Hi,

HAProxy 3.5-dev2 was released on 2026/07/08. It added 114 new commits
after version 3.5-dev1.

As with most early development releases, this one starts by removing the
features that were planned for removal in 3.5 and deprecated since at least
3.3:

  - support for "dispatch" and "transparent" keywords in proxies; these
    have remained extremely limited while they can be entirely replaced
    with a more flexible "server" directive. As usual, the error messages
    suggest what to do.

  - removal of the OpenTracing add-on. It has been long outdated and now
    that OpenTelemetry is available, there is no longer any justification
    for continuing to make efforts to support it at any cost.

  - the "master-worker" global keyword is no longer accepted alone, the
    only way to enable master mode is via the command line (-W or -Ws).
    The "master-worker exit-on-failure" directive remains supported for
    now (probably not till the end of the dev cycle, we'll see), however
    now it checks that -W/-Ws was properly passed.

  - these deprecated QUIC config keywords were also dropped:
    tune.quic.cc.cubic.min-losses, tune.quic.cc-hystart,
    tune.quic.disable-tx-pacing, tune.quic.disable-udp-gso,
    tune.quic.frontend.max-data-size, tune.quic.frontend.max-idle-timeout,
    tune.quic.frontend.max-streams-bidi, tune.quic.frontend.max-tx-mem
    tune.quic.frontend.stream-data-ratio, tune.quic.retry-threshold,
    tune.quic.frontend.default-max-window-size, tune.quic.max-frame-loss,
    tune.quic.reorder-ratio, tune.quic.socket-owner.

Aside these, 28 bugs were fixed (1 major, 10 medium and rest is minor),
and there are some more or less visible changes:

  - the HTTP client's initialization now considers default SSL settings
    from ssl-default-server-* (ciphers, ciphersuites). It should improve
    security for auxiliary services relying on it (Lua, ACME etc) but may
    also cause failures if accessing internal services running on old
    stacks/settings for example.

  - the large buffer support was refined so that it never applies by
    accident to header processing (which remains limited to tune.bufsize),
    otherwise some failures could happen at random places down the chain
    (converters, muxes etc). This will be backported to 3.4 before users
    get trapped with stuff that randomly works by accident.

  - haload: as mentioned by Fred a few days ago, this new build target of
    the makefile yields an HTTP load generator executable that is very
    similar to h1load in usage except that this one supports HTTP versions
    0.9, 1.0, 1.1, 2, 3 over TCP and/or SSL, and 0.9 and 3 over QUIC, by
    relying on haproxy's network stack. It's starting to be fairly
    complete and totally usable, to the point that latest updates were
    totally cosmetic because some of us are already using it. Certain
    points might possibly change and are not strongly decided, so
    discussions with users will be more than welcome.

  - the CLI now supports "set server name" to rename a server (except if
    it's explicitly designated by its name in the config). This can be
    useful when repurposing a server in a farm or in combination with
    server-templates.

  - OCSP: initial failures are no longer fatal (previously a missing
    issuer certificate would prevent from starting), and instead emit
    a warning.

  - more QUIC traces (hq_interop = HTTP/0.9 this time)

  - new sample fetch functions be_max_retries and cur_max_retries permit
    to retrieve such values for the current stream (useful for logging
    or to apply automatic values based on calculations).

  - a few more "USE_*" settings for FCGI, H2, TRACE and SPOE permitting
    to remove features that are not considered as needed for some
    environments, helping to build smaller binaries. A new "tiny" target
    disables all of them and permits to drop the binary size from 13.7 to
    to 2.7 MB (divided by 5) without SSL, and from 14.2 to 3.2 with SSL,
    which offers more convenient options for embedded usage or installation
    on resource-limited devices (e.g. your home WiFi router). More such
    options will come over time so that users can make haproxy observe a
    strict diet if they don't need certain features (or are willing to
    give them up in exchange of a smaller executable).

  - regtests have been cleaned up from leftovers of pre-2.6 versions.

