2bd1bd025fd9dc723bf8624df
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:4a9a4374ac03fd93e602d7343dc13bd3ce4319e43d200a20bfa5bdf3b089a15c
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2a66eb1bdce23155b60ab25e39968aea5e323b9617348e6ce4da70f527a85aa7
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:8afa549036066962199eb5a07b4ff294f899c3e6fc8fa291b181496763d75216
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4489c7483af22e557a5e58d2b4d79ff6d13182cc612c041c7a8ebaf470b9279d
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:21701f9fa92531c077b80f1f5f22b488065a70eed7ca1d6a930ab43e9738c7f5
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:486f8abf5702bf2877f5599c1aff43a12f3fc2045f451487f04cab1b5fd1a39a
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:596152de82b3b901e3d84613d6da717e34d0dee09e796d9d4adfbb5f69fc3b29
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:26f552055fd81a15223e42df6340a45adbf10540788d73ebcb216dfa9fc088e4
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:71903c338a784cc0a492f6b56b85fc5aae4243c56c84ddae116b7b87a9ac6f9f
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:379629b4fe7b027825987f7e5ffc48c4b7935d1c6dcaabfb21ec8172d6311699
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:2e0df00111d70ab75be51f4e2d035239b880d5740070ebf33ed76dd5ae486e35
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:385248c4779cea754d5f9cbc86d5580439e0d14ccebea124de39feabc84e7c7a
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:250d7fcf5413a31687d5a92ca67e56572c2101ed2625839ed4caa06d32e18f1a
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:6fe748bd9767e2ef10a02a1f1cc51af81d5617d403b8611d120ea18c021cdb86
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:7aa8bc36101ac522dbd71758cb074813c60f21e35247d2f7c28fedef4895e0a9
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:453a1c1321b02f48a59a7c277ed2a48073d0bf34ef01337421a795d9b7d4345f
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:4b28b74ee9e6221791233d98e85f16e4128e5bb5a5376467508afc54865aa3af
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.9

Fluxheim 1.5.9 Release Notes

Fluxheim 1.5.9 starts the restart-persistent load-balancer state line.

Planned Scope

• Versioned local state files for selected runtime load-balancer member
  overrides.
• Size-limited, bounded persistence table snapshots for local affinity state.
• Atomic writes with safe filesystem handling and auditable load/save events.
• Fail-closed recovery semantics: corrupt, oversized, or incompatible state is
  ignored and rebuilt instead of poisoning a runtime pool.

Added

• A versioned load-balancer runtime state snapshot API for runtime member
  overrides and local persistence tables.
• Restore validation for snapshot version, entry limits, duplicate keys,
  persistent runtime states, runtime weights, persistence key sizes, TTLs, and
  live backend membership before current runtime state is replaced.
• Optional proxy.load_balance.runtime_state_file local restart persistence.
  Fluxheim loads the file best-effort at pool construction and writes it
  atomically after runtime member-state, runtime weight, persistence-table, and
  persistence-clear changes.
• Admin mutation responses now report persistent: true when the target pool
  has a runtime state file configured, and persistent: false for in-memory
  pools.

Hardened

• Persistence-table state-file writes from request selection now run on the
  blocking worker pool instead of performing synchronous fsync work on an async
  executor thread.
• Runtime state file writes now set Unix permissions on the already-open file
  descriptor and remove temporary files when a write, sync, rename, or directory
  sync fails.
• Runtime state restore now validates policy overrides and persistence entries
  before committing either half, preventing partial restore of a mixed-validity
  state file.
• Documentation and startup warnings now call out that raw header and
  cookie persistence modes write client affinity identifiers to
  proxy.load_balance.runtime_state_file; use managed-cookie or encrypted,
  access-restricted storage for session-bearing identifiers.

