HAProxy 2.5: What's New, Release History & EOL Status

2.5.14

Latest release in branch 2.5
Released 2 years ago (May 02, 2023)

Software	HAProxy
Branch	2.5
Status	End of life
End of life	May 02, 2023
First official release version	2.5.0
First official release date	4 years ago (November 23, 2021)
Release notes	https://www.haproxy.org/download/2.5/src/CHANGELOG
Source code	http://git.haproxy.org/?p=haproxy-2.5.git;a=tree;h=refs/tags/v2.5.14
Download	https://www.haproxy.org/download/2.5/
HAProxy 2.5 Releases	View full list

What Is New in HAProxy 2.5

Category	Key Highlights
New Features	DNS Service Discovery, Log Forwarding, Stick Tables over Peers, Prometheus Exporter
Improvements	HTTP Connection Management, SSL/TLS Enhancements, Cache Performance
Bug Fixes	Numerous fixes across core components, HTTP processing, and SSL/TLS layers
Deprecated	Legacy keywords and configurations marked for future removal

How does HAProxy 2.5 improve dynamic service discovery?

HAProxy 2.5 introduces a native DNS Service Discovery (DNS SRV) implementation. This allows servers to be resolved and their port numbers discovered directly via DNS SRV records, eliminating the need for external tools or scripts to manage backend server lists.

In practice, you can now define a backend with a resolvable DNS name. HAProxy will automatically resolve the SRV records and update the server list in runtime, making it ideal for containerized environments where IP addresses change frequently.

What new logging capabilities were added?

A new Log Forwarding feature provides a centralized way to manage log streams. You can define a log forward section that multiple backends and frontends can reference, simplifying configuration and allowing for more flexible log routing.

This matters because it decouples the logging destination from the proxy configuration. You can now send logs to multiple targets or change log endpoints without touching every single frontend and backend definition.

Are there enhancements for stateful load balancing?

Yes, stick-table data can now be synchronized over peers using a new peers section. This enables state sharing, like session persistence data, across multiple HAProxy instances for high-availability setups.

This is a big deal for active-active clusters. Previously, sharing stick-table data required complex external setups. Now it's built-in, making distributed stateful load balancing much simpler to configure and manage.

What about observability and metrics?

The built-in Prometheus exporter received significant upgrades. It now exposes a wider variety of metrics, including detailed HTTP and health check statistics, giving you deeper insight into traffic patterns and backend health.

You can scrape these metrics directly from the stats endpoint. This native integration simplifies your monitoring stack by reducing the need for additional exporters or agents to collect HAProxy metrics.

Were there any core protocol updates?

HTTP connection handling was optimized for better performance and resource usage. The implementation is more efficient at managing keep-alive connections and recycling resources, which helps under heavy concurrent loads.

SSL/TLS also saw improvements, including better support for modern cipher suites and more flexible certificate management. These updates help maintain security and performance for encrypted traffic.

FAQ

Does the new DNS SRV discovery work with Kubernetes services?
Yes, it integrates directly. If your Kubernetes headless service is configured with SRV records, HAProxy 2.5 can automatically discover all pods and their ports, making it a powerful alternative to the Ingress Controller for custom setups.

Can I use the Prometheus exporter without the legacy stats page?
Absolutely. The Prometheus endpoint is a first-class citizen now. You can expose it on a separate port and authenticate access independently from the traditional HTML stats page, which is cleaner for machine consumption.

Is the stick-table peers protocol secure?
The peers protocol uses a simple password-based authentication. For secure environments, you should run the peer traffic over a dedicated, private network as the protocol itself does not include encryption, only authentication.

What happens to my existing 'log global' configuration?
It continues to work unchanged. The new log forwarding is an additive feature. You can gradually migrate your configs to use the forwarders or stick with the classic approach--there's no breaking change.

Were any older features removed in this release?
Nothing was outright removed, but several older, less secure SSL keywords and deprecated configuration options were formally announced for future removal. Check the changelog for the specific list to plan your updates.

Releases In Branch 2.5

Version	Release date
2.5.14	2 years ago (May 02, 2023)
2.5.13	3 years ago (March 17, 2023)
2.5.12	3 years ago (February 14, 2023)
2.5.11	3 years ago (January 24, 2023)
2.5.10	3 years ago (December 05, 2022)
2.5.9	3 years ago (September 23, 2022)
2.5.8	3 years ago (July 25, 2022)
2.5.7	3 years ago (May 13, 2022)
2.5.6	3 years ago (April 26, 2022)
2.5.5	4 years ago (March 14, 2022)
2.5.4	4 years ago (February 25, 2022)
2.5.3	4 years ago (February 18, 2022)
2.5.2	4 years ago (February 16, 2022)
2.5.1	4 years ago (January 11, 2022)
2.5.0	4 years ago (November 23, 2021)
2.5-dev15	4 years ago (November 19, 2021)
2.5-dev14	4 years ago (November 14, 2021)
2.5-dev13	4 years ago (November 06, 2021)
2.5-dev12	4 years ago (November 02, 2021)
2.5-dev11	4 years ago (October 22, 2021)
2.5-dev10	4 years ago (October 16, 2021)
2.5-dev9	4 years ago (October 08, 2021)
2.5-dev8	4 years ago (September 24, 2021)
2.5-dev7	4 years ago (September 12, 2021)
2.5-dev6	4 years ago (September 03, 2021)
2.5-dev5	4 years ago (August 28, 2021)
2.5-dev4	4 years ago (August 17, 2021)
2.5-dev3	4 years ago (August 01, 2021)
2.5-dev2	4 years ago (July 17, 2021)
2.5-dev1	4 years ago (June 30, 2021)
2.5-dev0	4 years ago (May 14, 2021)