October 2025 – CVE-2025-11230: denial of service vulnerability in HAProxy mjson library
The latest versions of HAProxy Community and Enterprise have patches for a critical denial of service vulnerability in the mjson library.
HT
Articles by
HAProxy Technologies
January 2025 – Multiple rsync CVEs impacting memory and file handling in Linux virtual images
The latest versions of HAProxy Fusion fix multiple rsync vulnerabilities related to memory handling and file management in HAProxy Fusion’s Linux-based virtual images. We will cover these CVEs here.
HAProxyConf 2025 call for papers now open
The wait is over! HAProxyConf is coming to San Francisco, California, from June 3 to 5, 2025.
September 2024 – CVE-2024-45506: endless loop in HTTP/2 with zero-copy forwarding in HAProxy
The latest versions of our products fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system in HAProxy, HAProxy Enterprise...
July 2024 – CVE-2024-24791: HTTP/1.1 response code mishandling in golang products
The latest versions of our products fix a vulnerability related to HTTP/1.1 response code mishandling in products written in golang.
July 2024 – CVE-2024-6387: RCE in OpenSSH server
The latest versions of our products fix a vulnerability related to OpenSSH’s server (sshd), which is used in the public/private cloud images of HAProxy Enterprise...
December 2023 - CVE-2023-45539: HAProxy Accepts # as Part of the URI Component Fixed
We have received questions regarding CVE-2023-45539 issued in November 2023. The versions of our products released on Monday, 21 August 2023 to fix...
Upgrade OpenSSL 3.0 to Protect Against a Critical Vulnerability
If you are using OpenSSL version 3.0 or above with HAProxy, you should update to OpenSSL version 3.0.7.
HAProxyConf 2022 call for papers now open
Do you want to talk for this year's HAProxyConf 2022? Submit your talk for this year's event which will be held on November 8 and 9 in Paris.
What is the PROXY protocol? How it preserves client IPs
In this blog post, you’ll learn how the Proxy Protocol preserves a client’s IP address when that client’s connection passes through a proxy.
April/2022 – CVE-2022-22965: Spring4Shell Remote Code Execution Mitigation
Remote Code Execution vulnerability was discovered in the Java Spring Core library. This allows attackers to execute arbitrary code on affected systems.
December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
Vulnerability which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems.
Willy Tarreau on HAProxy at its 20 year anniversary (interview)
In this interview, Willy describes his views on the success of the project, and how it grew over the years.
vSphere 7 With Tanzu Integrates With HAProxy for Load Balancing Enterprise-Grade Kubernetes
Learn more about why VMware chose to partner with HAProxy Technologies and use the HAProxy as the default load balancer for its Tanzu Kubernetes clusters.
HAProxy Enterprise Offers SAML-based Single Sign-On
HAProxy Enterprise handles SAML single sign-on for your applications and integrates with identity providers like Azure Active Directory.
Announcing HAProxy Data Plane API 2.0
Version 2.0 of the HAProxy Data Plane API brings exciting enhancements that unlock the power of HAProxy’s flexible configuration and its runtime capabilities.
HAProxy Enterprise Ingress Controller Coming Soon to the Red Hat Marketplace
HAProxy Enterprise will be offered in the Red Hat Marketplace, allowing OpenShift users to take advantage of its advanced features for Ingress.
Tracing requests through HAProxy with AWS X-Ray
HAProxy integrates with AWS X-Ray to give you the best observability across your Amazon Web Services (AWS) resources, including your load balancer.
TLS 1.3 & 0-RTT in HAProxy
Transport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network.
