Hi,
HAProxy 3.5-dev2 was released on 2026/07/08. It added 114 new commits
after version 3.5-dev1.
As with most early development releases, this one starts by removing the
features that were planned for removal in 3.5 and deprecated since at least
3.3:
- support for "dispatch" and "transparent" keywords in proxies; these
have remained extremely limited while they can be entirely replaced
with a more flexible "server" directive. As usual, the error messages
suggest what to do.
- removal of the OpenTracing add-on. It has been long outdated and now
that OpenTelemetry is available, there is no longer any justification
for continuing to make efforts to support it at any cost.
- the "master-worker" global keyword is no longer accepted alone, the
only way to enable master mode is via the command line (-W or -Ws).
The "master-worker exit-on-failure" directive remains supported for
now (probably not till the end of the dev cycle, we'll see), however
now it checks that -W/-Ws was properly passed.
- these deprecated QUIC config keywords were also dropped:
tune.quic.cc.cubic.min-losses, tune.quic.cc-hystart,
tune.quic.disable-tx-pacing, tune.quic.disable-udp-gso,
tune.quic.frontend.max-data-size, tune.quic.frontend.max-idle-timeout,
tune.quic.frontend.max-streams-bidi, tune.quic.frontend.max-tx-mem
tune.quic.frontend.stream-data-ratio, tune.quic.retry-threshold,
tune.quic.frontend.default-max-window-size, tune.quic.max-frame-loss,
tune.quic.reorder-ratio, tune.quic.socket-owner.
Aside these, 28 bugs were fixed (1 major, 10 medium and rest is minor),
and there are some more or less visible changes:
- the HTTP client's initialization now considers default SSL settings
from ssl-default-server-* (ciphers, ciphersuites). It should improve
security for auxiliary services relying on it (Lua, ACME etc) but may
also cause failures if accessing internal services running on old
stacks/settings for example.
- the large buffer support was refined so that it never applies by
accident to header processing (which remains limited to tune.bufsize),
otherwise some failures could happen at random places down the chain
(converters, muxes etc). This will be backported to 3.4 before users
get trapped with stuff that randomly works by accident.
- haload: as mentioned by Fred a few days ago, this new build target of
the makefile yields an HTTP load generator executable that is very
similar to h1load in usage except that this one supports HTTP versions
0.9, 1.0, 1.1, 2, 3 over TCP and/or SSL, and 0.9 and 3 over QUIC, by
relying on haproxy's network stack. It's starting to be fairly
complete and totally usable, to the point that latest updates were
totally cosmetic because some of us are already using it. Certain
points might possibly change and are not strongly decided, so
discussions with users will be more than welcome.
- the CLI now supports "set server name" to rename a server (except if
it's explicitly designated by its name in the config). This can be
useful when repurposing a server in a farm or in combination with
server-templates.
- OCSP: initial failures are no longer fatal (previously a missing
issuer certificate would prevent from starting), and instead emit
a warning.
- more QUIC traces (hq_interop = HTTP/0.9 this time)
- new sample fetch functions be_max_retries and cur_max_retries permit
to retrieve such values for the current stream (useful for logging
or to apply automatic values based on calculations).
- a few more "USE_*" settings for FCGI, H2, TRACE and SPOE permitting
to remove features that are not considered as needed for some
environments, helping to build smaller binaries. A new "tiny" target
disables all of them and permits to drop the binary size from 13.7 to
to 2.7 MB (divided by 5) without SSL, and from 14.2 to 3.2 with SSL,
which offers more convenient options for embedded usage or installation
on resource-limited devices (e.g. your home WiFi router). More such
options will come over time so that users can make haproxy observe a
strict diet if they don't need certain features (or are willing to
give them up in exchange of a smaller executable).
- regtests have been cleaned up from leftovers of pre-2.6 versions.
