Search filters

Type

Section

Actions

Changelog - HAProxy Enterprise latest

#2026/03/10 : 3.3r1 (1.0.0-366.245)

  • SCRIPTSgit-show-backportsadd a restart-from-last option
  • SCRIPTSgit-show-backportshide the common ancestor warning in quiet mode
  • BUG/MINORadminhaproxy-reload rename -vv long option
  • BUG/MINORbackendDon't get proto to use for webscoket if there is no server
  • BUG/MINORssl-sampleFix sample_conv_sha2() by checking EVP_Digest* failures
  • BUG/MINORstconnIncrease SC bytes_out value in se_done_ff()
  • BUG/MEDIUMhluaFix end of request detection when retrieving payload
  • BUG/MINORhluaProperly enable/disable line receives from HTTP applet
  • BUG/MEDIUMmux-fcgiUse a safe loop to resume each stream eligible for sending
  • BUG/MAJORresolversProperly lowered the names found in DNS response
  • BUG/MAJORfcgiFix param decoding by properly checking its size
  • BUG/MINORhttp-anaIncrement scf bytes_out value if an haproxy error is sent
  • BUG/MINORsampleFix sample to retrieve the number of bytes received and sent
  • BUG/MINORchannelIncrease the stconn bytes_in value in channel_add_input()
  • DOCconfigUse the right alias for %B
  • MINORfiltersSet last_entity when a filter fails on stream_start callback
  • DEBUGstreamDisplay the currently running rule in stream dump
  • BUG/MINORh1-htxBe sure that H1 response version starts by HTTP/
  • BUG/MEDIUMqpackcorrectly deal with too large decoded numbers
  • BUG/MINORquicfix OOB read in preferred_address transport parameter
  • BUG/MINORqpackfix 1-byte OOB read in qpack_decode_fs_pfx()
  • BUG/MAJORqpackunchecked length passed to huffman decoder
  • BUG/MEDIUMhpackcorrectly deal with too large decoded numbers
  • BUG/MEDIUMstreamHandle TASK_WOKEN_RES as a stream event
  • BUG/MINORpromexfix server iteration when last server is deleted
  • BUG/MEDIUMmux-h2make sure to always report pending errors to the stream
  • MINORmux-h2add a new setting, tune.h2.log-errors to tweak error logging
  • MINORmux-h2also count glitches on invalid trailers
  • MINORnet_helperextend the ip.fp output with an option presence mask

#2026/02/18 : 3.3r1 (1.0.0-365.216)

  • BUG/MINORdeviceatlasfix deinit to only finalize when initialized
  • BUG/MINORdeviceatlasfix cookie vlen using wrong length after extraction
  • BUG/MINORdeviceatlasfix off-by-one in da_haproxy_conv()
  • BUG/MEDIUMdeviceatlasfix resource leaks on init error paths
  • BUG/MINORdeviceatlasadd NULL checks on strdup() results in config parsers
  • BUG/MINORdeviceatlasadd missing return on error in config parsers
  • MINORstconnAdd missing SC_FL_NO_FASTFWD flag in sc_show_flags
  • BUG/MINORhttp-anaStop to wait for body on client error/abort
  • CLEANUPcompressionRemove unused static buffers
  • BUG/MINORflt-traceProperly compute length of the first DATA block
  • DEVterm-eventsFix hanshake events decoding
  • BUG/MEDIUMappletFix test on shut flags for legacy applets (v2)
  • BUG/MEDIUMmux-h1Stop sending vi fast-forward for unexpected states
  • BUG/MEDIUMmux-h2/quicStop sending via fast-forward if stream is closed
  • BUG/MEDIUMh3reject frontend CONNECT as currently not implemented
  • BUG/MAJORRevert MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS
  • BUG/MINORsslerror with ssl-f-use when no crt
  • BUG/MINORsslclarify ssl-f-use errors in post-section parsing
  • BUG/MINORsslfix leak in ssl-f-use parser upon error
  • BUG/MINORssldouble-free on error path w/ ssl-f-use parser
  • BUG/MINORssllack crtlist_dup_ssl_conf() declaration
  • DOCproxy-protounderline the packed attribute for struct pp2_tlv_ssl
  • DOCinternalsaddd mworker V3 internals
  • MINORhapeeupdate to new URLs
  • BUG/MINORbackendfix access on shared counters array
  • BUG/MINORquicensure handshake speed up is only run once per conn
  • BUG/MINORsslSSL_CERT_DIR environment variable doesn't affect haproxy
  • MINORactivityallow to switch per-task lock/memory profiling at runtime
  • MEDIUMactivityapply and use new finegrained task profiling settings
  • MINORactivitysupport setting/clearing lock/memory watching for task profiling
  • BUG/MINORstartuphandle a possible strdup() failure
  • BUG/MINORstartupfix allocation error message of progname string
  • BUG/MINORconfigFix setting of alt_proto
  • MEDIUMbackendmake balance random consider req rate when loads are equal
  • DOCconfigmention the limitation on server id range for consistent hash
  • BUG/MEDIUMlb-chashalways properly initialize lb_nodes with dynamic servers
  • CLEANUPlb-chashfree lb_nodes from chash's deinit(), not global
  • BUG/MINORcpu-topocount cores not cpus to distinguish core types
  • CLEANUPhaproxyfix bad line wrapping in run_poll_loop()
  • BUG/MEDIUMthreadsAtomically set TH_FL_SLEEPING and clr FL_NOTIFIED
  • BUG/MAJORquicfix parsing frame type
  • BUG/MAJORquicreject invalid token

