Release notes

HAProxy Data Plane API 3.2 release notes

On this page

Key changes in the HAProxy Data Plane API 3.2 release include:

New features Jump to heading

  • ACME support

    • Added support for the acme section.
    • Added crt-store support for acme and domains attributes.
    • Added runtime APIs for acme renew and acme status.

  • Configuration enhancements

    • Added support for child resources in the defaults section.
    • Added parsing and serializing of in-line comments in configuration for all API resources. They’re parsed and serialized as plain JSON and in the metadata field for each API resource.
    • Introduced tune.quic.frontend.max-tx-mem to the global tune_quic_options.
    • Added compression minsize-req and minsize-res to the compression keyword.
    • Added the recv-only flag to the stick-table and table resources.
    • Added glitches_kill_cpu_usage to the global tune options.
    • Added takeover_other_tg_connections to the global tune options.
    • Added strict-maxconn to the server parameters.
    • Added the check-pool-conn-name and check-reuse-pool health check keywords for servers.
    • Implemented the idle-ping parameter for server and bind.
    • Added support for the tune.notsent-lowat.server and tune.notsent-lowat.client keywords in the global section.
    • Added support for tune.lua.bool-sample-conversion.
    • Added support for the hash-preserve-affinity keyword in defaults, backends, and listen sections.
    • Added support for the cpu-set and cpu-policy keywords in the global section.
    • Added support for the new HAProxy 3.2 global keywords: acme.scheduler, stress-level, tune.epoll.mask-events, and tune.max-rules-at-once.
    • Added support for the dont-parse-log and assume-rfc6587-ntf options in the log-forward section.
    • Added support for the option pause for http-request and http-response keywords.
    • Added support for http-drop-response-trailers in defaults and frontend sections.
    • Added support for http-drop-request-trailers in defaults and backend sections.
    • Added the dns-accept-family option in the global section.

  • SSL/TLS

    • Added support for the ssl-f-use keyword.
    • Added the no-strict-sni and tls-tickets parameters to bind.
    • Added runtime APIs for certificates, CRLs, and OCSP.
    • Added support for crt-list files in storage.
    • Added an option to skip reload when creating an SSL certificate.

  • API and validation

    • Added Subject and Serial to the certificate response model.
    • Now uses the same logic to check configuration when using the /raw API.
    • Now shows validation errors for /raw API uploads, not just the status.

Bug fixes Jump to heading

  • Runtime and server management

    • Fixed an issue where all server options were not being added for runtime_server.
    • Fixed creating servers with HAProxy >= 3.0, where the enabled keyword is no longer accepted dynamically.

  • Configuration and users

    • Fixed panic when insecure isn’t set for users.
    • Fixed setting of duration types in the configuration.
    • Fixed tune.bufsize parsing issue, reverting to the string type.
    • Fixed the reload service name for the s6 reload strategy.
    • Fixed the general storage error message when no FileUpload is specified.
    • Fixed option redispatch serialization.
    • Fixed bind updates without requiring a restart, addressing serialization type issues for bind parameters.
    • Added a nil check on global conversion to avoid panic if TuneOptions was nil.

  • Authentication

    • Now ensures userlist settings are respected when configured.

  • SSL

    • Added support for the skip_reload parameter when creating SSL certificates.

  • API and rules

    • The API now accepts set-var-fmt in http_request_rule.

  • Panics

    • Avoids panic in runtime Reload if the output is empty.

Other Changes Jump to heading

  • Build and dependencies

    • Upgraded the API version to 3.2.
    • Upgraded Go to 1.24.
    • Upgraded the bats version for CI.
    • Fixed yaml-lint errors.

  • Internal refinements and tests

    • Refactored to not use logrus directly in handlers.
    • Fixed cache tests in E2E tests.
    • Removed debug traces from E2E tests.
    • Fixed program tests for the deprecated section.
    • Fixed removing of added SSL certificates.
    • Added 3.2 for CI and removed 2.9 in E2E tests.
    • Added a proper HAProxy configuration for the x_issue_132 test in E2E tests.
    • Added a runtime server unit test.
    • Fixed random CI failures when removing a defaults section.
    • Attempted to fix bug_132 failures on CI.
    • Aligned the specification to the latest changes in the client-native library.
    • Made port optional via a nil value in the service.
    • Fixed the compare test generator.
    • Added metadata tests.
    • Fixed Go 1.24 lint errors.
    • Generated the spec with the latest changes.

Do you have any suggestions on how we can improve the content of this page?

Previous page Release notes Next page v3.1
© 2025 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences