HAProxy Data Plane API v3.3.0

Release Notes

Key changes in the HAProxy Data Plane API 3.3 release include:

New Features

ACME DNS-01 Challenge Support

Added comprehensive support for ACME DNS-01 challenges, enabling automated certificate management via DNS validation:

• Added ACME DNS-01 challenge support using libdns to resolve challenges for HAProxy. To use it, configure HAProxy's acme section to use dns-01 challenge with the appropriate acme-provider and acme-vars.
• Implemented DNS propagation checks for ACME with configurable timeout via DPAPI_ACME_PROPAGTIMEOUT_SEC and DPAPI_ACME_PROPAGDELAY_SEC environment variables. Setting DPAPI_ACME_PROPAGTIMEOUT_SEC to -1 disables propagation checks.
• Added support for listening to HAProxy events on the master socket, currently handling the "newcert" event to save newly generated certificates to disk.
• Added runtime handlers for ACME status and renew operations.
• Enabled Route53 DNS provider for ACME challenges.
• Enabled deSEC DNS provider for ACME challenges.
• Added support for the acme-provider and acme-vars keywords for DNS-01 challenge configuration.
• Added support for the reuse-key ACME keyword.

Configuration Enhancements

• Added ssl-passphrase-cmd parameter to the global section.
• Added abortonclose parameter to frontend section.
• Added cc (congestion control) parameter to server and bind configurations.
• Added experimental ktls parameter to server and bind for kernel TLS offloading.
• Added no-ktls option to global section.
• Added experimental shm-stats-file and shm-stats-file-max-objects options to global section.
• Added sni-auto / no-sni-auto parameters to server configuration.
• Added check-sni-auto / no-check-sni-auto parameters to server configuration.
• Added tcp-md5sig parameter to both server and bind configurations.
• Added renegotiate keyword support for servers.
• Added label bind parameter support.
• Specification now populates defaults from the OpenAPI spec.

SSL/TLS Improvements

• Added support for parsing multiple certificate options in bind configurations, now parsed and serialized as SslCertificate field delimited by :.
• Added runtime support for dumping SSL certificates.
• Fixed IP address certificate acceptance.
• Enhanced leaf certificate selection to include DNS names, fixing cases where names are too long and have no CN but only SAN.
• Fixed self-signed certificates parsing in storage API.

Parser and Serialization Improvements

• Added parser option allowing exclusion of sections with a given name during serialization.
• Sections are now always sorted by name even if dependency or circular checks fail.
• Switched to go-method-gen for methods generation with automatic unit tests generation.
• ACL now uses the same type in config parser as in the rest of the module.
• Config parser now allows using models for types.

Bug Fixes

Data Plane API

• Fixed GET default sections endpoint ignoring the full_section=true parameter.
• Fixed service discovery to keep running despite errors instead of stopping.
• Fixed AWS service discovery to enforce context timeout when interacting with AWS endpoints.

Configuration and Serialization (client-native)

• Fixed missing set-var-fmt in http_after_response_rule.
• Fixed duplicate name entry of binds.
• Fixed all names marked as required to fit in map structured data.
• Fixed default time suffix for stats refresh delay (was milliseconds, should be seconds).
• Fixed serialization of FCGI option mpxs-conns.
• Fixed duplication of xxx / no-xxx options on serialization.
• Fixed server templates ordering by name when serialized.
• Fixed serialization of UseFCGIApp which was failing with "invalid data".
• Fixed missing int and expression in http-after-response sc-add-gpc.
• Fixed http-response sc-add-gpc and sc-inc-gpc serialization issues.
• Fixed http-request sc-add-gpc and sc-inc-gpc serialization.
• Fixed tcp-request content set-bandwidth-limit to avoid serializing limit and period if not set.
• Fixed filter bwlim-in and bwlim-out min-serialize.
• Fixed tls-tickets serialization in bind params.
• Fixed server fall and rise options parsing (are counters, not time values).
• Fixed serialization of log-steps.
• Fixed servers in backends ordering by name when serialized.
• Fixed missing ID in Frontend serialization.
• Fixed default-bind to report error when parsing failed.
• Fixed ACME vars ordering when serializing.
• Fixed metadata where it was missing.

Runtime

• Added missing fields to stick table output: http_fail_cnt, http_fail_rate, gpt, gpc, and gpc_rate.
• Fixed missing reload socket command termination.
• Fixed redispatch to allow interval of 0.

Other Changes

Build and Dependencies

• Upgraded Go to 1.25.
• Upgraded golangci-lint to 2.8.0.
• Upgraded go-swagger to v0.32.3.
• Upgraded client-native library to latest version.
• Updated AWS SDK packages to latest versions.
• Updated golang.org/x packages.
• Fixed CVE-2025-47911.
• Swagger now honors default values for fields set in the specification.

Testing

• Updated E2E tests for HAProxy 3.3 and 3.4 compatibility.
• Added ACME test infrastructure and HTTP-01 testing.
• Fixed tests for HAProxy 3.3 (backends and frontends cannot share the same name; program section removed).
• Allowed passing multiple test names in $TESTNAME for faster test validation.
• Fixed the set_uid E2E test to work on both Alpine and Debian.
• Added automatic unit tests generation for client-native.
• Fixed gentype issue that prevented running tests for sections with dashes.
• Re-enabled gocritic linter which was mistakenly disabled.

