Upstream upgrade

.bleep

@@ -1 +1 @@
-ed8657309187516d2e673037821a9fbd8405d703
+d2c25d726c5738e6a8028dc3e7642ecfe6c1824e

.cargo/config.toml

@@ -0,0 +1,2 @@
+[resolver]
+incompatible-rust-versions = "fallback"

.github/workflows/audit.yml

@@ -24,7 +24,7 @@ jobs:
 
       - name: Generate Cargo.lock
         # https://github.com/rustsec/audit-check/issues/27
-        run: cargo generate-lockfile
+        run: cargo generate-lockfile --ignore-rust-version
 
       - name: Audit Check
         # https://github.com/rustsec/audit-check/issues/2

.github/workflows/build.yml

@@ -8,7 +8,7 @@ jobs:
       fail-fast: false
       matrix:
         # nightly, msrv, and latest stable
-        toolchain: [nightly, 1.83.0, 1.87.0]
+        toolchain: [nightly, 1.84.0, 1.91.1]
     runs-on: ubuntu-latest
     # Only run on "pull_request" event for external PRs. This is to avoid
     # duplicate builds for PRs created from internal branches.
@@ -48,12 +48,12 @@ jobs:
 
       - name: Run cargo clippy
         run: |
-          [[ ${{ matrix.toolchain }} != 1.87.0 ]] || cargo clippy --all-targets --all -- --allow=unknown-lints --deny=warnings
+          [[ ${{ matrix.toolchain }} != 1.91.1 ]] || cargo clippy --all-targets --all -- --allow=unknown-lints --deny=warnings
 
       - name: Run cargo audit
         run: |
-          [[ ${{ matrix.toolchain }} != 1.87.0 ]] || (cargo install --locked cargo-audit && cargo audit)
+          [[ ${{ matrix.toolchain }} != 1.91.1 ]] || (cargo install --locked cargo-audit && cargo generate-lockfile --ignore-rust-version && cargo audit)
 
       - name: Run cargo machete
         run: |
-          [[ ${{ matrix.toolchain }} != 1.87.0 ]] || (cargo install cargo-machete --version 0.7.0 && cargo machete)
+          [[ ${{ matrix.toolchain }} != 1.91.1 ]] || (cargo install cargo-machete --version 0.7.0 && cargo machete)

