Cowboy, Ranch, Gun and Erlang.mk now have official channels in the Erlang OSS Discord server. You are welcome to join to get help with these projects or to plan contributions. Join Erlang OSS Discord now!
The Discord server is meant to replace the long discontinued IRC channel and provide a place where direct interactions are possible, complementing GitHub tickets.
I have created the Erlang OSS Discord server for my own purposes, but anyone that has an open source project written in Erlang or fully usable from Erlang is welcome to join and request a channel for their project.
Read More
Cowboy 2.12.0 has been released!
Cowboy 2.12 contains a fix for a security vulnerability in the HTTP/2 protocol implementation that has recently been made public: HTTP/2 CONTINUATION Flood.
Cowboy adds a new HTTP/2 option max_fragmented_header_block_size to control how much data is accepted in CONTINUATION frames before an error is triggered.
Cowboy 2.12 was produced and released a few weeks ago, as a result of advance knowledge of this vulnerability. If you already upgraded, you are safe!
Read More
Cowboy 2.11.0 has been released!
Cowboy 2.11 contains a variety of new features and bug fixes. Nearly all previously experimental features are now marked as stable, including Websocket over HTTP/2.
Cowboy 2.11 addresses the HTTP/2 CVE CVE-2023-44487, the rapid reset vulnerability, which attackers can use in denial of services attacks. Cowboy adds a new HTTP/2 option max_cancel_stream_rate to control for this behavior.
Cowboy 2.11 requires Erlang/OTP 24.0 or greater. It is tested and supported on Linux, macOS and Windows.
Read More
Erlang/OTP 26 will soon be released by OTP team and unfortunately broke the compilation of Cowlib, which is a dependency for both Cowboy and Gun.
Users willing to upgrade to Erlang/OTP 26 or above will therefore need to ensure that they use the right version of Cowboy or Gun. The versions that first supported Erlang/OTP 26 are as follow:
Cowboy 2.10.0 Gun 2.0.1 Cowlib 2.12.1 A small number of fixes has also been made at the same time but the main change is support for Erlang/OTP 26.
Read More
Gun 2.0.0 has been released!
Gun 2.0 adds a ton of features along with a small number of breaking changes.
Gun 2.0 includes state of the art tunnel support. With Gun 2.0 it is possible to make requests or data go through any number of proxy endpoints using any combination of TCP or TLS transports and HTTP/1.1, HTTP/2 or SOCKS5 protocols. All combinations of the scenario Proxy1 -> Proxy2 -> Origin are tested and known to work.
Read More
Ranch 2.1.0 has been released!
Ranch 2.1 adds counters for the number of connections accepted and terminated. They can be used to produce information about accept or shutdown rates or as a total number of connections handled by Ranch.
Ranch 2.1 also adds an alarm around the number of active connections a connection supervisor handles. When that number is high it is now possible to automatically perform an action, such as logging or gracefully shutting down idle connections.
Read More
Cowboy 2.9.0 has been released!
Cowboy 2.9 implements graceful shutdown of connection processes for both HTTP/1.1 and HTTP/2 connections.
Cowboy 2.9 is the first release to support the much awaited Erlang/OTP 24 out of the box. While users that were using Ranch 2.0 already were ready for OTP 24, the Ranch version used by Cowboy out of the box was not compatible and had to be updated.
Cowboy 2.9 requires Erlang/OTP 22.
Read More
Gun 2.0.0-rc.1 has been released!
Gun 2.0 adds a ton of features along with a small number of breaking changes.
Gun 2.0 includes state of the art tunnel support. With Gun 2.0 it is possible to make requests or data go through any number of proxy endpoints using any combination of TCP or TLS transports and HTTP/1.1, HTTP/2 or SOCKS5 protocols. All combinations of the scenario Proxy1 -> Proxy2 -> Origin are tested and known to work.
Read More
Ranch 2.0.0 has been released!
In Ranch 1.x, there is only one supervisor per Ranch listener to start and manage connection processes. Under high load (many clients rapidly connecting and/or disconnecting), the message queue of this one supervisor could become congested, leading to declining accept rates or a stalled listener.
Ranch 2.0 introduces the num_conns_sups option (defaulting to the number of acceptors), which allows the message load to be divided between the specified number of connection supervisors.