Checksums And Signatures

• Commit: e892be1d55e12115b10ec55ee371fc69a6e34aa4
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • f9c94b8c462fb9e55fcc818cdb881224d263214d5d2b66bd816b93e21f2cb1cc fluxheim-1.5.9.tar.gz
  • f66713575fd88683a8f3486ded6beba3245550912f4eb49033bc6b55f96b65c2 fluxheim-1.5.9.zip
• Binary checksums:
  • x86_64:
    • 76bdb3730cf97cdc3f55a2515de6893ccc6adc03e243bc1c7c99dbd5f9e52bf5 fluxheim-1.5.9-full-x86_64-linux.tar.gz
    • 19ce0c8ce4f1d308a891529713090ff484492083fb1391c5e1cb0275909f22a7 fluxheim-1.5.9-cache-x86_64-linux.tar.gz
    • d73a4add8fd83688677b5fe98829b15989dc3213ed9aa57d35768381fdee6f88 fluxheim-1.5.9-proxy-x86_64-linux.tar.gz
    • 8fc97216f88b0f331325962319b50d2eaf9d8044d5bfcb73c9af766de56f83f9 fluxheim-1.5.9-php-x86_64-linux.tar.gz
    • ac9624f4b54e63983d09a1587bb15ff445ac6f47399c3857920e444ef5e818d8 fluxheim-1.5.9-load-balancer-x86_64-linux.tar.gz
    • e35024b41e02ecda27dd8102e013809b57b3bbbc8bbf5876ffe1ac7a95173c85 fluxheim-1.5.9-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 41431a38f5fedcdd13005a5204b2e7bd59eafeba14c69ec8ab9eb161145e9ddc fluxheim-1.5.9-full-aarch64-linux.tar.gz
    • de9589e7df7e923638ff58876f11e66301a3517083e28537b621e70960df54a8 fluxheim-1.5.9-cache-aarch64-linux.tar.gz
    • 94dfb2a448cd99ad2c958f35d9c9b0ef4aeb0bfeaeb521fcb3889125fe5756a1 fluxheim-1.5.9-proxy-aarch64-linux.tar.gz
    • c47a285be8a870b52d3eb021ec7569526911d44eec6315bbcbe0dcfa875b6964 fluxheim-1.5.9-php-aarch64-linux.tar.gz
    • 50c8932ef1d6100c060241e9ec5be43ae5bebc702591b2d5efd395de8a6fc461 fluxheim-1.5.9-load-balancer-aarch64-linux.tar.gz
    • b064715067e4f0ed7c2617aa6c221820cdbade8bc57c22bc80783b1dff0b6ee9 fluxheim-1.5.9-config-tester-aarch64-linux.tar.gz
  • macos:
    • fc36e9e83913b125b0c195075e2fe0dac7aad58b705186bed8e8c49078b7bdd8 fluxheim-1.5.9-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • 9b4ca3e9776810c0e2643dbee93e4c18d10bc089eb97e26ab9afd2de9e55ea27 fluxheim.spdx.json
  • 1d4fc5911a9e914431ede56331df7d9abd2ee5a0d834f9225a1b0babb03e57b8 fluxheim.cyclonedx.json
• Reproducible build:
  • 60b6efab61ff17735746c470649d2e26ffda37b46c2ebe40d4dac31a0755a65c x86_64
  • 0b497ef42545e036c154d403372403b9f6c1641e3a334c80839f89e759fbf8ca aarch64
  • 3f550d7e9034b72d15b2a058f721fc1c894d848317c70447efd8bdb16ff45305 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:5aa8cfc6775eac6bbc19360c16cc361cc98dc6fd68f37ef1532700406a3df17f
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:71db6afb59d4dcb6e84010bb929c8b0ae22fe1f1fa531219183530c7c62a098f
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:38c05e12ac5d22f6384fb61add58caff65309e10cb5f251c06914e4a974adef5
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:12860906b205310aac02625cff182de08632ad02797252f6f584cb3ba30910fa
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:11b2bcc4851137ab878cfa4b2c132e4512870148cd986e301f27986115c0c832
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:489a1b7d1c9a177b724c501bc6e48ab2ca260b80d621fa2bfbae1028be2d601e
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:3cc53ce2666e21651b3620bac29a7d26632961fab824ab1bfbfa9410a43d735b
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:36c7c27836255400131edfa1b3f77582d03ce99e497440b06924f9bba2d82640
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:b58a7a77a04505473d4a69c8999fc0a19980ab49a99de2e91960272e0b7bcf03
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:aacc1dfb89d81d00bc11c2d2fb99f56dcc41e115d320d164441a6a7181ed3c24
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:381d9c6c2822c880fd2172405cb8c802038213545f0067104614046be93e71aa
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:45503dfec9bb320f06371234f3cb45c04ba75bef9a8b563ae712a3a64a87ec8b
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:13344eda869ad9ebe42b5abbf7c6749527bde721bab572974cd78071946bdef5
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:2d81abd1af4e5aebcc0a6aee2a0e4985fe7fd404c407de37a520201a4ed304ae
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:ae09a09485664f5104ff27d91d6672ad67bec4c3414b3b9ecddfae77ac6ba987
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:42f2b6b444bd139c0e851f5663de251d9b5a29128f55658ecc10954c25cb24ed
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:2dbca30646c1ce748e51bd83dd2a40102e388f27e2f72612239efdd7cf1317ea
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:d076fe9895dc10cddfdd32f2dc2bdc21e00faca77410cce2004c720f98132edf
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:4eeaa73384a81827bce899360a859ce887ce178db8c6f82c9b4c0aafff57f23c
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:2b11c3a58b5b27bde404cae2bcc11b8ec740b7843383fc61aeae70be70ca9587
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.8