CHANGELOG.md

@@ -2,10 +2,125 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.8.0](https://github.com/cloudflare/pingora/compare/0.7.0...0.8.0) - 2026-03-02
+
+
+**🚀 Features**
+
+* Add support for client certificate verification in mTLS configuration.
+* Add upstream\_write\_pending\_time to Session for upload diagnostics.
+* Pipe subrequests utility: creates a state machine to treat subrequests as a "pipe," enabling direct sending of request body and writing of response tasks, with a handler for error propagation and support for reusing a preset or captured input body for chained subrequests.
+* Add the ability to limit the number of times a downstream connection can be reused
+* Add a system for specifying and using service-level dependencies
+* Add a builder for pingora proxy service, e.g. to specify ServerOptions.
+
+**🐛 Bug Fixes**
+
+* Fix various Windows compiler issues.
+* Handle custom ALPNs in s2n impl of ALPN::to\_wire\_protocols() to fix s2n compile issues.
+* Fix: don't use “all” permissions for socket.
+* Fix a bug with the ketama load balancing where configurations were not persisted after updates.
+* Ensure http1 downstream session is not reused on more body bytes than expected.
+* Send RST\_STREAM CANCEL on application read timeouts for h2 client.
+* Start close-delimited body mode after 101 is received for WebSocket upgrades. `UpgradedBody` is now an explicit HttpTask.
+* Avoid close delimit mode on http/1.0 req.
+* Reject invalid content-length http/1 requests to eliminate ambiguous request framing.
+* Validate invalid content-length on http/1 resp by default, and removes content-length from the response if transfer-encoding is present, per RFC.
+* Correct the custom protocol code for shutdown: changed the numeric code passed on shutdown to 0 to indicate an explicit shutdown rather than a transport error.
+
+**⚙️ Miscellaneous Tasks**
+
+* Remove `CacheKey::default` impl, users of caching should implement `cache_key_callback` themselves
+* Allow server bootstrapping to take place in the context of services with dependents and dependencies
+* Don't consider "bytes=" a valid range header: added an early check for an empty/whitespace-only range-set after the `bytes=` prefix, returning 416 Range Not Satisfiable, consistent with RFC 9110 14.1.2.
+* Strip {content, transfer}-encoding from 416s to mirror the behavior for 304 Not Modified responses.
+* Disable CONNECT method proxying by default, with an option to enable via server options; unsupported requests will now be automatically rejected.
+
+## [0.7.0](https://github.com/cloudflare/pingora/compare/0.6.0...0.7.0) - 2026-01-30
+
+### Highlights
+
+- Extensible SslDigest to save user-defined TLS context
+- Add ConnectionFilter trait for early TCP connection filtering
+
+### 🚀 Features
+
+- Add ConnectionFilter trait for early TCP connection filtering
+- Introduce a virtual L4 stream abstraction
+- Add support for verify_cert and verify_hostname using rustls
+- Exposes the HttpProxy struct to allow external crates to customize the proxy logic.
+- Exposes a new_mtls method for creating a HttpProxy with a client_cert_key to enable mtls peers.
+- Add SSLKEYLOGFILE support to rustls connector
+- Allow spawning background subrequests from main session
+- Allow Extensions in cache LockCore and user tracing
+- Add body-bytes tracking across H1/H2 and proxy metrics
+- Allow setting max_weight on MissFinishType::Appended
+- Allow adding SslDigestExtensions on downstream and upstream
+- Add Custom session support for encapsulated HTTP
+
+### 🐛 Bug Fixes
+
+- Use write timeout consistently for h2 body writes
+- Prevent downstream error prior to header from canceling cache fill
+- Fix debug log and new tests
+- Fix size calculation for buffer capacity
+- Fix cache admission on header only misses
+- Fix duplicate zero-size chunk on cache hit
+- Fix chunked trailer end parsing
+- Lock age timeouts cause lock reacquisition
+- Fix transfer fd compile error for non linux os
+
+### Sec
+
+- Removed atty
+- Upgrade lru to >= 0.16.3 crate version because of RUSTSEC-2026-0002
+
+### Everything Else
+
+- Add tracing to log reason for not caching an asset on cache put
+- Evict when asset count exceeds optional watermark
+- Remove trailing comma from Display for HttpPeer
+- Make ProxyHTTP::upstream_response_body_filter return an optional duration for rate limiting
+- Restore daemonize STDOUT/STDERR when error log file is not specified
+- Log task info when upstream header failed to send
+- Check cache enablement to determine cache fill
+- Update meta when revalidating before lock release
+- Add ForceFresh status to cache hit filter
+- Pass stale status to cache lock
+- Bump max multipart ranges to 200
+- Downgrade Expires header warn to debug log
+- CI and effective msrv bump to 1.83
+- Add default noop custom param to client Session
+- Use static str in ErrorSource or ErrorType as_str
+- Use bstr for formatting byte strings
+- Tweak the implementation of and documentation of `connection_filter` feature
+- Set h1.1 when proxying cacheable responses
+- Add or remove accept-ranges on range header filter
+- Update msrv in github ci, fixup .bleep
+- Override request keepalive on process shutdown
+- Add shutdown flag to proxy session
+- Add ResponseHeader in pingora_http crate's prelude
+- Add a configurable upgrade for pingora-ketama that reduces runtime cpu and memory
+- Add to cache api spans
+- Increase visibility of multirange items
+- Use seek_multipart on body readers
+- Log read error when reading trailers end
+- Re-add the warning about cache-api volatility
+- Default to close on downstream response before body finish
+- Ensure idle_timeout is polled even if idle_timeout is unset so notify events are registered for h2 idle pool, filter out closed connections when retrieving from h2 in use pool.
+- Add simple read test for invalid extra char in header end
+- Allow customizing lock status on Custom NoCacheReasons
+- Close h1 conn by default if req header unfinished
+- Add configurable retries for upgrade sock connect/accept
+- Deflake test by increasing write size
+- Make the version restrictions on rmp and rmp-serde more strict to prevent forcing consumers to use 2024 edition
+- Rewind preread bytes when parsing next H1 response
+- Add epoch and epoch_override to CacheMeta
+
 ## [0.6.0](https://github.com/cloudflare/pingora/compare/0.5.0...0.6.0) - 2025-08-15
- 
+
 ### Highlights
-- This release bumps the minimum h2 crate dependency to guard against the [MadeYouReset]((https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/)) H2 attack 
+- This release bumps the minimum h2 crate dependency to guard against the [MadeYouReset]((https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/)) H2 attack
 
