Recently, a Remote Code Execution vulnerability was discovered in the Java Spring Core library. This vulnerability allows attackers to execute arbitrary code on affected systems. You can find more information on that vulnerability in the announcement on the Spring Blog. While HAProxy Enterprise, HAProxy ALOHA, and other products within the HAProxy Technologies portfolio are not impacted by this (they do not use the Spring Core library at all), you can use our products to mitigate the attack.

HAProxy and HAProxy Enterprise collect a vast amount of information about the health of your applications being load balanced. That data, which uses the Prometheus text-based format for metrics, is published to a web page hosted by the load balancer, and since many application performance monitoring (APM) tools can integrate with Prometheus, it’s likely that you can visualize the data using the APM software you already have.

The focus of the 2.5 version was on expanding support for HAProxy configuration keywords, and that’s where most of the effort during this release cycle was spent. We will continue doing that during the next couple of versions to gain complete feature parity with both the HAProxy configuration and Runtime API so that you can use the Data Plane API as a full-featured way to configure HAProxy.

Load balancing is an indispensable technique for improving a website’s performance. I’ll explain why. With Firefox’s Web Developer Tools open, I visited a popular retailer’s website to see how many HTTP requests my browser made when loading the site. In this case, I counted 119 requests needed to render the landing page.

Every load balancer you’ll find on the market must deliver performance, reliability, scalability, and security, and do it better than its competitors. Each must solve complex programming challenges that address those needs—choices that will affect the direction of the project for years to come. HAProxy is no different. When evaluating whether you should choose HAProxy or something else, it helps to know how project contributors answered the big, architectural questions.

When someone says a website is available, they mean that they can access that website. The application they’re trying to reach is up and working properly. High availability means that the website is up most of the time throughout the year. Companies can even put a percentage on this, striving for 100% availability, but typically getting somewhere a bit less, such as 99.9% or 99.99%.

Load balancing means splitting up network traffic so that you can distribute it evenly across a group of backend servers. For example, if you run two web servers, both hosting a copy of the same website, then you can balance the traffic across them, sending half to one and half to the other. The goal of load balancing is to increase the availability of your website or web-based application by routing a portion of requests to each server.

This post will be updated over the next several days. Recently, a Remote Code Execution vulnerability was discovered in the Apache Log4J library. This vulnerability, which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on affected systems. While HAProxy Enterprise, HAProxy ALOHA, and other products within the HAProxy Technologies portfolio are not impacted by this (they do not use the Log4J library at all), you can use them to block the attack.

Register for our live webinar to learn more about this release. HAProxy 2.5 is now available! It adds improvements to a number of areas including better usability around setting variables, more descriptive error reporting and logging, and enhanced HTTP and WebSocket support. The HAProxy Runtime API has expanded its coverage of SSL-related commands and now includes the ability to add and remove CA files and revocation lists on-the-fly.