#2026/02/04 : 3.3r1 (1.0.0-365.174)

  • HAPEEadminuse the right master CLI path for scripts
  • BUG/MEDIUMappletFix test on shut flags for legacy applets
  • DOCinternalscleanup few typos in master-worker documentation
  • BUG/MEDIUMhapee/51duse a spin lock in _51d_init_internal()
  • MINORhapee/WURFLtransfer error status from the _wurfl_reload() function
  • MINORhapee/WURFLadded live update database function
  • MINORhapee/WURFLadded custom API log function
  • MINORhapee/WURFLadded function to check correct module initialization
  • BUG/MINORhapee/WURFLcorrected version check of used wurfl library
  • MINORhapee/daremove STG_LOCK INITCALL
  • MINORhapee/daalert in case of incorrect data version
  • BUG/MINORhapee/daenabling use of precompiled json database in 'deviceatlas-json-file'
  • BUG/MINORhapee/dafixed bug when using binary version of database
  • BUG/BUILDhapee/daadded preprocessed source code generation for *.cpp files
  • BUILDhapee/darepaired build in case of using old DeviceAtlas library
  • MINORhapee/daadd function that allow data reload
  • MINORhapee/daadd spin locking
  • MINORhapee/daadd support for loading a precompiled json data
  • MEDIUMhapee/daRevert MEDIUM: da: update module to handle schedule mode.
  • MINORhapee/51dremove STG_LOCK INITCALL
  • MEDIUMhapee/51duse '_' instead of '-' in 51d-set-property-vars() names
  • MEDIUMhapee/51dset version and date metadata variables
  • REORGhapee/51dCreate a function for setting property variables
  • MEDIUMhapee/51dadd a new action http-request 51d-set-property-vars
  • MEDIUMhapee/51dsupport data reload for 51Degrees V4 engine
  • MINORhapee/51dadd function that returns path to 51Degrees data file
  • MINORhapee/51dadd function that allow data reload
  • BUG/MINORhapee/51dadd spin locking
  • BUILDhapee/51dfix error when building with 51Degrees enabled
  • BUG/MEDIUMhapee/51dfix a segfault on exit when 51d configuration is not loaded
  • MEDIUMhapee/51duse fiftyoneDegreesProvider to access the pool and dataset
  • MEDIUMh1strictly verify quoting in chunk extensions
  • BUG/MEDIUMdebugonly dump Lua state when panicking
  • BUG/MEDIUMsslfix msg callbacks on QUIC connections
  • BUG/MINORconfig/sslfix spelling of expose-experimental-directives
  • BUG/MINORconfigcheck capture pool creations for failures
  • BUG/MINORstick-tablesabort startup on stk_ctr pool creation failure
  • DOCconfigmention some possible TLS versions restrictions for kTLS
  • BUG/MAJORappletDon't call I/O handler if the applet was shut
  • BUG/MINORsslEncrypted keys could not be loaded when given alongside certificate
  • BUG/MINORsslProperly manage alloc failures in SSL passphrase callback
  • DOCreg-testsupdate VTest upstream link in the starting guide
  • MINORhluaAdd support for lua 5.5
  • BUG/MINORsslfix error message of tune.ssl.certificate-compression
  • MINORsslallow to disable certificate compression
  • BUG/MINORproto_tcpProperly report support for HAVE_TCP_MD5SIG feature
  • BUG/MEDIUMmux-h1Skip UNUSED htx block when formating the start line
  • BUG/MINORpromexDetach promex from the server on error dump its metrics dump
  • BUG/MINORhluaconsume error object if ignored after a failing lua_pcall()
  • BUG/MEDIUMhluafix invalid lua_pcall() usage in hlua_traceback()
  • BUG/MINORproxyfix deinit crash on defaults with duplicate name
  • REGTESTSsslfix generate-certificates w/ LibreSSL
  • BUG/MEDIUMmux-quicprevent BUG_ON() on aborted uni stream close
  • BUG/MEDIUMsslfix generate-certificates option when SNI greater than 64bytes
  • BUG/MEDIUMsslfix error path on generate-certificates
  • BUG/MEDIUMlogparsing log-forward options may result in segfault
  • BUG/MEDIUMpromexserver iteration may rely on stale server
  • BUG/MINORserverensure server is detached from proxy list before being freed