Read More
Cowboy 2.8.0 has been released!
Cowboy 2.8 contains many optimizations for all protocols. HTTP/1.1 has received the largest improvements and Cowboy will now be able to handle noticeably more requests. Thanks to the folks at Stressgrid for helping identify that the performance was lower than it should have been and for benchmarking my many changes and experiments.
Cowboy 2.8 also contains a small number of tweaks and bug fixes. Cowboy 2.
Read More
In my spare time I have made a rather small contribution to a game that just released on Steam today: The Gateway Trilogy.
Play it!
I've written a small Windows program, steamwrapper, that is responsible for unlocking achievements on Steam when they are unlocked in the game. Due to how the game is written it's necessary to have a separate program handle this task and I've volunteered and did the work to make it happen.
Read More
Gun 2.0.0-pre.2 has been released!
The second pre-release version of Gun 2.0 has been released! Gun 2.0 adds a ton of features along with a small number of breaking changes.
The main highlight of this pre-release is the support for a pluggable cookie store mechanism. Gun 2.0 comes with a cookie store engine that can automatically process cookies and store them to and retrieve them from a pluggable backend.
Gun 2.
Read More
Hope everyone had a great year. Let's take a look at what happened and what's coming.
2019 has been the year of pre-releases with Ranch 2.0 and Gun 2.0 getting close to completion. I hope both of them will be out in the first half of 2020. They were supposed to be released in 2019, but I guess that was a bit optimistic. Ranch 2.0 is a big performance improvement if you need to quickly open a large amount of connections (but you probably don't), while Gun 2.
Read More
You can now reward my work via GitHub Sponsors.
GitHub will basically double the funds given to me for one year, so now's the best time to reward my work!
I have replaced all BountySource links with GitHub Sponsors because GitHub Sponsors will make it easier for me to know who sponsors my work when responding to issues. We'll see how that goes.
Head on to my GitHub Sponsors page now!
Read More
Cowboy 2.7.0 has been released!
Cowboy 2.7 improves the HTTP/2 code with optimizations around the sending of DATA and WINDOW_UPDATE frames; graceful shutdown of the connection when the client is going away; and rate limiting mechanisms. New options and mechanisms have also been added to control the amount of memory Cowboy ends up using with both HTTP/1.1 and HTTP/2. Much of this work was done to address HTTP/2 CVEs about potential denial of service.
Read More
Gun 2.0.0-pre.1 has been released!
The first pre-release version of Gun 2.0 has been released! Gun 2.0 adds a ton of features along with a small number of breaking changes.
Before listing the features please note that this pre-release includes a fix for a potential security vulnerability! This only applies when Gun is used inside a proxy under specific circumstances. Please see the migration guide for details. Since the issue also exists in the previous version I have released Gun 1.
Read More
Erlang meetups are resuming and I will be present at the next one in Paris on the 10th of September. As the meetup and my talk about Gun will be in French the rest of this post will be in French as well. If you are around Paris that night, you are welcome to join and chat, even if you don't speak the language!
Je serai au meetup Erlang le 10 septembre chez Datadog à Paris.
Read More
Ranch 2.0.0-rc.1 has been released!
We are getting very close to releasing Ranch 2.0! As most of the tremendous programming work was done by contributor Jan Uhlig, I will yield the floor and let him describe what went into this great release.
In Ranch 1.x, there is only one supervisor per Ranch listener to start and manage connection processes. Under high load (many clients rapidly connecting and/or disconnecting), the message queue of this one supervisor could become congested, leading to declining accept rates or a stalled listener.
Read More
Joe Armstrong passed away a couple months ago. This was a sad day, completely unexpected to me, and he will be sorely missed.
Great eulogies were written.
My most striking memory of Joe was during dinner at his place after a conference in Stockholm many years ago. Joe was describing his rubber duck debugging method and introduced us to his famous rubber duck.
"When you can't figure it out, ask the duck!
Read More
As the year 2018 ends it's time for a short recap and a look forward for the next year.
Overall, more than half of all open tickets have been closed. Most tickets were opened since 2015 and I couldn't get to those, but now that pre-school started I have a lot more time! I'm aiming to keep the number of tickets below 100 across all my projects.
Cowboy 2.x is now mature.
Read More