Fluxheim 1.5.8 Release Notes

Fluxheim 1.5.8 expands active health checks for production load-balanced pools:
custom request headers, standard gRPC health checks, exact JSON scalar body
checks, and health-derived degraded weights.

Added

• HTTP and gRPC active health checks can now send configured request headers:

[proxy.load_balance.health_check]
protocol = "http"
path = "/healthz"

[[proxy.load_balance.health_check.request_headers]]
name = "Authorization"
  value = "Bearer health-check-token"

• protocol = "grpc" runs the standard gRPC Health Checking Protocol over
  HTTP/2. grpc_service = "package.Service" optionally checks a specific
  service name.
• expected_body_json validates exact scalar JSON health fields with bounded
  dot-separated object paths.
• X-Health-Weight: N on a successful HTTP or gRPC health response lowers the
  backend's effective selection weight to N percent while it remains healthy.
  100 or an absent header clears the health-derived override. The new
  health_weight_min_percent floor defaults to 25.

Security And Bounds

• request_headers is valid only for HTTP and gRPC health checks.
• At most 16 request headers may be configured.
• Header values are capped at 1024 bytes.
• Duplicate header names are rejected case-insensitively.
• Host is reserved for the existing host setting.
• Hop-by-hop and proxy-control headers such as Connection,
  Transfer-Encoding, Upgrade, and proxy auth headers are rejected.
• Header values are not emitted in load-balancer metrics labels or runtime
  status output, and serialized config views redact configured request-header
  values.
• gRPC health checks use fixed standard request/response semantics and reject
  conflicting HTTP status/header/body matcher config.
• JSON health matchers are exact scalar checks only; no JSONPath, arrays,
  expressions, regexes, or scripts are evaluated.
• Health-derived weights are bounded to 1..=100, stored separately from
  configured/admin runtime weights, clamped by health_weight_min_percent,
  pruned with backend state, logged when the bounded map is full, and exposed
  in status as health_weight_percent.
• Load-balancer selection and runtime status now evaluate backend membership
  and readiness from one loaded backend/health snapshot per operation.

