Operations | Monitoring | ITSM | DevOps | Cloud

The state of web app, API, and AI service security is in constant flux, with threats seemingly lurking around every corner. For years, organizations have relied on web application firewalls (WAFs) as a critical layer of defense. HAProxy Technologies has long provided robust WAF solutions, including earlier versions such as the "Advanced WAF" and "ModSecurity WAF" — based on the popular open source WAF engine. These excelled against widely-known OWASP Top 10 threats.

On December 3, 2025, the React team announced a critical security vulnerability in React Server Components (RSC). Identified as CVE-2025-55182 (and covering the now-duplicate CVE-2025-66478), this flaw allows unauthenticated attackers to execute arbitrary JavaScript code on backend servers.

Unlock peak load balancing performance with HAProxy! In this blog post, we'll explore how HAProxy intelligently harnesses the power of modern multi-core CPUs while navigating challenging architectural complexities like NUMA. Discover how HAProxy leverages optimized multithreading and provides automatic CPU binding to deliver both unparalleled efficiency and speed, ensuring your load balancing is faster than ever.

At KubeCon, we asked a simple question at our booth: "How much is your service mesh costing you?" The answers were eye-opening. Engineers shared stories of 40% resource overhead, multi-second latency spikes during peak traffic, and infrastructure bills that had nearly doubled since mesh adoption. One architect told us they were spending more time managing their mesh than building features.

One of the most anticipated presentations at HAProxyConf 2025 came from gaming and user-generated content (UGC) innovators Roblox. Software Engineer Chris Jones and Senior Site Reliability Engineer Ben Meidel gave an enthusiastic and enjoyable presentation, detailing their journey from legacy hardware to a sophisticated, automated, and secure application delivery platform, with seamless, API-powered dynamic configuration and upgrades, supported by the HAProxy Enterprise Dynamic Update Module.

HAProxy 3.3 is here, and this release brings downloadable packages compiled by HAProxy Technologies, numerous TLS enhancements including expanded ACME support, better observability with persistent stats over reloads, and many improvements to performance and flexibility such as support for QUIC on the backend. These powerful capabilities help HAProxy remain the G2 category leader in API Management, Container Networking, DDoS Protection, Web Application Firewall (WAF), and Load Balancing.

The continuous shift toward containerization means businesses are migrating more complex, mission-critical workloads to Kubernetes. This trend necessitates traffic management solutions that support diverse protocols (such as TCP, UDP, HTTP, and gRPC) and sophisticated organizational architectures, while delivering exceptional performance and efficiency.

HAProxy ALOHA 17.5 is now available. This release delivers powerful new capabilities that improve security and performance — while future-proofing HAProxy ALOHA to enable richer features and advanced functionality. With this release, we’re introducing HTTPS health checks to Global Server Load Balancing (GSLB), new partitioning for larger firmware updates, enhanced web application firewall (WAF) functionality, and our new Threat Detection Engine (TDE).