Releases: haproxytech/dataplaneapi
Release list
HAProxy Data Plane API v3.4.0
HAProxy Data Plane API v3.4.0 Release Notes
Key changes in the HAProxy Data Plane API 3.4 release include:
The 3.4 release rewrites the API server from go-swagger to a chi router with
oapi-codegen generated handlers (OpenAPI 3) and adds full configuration support
for HAProxy 3.4. Endpoint paths, methods, parameters and success responses are
unchanged, but a small number of intentional client-visible behavior changes are
documented below and in UPGRADE.md.
Major Changes
API Server Migration: go-swagger → chi / oapi-codegen
- Replaced the go-swagger generated
DataPlaneAPIserver with a chi router and
oapi-codegen generated handlers (OpenAPI 3). - Migrated all handlers to oapi-codegen and moved the path specification out of
client-native into dataplaneapi, with new specification-generation tooling. - Removed the now-unused
operationsfolder and deprecated generation code. - Documented the client-visible behavior changes in
UPGRADE.md(see Breaking
Changes below).
Breaking Changes
- Error body
codemirrors the HTTP status. Validation failures that
previously carried go-swagger internal codes in the body (e.g.{"code": 606}
with HTTP 422) now return the HTTP status in the body ({"code": 422}). Clients
matching on the old 6xx body codes must switch to the HTTP status. - Raw configuration endpoints are text-only.
POST /services/haproxy/configuration/rawaccepts onlytext/plainbodies; the
previous (accidental) JSON-encoded-string body is no longer accepted, and error
responses are nowapplication/jsoninstead oftext/plain. - Unmatched paths require authentication. Basic auth is enforced in front of
the router, so an unauthenticated request to a non-existent path now returns
401instead of404. - SSL certificate DELETE can return
204.
DELETE /services/haproxy/storage/ssl_certificates/{name}without
skip_reload/force_reloadnow removes via the runtime API and returns204
on success, falling back to202with aReload-IDheader. Treat both as
success. - Request bodies are capped at 1 GiB by default. Bodies exceeding the limit
are rejected with413. Configurable via--max-body-size(max_body_size);
0disables it. - Replacing
acme,log_profiles,crt_stores,mailers_sectionand
http_errors_sectionsnow triggers a reload. ThesePUTendpoints previously
wrote the change without scheduling a reload; they now follow the standard
pattern (202withReload-ID, or200withforce_reload=true). - Removed deprecated process-manager (
program) endpoints, following the
removal of theprogramsection from HAProxy. - Removed unused cluster endpoints.
- Removed deprecated
--log-*/--syslog-*CLI options and the persisted
logstorage section, superseded by thelog_targetsconfiguration. When no
log targets are configured, the API defaults to astdouttarget.
See UPGRADE.md for the complete list of behavior changes and the chi router
compatibility shims (JSON error bodies, Allow header on 405, trailing-slash
handling, Reload-ID header spelling).
New Features
Health Check Section
- Added full CRUD support for the HAProxy
healthchecksection, including
handlers and oapi-codegen specification (dataplaneapi) and configuration,
parser and specification support (client-native).
Force Backend Switching
- Added support for the
force-be-switchfrontend rule, with a registered
handler (dataplaneapi) and parser/configuration support (client-native).
HAProxy 3.4 Configuration Support (client-native)
- Added HAProxy 3.4 proxy options, global process options and global tune
options. - Added
headers-binHTTP rule actions. - Added
filter-sequenceandcomp-req/comp-resfilters. - Extended
set-timeout,do-logandfilter tracefor HAProxy 3.4. - Added the
quic-cc-algoserver directive. - Added the
shardsandtcp-ssbind options. - Added the
fd-hard-limitglobal option. - Added 4 new tunable keywords for HAProxy 3.4.
- Allowed HAProxy variables in object name fields.
- Removed the deprecated
req_ssl_sni, replaced byreq.ssl_sni.
ACME
- Added support for the
dns-persist-01ACME challenge (client-native). - Added the
profileACME keyword (client-native). - Added new ACME keywords for HAProxy 3.4 (client-native).
- Allowed setting the DNS TTL via
acme-vars(dataplaneapi).
Runtime
- Added all supported server parameters to the runtime server handler
(dataplaneapi). - Added all fields for the runtime server, added server
weightand made the
address editable (client-native). - Improved HAProxy runtime version checks and allowed
ExecuteRawto run
multiple commands at once (client-native).
Server and Request Handling
- Added a configurable request body size limit via
--max-body-size
(default 1 GiB). - Stream multipart uploads instead of buffering them in memory.
- Exposed the client-native
validate_files_beforeoption.
Bug Fixes
Data Plane API
- Trigger a reload when replacing an
http-errorssection. - Fixed data races, a goroutine leak and reconnect logic in the events listener.
- Fixed a nil-dereference panic in the events listener
Stop(). - ACME: fixed saving certificates into a
crt-store. - ACME: increased the default TTL to 1 minute.
- Fixed ACME dns-01 propagation checks.
- Return the correct error code when adding duplicates into a map file.
- Ignore empty runtime API commands.
Configuration and Serialization (client-native)
- Fixed crashes and non-idempotent serialization.
- Order the
fcgi-appsection before proxies. - Set the
log-profilemetadata comment on the right section. - Preserve quoting of
log-profilestep sd/format. - Fixed serialization of the ACME
provider-name. - Added
"to name regexes to support variable names. - Dropped the RSA-only bits minimum for ACME.
- Fixed read-only fields for the SSL certificate resource.
- Generate the specification with the proper template.
- Fixed a typo in specification description fields.
