amazon-linux-2023
amazon-linux-2023 copied to clipboard
amazonlinux
[Package Update Request] - HAProxy
What package is missing from Amazon Linux 2023? Please describe and include package name. Currently HAProxy 2.8.3 is available, its release date was 2023/09/07 - at least CVE-2024-53008 was found in the meantime.
Is this an update to existing package or new package request? Update
Any additional information you'd like to include. (use-cases, etc) I would like to see update to the latest LTS branch version 3.2 to include all the new features that were added on the way from 2.8 to 3.2.
That CVE was fixed in the version found in AL2023 via a backport of the fix. See:
- https://explore.alas.aws.amazon.com/CVE-2024-53008.html
- https://alas.aws.amazon.com/AL2023/ALAS2023-2025-791.html
Do you actually need those new features in version 3.2 or are they just nice to have?
Hey @awsthk - I'm very glad that the CVE was fixed.
We would like to benefit from the performance optimizations HAProxy included from version 2.9 upwards ("The HTTP/2 implementation uses significantly less memory and is up to 40-60% more CPU-efficient:"). Furthermore from 3.0 upwards log files are available also in JSON format & the Prometheus Exporter is included which could be a great help to maintain the whole thing.
Would this be enough to speak about an integration of a newer version than the currently two year old one?
Thank you!
Related issue: https://github.com/amazonlinux/amazon-linux-2023/issues/843
@dawk0 Prometheus exporter is available on the 2.8 version shipped for AL2023. Fully suppor bumping to 3.2 though
@hferreira23 absolutely - tried the current version and it crashed after a day without real hint in the logfile. Compiled and used 3.2.3 with the same config file and it is running smooth.
@dawk0 , HAProxy ver 3.0.5 package haproxy-3.0.5-1.amzn2023.0.1 is available in 2023.8.20250908, https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.8.20250908.html
