Last checked and updated on April 22, 2026What Is New in HAProxy 3.0
HAProxy 3.0 introduces a significant update focused on enhanced security, new features, and critical bug fixes. This release builds upon the solid foundation of the 2.8 LTS branch, bringing immediate value to production environments.
| Category | Key Changes |
|---|---|
| Security | SSL/TLS updates, fixes for potential HTTP smuggling vectors. |
| New Features | DNS service discovery improvements, new converters, enhanced Stick Tables. |
| Improvements | Better connection management, logging, and performance optimizations. |
| Bug Fixes | Numerous fixes for memory management, connection handling, and configuration parsing. |
| Deprecated | Older SSL/TLS ciphers and certain configuration keywords. |
What security updates are included?
The security enhancements in 3.0 are crucial for maintaining a robust defense. This release addresses several HTTP request smuggling vectors, closing potential loopholes that could be exploited.
SSL/TLS support has been updated to keep pace with modern cryptographic standards. This includes deprecating older, less secure ciphers to encourage stronger encryption by default.
How does service discovery get better?
DNS-based service discovery received substantial upgrades. The resolver now handles SRV records more intelligently, improving reliability when backend services are dynamically scaled or moved.
In practice, this means fewer dropped connections during infrastructure changes. Your load balancer can now adapt more quickly to changes in your backend environment.
What new features can developers use?
New converters and stick table features provide more power for crafting advanced routing rules. You can now manipulate data and make routing decisions with greater flexibility.
These features matter because they enable more sophisticated A/B testing, canary deployments, and traffic shaping logic directly within the HAProxy configuration.
What performance improvements were made?
Under-the-hood optimizations focus on connection management and memory usage. The changes result in lower latency and higher throughput, especially under heavy load.
Logging mechanisms were also refined to be more efficient, reducing the performance overhead when detailed logging is enabled.
FAQ
Is HAProxy 3.0 a long-term support (LTS) release?
No, HAProxy 3.0 is not an LTS release. It is based on the 2.8 LTS branch but incorporates newer features and fixes. For maximum stability, many will prefer the 2.8 LTS version.
What are the main HTTP smuggling fixes?
The fixes address specific parsing inconsistencies between HAProxy and other servers that could allow request smuggling. These patches ensure uniform interpretation of HTTP messages.
Does this release change default SSL/TLS behavior?
Yes, it continues the trend of disabling older, insecure protocols and ciphers by default. You should review your SSL configuration after upgrading to ensure compatibility.
Are there any breaking changes in the configuration?
Some deprecated keywords related to older SSL/TLS settings may now generate warnings or errors. It's a good idea to test your config with the new version before deploying.
How significant are the DNS resolver improvements?
They are substantial for dynamic environments. The resolver is now more resilient to network fluctuations and better at handling large numbers of SRV record updates.