 
 ### 🚀 Features
@@ -63,7 +178,7 @@ All notable changes to this project will be documented in this file.
 
 
 ## [0.5.0](https://github.com/cloudflare/pingora/compare/0.4.0...0.5.0) - 2025-05-09
- 
+
 ### 🚀 Features
 
 - [Add tweak_new_upstream_tcp_connection hook to invoke logic on new upstream TCP sockets prior to connection](https://github.com/cloudflare/pingora/commit/be4a023d18c2b061f64ad5efd0868f9498199c91)
@@ -76,7 +191,7 @@ All notable changes to this project will be documented in this file.
 - [Add get_stale and get_stale_while_update for memory-cache](https://github.com/cloudflare/pingora/commit/bb28044cbe9ac9251940b8a313d970c7d15aaff6)
 
 ### 🐛 Bug Fixes
- 
+
 - [Fix deadloop if proxy_handle_upstream exits earlier than proxy_handle_downstream](https://github.com/cloudflare/pingora/commit/bb111aaa92b3753e650957df3a68f56b0cffc65d)
 - [Check on h2 stream end if error occurred for forwarding HTTP tasks](https://github.com/cloudflare/pingora/commit/e18f41bb6ddb1d6354e824df3b91d77f3255bea2)
 - [Check for content-length underflow on end of stream h2 header](https://github.com/cloudflare/pingora/commit/575d1aafd7c679a50a443701a4c55dcfdbc443b2)
@@ -91,9 +206,9 @@ All notable changes to this project will be documented in this file.
 - [Always drain v1 request body before session reuse](https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff)
 - [Fixes HTTP1 client reads to properly timeout on initial read](https://github.com/cloudflare/pingora/commit/3c7db34acb0d930ae7043290a88bc56c1cd77e45)
 - [Fixes issue where if TLS client never sends any bytes, hangs forever](https://github.com/cloudflare/pingora/commit/d1bf0bcac98f943fd716278d674e7d10dce2223e)
- 
+
 ### Everything Else
- 
+
 - [Add builder api for pingora listeners](https://github.com/cloudflare/pingora/commit/3f564af3ae56e898478e13e71d67d095d7f5dbbd)
 - [Better handling for h1 requests that contain both transfer-encoding and content-length](https://github.com/cloudflare/pingora/commit/9287b82645be4a52b0b63530ba38aa0c7ddc4b77)
 - [Allow setting raw path in request to support non-UTF8 use cases](https://github.com/cloudflare/pingora/commit/e6b823c5d89860bb97713fdf14f197f799aed6af)
@@ -209,7 +324,7 @@ All notable changes to this project will be documented in this file.
 ## [0.1.1](https://github.com/cloudflare/pingora/compare/0.1.0...0.1.1) - 2024-04-05
 