Checksums And Signatures

• Commit: 99a38c3b6adac592c5b7bdafca33a5fd63e4b53d
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • 17eb9340ed6cde269437faa8e40c7b9f934f6679e5835d7c80486e83e711b9a3 fluxheim-1.5.8.tar.gz
  • d1c2db97102f71e69d4bf5de768b8c6c9efd4875a0d04b4d261496a8a7fffbfb fluxheim-1.5.8.zip
• Binary checksums:
  • x86_64:
    • 184e2a34171377c7a038e3a3f92e7beff079b3949d32cd3f4ca033d9d23627f6 fluxheim-1.5.8-full-x86_64-linux.tar.gz
    • 62f7f9658507ca096361a0bbbab716c87ebb238ec5c5f8fc61b6369806a3392d fluxheim-1.5.8-cache-x86_64-linux.tar.gz
    • 855a35401802d0eca3eb96f60dd06088dd34b148cf69246cb7ebe07294fc74ac fluxheim-1.5.8-proxy-x86_64-linux.tar.gz
    • e0fa78c8f47888324e78101c6e20c50991b9cc8323a14cb6700e43bd92bd279f fluxheim-1.5.8-php-x86_64-linux.tar.gz
    • 7c0e229fdbc53fa46457fc34d27549d242219d16882ce16977324c70be720e8c fluxheim-1.5.8-load-balancer-x86_64-linux.tar.gz
    • 8dd8defc4e85b6ca93f8d8e086d70d9433c68a16f8848c88d0e04f0cf57efc21 fluxheim-1.5.8-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • 82d16f553805800de6d3798927cd48624fc10c5f36f3a6a5f368cf22f7f8f377 fluxheim-1.5.8-full-aarch64-linux.tar.gz
    • b9bbf946fed5b4c49876a756ba0abc0445131847a606a454ab6f80941c81b300 fluxheim-1.5.8-cache-aarch64-linux.tar.gz
    • d787833377e0df809f8b2a501179cb2fdd0a3a9879c91fa50fd0221d7e6e1a8c fluxheim-1.5.8-proxy-aarch64-linux.tar.gz
    • 612deb3cba664b444eaa8ef334265bf449909c4549b21bc595843aaf830ebdb1 fluxheim-1.5.8-php-aarch64-linux.tar.gz
    • 11ee9f7fb9d6533c8446124921b8583841b384eec1ce781832e257130bf81356 fluxheim-1.5.8-load-balancer-aarch64-linux.tar.gz
    • a54027a08a54cd38e773777d431efac07fe62386424b38889b5b15d35c0c7212 fluxheim-1.5.8-config-tester-aarch64-linux.tar.gz
  • macos:
    • 7966c1f32ba58ba43d9df479effe5985ae87a9617c6e6ab461aa78bcd951f33a fluxheim-1.5.8-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • a67a4f166f324d5dd6a891beddd1834fd0d11ef47b4420162416a23d6fa2c634 fluxheim.spdx.json
  • 4d4da186da9e2b8b859df0c10b67333b6a235df92f13e3b7a0a2a0fc07b7a298 fluxheim.cyclonedx.json
• Reproducible build:
  • 4153b50b73d04683748e32b1dadb379234eb5e4fafeea23cfae70257d42b5ded x86_64
  • 4cc5065da32ec904ff51889dec4d67f3ee48cf82bafa39c3f93cffe9630f9c2a aarch64
  • 695f7f870302f4291a19f142f9f16338c18e420e5ac26c18aa645e1d89dd9343 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:acd4d7fe4e409f3645e6cdb76478e21acb0170bc9e2cbd08961b9432402fe982
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:406a3a79f9f97022f283e11eafd6f2c587b88c25a94d554b1d221534a2f4bb8c
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:1c28e5fdf55e6af5bbd3fbec6f4eddbe07ef18831e8058fef161cd9b0dd8c6a1
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:a64f5d05f392376c6b04b5d73e539df779620acf9faa53110351f7ef58f553fb
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:20e5e38666af88798d9eda97bb518dd437785fc398b212969dc72b220cec1c66
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:734b548bf13162cc74c80fdafa8716592c7def96b4140a688b5b360444a7a204
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:55e71307855fab0b06c2fe038acb3ee34195829a10520fb2b788983ca2fd7cc9
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:1ca54500e4c0230d0b33ba2d86dc76c2ff439eaecc688fdfa0a5ef36a0a8a159
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0a4af33ae4bd3bcde6e82c2e7219359945b004a1e4ba92b6983076a23a2ab046
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:e122a3085f6b7f3fbc2b561c2716acae37a0f1495825f4fb5f0f50941275a041
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:70bcfbc22f45a71ef533554d063ece190c34d8f32037e6600625d16a9f52a27e
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:14576648ea8453ef48c1da2d04d21f212a55c91773d240654254a9a8a43ec404
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:0299ab83de498021308e65dc7f8240bdd96de4ac550f1331c0d084abf2044ec1
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:a863baebadd5f3ed407ec157cad1ef2439c733ba95137e6e73fba31b8316893c
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:23ededa6d216c4b0070a829c6dbaf86c8032033a57c3452df447ec8c01e0593d
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:628943b679773ec4e515f79ab1491aced982b4abbf253f4f3c41c9e88bc513d6
• Load Balancer Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:026e1b6496619e3d7b4cd662b06e0eaf7a949c0fc1a9e29019c904a5461e3499
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:686411309781cbb4c2376b676f69bd5f7bb53ed98fcf0803b4ae4e3561ab702d
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:0ffe7fa1125be390a0561873db07b5e368aa27f1ede03880b0d2e6e87906b6eb
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:0bf62bdab3b24baaeca3c3bb013d536685e909b6b5942fbb6198df9800fe3267
• Tag signature:
  • Good "git" signature for 1921261+eldryoth@users.noreply.github.com with ED25519 key SHA256:EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4