CI/CD

• Added CI question for backport need on merge requests.
• Cancel duplicate pipelines on forked projects.
• Updated GitHub Actions tooling and Go versions.

HAProxy Compatibility

This release supports HAProxy 3.3 and later versions.

Contributors

We would like to thank all the contributors who made this release possible:

Contributor	Area
Olivier Duclos	FEATURE | BUG | TEST | REORG
Marko Juraga	BUILD | BUG | CLEANUP | FEATURE | TEST
Vincent Gramer	FEATURE | BUG | BUILD
Helene Durand	BUG | FEATURE | TEST
Zlatko Bratkovic	BUILD | BUG | CLEANUP
Dario Tranchitella	BUG
Ivan Matmati	FEATURE | CLEANUP
Pierre-Alain SIMON	BUILD
Philipp Kolberg	BUG
JM	BUG
AdamJCrawford	BUILD

Thank you to everyone who contributed code, reported issues, and provided feedback for this release!

HAProxy Data Plane API v3.2.8

Release Notes

HAProxy Data Plane API v3.2.8 9a2438b

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:36:17Z

Changelog

• 7ba2269 BUG/MINOR: fix GET default sections with full_section=true
• cdc5102 BUG/MINOR: keep service discovery running despite errors
• 2da0bbf BUG/MINOR: sd: enforcing context timeout when interacting with AWS endpoints
• 4f4aa36 BUILD/MEDIUM: client-native: upgrade to latest client-native
• cd5b78a BUILD/MEDIUM: golang: upgrade go to 1.25 and linter to 2.8.0
• 481e75f TEST/MINOR: e2e: upgrade e2e tests to haproxy 3.2
• 9a2438b TEST/MINOR: set_uid: fix the set_uid test

HAProxy Data Plane API v3.1.13

Release Notes

HAProxy Data Plane API v3.1.13 3220185

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:36:09Z

Changelog

• 0afd7d1 BUG/MINOR: fix GET default sections with full_section=true
• 8963552 BUG/MINOR: keep service discovery running despite errors
• 511356d BUG/MINOR: sd: enforcing context timeout when interacting with AWS endpoints
• ebccb6c BUILD/MEDIUM: client-native: upgrade to latest client-native
• 47b52a0 BUILD/MEDIUM: golang: upgrade go to 1.25 and linter to 2.8.0
• 820e55d TEST/MINOR: e2e: upgrade e2e tests to haproxy 3.1
• 3220185 TEST/MINOR: set_uid: fix the set_uid test

HAProxy Data Plane API v3.0.17

Release Notes

HAProxy Data Plane API v3.0.17 ba83347

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:36:01Z

Changelog

• 5424422 BUG/MINOR: fix GET default sections with full_section=true
• 72593e2 BUG/MINOR: keep service discovery running despite errors
• 1ce9aa1 BUG/MINOR: runtime: fix creating servers with HAProxy >= 3.0
• 2faf1bd BUG/MINOR: sd: enforcing context timeout when interacting with AWS endpoints
• dd8b4ed BUILD/MEDIUM: client-native: upgrade to latest client-native
• 245d087 BUILD/MEDIUM: golang: upgrade go to 1.25 and linter to 2.8.0
• cd3df02 TEST/MINOR: e2e: upgrade e2e tests to haproxy 3.0
• ce8566e TEST/MINOR: fix random fails on CI when removing a default section
• ba83347 TEST/MINOR: set_uid: fix the set_uid test
• 2131ca0 TEST/MINOR: try to fix bug_132 failures on CI

HAProxy Data Plane API v2.9.21

Release Notes

HAProxy Data Plane API v2.9.21 ea670de

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:35:58Z

Changelog

• ea670de BUILD/MINOR: go.mod: update Go indirect packages
• 7462429 BUILD/MINOR: go.mod: update Go packages
• 3b9d424 BUILD/MINOR: go.mod: update github.com/aws/aws-sdk-go-v2
• 2df22cb BUILD/MINOR: go.mod: update golang.org/x packages

HAProxy Data Plane API v3.2.7

Release Notes

HAProxy Data Plane API v3.2.7 3f1e3ef

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2025-12-02T14:18:17Z

Changelog

• 3f1e3ef BUILD/MINOR: github: upgrade go in github actions

HAProxy Data Plane API v3.1.12

Release Notes

HAProxy Data Plane API v3.1.12 5fe8b5e

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2025-12-02T14:18:22Z

Changelog

• 5fe8b5e BUILD/MINOR: github: upgrade go in github actions

HAProxy Data Plane API v3.0.16

Release Notes

HAProxy Data Plane API v3.0.16 1837513

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2025-12-02T14:13:18Z

Changelog

• 1837513 BUILD/MINOR: github: upgrade go in github actions

HAProxy Data Plane API v2.9.20

Release Notes

HAProxy Data Plane API v2.9.20 3f790d4

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2025-12-02T14:03:18Z

Changelog

• 3f790d4 BUILD/MINOR: github: upgrade go in github actions

HAProxy Data Plane API v3.2.6

Release Notes

HAProxy Data Plane API v3.2.6 87ad0bc

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2025-11-21T13:38:36Z

Changelog

• 87ad0bc BUILD/MINOR: go.mod: upgrade client-native