- various cleanups and a few doc updates
So I would say that 3.5 is progressively starting to take shape. Except
for haload and deprecated features removal, there's nothing outstanding
here. The feature removal is a great opportunity for running it over your
oldest running configs to make sure nothing is missing.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Q&A from devs : https://github.com/orgs/haproxy/discussions
Sources : https://www.haproxy.org/download/3.5/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.5/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
OpenTelemetry : https://github.com/haproxytech/haproxy-opentelemetry
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Alexander Stephan (5):
BUG/MINOR: sample: set SMP_F_CONST on srv_name fetch
MINOR: server: distinguish name references with new SRV_F_NAME_REFD flag
MEDIUM: server: add 'set server name' CLI command for runtime server
renaming
REGTESTS: server: add test for 'set server name' CLI command
DOC: server: document 'set server name' CLI command
Amaury Denoyelle (16):
BUG/MEDIUM: h3: fix trace crash on frontend response headers
BUG/MINOR: hq-interop: fix transcoding of wrapping response buffer
BUG/MINOR: hq-interop: support transcoding of absolute URI
BUG/MINOR: h3: adjust HTTP headers traces
MINOR: mux_quic: add minimal traces for QUIC MUX init/release
MINOR: hq-interop: add request start-line traces
MINOR: hq-interop: trace transcoding of response status line
MINOR: hq-interop: trace HTX headers
BUG/MEDIUM: h3: fix parser desync on error with multiple frames
BUG/MINOR: mux_quic: prevent multiple STOP_SENDING emission per stream
BUG/MEDIUM: mux_quic: do not free QCS if STOP_SENDING to sent
MINOR: mux_quic: use separate error code for STOP_SENDING
MINOR: mux_quic: adjust shut stream callback
BUG/MEDIUM: mux_quic: complete stream shutdown for read channel
BUG/MINOR: quic: ignore STREAM after MUX closure on BE side
MEDIUM: quic: remove deprecated keywords
Christopher Faulet (15):
BUG/MAJOR: htx: Don't swap buffers for empty HTX message with an error
CLEANUP: applet/http-client: Don't needlessly copy HTX flags after
htx_xfer()
BUG/MINOR: mux-quic: Fix handling EOM after in qcs_http_rcv_buf()
BUG/MINOR: http-htx: Don't by-pass HTX API when merging cookie values
BUG/MEDIUM: tcpcheck: Add proxy used for healthcheck sections in proxies
list
BUG/MINOR: sample: Fix a possible underflow on be2hex for large chunk size
MINOR: chunks: Add function to get a large/regular chunk depending on a
buffer
BUG/MEDIUM: chunk: Review chunks usage to not retrieve a large buffer by
error
MINOR: htx: Add a field to save the headers data size
MEDIUM: htx: Be sure size of headers never exceed regular buffer on update
BUG/MINOR: stream: Fix custom timeouts initialization when setting backend
REGTESTS: Improve script testing the set-timeout action
BUG/MINOR: stream: Fix custom max-retries initialization when setting
backend
MINOR: stream: Add be_max_retries/cur_max_retries sample fetch functions
BUG/MINOR: http-conv: Make url-dec failed if no space for trailing null
byte
Dragan Dosen (1):
MINOR: log: add app_log_raw() and send_log_raw() for binary-safe logging
Frederic Lecaille (16):
BUG/MEDIUM: mux_quic: fix memory leak of rx app_buf on stream free
MINOR: hbuf: new lightweight hbuf API
MINOR: init: add no listener mode
MINOR: trace: add definitions for haload streams
MINOR: hldstream: add definition of hldstream struct objects
MINOR: obj_type: add OBJ_TYPE_HALOAD for haload stream objects
MINOR: stconn: add sc_hastream() and __sc_hastream() helpers
MINOR: stconn: export sc_new()
MINOR: server: export functions used during server initialization
MINOR: haload: import source code and documentation
BUG/MINOR: init: fix default global settings being overwritten by -G
BUG/MINOR: haload: fix spurious task wakeup in hld_strm_task()
BUG/MINOR: hbuf: treat unexpected escape sequences as literals
MINOR: haload: move statistics header printing to mtask_cb
MINOR: haterm: add note about QUIC usage on SSL port
MINOR: haload: allow "0" shortcut for IPv4 bind address
Huangbin Zhan (1):
