Skip to content

Releases: cloudfoundry/haproxy-boshrelease

v16.1.0+3.2.9

01 Dec 05:20
@CFN-CI CFN-CI
v16.1.0+3.2.9
0acb59d

Choose a tag to compare

View all tags
v16.1.0+3.2.9 Latest
Latest

haproxy-boshrelease 16.1.0+3.2.9

ℹ️ Release notes are duplicated from v16.0.0+3.2.8 as "haproxy-16.0.0+3.2.8-patched.tgz" was not usable and "haproxy-16.1.0+3.2.9-patched.tgz" should be used if the patch is needed. "haproxy-16.0.0+3.2.8.tgz" from the last release can be consumed as well.

Breaking Changes

Breaking changes of haproxy 3.0:

  • Stricter parsing of non-standard URIs
  • Detecting accidental multiple commands sent to the Runtime API
  • Rejecting the enabled keyword for dynamic servers:

Fixes

  • Fixes the asset "haproxy-xx-patched.tgz" by updating the websocket patch to 3.2.x

New Features

  • Requests that are too big (headers or request URL) are now appropriately handled with 414 and 431 status codes, instead of a 400 (Bad Request)

Upgrades

  • HAProxy was bumped to 3.2.9 and will be maintained on the 3.2.x line of releases.

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 3.2.9
keepalived 2.3.4
Lua 5.4.8
PCRE 10.47
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "16.1.0+3.2.9"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v16.1.0+3.2.9/haproxy-16.1.0+3.2.9.tgz"
  sha1: "91d57dcd744fc5cfef0494a8a74072f56e5ee892"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:df372c94f694798a6a20bd6f0e6d560b20f96aef46d613c07213e38c9436f39c"

Deployment (patched)

releases:
- name: "haproxy"
  version: "16.1.0+3.2.9-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v16.1.0+3.2.9/haproxy-16.1.0+3.2.9-patched.tgz"
  sha1: "de88561998b14e21630d8e636da6331e8a556722"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:fc5ed39c9768db689b993dcb7b704953591c3db615f04282727b8e88c1142878"

What's Changed

  • chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 in /acceptance-tests by @dependabot[bot] in #846
  • fix: adjust websocket patch to 3.2 code base by @peanball in #848
  • Bump haproxy version to 3.2.9 by @CFN-CI in #847

Full Changelog: v16.0.0+3.2.8...v16.1.0+3.2.9

Contributors

peanball, dependabot, and CFN-CI
Assets 4
Loading

v16.0.0+3.2.8

19 Nov 13:41
@CFN-CI CFN-CI
v16.0.0+3.2.8
c3844c2

Choose a tag to compare

View all tags
v16.0.0+3.2.8 Pre-release
Pre-release

haproxy-boshrelease 16.0.0+3.2.8

ℹ️ The patch release "haproxy-16.0.0+3.2.8-patched.tgz" cannot be deployed, use the asset from https://github.com/cloudfoundry/haproxy-boshrelease/releases/tag/v16.1.0%2B3.2.9 instead. "haproxy-16.0.0+3.2.8.tgz" was verified and can be used.

Breaking Changes

Breaking changes of haproxy 3.0:

  • Stricter parsing of non-standard URIs
  • Detecting accidental multiple commands sent to the Runtime API
  • Rejecting the enabled keyword for dynamic servers:

Fixes

New Features

  • Requests that are too big (headers or request URL) are now appropriately handled with 414 and 431 status codes, instead of a 400 (Bad Request)

Upgrades

  • HAProxy was bumped to 3.2.8 and will be maintained on the 3.2.x line of releases.

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 3.2.8
keepalived 2.3.4
Lua 5.4.8
PCRE 10.47
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "16.0.0+3.2.8"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v16.0.0+3.2.8/haproxy-16.0.0+3.2.8.tgz"
  sha1: "a313c9e6c85dae58a1e0f585f0646c667f6f780e"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:6818e9c1630c7391bb21a305f0cde0a60769a9a4d653118304b4cddb6ba78b39"

Deployment (patched)

releases:
- name: "haproxy"
  version: "16.0.0+3.2.8-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v16.0.0+3.2.8/haproxy-16.0.0+3.2.8-patched.tgz"
  sha1: "82973021ee13960fd5c1859e29a6b6f7f61bf4ab"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:f4ffb08036e20c90394962bd75c7cd18f8440396e72ad31ecdb9e4908a3c5081"

What's Changed

  • ci autobumper: allow Haproxy 3.2 by @Dariquest in #838
  • ci autobumper: Fix change log in the PR body in case of a major version jump by @Dariquest in #839
  • Bump pcre2 version to 10.47 by @CFN-CI in #835
  • Bump to version 3.2.8 with acceptance tests fix (431 response when HTTP request is too large) by @Dariquest in #844

Full Changelog: v15.3.0+2.8.16...v16.0.0+3.2.8

Contributors

Dariquest and CFN-CI
Loading

v15.3.0+2.8.16

06 Oct 08:01
@CFN-CI CFN-CI
v15.3.0+2.8.16
21cbacd

Choose a tag to compare

View all tags
v15.3.0+2.8.16

haproxy-boshrelease 15.3.0+2.8.16

Upgrades

  • HAProxy has been upgraded from v2.8.15 to v2.8.16: with the fix for CVE-2025-11230.

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.16
keepalived 2.3.4
Lua 5.4.8
PCRE 10.46
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "15.3.0+2.8.16"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.3.0+2.8.16/haproxy-15.3.0+2.8.16.tgz"
  sha1: "e4401238caf42a6a121da22a6457c6649fcc5943"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:3a721ddb75c34ce788b33fb21224af5ce99258a1792b125c4dee33fd1a2ce7e5"

Deployment (patched)

releases:
- name: "haproxy"
  version: "15.3.0+2.8.16-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.3.0+2.8.16/haproxy-15.3.0+2.8.16-patched.tgz"
  sha1: "68d5eb1ef01cac01140cea201614bba400f324b6"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:550b35764902fabf26a5f451326bd8e6c68ef45d9aa432d34cdcb0af9b33fd88"
Loading

v15.2.2+2.8.15

08 Sep 05:08
@CFN-CI CFN-CI
v15.2.2+2.8.15
0d5e5ee

Choose a tag to compare

View all tags
v15.2.2+2.8.15

haproxy-boshrelease 15.2.2+2.8.15

Fixes

New Features

Upgrades

  • pcre2 has been upgraded from v10.45 to v10.46

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.15
keepalived 2.3.4
Lua 5.4.8
PCRE 10.46
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "15.2.2+2.8.15"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.2.2+2.8.15/haproxy-15.2.2+2.8.15.tgz"
  sha1: "42161fe9e470ebd16d649ded2450cc7246d6084a"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:704d042cb23133115a0ee4f21c01e9d5a19db0983aba5b53437efe8159d42f4a"

Deployment (patched)

releases:
- name: "haproxy"
  version: "15.2.2+2.8.15-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.2.2+2.8.15/haproxy-15.2.2+2.8.15-patched.tgz"
  sha1: "36b2614ce604bd605c76285d73b2cc8285c565c9"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:81c6d0c57b59079092f6c1a9a8b08cc2ccfcd25c04f3444435770d265bd79019"

What's Changed

  • chore(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.1 in /acceptance-tests by @dependabot[bot] in #817
  • chore(deps): bump beautifulsoup4 from 4.13.4 to 4.13.5 in /ci/scripts by @dependabot[bot] in #818
  • chore(deps): bump github.com/onsi/gomega from 1.38.1 to 1.38.2 in /acceptance-tests by @dependabot[bot] in #819
  • Bump pcre2 version to 10.46 by @CFN-CI in #820
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.2 in /acceptance-tests by @dependabot[bot] in #821
  • chore(deps): bump pygithub from 2.7.0 to 2.8.0 in /ci/scripts by @dependabot[bot] in #822
  • chore(deps): bump pygithub from 2.8.0 to 2.8.1 in /ci/scripts by @dependabot[bot] in #823
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.2 to 2.25.3 in /acceptance-tests by @dependabot[bot] in #824