  - various cleanups and a few doc updates

So I would say that 3.5 is progressively starting to take shape. Except
for haload and deprecated features removal, there's nothing outstanding
here. The feature removal is a great opportunity for running it over your
oldest running configs to make sure nothing is missing.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Q&A from devs    : https://github.com/orgs/haproxy/discussions
   Sources          : https://www.haproxy.org/download/3.5/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/3.5/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   OpenTelemetry    : https://github.com/haproxytech/haproxy-opentelemetry
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Willy
---
Complete changelog :
Alexander Stephan (5):
      BUG/MINOR: sample: set SMP_F_CONST on srv_name fetch
      MINOR: server: distinguish name references with new SRV_F_NAME_REFD flag
      MEDIUM: server: add 'set server name' CLI command for runtime server 
renaming
      REGTESTS: server: add test for 'set server name' CLI command
      DOC: server: document 'set server name' CLI command

Amaury Denoyelle (16):
      BUG/MEDIUM: h3: fix trace crash on frontend response headers
      BUG/MINOR: hq-interop: fix transcoding of wrapping response buffer
      BUG/MINOR: hq-interop: support transcoding of absolute URI
      BUG/MINOR: h3: adjust HTTP headers traces
      MINOR: mux_quic: add minimal traces for QUIC MUX init/release
      MINOR: hq-interop: add request start-line traces
      MINOR: hq-interop: trace transcoding of response status line
      MINOR: hq-interop: trace HTX headers
      BUG/MEDIUM: h3: fix parser desync on error with multiple frames
      BUG/MINOR: mux_quic: prevent multiple STOP_SENDING emission per stream
      BUG/MEDIUM: mux_quic: do not free QCS if STOP_SENDING to sent
      MINOR: mux_quic: use separate error code for STOP_SENDING
      MINOR: mux_quic: adjust shut stream callback
      BUG/MEDIUM: mux_quic: complete stream shutdown for read channel
      BUG/MINOR: quic: ignore STREAM after MUX closure on BE side
      MEDIUM: quic: remove deprecated keywords

Christopher Faulet (15):
      BUG/MAJOR: htx: Don't swap buffers for empty HTX message with an error
      CLEANUP: applet/http-client: Don't needlessly copy HTX flags after 
htx_xfer()
      BUG/MINOR: mux-quic: Fix handling EOM after in qcs_http_rcv_buf()
      BUG/MINOR: http-htx: Don't by-pass HTX API when merging cookie values
      BUG/MEDIUM: tcpcheck: Add proxy used for healthcheck sections in proxies 
list
      BUG/MINOR: sample: Fix a possible underflow on be2hex for large chunk size
      MINOR: chunks: Add function to get a large/regular chunk depending on a 
buffer
      BUG/MEDIUM: chunk: Review chunks usage to not retrieve a large buffer by 
error
      MINOR: htx: Add a field to save the headers data size
      MEDIUM: htx: Be sure size of headers never exceed regular buffer on update
      BUG/MINOR: stream: Fix custom timeouts initialization when setting backend
      REGTESTS: Improve script testing the set-timeout action
      BUG/MINOR: stream: Fix custom max-retries initialization when setting 
backend
      MINOR: stream: Add be_max_retries/cur_max_retries sample fetch functions
      BUG/MINOR: http-conv: Make url-dec failed if no space for trailing null 
byte

Dragan Dosen (1):
      MINOR: log: add app_log_raw() and send_log_raw() for binary-safe logging

Frederic Lecaille (16):
      BUG/MEDIUM: mux_quic: fix memory leak of rx app_buf on stream free
      MINOR: hbuf: new lightweight hbuf API
      MINOR: init: add no listener mode
      MINOR: trace: add definitions for haload streams
      MINOR: hldstream: add definition of hldstream struct objects
      MINOR: obj_type: add OBJ_TYPE_HALOAD for haload stream objects
      MINOR: stconn: add sc_hastream() and __sc_hastream() helpers
      MINOR: stconn: export sc_new()
      MINOR: server: export functions used during server initialization
      MINOR: haload: import source code and documentation
      BUG/MINOR: init: fix default global settings being overwritten by -G
      BUG/MINOR: haload: fix spurious task wakeup in hld_strm_task()
      BUG/MINOR: hbuf: treat unexpected escape sequences as literals
      MINOR: haload: move statistics header printing to mtask_cb
      MINOR: haterm: add note about QUIC usage on SSL port
      MINOR: haload: allow "0" shortcut for IPv4 bind address

Huangbin Zhan (1):
      BUG/MINOR: tools: fix invalid character detection in strl2ic()

Olivier Houchard (2):
      BUG/MEDIUM: servers: Use a refcount for port_range and free it properly
      BUG/MEDIUM: fd: Fix a deadlock when closing other tgroups fds

Remi Tricot-Le Breton (1):
      MINOR: ocsp: Do not see ocsp loading failures as fatal anymore

