HAProxy Data Plane API v3.1.14

Release Notes

HAProxy Data Plane API v3.1.14 731f626

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-03-08T18:53:05Z

Changelog

• ba497ad BUG/MAJOR: runtime_server: fix adding all the server options for server
• 41bfdde BUG/MINOR: ignore empty runtime API commands
• 5481ef4 BUILD/MAJOR: go.mod: upgrade client-native and generate
• 6678898 BUILD/MEDIUM: go: upgrade go to 1.26
• 832e388 BUILD/MINOR: ci: increase version of commit check
• 550755b CLEANUP/MEDIUM: lint: upgrade linter and fix linting errors
• a364a31 TEST/MINOR: program: add deprecated directive to haproxy.cfg
• 731f626 TEST/MINOR: ssl: add sleep when changing a certificate in storage

HAProxy Data Plane API v3.0.18

Release Notes

HAProxy Data Plane API v3.0.18 7f9fe82

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-03-08T18:53:07Z

Changelog

• b4a728a BUG/MAJOR: runtime_server: fix adding all the server options for server
• 7b91890 BUG/MEDIUM: Expose new client-native option validate_files_before
• 3c48e21 BUG/MINOR: ignore empty runtime API commands
• 3c58a61 BUILD/MAJOR: go.mod: upgrade client-native and generate
• 054014a BUILD/MEDIUM: go: upgrade go to 1.26
• e5d3b83 BUILD/MINOR: ci: increase version of commit check
• 3fd4da0 CLEANUP/MEDIUM: lint: upgrade linter and fix linting errors
• 7f9fe82 TEST/MINOR: ssl: add sleep when changing a certificate in storage

HAProxy Data Plane API v2.9.22

Release Notes

HAProxy Data Plane API v2.9.22 f86c146

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-03-08T18:53:03Z

Changelog

• 0034bf5 BUG/MINOR: ignore empty runtime API commands
• b0a28e9 BUILD/MAJOR: go.mod: upgrade client-native and generate
• 9189525 BUILD/MEDIUM: go: upgrade go to 1.26
• b53c168 BUILD/MINOR: ci: increase version of commit check
• 2d80439 CLEANUP/MEDIUM: lint: upgrade linter and fix linting errors
• dc18fbc TEST/MINOR: ci: remove unsupported versions from e2e tests
• f86c146 TEST/MINOR: ssl: add sleep when changing a certificate in storage

HAProxy Data Plane API v3.3.1

Release Notes

HAProxy Data Plane API v3.3.1 b357f52

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-03-07T18:23:51Z

Breaking Change

crt_load endpoints moved under crt_store

The crt_load API endpoints have been restructured to be nested under their parent crt_store resource. This better reflects the HAProxy configuration hierarchy where crt-load directives exist within a crt-store section. They have mistakenly been introduced in a flat URL before.

Before:
GET /services/haproxy/configuration/crt_loads
POST /services/haproxy/configuration/crt_loads
GET /services/haproxy/configuration/crt_loads/{certificate}
PUT /services/haproxy/configuration/crt_loads/{certificate}
DELETE /services/haproxy/configuration/crt_loads/{certificate}

After:
GET /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads
POST /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads
GET /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads/{certificate}
PUT /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads/{certificate}
DELETE /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads/{certificate}

All crt_load operations now require the {crt_store} path parameter to identify the parent crt-store section. Clients using the previous flat URL structure must update their API calls to include the crt_store name in the path.

Changelog

• ce605fc BUG/MEDIUM: Expose new client-native option validate_files_before
• b097f02 BUG/MINOR: Return the correct error code when adding duplicates into a map file
• bcb9fe9 BUG/MINOR: ignore empty runtime API commands
• 6ad7466 BUILD/MAJOR: go.mod: upgrade client-native and generate
• 07c70ce BUILD/MEDIUM: go: upgrade go to 1.26
• dae86fe BUILD/MINOR: ci: increase version of commit check
• b357f52 CLEANUP/MEDIUM: lint: upgrade linter and fix linting errors
• 5026362 MEDIUM: runtime: add all supported server parameters
• 2c4156a TEST/MEDIUM: crt_list: move crt list tests to proper url

HAProxy Data Plane API v3.2.9

Release Notes

HAProxy Data Plane API v3.2.9 e9891a2

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-03-07T18:28:49Z

Breaking Change

crt_load endpoints moved under crt_store

The crt_load API endpoints have been restructured to be nested under their parent crt_store resource. This better reflects the HAProxy configuration hierarchy where crt-load directives exist within a crt-store section. They have mistakenly been introduced in a flat URL before.

Before:
GET /services/haproxy/configuration/crt_loads
POST /services/haproxy/configuration/crt_loads
GET /services/haproxy/configuration/crt_loads/{certificate}
PUT /services/haproxy/configuration/crt_loads/{certificate}
DELETE /services/haproxy/configuration/crt_loads/{certificate}

After:
GET /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads
POST /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads
GET /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads/{certificate}
PUT /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads/{certificate}
DELETE /services/haproxy/configuration/crt_stores/{crt_store}/crt_loads/{certificate}

All crt_load operations now require the {crt_store} path parameter to identify the parent crt-store section. Clients using the previous flat URL structure must update their API calls to include the crt_store name in the path.