  • MINORcliuse srv_drop() when server was created using new_server()
  • BUG/MINORcfgparsefix default prefix parsing
  • BUG/MINORproxyfree persist_rules
  • BUG/MINORhttp_actfix deinit performed on uninitialized lf_expr in release_http_map()
  • BUG/MEDIUMquicfix ACK ECN frame parsing
  • BUG/MINORhlua_fcnensure Patref:add_bulk() is given a table object before using it
  • BUG/MINORhlua_fcnfix broken yield for Patref:add_bulk()
  • MINORcfgparseremove duplicate force-persist in common kw list
  • MINORhapeeadd a .hapee directory to list backporting notes
  • BUG/MINORnet_helperfix IPv6 header length processing
  • MINORnet_helperadd an option to ip.fp() to append the source address
  • MINORnet_helperadd an option to ip.fp() to append the TTL to the fingerprint
  • MINORnet_helperprepare the ip.fp() converter to support more options
  • MINORnet_helperadd ip.fp() to build a simplified fingerprint of a SYN
  • MINORnet_helperadd sample converters to decode TCP headers
  • MINORnet_helperadd sample converters to decode IP packet headers
  • MINORnet_helperadd sample converters to decode ethernet frames
  • MINORtcp_sampleimplement the fc_saved_syn sample fetch function
  • MINORtcpimplement the get_opt() function
  • MINORprotocolsupport a generic way to call getsockopt() on a connection
  • MINORtcpadd new bind option tcp-ss to instruct the kernel to save the SYN
  • MINORmux-h1perform a graceful close at 75% glitches threshold
  • MEDIUMmux-h1implement basic glitches support
  • BUG/MINORech/quicenable ech configuration also for quic listeners
  • REGTESTSsslFix reg-tests curve check
  • BUG/MINORcli/stick-tablesargument to show table is optional
  • BUILDsockpairfix build issue on macOS related to variable-length arrays
  • BUG/MINORcfgparsewrong section name upon error
  • BUILDtoolsmemchr definition changed in C23
  • BUILDsslstrchr definition changed in C23
  • BUG/MINORquicfix deprecated warning for window size keyword
  • BUG/MEDIUMstconnMove data from <kip> to <kop> during zero-copy forwarding
  • BUG/MEDIUMmworkercan't use signals after a failed reload
  • BUG/MEDIUMmux-h1Take care to update <kop> value during zero-copy forwarding
  • BUG/MEDIUMpeersProperly handle shutdown when trying to get a line
  • BUG/MINORmworker/clifix show proc pagination using reload counter
  • DOCconfigfix the length attribute name for stick tables of type binary / string
  • BUG/MINORbackendinspect request not response buffer to check for TFO
  • BUG/MINORbackendfix the conn_retries check for TFO
  • MINORmux-h2perform a graceful close at 75% glitches threshold
  • MINORmux-h2add missing glitch count for non-decodable H2 headers
  • BUG/MEDIUMmux-h2synchronize all conditions to create a new backend stream
  • BUG/MEDIUMbackendDo not remove CO_FL_SESS_IDLE in assign_server()
  • BUG/MEDIUMquicDon't try to use hystart if not implemented
  • BUG/MINORquic-beMissing keywords array NULL termination
  • MINORquicimplement cc-algo server keyword
  • MINORquicextract cc-algo parsing in a dedicated function
  • MINORquicdefine quic_cc_algo as const
  • BUG/MEDIUMstconnDon't report abort from SC if read0 was already received
  • BUG/MEDIUMhttp-anaProperly detect client abort when forwarding response (v2)
  • MINORh2/traceemit a trace of the received RST_STREAM type
  • BUG/MEDIUMh3fix access to QCS <sd> definitely
  • BUG/MEDIUMsslDon't resume session for check connections
  • BUG/MEDIUMsslDon't store the ALPN for check connections
  • MINORconnectionsAdd a new CO_FL_SSL_NO_CACHED_INFO flag
  • BUG/MEDIUMsslAlways check the ALPN after handshake
  • MEDIUMssl/serverNo longer store the SNI of cached TLS sessions
  • BUG/MEDIUMsslDon't reuse TLS session if the connection's SNI differs
  • MEDIUMtcpcheck/backendGet the connection SNI before initializing SSL ctx