BUG/MINOR: tools: fix invalid character detection in strl2ic()
Olivier Houchard (2):
BUG/MEDIUM: servers: Use a refcount for port_range and free it properly
BUG/MEDIUM: fd: Fix a deadlock when closing other tgroups fds
Remi Tricot-Le Breton (1):
MINOR: ocsp: Do not see ocsp loading failures as fatal anymore
Steven Honson (1):
BUG/MEDIUM: server: initialise agent.health in srv_settings_init()
Tim Duesterhus (6):
REGTESTS: Remove unused `add_range_to_test_list` function from
`scripts/run-regtests.sh`
REGTESTS: Remove unused `_version` function from `scripts/run-regtests.sh`
REGTESTS: Migrate REQUIRE_OPTION to `haproxy -cc`
REGTESTS: Remove support for `REQUIRE_OPTION` from scripts/run-regtests.sh
REGTESTS: Migrate `REQUIRE_SERVICE=prometheus-exporter` to a
`feature(PROMEX)` check
REGTESTS: Remove support for `REQUIRE_SERVICE` from
scripts/run-regtests.sh
William Lallemand (3):
MINOR: ssl: export ssl_sock_init_srv()
MEDIUM: httpclient: initialize the httpclient with default SSL values
CI: github: update vmactions/freebsd-vm to 14.4
Willy Tarreau (47):
MINOR: proxy: permit to report version info for option deprecation
MAJOR: proxy: remove support for "dispatch" and "transparent" proxy
keywords
MEDIUM: cli/show-fd: no longer accept filtering for dispatch mode
CLEANUP: connection: remove some checks for objt_proxy(conn->target)
CLEANUP: backend: drop checks for OBJ_TYPE_PROXY in connect() code
CLEANUP: trace: remove backend retrieval attempt from conn->target
MAJOR: ot: remove deprecated OpenTracing support
CI: github: remove OpenTracing leftovers
BUILD: quic: workaround a gcc bug saying "maybe used uninitialized" when
USE_TRACE=0
CLEANUP: traces: get rid of a few rare empty args in TRACE calls
MINOR: compiler: add a macro to ignore all arguments
MINOR: trace: always pretend to use args when disabled
BUILD: ssl: avoid a wrong null deref warning in ssl_sock_handshake
CLEANUP: haproxy: remove -dt parsing and help when !USE_TRACE
CLEANUP: mux-h2/traces: remove unused trace code when building without
USE_TRACE
CLEANUP: debug/trace: remote "debug dev trace" when USE_TRACE is not set
BUG/MINOR: trace/quic_frame: use buf, not trace_buf in chunk_frm_appendf()
CLEANUP: trace/h3: allow to disable traces in H3
CLEANUP: trace/config: do not register section "traces" with USE_TRACE=0
CLEANUP: trace/tree-wide: drop trace decoding/definition when USE_TRACE=0
BUILD: makefile: only build trace.c and ssl_trace.c when USE_TRACE is set
BUILD: makefile: add macros enable_opts and disable_opts
BUILD: makefile: add an option to enable or disable HTTP/2 (USE_H2)
BUILD: makefile: add an option to enable or disable FCGI (USE_FCGI)
BUILD: makefile: add an option to enable or disable SPOE (USE_SPOE)
BUILD: makefile: add a new generic target "tiny"
DEV: patchbot: keep the review start in sync with the radios on reload
DEV: patchbot: only display the first 8 chars of the commit id
DEV: patchbot: pass the branch version to the generated page
DEV: patchbot: let the page fetch the shared review state
DEV: patchbot: let the page save the review edits to the server
DEV: patchbot: let the page edit and delete whole notes
DEV: patchbot: gray the save button when there is nothing to save
DEV: patchbot: don't pretend a save succeeded when the server ignored it
DEV: patchbot: tolerate polluted save responses and show server warnings
DEV: patchbot: repeat the syncing buttons at the bottom of the page
DEV: patchbot: update: add an awk backend to persist review edits
DEV: patchbot: update: return the stored overlay as JSON on GET
DEV: patchbot: update: support replacing a whole note blob (setnotes)
DEV: patchbot: update: report git commit failures in the save response
DEV: patchbot: update: report the exact git error to the user
DEV: patchbot: update: never write to stderr, thttpd sends it first
DEV: patchbot: update: name the touched commits in the storage messages
DEV: patchbot: document the shared review persistence
MAJOR: mworker: remove deprecated "master-worker" global keyword
DOC: haterm: add a missing 'haterm' build target on an example
DOC: readme: add a pointer to haterm/haload docs
---