Changelog

• 3927ccd BUG/MEDIUM: Expose new client-native option validate_files_before
• 817b8ef BUG/MINOR: Return the correct error code when adding duplicates into a map file
• a2e00e6 BUG/MINOR: ignore empty runtime API commands
• 527657b BUILD/MAJOR: go.mod: upgrade client-native and generate
• c6ac03b BUILD/MEDIUM: go: upgrade go to 1.26
• 7f21f8d BUILD/MINOR: ci: increase version of commit check
• e9891a2 CLEANUP/MEDIUM: lint: upgrade linter and fix linting errors
• f9a2ed4 TEST/MEDIUM: crt_list: move crt list tests to proper url

HAProxy Data Plane API v3.3.0

Release Notes

Key changes in the HAProxy Data Plane API 3.3 release include:

New Features

ACME DNS-01 Challenge Support

Added comprehensive support for ACME DNS-01 challenges, enabling automated certificate management via DNS validation:

• Added ACME DNS-01 challenge support using libdns to resolve challenges for HAProxy. To use it, configure HAProxy's acme section to use dns-01 challenge with the appropriate acme-provider and acme-vars.
• Implemented DNS propagation checks for ACME with configurable timeout via DPAPI_ACME_PROPAGTIMEOUT_SEC and DPAPI_ACME_PROPAGDELAY_SEC environment variables. Setting DPAPI_ACME_PROPAGTIMEOUT_SEC to -1 disables propagation checks.
• Added support for listening to HAProxy events on the master socket, currently handling the "newcert" event to save newly generated certificates to disk.
• Added runtime handlers for ACME status and renew operations.
• Enabled Route53 DNS provider for ACME challenges.
• Enabled deSEC DNS provider for ACME challenges.
• Added support for the acme-provider and acme-vars keywords for DNS-01 challenge configuration.
• Added support for the reuse-key ACME keyword.

Configuration Enhancements

• Added ssl-passphrase-cmd parameter to the global section.
• Added abortonclose parameter to frontend section.
• Added cc (congestion control) parameter to server and bind configurations.
• Added experimental ktls parameter to server and bind for kernel TLS offloading.
• Added no-ktls option to global section.
• Added experimental shm-stats-file and shm-stats-file-max-objects options to global section.
• Added sni-auto / no-sni-auto parameters to server configuration.
• Added check-sni-auto / no-check-sni-auto parameters to server configuration.
• Added tcp-md5sig parameter to both server and bind configurations.
• Added renegotiate keyword support for servers.
• Added label bind parameter support.
• Specification now populates defaults from the OpenAPI spec.

SSL/TLS Improvements

• Added support for parsing multiple certificate options in bind configurations, now parsed and serialized as SslCertificate field delimited by :.
• Added runtime support for dumping SSL certificates.
• Fixed IP address certificate acceptance.
• Enhanced leaf certificate selection to include DNS names, fixing cases where names are too long and have no CN but only SAN.
• Fixed self-signed certificates parsing in storage API.

Parser and Serialization Improvements

• Added parser option allowing exclusion of sections with a given name during serialization.
• Sections are now always sorted by name even if dependency or circular checks fail.
• Switched to go-method-gen for methods generation with automatic unit tests generation.
• ACL now uses the same type in config parser as in the rest of the module.
• Config parser now allows using models for types.

Bug Fixes

Data Plane API

• Fixed GET default sections endpoint ignoring the full_section=true parameter.
• Fixed service discovery to keep running despite errors instead of stopping.
• Fixed AWS service discovery to enforce context timeout when interacting with AWS endpoints.

Configuration and Serialization (client-native)

• Fixed missing set-var-fmt in http_after_response_rule.
• Fixed duplicate name entry of binds.
• Fixed all names marked as required to fit in map structured data.
• Fixed default time suffix for stats refresh delay (was milliseconds, should be seconds).
• Fixed serialization of FCGI option mpxs-conns.
• Fixed duplication of xxx / no-xxx options on serialization.
• Fixed server templates ordering by name when serialized.
• Fixed serialization of UseFCGIApp which was failing with "invalid data".
• Fixed missing int and expression in http-after-response sc-add-gpc.
• Fixed http-response sc-add-gpc and sc-inc-gpc serialization issues.
• Fixed http-request sc-add-gpc and sc-inc-gpc serialization.
• Fixed tcp-request content set-bandwidth-limit to avoid serializing limit and period if not set.
• Fixed filter bwlim-in and bwlim-out min-serialize.
• Fixed tls-tickets serialization in bind params.
• Fixed server fall and rise options parsing (are counters, not time values).
• Fixed serialization of log-steps.
• Fixed servers in backends ordering by name when serialized.
• Fixed missing ID in Frontend serialization.
• Fixed default-bind to report error when parsing failed.
• Fixed ACME vars ordering when serializing.
• Fixed metadata where it was missing.

