github sysown/proxysql v3.0.7
ProxySQL 3.0.7 (Stable Tier)
on GitHub

9 hours ago

ProxySQL 3.0.7 Release Notes

Release date: 2026-04-07

This release of ProxySQL 3.0.7 is a maintenance and security hardening release focusing on protocol safety, observability improvements, and build system modernization. It introduces MySQL protocol zstd compression support, TLS certificate tracking, REST API configuration enhancements, and critical protocol hardening against malformed packets.

Release commit: d7a26b79e936557e2d198148ce6d09111210d651

Highlights

  • Protocol Safety: Hardened MySQL protocol handling with validation for COM_CHANGE_USER, HandshakeResponse, and PROXY protocol v1 packet fields to prevent crashes from malformed inputs.
  • MySQL zstd Compression: Added native zstd compression support for the MySQL protocol, enabling more efficient network utilization for high-throughput workloads.
  • TLS Observability: Introduced stats_tls_certificates table and stats_proxysql_global table for real-time TLS certificate tracking and global proxy metrics.
  • Security: Redacted admin credentials in logging output and fixed all 48 Dependabot alerts in test dependencies.
  • Critical Bug Fix: Fixed a crash when COM_BINLOG_DUMP was received with idle backends from other hostgroups.
  • SHOW WARNINGS Fix: Fixed incorrect warning_count when SHOW WARNINGS statements contained inline comments.

Enhancements & Fixes

Security & Protocol Hardening

COM_BINLOG_DUMP Crash Fix (b2f4b4f, #5556)
Fixed a critical crash that occurred when COM_BINLOG_DUMP was received while idle backends from other hostgroups were connected. The connection handler now correctly validates backend state before processing binlog dump requests, preventing segmentation faults in multi-hostgroup deployments.

COM_CHANGE_USER Packet Validation (c9f627a)
Added bounds checking for COM_CHANGE_USER packets to prevent out-of-bounds reads when processing malformed authentication change requests. This hardening prevents potential crashes when clients send truncated or corrupted packets.

HandshakeResponse String Field Validation (3d9a6e7)
Added validation of string fields in HandshakeResponse packets during the MySQL handshake. Malformed packets with invalid string terminators or truncated fields are now rejected cleanly instead of causing undefined behavior.

PROXY Protocol v1 Address Overflow Fix (010b053)
Fixed a buffer overflow in the PROXY protocol v1 address parsing that could occur with malformed source/destination address fields. The parser now properly validates address field lengths before copying into internal buffers.

COM_STMT_SEND_LONG_DATA Short Packet Handling (151169d)
Fixed improper handling of COM_STMT_SEND_LONG_DATA packets that were shorter than expected. The protocol handler now validates minimum packet length before processing, preventing incorrect parameter data from being sent to backend servers.

Security

Admin Credential Redaction (b4cd4a1)
Admin credentials are now redacted in logging output when set via administrative commands. This prevents sensitive authentication data from appearing in log files, improving compliance with security audit requirements.

Dependabot Alert Remediation (0441d50)
Resolved all 48 Dependabot security alerts by bumping Python test dependencies to their latest secure versions. This eliminates known vulnerabilities in the development and testing infrastructure.

MySQL Protocol Enhancements

zstd Compression Support (ec44a15, 33e125e, 3f1b0a1)
Added native zstd compression support for the MySQL protocol. This provides an alternative to zlib compression with significantly better compression ratios and lower CPU overhead, particularly beneficial for high-throughput workloads over WAN connections. The zstd library is statically linked to ensure consistent behavior across platforms.

SHOW WARNINGS with Inline Comments (049ea8c, #5306)
Fixed an issue where SHOW WARNINGS statements containing inline comments incorrectly incremented warning_count. The query processor now uses digest_text to determine whether a statement is a SHOW WARNINGS query, preventing false warning increments when comments are present.

Digest Text Fallback (8b0c7be)
Added a fallback mechanism to use the raw query text when digest_text is unavailable. This ensures that query routing and statistics collection continue to function correctly even when the query digest cannot be computed.