 ### 🚀 Features
-- `Server::new` now accepts `Into<Option<T>>` 
+- `Server::new` now accepts `Into<Option<T>>`
 - Implemented client `HttpSession::get_keepalive_values` for Keep-Alive parsing
 - Expose `ListenFds` and `Fds` to fix a voldemort types issue
 - Expose config options in `ServerConf`, provide new `Server` constructor

Cargo.toml

@@ -29,16 +29,18 @@ members = [
 ]
 
 [workspace.dependencies]
+bstr = "1.12.0"
 tokio = "1"
+tokio-stream = { version = "0.1" }
 async-trait = "0.1.42"
 httparse = "1"
 bytes = "1.0"
 derivative = "2.2.0"
-http = "1.0.0"
+http = "1"
 log = "0.4"
 h2 = ">=0.4.11"
 once_cell = "1"
-lru = "0.14"
+lru = "0.16.3"
 ahash = ">=0.8.9"
 
 [profile.bench]

README.md

@@ -59,11 +59,11 @@ Both x86_64 and aarch64 architectures will be supported.
 
 ## Rust version
 
-Pingora keeps a rolling MSRV (minimum supported Rust version) policy of 6 months. This means we will accept PRs that upgrade the MSRV as long as the new Rust version used is at least 6 months old.
+Pingora keeps a rolling MSRV (minimum supported Rust version) policy of 6 months. This means we will accept PRs that upgrade the MSRV as long as the new Rust version used is at least 6 months old. However, we generally will not bump the highest MSRV across the workspace without a sufficiently compelling reason.
 
-Our current MSRV is effectively 1.83.
+Our current MSRV is 1.84.
 
-Previously Pingora advertised an MSRV of 1.72. Older Rust versions may still be able to compile via `cargo update` pinning dependencies such as `backtrace@0.3.74`. The advertised MSRV in config files will be officially bumped to 1.83 in an upcoming release.
+Currently not all crates enforce `rust-version` as it is possible to use some crates on lower versions.
 
 ## Build Requirements
 

clippy.toml

@@ -1 +1 @@
-msrv = "1.72"
+msrv = "1.84"

docs/user_guide/rate_limiter.md

@@ -20,7 +20,6 @@ Pingora provides a crate `pingora-limits` which provides a simple and easy to us
 ```rust
 use async_trait::async_trait;
 use once_cell::sync::Lazy;
-use pingora::http::ResponseHeader;
 use pingora::prelude::*;
 use pingora_limits::rate::Rate;
 use std::sync::Arc;
@@ -135,11 +134,11 @@ impl ProxyHttp for LB {
 ```
 
 ## Testing
-To use the example above, 
+To use the example above,
 
-1. Run your program with `cargo run`. 
+1. Run your program with `cargo run`.
 2. Verify the program is working with a few executions of ` curl localhost:6188 -H "appid:1" -v`
-   - The first request should work and any later requests that arrive within 1s of a previous request should fail with: 
+   - The first request should work and any later requests that arrive within 1s of a previous request should fail with:
      ```
      *   Trying 127.0.0.1:6188...
      * Connected to localhost (127.0.0.1) port 6188 (#0)
@@ -148,20 +147,20 @@ To use the example above,
      > User-Agent: curl/7.88.1
      > Accept: */*
      > appid:1
-     > 
+     >
      < HTTP/1.1 429 Too Many Requests
      < X-Rate-Limit-Limit: 1
      < X-Rate-Limit-Remaining: 0
      < X-Rate-Limit-Reset: 1
      < Date: Sun, 14 Jul 2024 20:29:02 GMT
      < Connection: close
-     < 
+     <
      * Closing connection 0
      ```
 