Full Changelog: v15.2.1+2.8.15...v15.2.2+2.8.15

Contributors

dependabot and CFN-CI
Loading

v15.2.1+2.8.15

25 Aug 06:01
@CFN-CI CFN-CI
v15.2.1+2.8.15
80272f7

Choose a tag to compare

View all tags
v15.2.1+2.8.15

haproxy-boshrelease 15.2.1+2.8.15

Upgrades

  • keepalived has been upgraded from v2.3.3 to v2.3.4
  • Lua has been upgraded from v5.4.7 to v5.4.8

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.15
keepalived 2.3.4
Lua 5.4.8
PCRE 10.45
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "15.2.1+2.8.15"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.2.1+2.8.15/haproxy-15.2.1+2.8.15.tgz"
  sha1: "13aaf57852bd674751ae5040b1472e5b41205401"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:c4a228def5805b36765dc71bea31946f9a2cf85596783f7714a9f4ebe0741d06"

Deployment (patched)

releases:
- name: "haproxy"
  version: "15.2.1+2.8.15-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.2.1+2.8.15/haproxy-15.2.1+2.8.15-patched.tgz"
  sha1: "9fd1411cf4bde00172fd08fa6ed4aeb3f045bf15"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:f64dbc95c611938b037ea4374a70b0723b6b1eb9f6a72fdaa636aed5350071c4"

What's Changed

  • doc: add release process doc by @Soha-Albaghdady in #798
  • chore(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 in /acceptance-tests by @dependabot[bot] in #800
  • Bump lua version to 5.4.8 by @CFN-CI in #799
  • chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 in /acceptance-tests by @dependabot[bot] in #801
  • chore(deps): bump requests from 2.32.3 to 2.32.4 in /ci/scripts by @dependabot[bot] in #802
  • Bump keepalived version to 2.3.4 by @CFN-CI in #803
  • Add changelog to haproxy autobump PRs by @mtekel in #804
  • chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 in /acceptance-tests by @dependabot[bot] in #805
  • chore(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0 in /acceptance-tests by @dependabot[bot] in #807
  • chore(deps): bump gitpython from 3.1.44 to 3.1.45 in /ci/scripts by @dependabot[bot] in #809
  • chore(deps): bump thor from 1.2.1 to 1.4.0 by @dependabot[bot] in #808
  • chore(deps): bump pygithub from 2.6.1 to 2.7.0 in /ci/scripts by @dependabot[bot] in #810
  • chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 in /acceptance-tests by @dependabot[bot] in #811
  • chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 in /acceptance-tests by @dependabot[bot] in #812
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.4 to 2.24.0 in /acceptance-tests by @dependabot[bot] in #813
  • chore(deps): bump requests from 2.32.4 to 2.32.5 in /ci/scripts by @dependabot[bot] in #814
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.24.0 to 2.25.0 in /acceptance-tests by @dependabot[bot] in #815
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.0 to 2.25.1 in /acceptance-tests by @dependabot[bot] in #816

Full Changelog: v15.2.0+2.8.15...v15.2.1+2.8.15

Contributors

mtekel, dependabot, and 2 other contributors
Loading

v15.2.0+2.8.15

15 May 07:14
@CFN-CI CFN-CI
v15.2.0+2.8.15
60c06ff

Choose a tag to compare

View all tags
v15.2.0+2.8.15

haproxy-boshrelease 15.2.0+2.8.15

Fixes

  • fix: properly check if TCP should be drained by @maxmoehl

New Features

  • feat: add block reason for the cases where HAProxy denies the requests because of specific conditions, like Host header and SNI mismatch, or other custom deny conditions by @b1tamara

Upgrades

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.15
keepalived 2.3.3
Lua 5.4.7
PCRE 10.45
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "15.2.0+2.8.15"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.2.0+2.8.15/haproxy-15.2.0+2.8.15.tgz"
  sha1: "0349614ee0792305445416ceb7f95d8731c15834"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:f22816e9adf17ffb118e54e1e6f4da8b340833ff15d269778e295bc65ab331be"