TLS & Certificate Management

TLS Certificate Tracking (4f88740, 2e552b8, 0357862)
Introduced a new stats_tls_certificates table that provides real-time visibility into loaded TLS certificates, including subject, issuer, validity dates, and cipher suite information. This enables administrators to monitor certificate expiration and detect configuration issues. Also fixed memory leaks in SSL/TLS certificate tracking and improved certificate loading reliability.

stats_proxysql_global Table (e274862, efedd93)
Introduced stats_proxysql_global as a dedicated table for global proxy metrics, moving TLS-related metrics out of stats_mysql_global. This separation eliminates metric ambiguity in dual-protocol (MySQL + PostgreSQL) environments and provides a cleaner observability interface. The table was renamed from the initial stats_global to stats_proxysql_global to avoid substring collision issues in the admin query parser.

REST API Improvements

REST API Route Loading from Config (8d358cb, bbcc67b, 04c5e58)
REST API routes can now be loaded from configuration aliases, enabling declarative route setup without manual SQL commands. REST API configuration values are now properly escaped during insertion, and the configuration handling has been hardened to prevent malformed config entries.

Monitoring & Diagnostics

Listener Conflict Detection (1dace93, 8e37bba, eac20e5)
Added validation for conflicting listener ports at startup. ProxySQL now detects and reports port conflicts before entering the main event loop, preventing silent failures and providing clear error messages during configuration. Includes Doxygen documentation for the listener validation logic.

Build & Platform Support

FreeBSD Build Compatibility (c5ebab5)
Fixed build issues on FreeBSD, ensuring compilation succeeds with FreeBSD's system headers and toolchain.

macOS Compilation Fixes (88be144, a538532)
Resolved compilation issues on macOS (Darwin), including missing type definitions and header conflicts. ProxySQL can now be compiled on macOS for development and testing purposes.

zstd Static Linking (3f1b0a1, df97ae9)
Added the zstd compression library as a statically linked dependency, ensuring consistent compression behavior across all supported platforms without requiring external library installation.

Improvements

  • Timeout Validation: Fixed timeout_ms validation and improved consistency in write path section naming (c3564ca).
  • Unit Test Infrastructure: Added comprehensive unit tests for monitor health decisions, backend variable sync, and protocol utilities (59654e4, ead2331, 24db561).
  • CI Infrastructure: Migrated test infrastructure to support multi-group parallel execution with Docker-based containers for improved reliability and reproducibility.
  • Memory Safety: Fixed stale connection state tracking issues reported during multi-threaded testing scenarios.

Contributors

ProxySQL is a community-driven project, and we are grateful to all the contributors who helped make this release possible. A special thank you to:

  • @rahim-kanji for PostgreSQL protocol hardening.
  • @YujiHatakeyama for the SHOW WARNINGS fix with inline comments (#5306).

We also thank everyone who reported bugs, tested experimental features, and provided feedback during this release cycle.

Hashes

The release commit is: d7a26b79e936557e2d198148ce6d09111210d651

SHA256s: 