Runtime

• Added missing fields to stick table output: http_fail_cnt, http_fail_rate, gpt, gpc, and gpc_rate.
• Fixed missing reload socket command termination.
• Fixed redispatch to allow interval of 0.

Other Changes

Build and Dependencies

• Upgraded Go to 1.25.
• Upgraded golangci-lint to 2.8.0.
• Upgraded go-swagger to v0.32.3.
• Upgraded client-native library to latest version.
• Updated AWS SDK packages to latest versions.
• Updated golang.org/x packages.
• Fixed CVE-2025-47911.
• Swagger now honors default values for fields set in the specification.

Testing

• Updated E2E tests for HAProxy 3.3 and 3.4 compatibility.
• Added ACME test infrastructure and HTTP-01 testing.
• Fixed tests for HAProxy 3.3 (backends and frontends cannot share the same name; program section removed).
• Allowed passing multiple test names in $TESTNAME for faster test validation.
• Fixed the set_uid E2E test to work on both Alpine and Debian.
• Added automatic unit tests generation for client-native.
• Fixed gentype issue that prevented running tests for sections with dashes.
• Re-enabled gocritic linter which was mistakenly disabled.

CI/CD

• Added CI question for backport need on merge requests.
• Cancel duplicate pipelines on forked projects.
• Updated GitHub Actions tooling and Go versions.

HAProxy Compatibility

This release supports HAProxy 3.3 and later versions.

Contributors

We would like to thank all the contributors who made this release possible:

Contributor	Area
Olivier Duclos	FEATURE | BUG | TEST | REORG
Marko Juraga	BUILD | BUG | CLEANUP | FEATURE | TEST
Vincent Gramer	FEATURE | BUG | BUILD
Helene Durand	BUG | FEATURE | TEST
Zlatko Bratkovic	BUILD | BUG | CLEANUP
Dario Tranchitella	BUG
Ivan Matmati	FEATURE | CLEANUP
Pierre-Alain SIMON	BUILD
Philipp Kolberg	BUG
JM	BUG
AdamJCrawford	BUILD

Thank you to everyone who contributed code, reported issues, and provided feedback for this release!

HAProxy Data Plane API v3.2.8

Release Notes

HAProxy Data Plane API v3.2.8 9a2438b

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:36:17Z

Changelog

• 7ba2269 BUG/MINOR: fix GET default sections with full_section=true
• cdc5102 BUG/MINOR: keep service discovery running despite errors
• 2da0bbf BUG/MINOR: sd: enforcing context timeout when interacting with AWS endpoints
• 4f4aa36 BUILD/MEDIUM: client-native: upgrade to latest client-native
• cd5b78a BUILD/MEDIUM: golang: upgrade go to 1.25 and linter to 2.8.0
• 481e75f TEST/MINOR: e2e: upgrade e2e tests to haproxy 3.2
• 9a2438b TEST/MINOR: set_uid: fix the set_uid test

HAProxy Data Plane API v3.1.13

Release Notes

HAProxy Data Plane API v3.1.13 3220185

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:36:09Z

Changelog

• 0afd7d1 BUG/MINOR: fix GET default sections with full_section=true
• 8963552 BUG/MINOR: keep service discovery running despite errors
• 511356d BUG/MINOR: sd: enforcing context timeout when interacting with AWS endpoints
• ebccb6c BUILD/MEDIUM: client-native: upgrade to latest client-native
• 47b52a0 BUILD/MEDIUM: golang: upgrade go to 1.25 and linter to 2.8.0
• 820e55d TEST/MINOR: e2e: upgrade e2e tests to haproxy 3.1
• 3220185 TEST/MINOR: set_uid: fix the set_uid test

HAProxy Data Plane API v3.0.17

Release Notes

HAProxy Data Plane API v3.0.17 ba83347

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:36:01Z

Changelog

• 5424422 BUG/MINOR: fix GET default sections with full_section=true
• 72593e2 BUG/MINOR: keep service discovery running despite errors
• 1ce9aa1 BUG/MINOR: runtime: fix creating servers with HAProxy >= 3.0
• 2faf1bd BUG/MINOR: sd: enforcing context timeout when interacting with AWS endpoints
• dd8b4ed BUILD/MEDIUM: client-native: upgrade to latest client-native
• 245d087 BUILD/MEDIUM: golang: upgrade go to 1.25 and linter to 2.8.0
• cd3df02 TEST/MINOR: e2e: upgrade e2e tests to haproxy 3.0
• ce8566e TEST/MINOR: fix random fails on CI when removing a default section
• ba83347 TEST/MINOR: set_uid: fix the set_uid test
• 2131ca0 TEST/MINOR: try to fix bug_132 failures on CI

HAProxy Data Plane API v2.9.21

Release Notes

HAProxy Data Plane API v2.9.21 ea670de

Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-01-29T16:35:58Z

Changelog

• ea670de BUILD/MINOR: go.mod: update Go indirect packages
• 7462429 BUILD/MINOR: go.mod: update Go packages
• 3b9d424 BUILD/MINOR: go.mod: update github.com/aws/aws-sdk-go-v2
• 2df22cb BUILD/MINOR: go.mod: update golang.org/x packages