Hi,
HAProxy 3.3.1 was released on 2025/12/19. It added 45 new commits
after version 3.3.0.
Unlike what I said, the 2.8.17 was not the last release emitted this week.
The 3.3.1 was missing, while it was promized ! Following issues were fixed
by this release:
- In QUIC, HyStart++ algorithm for QUIC connections is now disabled for
congestion control algorithms not supporting it. It caused crashes when
when it was enabled with BBR for instance. The "quic-cc-algo" server
directive allows to choose the congestion control algorithm for outgoing
QUIC connections. And there were some fixes on the QUIC backend.
- A possible crash in H3 was fixed because a internal variable could be
accesses while unallocated.
- In master-worker mode, an ambiguity about a flag was fixed. It has no
impact on 3.1 and upper thanks to the master-worker refactoring that has
occurred in 3.1 but that led to a file descriptor leak for duplicated unix
stats sockets in the master process in 3.0 and lower.
- A typo in the "bc_settings_streams_limit" sample fetch function made it
unavailable. This was fixed to accordingly to the name used in the
configuration manual.
- An old bug form 2012 was fixed about the HTTP TUNNEL handling that causing
tunnelled streams closed by the server to be closed on both sides at once
and logging an error. And the timer used for "wait-for-body" action was
not properly reset, causing some trouble with some following actions, like
"pause".
- The "show proc" master-CLI command is no longer limited by the output
buffer size and will now be able to list many processes.
- In SSL, an issue with the TLS sessions reuse was fixed. The SNI was not
considered when a TLS session was reused. Because of this issue, it was
possible to inherit from an old SNI for connection without SNI. Now, the
SNI of the cached TLS session must match the one that will be used for the
new connection. There was also an issue regarding the choice of the
ALPN, especially when the ALPN for health-checks differed from the one
used for regular traffic.
- An old bug, introduced in 2.2.0, about private idle connections attached
to a session, leading to a crash, was fixed by reverting the offending
commit.
- H2 backend: in some cases it was possible to continue to use a connection
till the last stream ID permitted by the server. While this is
undetectable by the server since it serves to process streams in flight,
it's forbidden by the spec and not all parts handled it similarly in the
code (some applied the client rule and others the server one depending how
they were). The main impact is that after releasing the last allowed
stream to a server, the connection was not set back to the idle pool but
wasn't killed either, and a late activity (e.g. a shutdown) could trigger
a BUG_ON() condition detecting this inconsistency and crash the
process. Only 3.3 was affected by the BUG_ON() and it's not sure at this
point whether any other effect could have happened on older versions. For
this reason only 3.3 has the fix for now, others might follow later.
The rest is pretty minor, essentially doc updates.
Thanks everyone for your help.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation: https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse: https://discourse.haproxy.org/
Slack channel: https://slack.haproxy.org/
Issue tracker: https://github.com/haproxy/haproxy/issues
Q&A from devs: https://github.com/orgs/haproxy/discussions
Sources : https://www.haproxy.org/download/3.3/src/
Git repository : https://git.haproxy.org/git/haproxy-3.3.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-3.3.git
Changelog: https://www.haproxy.org/download/3.3/src/CHANGELOG
Dataplane API:
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs: https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds: https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Amaury Denoyelle (6):
BUG/MEDIUM: h3: do not access QCS if not allocated
BUG/MEDIUM: h3: fix access to QCS definitely
Revert "MINOR: quic: use dynamic cc_algo on bind_conf"
MINOR: quic: define quic_cc_algo as const
MINOR: quic: extract cc-algo parsing in a dedicated function
MINOR: quic: implement cc-algo server keyword
Christopher Faulet (15):
BUG/MINOR: ssl: Don't allow to set NULL sni
BUG/MINOR: log: Dump good %B and %U values in logs
BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL
mode
DOC: config: Fix description of the spop mode
DOC: config: Improve spop mode documentation
MEDIUM: quic: Add connection as argument when qc_new_
