Hi,
HAProxy 3.2.3 was released on 2025/07/09. It added 11 new commits
after version 3.2.2.
William prepared this version on Monday that he wanted to release earlier
in order to fix build a issue with OpenSSL 3.5 that affects 3.2.2, but he
and Fred noticed an occasional crash in the CI on OpenSSL-3.5+QUIC that
they preferred to investigate first. For now it looks like a heisenbug.
The problem is still under investigation, we don't know if it also affects
3.2, and considering that in any case it's not a regression from earlier
3.2 versions, it's better to emit 3.2.3 without it fixed anyway.
So this release is quite small:
- fixes a build failure when enabling USE_QUIC with OpenSSL 3.5, that
appeared in 3.2.2
- fixes a bug in the "pause" action parser that doesn't properly
increment the current argument after an expression, making it
impossible to use a condition (if/unless)
- properly sets the QUIC cipher suites when using OpenSSL 3.5
- fixes a small build issue affecting ocsp_update_init() (arguments
not matching between .c and .h)
- fixes a possible crash when enabling SSL traces when encountering
a just stolen idle connection.
- makes the Device Atlas addon more robust against libda that is not
installed in the regular paths, it now sets rpath when linking in
order to find it at run time.
- a few fixes and update to the CI tests (namely this OpenSSL update
that revealed the issue above).
I guess we'll soon know more about the aforementioned crash, and if it is
determined that it affects 3.2, we'll then issue another release, otherwise
we'll just mention that it's safe.
Those running on 3.2.2 (hence without OpenSSL 3.5) do not really need to
update. However those who were stuck to 3.2.1 due to the build issue should
upgrade to 3.2.3 because 3.2.2 did fix more problems that are important to
resolve (particularly the leastconn issue).
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Q&A from devs : https://github.com/orgs/haproxy/discussions
Sources : https://www.haproxy.org/download/3.2/src/
Git repository : https://git.haproxy.org/git/haproxy-3.2.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-3.2.git
Changelog : https://www.haproxy.org/download/3.2/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Christopher Faulet (1):
BUG/MINOR: http-act: Fix parsing of the expression argument for pause
action
David Carlier (1):
BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
Frederic Lecaille (3):
BUILD: quic: QUIC build against OpenSSL 3.5 broken
BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits
(OpenSSL 3.5 QUIC API)
Ilia Shipitsin (1):
CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0
William Lallemand (5):
CI: github: add an OpenSSL 3.5.0 job
CI: github: update the stable CI to ubuntu-24.04
CI: github: update to OpenSSL 3.5.1
BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle
connections
---