Fluxheim 1.5.7

Fluxheim 1.5.7 Release Notes

Fluxheim 1.5.7 starts the Fluxheim-native load-balancer core line. The goal is
to replace pingora-load-balancing as Fluxheim's load-balancer substrate while
preserving the current proxy/load-balancer configuration, admin API, status
shape, metrics, privacy-mode behavior, managed-cookie behavior, and selection
results as far as possible.

Changed

• Add a Fluxheim-owned backend/backend-set model for load-balancer upstream
  construction.
• Route static upstream pools, file-refreshed upstream discovery, and
  DNS-refreshed upstream discovery through the Fluxheim backend model.
• Move backend keying, passive health, slow start, connection counters,
  latency scoring, and backend policy evaluation onto a Fluxheim-owned backend
  identity abstraction.
• Build Maglev lookup tables from Fluxheim backend identities so Maglev
  construction no longer depends on Pingora's concrete backend type.
• Move file-refreshed and DNS-refreshed backend discovery behind a
  Fluxheim-owned discovery trait.
• Route runtime backend stats, bounded-load weight accounting, and disabled
  upstream parsing through the Fluxheim backend identity/adapter layer.
• Move slow-start state regression coverage onto Fluxheim backend identities,
  keeping Pingora backend construction only in runtime-selection tests.
• Replace Pingora's FNV weighted-hash selector for source, URI, header, and
  cookie hash modes with Fluxheim-owned weighted-first FNV selection over the
  current backend container.
• Seed Fluxheim-owned FNV and consistent-hash selectors with per-boot routing
  secrets so clients cannot precompute keys that target a chosen backend.
• Replace Pingora's random selector dependency for power-of-two choices with a
  Fluxheim-owned weighted random first pick and unique backend fallback scan.
• Replace Pingora's consistent-hash selector dependency with Fluxheim-owned
  rendezvous candidate ordering for consistent and bounded-load consistent
  hash modes. Dynamic file/DNS discovery remains supported through the
  Fluxheim runtime backend container. This is a valid consistent-hash
  algorithm change and can remap existing consistent-hash affinity keys once
  during the 1.5.7 upgrade.
• Collapse load-balancer factory, stats, and priority-check helpers onto a
  concrete readiness container now that Fluxheim owns all shipped selection
  algorithms.
• Centralize runtime backend container operations behind Fluxheim-owned
  adapter helpers so readiness checks, backend enumeration, and health-check
  metadata have one migration boundary.
• Route static upstream pools through the same Fluxheim-owned discovery
  adapter as file-refreshed and DNS-refreshed pools, removing Pingora's static
  discovery wrapper from load-balancer construction.
• Replace Pingora's generic GenBackgroundService wrapper for load-balancer
  pools with a Fluxheim-owned ServiceWithDependents implementation while
  preserving the current update and health-check loop.
• Introduce a Fluxheim backend-container trait so selector and runtime-stat
  code depend on Fluxheim's backend/readiness interface instead of the concrete
  Pingora container type.
• Centralize the remaining concrete runtime backend value type behind the
  backend adapter module, keeping orchestration and discovery on Fluxheim's
  adapter alias while the final value-type replacement remains isolated.
• Wrap load-balanced pools in a Fluxheim runtime type before handing them to
  selection, status, and background-service code.
• Return Fluxheim runtime-wrapped load-balancer pools from discovery so
  selection-mode construction no longer repeats Pingora container wrapping.
• Keep the selector-facing backend-container trait implemented only by the
  Fluxheim runtime wrapper.
• Replace Pingora's load-balancer Backends container, discovery adapter, and
  background update loop with Fluxheim-owned backend storage, readiness state,
  discovery refresh, health-check scheduling, and shutdown handling.
• Move load-balancer health checks behind a Fluxheim-owned health-check trait.
  Existing TCP/HTTP health-check behavior is preserved, with Pingora connector
  code kept inside the adapter layer instead of the runtime readiness boundary.
• Hide the remaining runtime backend value type behind the load-balancer
  backend adapter so selector and health-check modules use Fluxheim's boundary
  type while the final backend-type replacement remains isolated.
• Serialize per-backend load-balancer health state updates so enable/disable
  changes and active health observations cannot overwrite each other under
  concurrent health checks.
• Store refreshed backend sets before refreshed health maps and use checked
  wake-time arithmetic in the load-balancer background loop.
• Clarify stream upstream TLS warnings for mixed hostname and IP upstream
  routes where only IP connections skip hostname verification without
  upstream_sni.

Boundaries

1.5.7 is the load-balancer substrate replacement line. It may replace backend
types, backend readiness storage, discovery adapters, health-check scheduling,
background update lifecycle, and remaining load-balancer factory errors with
Fluxheim-owned equivalents.

1.5.7 does not add restart-persistent load-balancer state, active-active
cross-node state sync, runtime add/remove-member, xDS/Kubernetes/Consul
discovery, UDP/GSLB, WAF, VPN/firewall appliance behavior, HTTP/3/QUIC, or
Wasm/iRules/Lua scripting.

Checksums And Signatures

• Commit: 4c3afcdf9d7e25546a48976d29b0e98adf80b23c
• Local gate: GitHub CI green before tag; local release metadata checks passed
• CodeQL/code scanning: no open release-blocking alerts before tag
• Source archive checksums:
  • 8f49121c205c615da93be23e54bc049659e1bc4a7c9d8906d27b75be3c1538fc fluxheim-1.5.7.tar.gz
  • fb1c301f37a9ac31e24e88934ceef5b4551337eeeb50081565cea5d99e22606f fluxheim-1.5.7.zip
• Binary checksums:
  • x86_64:
    • f117cf4b4de33bdb2bd52d2a388466b131d8ef39741afc062c1f315b308cdc80 fluxheim-1.5.7-full-x86_64-linux.tar.gz
    • 40feefd8a8db257e5c2098b23d218cbed4f8475cabc7634cde387b59151f7db7 fluxheim-1.5.7-cache-x86_64-linux.tar.gz
    • 4d4f8cf0cc82fb534309bd07a7c84dddff732f3d262a586dce4d17827f1a003a fluxheim-1.5.7-proxy-x86_64-linux.tar.gz
    • 04a8aac4afd569454f88142c58f965b4db5367255cbda996d23443fec8558dd8 fluxheim-1.5.7-php-x86_64-linux.tar.gz
    • 68fd806bc8ad3608b4c29cf51d38f1fe56638209325fa950653002366a3672a7 fluxheim-1.5.7-load-balancer-x86_64-linux.tar.gz
    • f11ece9ffb287f51a270f14ff1d33fceb6682943af6270a1615d2dfe9bfb6ca8 fluxheim-1.5.7-config-tester-x86_64-linux.tar.gz
  • aarch64:
    • e345b5d7db7ae6e23f590532dfbece32422ee6dfc2b4f666b377923920bd1d05 fluxheim-1.5.7-full-aarch64-linux.tar.gz
    • 9d012092191af3172b8707ae740669b70c69e09d8f9f167f2c524dc54e7b7e7e fluxheim-1.5.7-cache-aarch64-linux.tar.gz
    • e9bd81f3a3eede386ba4a5b046c3bdd18a4f7784aaddcf4707d449746a5d1df2 fluxheim-1.5.7-proxy-aarch64-linux.tar.gz
    • cc4278c3c5910f0fdaeed321c9ffb34f2aedb33695468fc14e6300875fef7ba7 fluxheim-1.5.7-php-aarch64-linux.tar.gz
    • 66691b9fc38f3d03b1f0ff0235ccae8fddf404522ac0735d75e59580b864d141 fluxheim-1.5.7-load-balancer-aarch64-linux.tar.gz
    • e898abaa74b1abe2f83c4c2e0c003a6c701c56dc98c30e6f76d4d516d8f43448 fluxheim-1.5.7-config-tester-aarch64-linux.tar.gz
  • macos:
    • 4ecb5c08af2f38b6346d5b62e6e3ab47301de49021489f81be39fdf16dfedde1 fluxheim-1.5.7-dev-aarch64-macos.tar.gz
• SBOM checksums:
  • 621a99aaf138cf333a83886dd4df7c389d52f2d4adf575c141cb86b42cac61b2 fluxheim.spdx.json
  • 7beb909f309a4ee7d55d1b9229a23e9b8c5b9f68f51bf4626b69f7b1e975f49e fluxheim.cyclonedx.json
• Reproducible build:
  • 7ed55ef583046f5be854e479b739c293e7395c9149e96bd6ddf2236f7d4c1aac x86_64
  • b60192a433a1e4a560a4aea8aca2138f58d5ebbffbab1bf072893f032a91d2f4 aarch64
  • 46e39a003856196efef4338d17400c5d3eded2893a91fe6572b125ceaddc7e55 macos
• Full Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:8bcae75fe6c2471521d84da30ea01934312a5d09ae97a7316008d710727902b0
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4430892fb03a3ec058eeb3990daa82052c22eeef7856f775f09a150235f7ab49
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:aaaadd88849f1b7477aaff44d5b39a27f8b986d6cb1e1f588ef4e4772f9b7f2d
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:70031ecc56edcdce8dedc32f07185df62a77f89b183889c1a3ba7de3016fbdcf
• Cache Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:1df81acc5604cafe4b129c658bd375929c760afe5633160de51e3f56617d21f8
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:1a0f6585ba194a5e4eb623096bc5ef0301dc5fcc657f519836efa15118a7dd70
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:5d9e1ba146e991398e5cd77fcef420b89c6d0d25d380680e26537a6c17b529a0
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:0168740c6212ccca74b3b15761e80b7f05f8b44c98a7387d0af8109645d75ce2
• Proxy Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:6846c457893e98e136fbf0680d0fc1e2936fcd5aeb7e63caa4194e272566f47d
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:4bd9f02e5b5b407a4f2683a2081596b3f56dde7b116e66746821c392a46e0219
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:2b57e4d2b17f3768054ee67114b8fc3ca7630300bcc5f4a2f07e24a723e0c5aa
  • Debian: ghcr.io/valkyoth/fluxheim@sha256:312cf1eec27c951392fedfab7ad22285264cc072cb8698a7a613c9feb7abc187
• PHP Build Container digests:
  • Wolfi: ghcr.io/valkyoth/fluxheim@sha256:5be25d8ebcf89c8066997ebfefceec6f9e09b0884eb0b0ff01680ea959ce0768
  • Alpine: ghcr.io/valkyoth/fluxheim@sha256:196b9d0abb5784de8921300195e24c30cb9cca7ea1023f549e9d1c1b3b0306f9
  • SUSE Micro: ghcr.io/valkyoth/fluxheim@sha256:7e4395cf561235a5088bf2aa2a3ff94da11cd8be9ee4b4171fcc358e91582237
  • Debian: `ghcr.io/valkyoth/fluxheim@sha256:c034b4a83ec2f92549371d86143811983055144c...