 ## Complete Example
-You can run the pre-made example code in the [`pingora-proxy` examples folder](https://github.com/cloudflare/pingora/tree/main/pingora-proxy/examples/rate_limiter.rs) with 
+You can run the pre-made example code in the [`pingora-proxy` examples folder](https://github.com/cloudflare/pingora/tree/main/pingora-proxy/examples/rate_limiter.rs) with
 
 ```
 cargo run --example rate_limiter
-```
+```

pingora-boringssl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pingora-boringssl"
-version = "0.6.0"
+version = "0.8.0"
 authors = ["Yuchen Wu <yuchen@cloudflare.com>"]
 license = "Apache-2.0"
 edition = "2021"

pingora-boringssl/src/boring_tokio.rs

@@ -1,4 +1,4 @@
-// Copyright 2025 Cloudflare, Inc.
+// Copyright 2026 Cloudflare, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -263,9 +263,7 @@ where
                 return Poll::Pending;
             }
             Err(e) => {
-                return Poll::Ready(Err(e
-                    .into_io_error()
-                    .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e))));
+                return Poll::Ready(Err(e.into_io_error().unwrap_or_else(io::Error::other)));
             }
         }
 

pingora-boringssl/src/ext.rs

@@ -1,4 +1,4 @@
-// Copyright 2025 Cloudflare, Inc.
+// Copyright 2026 Cloudflare, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pingora-boringssl/src/lib.rs

@@ -1,4 +1,4 @@
-// Copyright 2025 Cloudflare, Inc.
+// Copyright 2026 Cloudflare, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

pingora-cache/Cargo.toml

@@ -1,9 +1,10 @@
 [package]
 name = "pingora-cache"
-version = "0.6.0"
+version = "0.8.0"
 authors = ["Yuchen Wu <yuchen@cloudflare.com>"]
 license = "Apache-2.0"
 edition = "2021"
+rust-version = "1.84"
 repository = "https://github.com/cloudflare/pingora"
 categories = ["asynchronous", "network-programming"]
 keywords = ["async", "http", "cache"]
@@ -17,27 +18,28 @@ name = "pingora_cache"
 path = "src/lib.rs"
 
 [dependencies]
-pingora-core = { version = "0.6.0", path = "../pingora-core", default-features = false }
-pingora-error = { version = "0.6.0", path = "../pingora-error" }
-pingora-header-serde = { version = "0.6.0", path = "../pingora-header-serde" }
-pingora-http = { version = "0.6.0", path = "../pingora-http" }
-pingora-lru = { version = "0.6.0", path = "../pingora-lru" }
-pingora-timeout = { version = "0.6.0", path = "../pingora-timeout" }
+pingora-core = { version = "0.8.0", path = "../pingora-core", default-features = false }
+pingora-error = { version = "0.8.0", path = "../pingora-error" }
+pingora-header-serde = { version = "0.8.0", path = "../pingora-header-serde" }
+pingora-http = { version = "0.8.0", path = "../pingora-http" }
+pingora-lru = { version = "0.8.0", path = "../pingora-lru" }
+pingora-timeout = { version = "0.8.0", path = "../pingora-timeout" }
+bstr = { workspace = true }
 http = { workspace = true }
 indexmap = "1"
 once_cell = { workspace = true }
 regex = "1"
 blake2 = "0.10"
 serde = { version = "1.0", features = ["derive"] }
-rmp-serde = "1"
+rmp-serde = "1.3.0"
 bytes = { workspace = true }
 httpdate = "1.0.2"
 log = { workspace = true }
 async-trait = { workspace = true }
 parking_lot = "0.12"
 cf-rustracing = "1.0"
 cf-rustracing-jaeger = "1.0"
-rmp = "0.8"
+rmp = "0.8.14"
 tokio = { workspace = true }
 lru = { workspace = true }
 ahash = { workspace = true }
@@ -49,7 +51,7 @@ rand = "0.8"
 [dev-dependencies]
 tokio-test = "0.4"
 tokio = { workspace = true, features = ["fs"] }
-env_logger = "0.9"
+env_logger = "0.11"
 dhat = "0"
 futures = "0.3"
 

pingora-cache/benches/lru_memory.rs

@@ -1,4 +1,4 @@
-// Copyright 2025 Cloudflare, Inc.
+// Copyright 2026 Cloudflare, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.