- Fixed
force-be-switchrule parsing and parts condition. crt_store: fixed the section to match the v3 URL structure.userlists: fixed ordering of users in serialization.dgram-bind: fixed IPv6 address parsing and serialization.server: don't set the port to0when it is not set.- Fixed a typo and a boolean type in the runtime server.
raw: use the custom validation command on validate-only.
Runtime (client-native)
- Ensure heredoc payloads have a blank-line terminator.
- Fixed a data race on
lastErrorcausing a nil-pointer panic. - Fixed an
EventListenerClose()deadlock and channel panic. - Reject special characters in filenames.
- Get the real storage name of certificates.
Other Changes
Build and Dependencies
- Upgraded Go to 1.26.
- Upgraded golangci-lint and fixed the resulting linting errors.
- Upgraded the client-native library to v6.4.0.
- Updated AWS SDK,
golang.org/x, go-openapi and gRPC packages. - Added specification-generation support and updated codegen dependencies.
- client-native: upgraded
go-method-gento v0.1.4 and handled interface types
in the struct-equal generator.
Testing
- Migrated e2e fixtures to
log_targets. - Added e2e and unit tests for the healthcheck section, the auth middleware and
the respond helpers. - Fixed stale endpoint paths and assertions; raw endpoints no longer send JSON;
moved crt-list tests to the proper URL. - Fixed a flaky SSL storage test and a syntax error in the e2e groups test.
CI/CD
- Require
pipelines-checkfor all jobs and added JUnit reporting. - Added
check-dependenciesandcheck-committerjobs. - Use the latest-alpine golang image; removed the
check-large-filesjob;
bumped the commit-check version.
Documentation
- Documented the client-visible changes from the go-swagger migration in
UPGRADE.md. - Removed the deprecated
logsection from theexample-fullconfiguration.
HAProxy Compatibility
This release supports HAProxy 3.4 and later versions.
Contributors
| Contributor | Area |
|---|---|
| Marko Juraga | FEATURE | BUG | BUILD | CLEANUP | DOC | TEST |
| Olivier Duclos | FEATURE | BUG | BUILD | TEST |
| Robert Maticevic | FEATURE | BUG | BUILD | CLEANUP | DOC | REORG | TEST |
| ahusic | FEATURE | BUILD | TEST |
| Zlatko Bratkovic | FEATURE | BUILD |
| Ivan Matmati | FEATURE | BUILD |
| Andjelko Iharos | BUG |
| AdamJCrawford | FEATURE |
| Dario Tranchitella | BUG |
| Helene Durand | FEATURE |
| Pierre-Alain SIMON | FEATURE |
| Dinko Korunic | BUG |
HAProxy Data Plane API v3.3.5
Release Notes
HAProxy Data Plane API v3.3.5 8467a25
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-22T09:30:45Z
Changelog
HAProxy Data Plane API v3.2.13
Release Notes
HAProxy Data Plane API v3.2.13 8fbfd30
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-22T09:35:50Z
Changelog
HAProxy Data Plane API v3.0.21
Release Notes
HAProxy Data Plane API v3.0.21 ec9a271
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-22T09:35:50Z
Changelog
HAProxy Data Plane API v2.9.25
Release Notes
HAProxy Data Plane API v2.9.25 19906c9
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-22T09:35:47Z
Changelog
HAProxy Data Plane API v3.3.4
Release Notes
HAProxy Data Plane API v3.3.4 8fd880f
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-08T13:49:10Z
Changelog
- 1e5df90 BUG/MEDIUM: Fix ACME dns-01 propagation checks
- 79651ef BUG/MINOR: acme: increase the default TTL to 1 minute
- 3700b7c BUILD/MINOR: Fix formatting issues
- 8fd880f BUILD/MINOR: aspell: add grpc to allowed words [v3.3]
- 7154465 BUILD/MINOR: go.mod: bump google.golang.org/grpc to v1.79.3 [v3.3]
- 6b0f1a7 BUILD/MINOR: go.mod: upgrade client-native [v3.3]
- bcbe59d MINOR: acme: allow to set the DNS TTL via acme-vars
- 9632bc3 TEST/MINOR: Fix flaky SSL storage test
- d40e092 TEST/MINOR: Fix syntax error in e2e groups test
HAProxy Data Plane API v3.2.12
Release Notes
HAProxy Data Plane API v3.2.12 2abf623
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-08T13:48:40Z
Changelog
- 3d67212 BUG/MEDIUM: Fix ACME dns-01 propagation checks
- b38192e BUG/MINOR: acme: increase the default TTL to 1 minute
- ba87d8b BUILD/MINOR: Fix formatting issues
- 2abf623 BUILD/MINOR: aspell: add grpc to allowed words [v3.2]
- 470a66b BUILD/MINOR: go.mod: bump google.golang.org/grpc to v1.79.3 [v3.2]
- 576eb4d BUILD/MINOR: go.mod: upgrade client-native [v3.2]
- 46de530 MINOR: acme: allow to set the DNS TTL via acme-vars
HAProxy Data Plane API v3.0.20
Release Notes
HAProxy Data Plane API v3.0.20 5dd2678
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-08T13:48:11Z
Changelog
HAProxy Data Plane API v2.9.24
Release Notes
HAProxy Data Plane API v2.9.24 a61d878
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-05-08T13:47:31Z
Changelog
HAProxy Data Plane API v3.3.3
Release Notes
HAProxy Data Plane API v3.3.3 a7ea355
Build from: git@github.com:haproxytech/dataplaneapi.git
Build date: 2026-04-03T09:49:37Z