Hi, HAProxy 3.2.10 was released on 2025/12/18. It added 34 new commits after version 3.2.9.
The 3.2.10 is quite light. However, as usual, it fixed some issues: - In QUIC, collisions on CID generation were fixed to unsure a generated CID is not a duplicate value. Otherwise, at best, client packets would be rejected by haproxy, most probably with a STATELESS_RESET. At worst, crashes might be experienced. This is issue is pretty rare, but it can only be observed if running with a high number of concurrent connections in parallel. In addition, HyStart++ algorithm for QUIC connections is now disabled for congestion control algorithms not supporting it. It caused crashes when when it was enabled with BBR for instance. - A fix for applets that could trigger the spinning loop detection because of a mixup between read/send events and ability for an applet to receive and send. - A regression on the CLI about its new yield state, introduced in 3.2.8, was fixed. This new state was added to be able to send small response by batches to save CPU. - In master-worker mode, an ambiguity about a flag was fixed. It has no impact on 3.1 and upper thanks to the master-worker refactoring that has occurred in 3.1 but that led to a file descriptor leak for duplicated unix stats sockets in the master process in 3.0 and lower. - A typo in the "bc_settings_streams_limit" sample fetch function made it unavailable. This was fixed to accordingly to the name used in the configuration manual. - An old bug form 2012 was fixed about the HTTP TUNNEL handling that causing tunnelled streams closed by the server to be closed on both sides at once and logging an error. And the timer used for "wait-for-body" action was not properly reset, causing some trouble with some following actions, like "pause". - The reuse of idle connections for health-checks, via "check-reuse-pool" keyword, is now restricted to HTTP health-checks. Indeed, reusing a connection outside of HTTP is an undefined behavior. The impact of this bug is unknown and depends on the proxy/server configuration. In the case of an HTTP backend with non-HTTP checks, check-reuse-pool would probably cause a drop in reuse rate. - The "wait-for-body" action was fixed to properly reset the timer used by the action. It could be an issue for some following actions, like "pause", that also rely on the same timer. - In HTX, the end-of-message marker, set via HTX_FL_EOM flag, is no longer set for 1xx informational messages. It was not expected to have this maker at this stage. It is espacially important whne an informational messages is processed on client side while the final response was not recieved yet, to not erroneously detect the end of the message. - The H2 multiplexer was fixed to be able to send the preface with the first request if possible. It was mandatory to be able to send as much data as possible via 0-RTT. The H1 multiplexer was also fixed but on client side, to immediately try to read data when it is initialized, instead of waiting for a receive event. The purpose of the fix was to be able to receive 0-RTT data. - ACME part received some minor fixes. The rest is pretty minor, essentially doc updates. Finally the issue affecting the idle connections was not fixed in this release. The impacts for the 3.2 are pretty limited and most probably unnoticeable. However, the 3.3 was fixed, mainly to have some feedback on the fix. A 3.3.1 should be emitted soon. Thanks everyone for your help. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Q&A from devs : https://github.com/orgs/haproxy/discussions Sources : https://www.haproxy.org/download/3.2/src/ Git repository : https://git.haproxy.org/git/haproxy-3.2.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-3.2.git Changelog : https://www.haproxy.org/download/3.2/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages --- Complete changelog : Amaury Denoyelle (5): MINOR: cfgdiag: adjust diag on servers BUG/MINOR: check: only try connection reuse for http-check rulesets MINOR: quic: adjust CID conn tree alloc in qc_new_conn() MINOR: quic: split CID alloc/generation function BUG/MEDIUM: quic: handle collision on CID generation Aurelien DARRAGON (2): MINOR: hlua: emit a log instead of an alert for aborted actions due to unavailable yield BUG/MINOR: cfgparse-listen: update err_code for fatal error on proxy directive Christopher Faulet (8): BUG/MEDIUM: h1-htx: Don't set HTX_FL_EOM flag on 1xx informational messages BUG/MINOR: http-ana: Reset analyse_exp date after 'wait-for-body' action BUG/MEDIUM: applet: Fix conditions to detect spinning loop with the new API BUG/MEDIUM: cli: State the cli have no more data to deliver if it yields BUG/MINOR: ssl: Don't allow to set NULL sni BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode DOC: config: Fix description of the spop mode DOC: config: Improve spop mode documentation Frederic Lecaille (3): BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm() BUG/MEDIUM: quic: support some ciphersuites and curves related options Maxime Henrion (1): BUG/MINOR: acme: fix ha_alert() call Olivier Houchard (2): MEDIUM: h1: Immediately try to read data for frontend BUG/MEDIUM: quic: Don't try to use hystart if not implemented Remi Tricot-Le Breton (1): BUG/MINOR: jwt: Missing "case" in switch statement William Lallemand (5): BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards BUG/MINOR: acme: handle multiple auth with the same name BUG/MINOR: acme: prevent creating map entries with dns-01 BUG/MINOR: acme: better challenge_ready processing BUG/MINOR: acme: warning ‘ctx’ may be used uninitialized Willy Tarreau (7): BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo DOC: config: mention clearer that the cache's total-max-size is mandatory DOC: config: reorder the cache section's keywords MINOR: h2/trace: emit a trace of the received RST_STREAM type MEDIUM: mux-h2: do not needlessly refrain from sending data early MINOR: mux-h2: extract the code to send preface+settings into its own function BUG/MINOR: mux-h2: send the preface along with the first request if needed -- Christopher Faulet