  • MINORconnection/sslStore the SNI hash value in the connection itself
  • MINORsslCompare hashes instead of SNIs when a session is cached
  • MINORsslStore hash of the SNI for cached TLS sessions
  • MINORsslAdd a function to hash SNIs
  • MEDIUMquicAdd connection as argument when qc_new_conn() is called
  • BUG/MINORmworker/cli'show proc' is limited by buffer size
  • CLEANUPmworker/cliremove useless variable
  • BUG/MEDIUMh3do not access QCS <sd> if not allocated
  • DOCconfigImprove spop mode documentation
  • DOCconfigFix description of the spop mode
  • BUG/MEDIUMhttp-anaDon't close server connection on read0 in TUNNEL mode
  • BUG/MINORlogDump good %B and %U values in logs
  • BUG/MINORsslDon't allow to set NULL sni
  • BUG/MINORquicdo not set first the default QUIC curves
  • BUG/MINORquic-bemissing connection stream closure upon TLS alert to send
  • MINORquicavoid code duplication in TLS alert callback
  • MINORquicAdd useful debugging traces in qc_idle_timer_do_rearm()
  • BUG/MINORquic-behandshake errors without connection stream closure
  • BUG/MINORquic/sslcrash in ClientHello callback ssl traces
  • DOCconfigreorder the cache section's keywords
  • DOCconfigmention clearer that the cache's total-max-size is mandatory
  • BUG/MEDIUMconfigignore empty args in skipped blocks
  • BUG/MEDIUMconnectionfix bc_settings_streams_limit typo
  • DOCconfigurationECH support details
  • BUG/MINORjwtMissing case in switch statement
  • BUG/MEDIUMmworker/listenerambiguous use of RX_F_INHERITED with shards
  • MINORhapee/modulesreport the per-stream allocated size for each module
  • BUG/MEDIUMhapeeprevent the module file name being overwritten
  • MEDIUMhapeeHAPEE_MODULE_DECLARE() allows to declare an HAPEE module
  • BUG/MINORhapeeMakefile: bad substitution for MODVERSION variable
  • BUG/MINORhapeerelax __vers symbol check
  • BUG/MINORhapee/modulescan't load modules with USE_OBSOLETE_LINKER
  • BUG/MINORhapeeremove leading \n on __vers error
  • MEDIUMhapeewarn on unsupported initcalls
  • BUG/MINORhapeeforbid to load a module twice
  • HAPEEudpupdate structs and functions required for the UDP module
  • HAPEEmakefileautomatically build objects in addons/hapee_*
  • HAPEEmakefileupdate the cleanup rule to also remove *.i from addons
  • HAPEEaddonsquic CID in -vv
  • HAPEEaddonsadds quic CID generator to interop with packetshield
  • MEDIUMhapeedoes not pass OPTION_LDFLAGS to modules
  • MINORhapee/modulescheck if we generate the API hash correctly
  • BUG/MINORhapee/modulesadjust include match() in gen-modules-config-h.awk
  • BUG/MINORhapee/modulesinitialize the module head list
  • BUILDhapee/modulesselect either md5 or md5sum
  • MEDIUMhapee/modulesload the STG_REGISTER initcalls
  • BUG/MINORhapee/modulesdisplay detailed error message on mod_init() failure
  • MINORhapee/modulesadd a new label MODULES_LOCK to the lock_label enum
  • MINORhapee/modulesadd the ability to register variable and functions.
  • MEDIUMhapee/modules'modules list' on the cli shows currently loaded modules
  • MINORhapee/modulesterminate properly loaded modules if possible
  • MEDIUMhapee/modulesadd memory reservation support for the modules
  • BUILDhapee/modulesupdate HAPEE version macro to 3.3r1
  • BUILDhapee/modulesadd macros to compute numerical value of a HAPEE version
  • BUILDhapee/modulesadd version of the module in the defines
  • MEDIUMhapee/modulesadd modules support
×

About the new layout

For 2025, we're happy to introduce a redesigned HAProxy Configuration Manual!

The new manual enhances the user experience by providing more help for keywords, including more details about context, usage, and syntax. New search filters help you find keywords faster, with separate coverage for each variant.

If you would prefer to use the older layout click here.