760637e7b1516e1bc8cfa7fbb6f92d0f5397b35d318365c4e1ad6105492a3276  proxysql-3.0.7-1-almalinux10-clang.x86_64.rpm
0f69636b6607e4007ee9c23dbd40424f707592f376591f5d60ddf9b168663f34  proxysql-3.0.7-1-almalinux10.aarch64.rpm
805d28053ac16ac1e7a82c7e6d50759ad863550ab21f22e37ad7f685e46efdaf  proxysql-3.0.7-1-almalinux10.x86_64.rpm
8bc0d51dc67e2d7deb0aa98349b6bbc7422648e10ceaecd2082d641919be4eff  proxysql-3.0.7-1-almalinux8-clang.x86_64.rpm
027fcf076a0a25ec0c2c14c224c67fc6761d4ef75339a82b2504c76f430b6704  proxysql-3.0.7-1-almalinux8.aarch64.rpm
14532b9ae70a56b96b96089602c8b21ac6a8e56f5e9ffd4e4ba94b2895baff8b  proxysql-3.0.7-1-almalinux8.x86_64.rpm
1ef1cee303960a73b2fcb8b17ebaf7b694e72c67ec5522d795d33f549c899677  proxysql-3.0.7-1-almalinux9-clang.x86_64.rpm
4c664cc7eed8369bfc1ff8e121ad8381c4facb7a59ca76052dea9c322ed4178e  proxysql-3.0.7-1-almalinux9.aarch64.rpm
51dd97c54e97b816834e2c2bb7c25867ccfc004e46fd4f42fbe45f1b6a911aed  proxysql-3.0.7-1-almalinux9.x86_64.rpm
db35429c33d014a3a3037f28a941f0a503e6adff65cb657e1378d18245d297db  proxysql-3.0.7-1-centos10-clang.x86_64.rpm
b182134db5493fd2ca157a25db67c7467fa4cc8b7e4140ca014de43a62cc32d3  proxysql-3.0.7-1-centos10.aarch64.rpm
c860494564a74aa2878bd4e3836ab052c6afe09ff2a42a5a6e26a3264475aa7c  proxysql-3.0.7-1-centos10.x86_64.rpm
b483c7f32b5a4a5385424b10587548aa99236ac7b2a0fed0c85d3ca0b2cfd732  proxysql-3.0.7-1-centos9-clang.x86_64.rpm
f256e39628dfb259f14531f4ed8b4d4c86e953c8be2eb139165fd82be73d045c  proxysql-3.0.7-1-centos9.aarch64.rpm
0d0b694989b4931e2f1cc38e71b2ed2bd728287057d730eee193212fd73b677f  proxysql-3.0.7-1-centos9.x86_64.rpm
7342d6ee15a1d45914dcb06f1ccb145f8aa68b3a9a11fa65ba0510620252b699  proxysql-3.0.7-1-dbg-almalinux10.x86_64.rpm
45025ed74c454929527c264747a1d6efc8da8208c40a5fbec1460ee79238b134  proxysql-3.0.7-1-dbg-almalinux8.x86_64.rpm
2d526d0cb3057f9bcf3f51f805b860b5fce202d40a5c217d160197ae71d7938c  proxysql-3.0.7-1-dbg-almalinux9.x86_64.rpm
1eb62c55385aa785107ccee999d594367a3a4b65408326db4338377a6115cc3c  proxysql-3.0.7-1-dbg-centos10.x86_64.rpm
83c780d39739083505c4e6759f42fababa88ee3c871d5ac47ab0fbe6ee282bea  proxysql-3.0.7-1-dbg-centos9.x86_64.rpm
46966097d20c5c5e52317de54031d39acf6a7c800939cc6d32addeab1b1db9ce  proxysql-3.0.7-1-dbg-fedora42.x86_64.rpm
7904d0c85816d3ff129f7134e63f3d68c85a4505dca52d808c0df70842d404c8  proxysql-3.0.7-1-dbg-fedora43.x86_64.rpm
36f8a91caa3dd3e565f3e6566bcacb8df76f24458cc539dd12f26b8866ac89fb  proxysql-3.0.7-1-dbg-opensuse15.x86_64.rpm
b4ae35d41937ca9219e5b4186f2786d2d86d27d4498c306ac56507ce89b42613  proxysql-3.0.7-1-dbg-opensuse16.x86_64.rpm
a7105e63af7f3f8db1e430f9db0882a0ae0c8cb761f4dd431da1de5de1b665ae  proxysql-3.0.7-1-fedora42-clang.x86_64.rpm
096043f455c1b8f3c571ebf8b0f181943aed40eaabc12c4b69b878575eb4419d  proxysql-3.0.7-1-fedora42.aarch64.rpm