Deployment (patched)

releases:
- name: "haproxy"
  version: "15.2.0+2.8.15-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.2.0+2.8.15/haproxy-15.2.0+2.8.15-patched.tgz"
  sha1: "c6b1f446955abf428d278b22d71de737312fd2e9"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:8bb9e24ac15698f8fab6872dd0b7def28f583561a95ddf3a3a8e075923c8572c"

What's Changed

  • clean: remove long unmaintained docs and code by @maxmoehl in #794
  • fix: properly check if TCP should be drained by @maxmoehl in #795
  • feat: add block reason for http_request_deny_conditions by @b1tamara in #796
  • feat: add block reason for http request deny by @b1tamara in #797

Full Changelog: v15.1.0+2.8.15...v15.2.0+2.8.15

Contributors

b1tamara and maxmoehl
Loading

v15.1.0+2.8.15

23 Apr 10:02
@CFN-CI CFN-CI
v15.1.0+2.8.15
489cc28

Choose a tag to compare

View all tags
v15.1.0+2.8.15

haproxy-boshrelease 15.1.0+2.8.15

Fixes

New Features

Upgrades

  • HAProxy has been upgraded from 2.8.14 to 2.8.15

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.15
keepalived 2.3.3
Lua 5.4.7
PCRE 10.45
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "15.1.0+2.8.15"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.1.0+2.8.15/haproxy-15.1.0+2.8.15.tgz"
  sha1: "87de2c7d011862eb5717654bf4a24aeec21ea41d"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:d62b2daf993789a0292a44f037d647fa14fae1fc5c6b01df2005ddc5bde4ab24"

Deployment (patched)

releases:
- name: "haproxy"
  version: "15.1.0+2.8.15-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.1.0+2.8.15/haproxy-15.1.0+2.8.15-patched.tgz"
  sha1: "c2ab0453fa7a33e468140c86180cdca394406491"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:abc6b4240a25b8c79ee8cb0ceff07d0dd543599e5d907ad72ae71897e5e973c0"

What's Changed

Full Changelog: v15.0.0+2.8.14...v15.1.0+2.8.15

Contributors

CFN-CI
Loading

v15.0.0+2.8.14

14 Apr 08:59
@CFN-CI CFN-CI
v15.0.0+2.8.14
fe1e34b

Choose a tag to compare

View all tags
v15.0.0+2.8.14

haproxy-boshrelease 15.0.0+2.8.14

Fixes

Caution

Breaking change. The true_client_ip_header handling introduced in haproxy-boshrelease v14.7.0+2.8.14 was incomplete.
The default behavior has changed, which constitutes a breaking change. See below for details.

  • The true_client_ip_header header is now handled correctly for CF Route Service requests. Thanks @hoffmaen, @a18e
    By default, the IP of the original client is now retained for route-service requests and no longer overwritten with the IP of the last CF egress network node (e.g. NAT gateway). See New Features for available configuration options.

New Features

  • The config property ha_proxy.forward_true_client_ip_header was introduced to fine-tune the behavior of true_client_ip_header handling (thanks @hoffmaen, @a18e):
    • always_set (behavior of previous release v14.7.0+2.8.14)
    • always_forward
    • forward_only_if_route_service (new default)

Upgrades

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.14
keepalived 2.3.3
Lua 5.4.7
PCRE 10.45
socat 1.8.0.3

Deployment

releases:
- name: "haproxy"
  version: "15.0.0+2.8.14"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.0.0+2.8.14/haproxy-15.0.0+2.8.14.tgz"
  sha1: "f017ecf95e1b0c24e39c257896e278fd528248d9"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:b3593f58b36c88775394d86413a748514603635cb820ef3b08713ae0769b3e77"