Steven Honson (1):
      BUG/MEDIUM: server: initialise agent.health in srv_settings_init()

Tim Duesterhus (6):
      REGTESTS: Remove unused `add_range_to_test_list` function from 
`scripts/run-regtests.sh`
      REGTESTS: Remove unused `_version` function from `scripts/run-regtests.sh`
      REGTESTS: Migrate REQUIRE_OPTION to `haproxy -cc`
      REGTESTS: Remove support for `REQUIRE_OPTION` from scripts/run-regtests.sh
      REGTESTS: Migrate `REQUIRE_SERVICE=prometheus-exporter` to a 
`feature(PROMEX)` check
      REGTESTS: Remove support for `REQUIRE_SERVICE` from 
scripts/run-regtests.sh

William Lallemand (3):
      MINOR: ssl: export ssl_sock_init_srv()
      MEDIUM: httpclient: initialize the httpclient with default SSL values
      CI: github: update vmactions/freebsd-vm to 14.4

Willy Tarreau (47):
      MINOR: proxy: permit to report version info for option deprecation
      MAJOR: proxy: remove support for "dispatch" and "transparent" proxy 
keywords
      MEDIUM: cli/show-fd: no longer accept filtering for dispatch mode
      CLEANUP: connection: remove some checks for objt_proxy(conn->target)
      CLEANUP: backend: drop checks for OBJ_TYPE_PROXY in connect() code
      CLEANUP: trace: remove backend retrieval attempt from conn->target
      MAJOR: ot: remove deprecated OpenTracing support
      CI: github: remove OpenTracing leftovers
      BUILD: quic: workaround a gcc bug saying "maybe used uninitialized" when 
USE_TRACE=0
      CLEANUP: traces: get rid of a few rare empty args in TRACE calls
      MINOR: compiler: add a macro to ignore all arguments
      MINOR: trace: always pretend to use args when disabled
      BUILD: ssl: avoid a wrong null deref warning in ssl_sock_handshake
      CLEANUP: haproxy: remove -dt parsing and help when !USE_TRACE
      CLEANUP: mux-h2/traces: remove unused trace code when building without 
USE_TRACE
      CLEANUP: debug/trace: remote "debug dev trace" when USE_TRACE is not set
      BUG/MINOR: trace/quic_frame: use buf, not trace_buf in chunk_frm_appendf()
      CLEANUP: trace/h3: allow to disable traces in H3
      CLEANUP: trace/config: do not register section "traces" with USE_TRACE=0
      CLEANUP: trace/tree-wide: drop trace decoding/definition when USE_TRACE=0
      BUILD: makefile: only build trace.c and ssl_trace.c when USE_TRACE is set
      BUILD: makefile: add macros enable_opts and disable_opts
      BUILD: makefile: add an option to enable or disable HTTP/2 (USE_H2)
      BUILD: makefile: add an option to enable or disable FCGI (USE_FCGI)
      BUILD: makefile: add an option to enable or disable SPOE (USE_SPOE)
      BUILD: makefile: add a new generic target "tiny"
      DEV: patchbot: keep the review start in sync with the radios on reload
      DEV: patchbot: only display the first 8 chars of the commit id
      DEV: patchbot: pass the branch version to the generated page
      DEV: patchbot: let the page fetch the shared review state
      DEV: patchbot: let the page save the review edits to the server
      DEV: patchbot: let the page edit and delete whole notes
      DEV: patchbot: gray the save button when there is nothing to save
      DEV: patchbot: don't pretend a save succeeded when the server ignored it
      DEV: patchbot: tolerate polluted save responses and show server warnings
      DEV: patchbot: repeat the syncing buttons at the bottom of the page
      DEV: patchbot: update: add an awk backend to persist review edits
      DEV: patchbot: update: return the stored overlay as JSON on GET
      DEV: patchbot: update: support replacing a whole note blob (setnotes)
      DEV: patchbot: update: report git commit failures in the save response
      DEV: patchbot: update: report the exact git error to the user
      DEV: patchbot: update: never write to stderr, thttpd sends it first
      DEV: patchbot: update: name the touched commits in the storage messages
      DEV: patchbot: document the shared review persistence
      MAJOR: mworker: remove deprecated "master-worker" global keyword
      DOC: haterm: add a missing 'haterm' build target on an example
      DOC: readme: add a pointer to haterm/haload docs

---


Reply via email to