f7eb19027dc66a528a22dadd6a1f8e4abd469135e509ee717cf77e323724cdb2  proxysql-3.0.7-1-fedora42.x86_64.rpm
a339fa20fb7aa0bfd11175a2a545bc7199720b0818b5ef4f4005fb02347c8173  proxysql-3.0.7-1-fedora43-clang.x86_64.rpm
d3e8b8df3d44602b084e857f1530dd5d7450f54c4ff8efe82dd9488e2ee333d8  proxysql-3.0.7-1-fedora43.aarch64.rpm
f5e3679c12e02115cdb2811847d577262e2e5d533c64190e7540565a9adcd3f4  proxysql-3.0.7-1-fedora43.x86_64.rpm
df7c4a0828d7bfee91af9e362fc42e8a52f751aaaa7a86a6395b866fd4b907b8  proxysql-3.0.7-1-opensuse15-clang.x86_64.rpm
94285121e5a228eb9d556aa2c6890e13dccc319dcc45602d1c82bc7db19e2dd7  proxysql-3.0.7-1-opensuse15.aarch64.rpm
2bb529eb59291d2441fa8c9db6d9fa56805dde0571db5820222692b7066f9d93  proxysql-3.0.7-1-opensuse15.x86_64.rpm
07a1ba2661aa7dff9c351c2af3c8b7e654b4b56668078447a199e4671ac9bed3  proxysql-3.0.7-1-opensuse16-clang.x86_64.rpm
65627b787b49d19e8d4ba91128a7510bf9fd8ce580cad5d22e92435ec08788fd  proxysql-3.0.7-1-opensuse16.aarch64.rpm
154f6e61f5b6c4a24627e675863ca8baa8d87fd023512921f60e6a1efc774a35  proxysql-3.0.7-1-opensuse16.x86_64.rpm
a12a6c5cb36995b6a192de03ab878e3e960c4afac11cddb0cea59d26d8db38ac  proxysql_3.0.7-dbg-debian12_amd64.deb
23d724c142daea9a9e7fc18aaca42526c398f5cd9cece4f786afc2608d5e2c5c  proxysql_3.0.7-dbg-debian13_amd64.deb
a81527924d18678762024a8f0b304dcf360c88fe2116568b0fcff226e8c5d540  proxysql_3.0.7-dbg-ubuntu22_amd64.deb
7aa426d021e802df6a7dd42cd895c7ed9dd62eb07b1b9ec4a0576bc2d8386a75  proxysql_3.0.7-dbg-ubuntu24_amd64.deb
7a3dd9a178a72c6b36106507deafdc18b895659dc69451fbddae860822c91a4d  proxysql_3.0.7-debian12-clang_amd64.deb
1914a8ef18cfb9fc0598b5d69d22dbeca64d55fca0c056cc9991b90616e4bcfb  proxysql_3.0.7-debian12_amd64.deb
c7d0611cdc8f2328e98f27316c37be4c0d338bad482f6fdd05369ffc3dc28dd8  proxysql_3.0.7-debian12_arm64.deb
faad010f8732c4788a2054cdcf6eda93571dbf6b713dbed4a882f2080deff9a3  proxysql_3.0.7-debian13-clang_amd64.deb
c57a5aaf550541d7453f4d3bb6151acf0fd91fbc1c82b1f1e55e779101eca517  proxysql_3.0.7-debian13_amd64.deb
7001fc661f74b82505e54ccafa44ebe8b2170117659b772ce8a96c1639d13b01  proxysql_3.0.7-debian13_arm64.deb
4ea4abf59e70f3b8331d32b67f029598dab253eabf85163076e4504db2582769  proxysql_3.0.7-ubuntu22-clang_amd64.deb
28a0a020b1dc6b33b56b0817907ca42156c789e8ebdc3051ef9d72358d0d435e  proxysql_3.0.7-ubuntu22_amd64.deb
256b5438b39584cd10fc6e850478480d36aa44d79ffdef18853edb345d0385d0  proxysql_3.0.7-ubuntu22_arm64.deb
b913cedb875291c60f68c73fa772e703332ca3edd3a7a048c632583e6df481fb  proxysql_3.0.7-ubuntu24-clang_amd64.deb
48ec9e94aa2450381b55e246b7f508cbe940db7641c410bd546b20910e219222  proxysql_3.0.7-ubuntu24_amd64.deb
06e242f0bd23e3f77f95c819db631771fc5244ca53f27f64780cb34d8df4b82c  proxysql_3.0.7-ubuntu24_arm64.deb
Check out latest releases or
releases around sysown/proxysql v3.0.7

Don't miss a new proxysql release

NewReleases is sending notifications on new releases.

Get notifications