Deployment (patched)

releases:
- name: "haproxy"
  version: "15.0.0+2.8.14-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v15.0.0+2.8.14/haproxy-15.0.0+2.8.14-patched.tgz"
  sha1: "15d201774295e7a9bfb12132c8ecdac7f12956ca"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:64198ce2addefc2c608b20fae8e9d61d1901d0f9cbaee570d55c6b4b74ade56d"

What's Changed

  • Bump socat version to 1.8.0.3 by @CFN-CI in #768
  • Bump keepalived version to 2.3.3 by @CFN-CI in #780
  • Retain True-Client-Ip for Route Services by @a18e in #778

Full Changelog: v14.7.0+2.8.14...v15.0.0+2.8.14

Contributors

a18e, CFN-CI, and hoffmaen
Loading

v14.7.0+2.8.14

17 Feb 09:46
@CFN-CI CFN-CI
v14.7.0+2.8.14
05469c6

Choose a tag to compare

View all tags
v14.7.0+2.8.14

haproxy-boshrelease 14.7.0+2.8.14

Fixes

New Features

  • true_client_ip_header property that allows specifying header to store the client's IP address, as seen from HAProxy. The header will be overwritten if it already exists in the request. Thanks @hoffmaen and @mtekel (#759)
  • backend_config_targeted property allows for more fine-grained configuration of a specific backend, enabling you to tailor configurations to meet specific requirements for each backend separately. Thanks @Mrizwanshaik and @b1tamara (#765)

Upgrades

  • HAProxy has been upgraded from 2.8.13 to 2.8.14
  • PCRE has been upgraded from 10.44 to 10.45

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.14
keepalived 2.3.2
Lua 5.4.7
PCRE 10.45
socat 1.8.0.2

Deployment

releases:
- name: "haproxy"
  version: "14.7.0+2.8.14"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.7.0+2.8.14/haproxy-14.7.0+2.8.14.tgz"
  sha1: "d4770ac2e6e97beb900b5340989ae59dca50e505"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:d7658451501ebeb358fd48262a8f3d38b1ee325f64d72c67c64e90ba60f038f3"

Deployment (patched)

releases:
- name: "haproxy"
  version: "14.7.0+2.8.14-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.7.0+2.8.14/haproxy-14.7.0+2.8.14-patched.tgz"
  sha1: "e68bf61272f0b93ce1f9ba8efec78e0d2cca68e9"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:5337b7ddd4884eecaf20636ae4a31e292433a81318e2bd169e15b6474072bd23"

Contributors

mtekel, b1tamara, and 2 other contributors
Loading

v14.6.0+2.8.13

09 Jan 12:48
@CFN-CI CFN-CI
v14.6.0+2.8.13
d713e1c

Choose a tag to compare

View all tags
v14.6.0+2.8.13

haproxy-boshrelease 14.6.0+2.8.13

Fixes

  • TCP frontends are now included in draining and also have the additional health check adjustments when enabling PROXY protocol, see #748.

Upgrades

  • socat has been upgraded from v1.8.0.1 to v1.8.0.2

Versions

The following versions of upstream components are included in this haproxy-boshrelease:

Component Version
HAProxy 2.8.13
keepalived 2.3.2
Lua 5.4.7
PCRE 10.44
socat 1.8.0.2

Deployment

releases:
- name: "haproxy"
  version: "14.6.0+2.8.13"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.6.0+2.8.13/haproxy-14.6.0+2.8.13.tgz"
  sha1: "b79a04077b79165adf7ce776eb130a838f5e6c8f"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:fede3b65ab18f893c413d49ecf6b11cb67484ce661acf093b0aff2feacb518d8"

Deployment (patched)

releases:
- name: "haproxy"
  version: "14.6.0+2.8.13-patched"
  url: "https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v14.6.0+2.8.13/haproxy-14.6.0+2.8.13-patched.tgz"
  sha1: "79e766c56ba1a756bcf6cbba41c6f07e6ac2e0da"

# for deployments with sha256, use the following line instead:
# sha1: "sha256:05cf9bfb3578c9c65c8c6bcf3fca682b0c337927d2e3c2b3b8c0e60c211b4cb4"
Loading