github sysown/proxysql v3.0.9
ProxySQL 3.0.9
on GitHub

6 hours ago

ProxySQL 3.0.9 Release Notes

Release date: 2026-06-04

ProxySQL 3.0.9 is a maintenance and feature release for the Stable Tier. Its
headline change is a new backend-pool session scheduler that keeps tail
latency in check when the connection pool is saturated. Alongside it, this
release introduces an optional, AST-based SQL parser engine (ParserSQL,
disabled by default), a major round of PostgreSQL work (an independent DNS
cache, much faster SCRAM-SHA-256 authentication, and several digest/startup
correctness fixes), MySQL/MariaDB protocol and charset fixes, AWS Aurora
replica autopurge, a long-standing query-routing bug fix, and a broad sweep of
dependency, build, and packaging hardening (GCC 16, new distros, signed-package
compatibility).

Release commit: 7ddb3dc01

Highlights

  • Security: two critical CVEs fixed — a PROXY-Protocol-v1 source-IP spoof
    that bypassed client_addr ACLs (CVE-2026-48772) and a pre-auth heap overflow
    in first-packet handling (CVE-2026-48773). Upgrading is strongly recommended;
    see Security.
  • Backend-pool session scheduler: a new per-thread session-partitioning pass
    that engages only under pool contention, cutting average and tail latency and
    preventing the oldest connection-waiters from being starved to timeout (#5819,
    #5825).
  • ParserSQL (optional, off by default): a new vendored AST SQL parser that
    can drive query-digest generation, command-type classification, and SET
    parsing for both MySQL and PostgreSQL. Opt-in via mysql-set_parser_algorithm=3
    or mysql-query_processor_parser=1 (and the pgsql- equivalents); the legacy
    parser remains the default (#5736).
  • Independent PostgreSQL DNS cache: PgSQL backends now resolve through their
    own DNS cache, removing a synchronous getaddrinfo stall inside libpq that
    could trip the watchdog when a resolver was degraded (#5806).
  • Faster PostgreSQL SCRAM-SHA-256 authentication: caching the OpenSSL digest
    and SCRAM verifier roughly doubles connection throughput on SCRAM-heavy
    workloads, reaching parity with PgBouncer (#5689).
  • AWS Aurora replica autopurge and a monitor race-condition fix (#5760).
  • Correctness fixes for query-rule fast routing, MariaDB collations,
    PostgreSQL query digests, and a large-packet double-free that could
    crash the proxy (#5763, #5807, #5764, #5808).

Security

This release fixes two critical, remotely-triggerable vulnerabilities. All
users on 3.0.8 and earlier should upgrade.

CVE-2026-48772 — PROXY-Protocol-v1 UNKNOWN source-IP spoofing

Critical · CVSS 10.0 · CWE-348/863 · GHSA-gw94-85m2-x8v2

When ProxySQL is configured to accept the PROXY protocol (v1), a header using the
UNKNOWN transport could still carry address fields, which ProxySQL parsed as
the client's source IP. A client able to speak the PROXY protocol to ProxySQL
could therefore present an arbitrary source address and bypass
mysql_query_rules.client_addr access-control rules. ProxySQL now rejects
address fields in UNKNOWN frames (commits 1d2e080a, 3ad60f68, with
regression tests). Affects 2.0.0–3.0.8; fixed in the 3.0.9 / 3.1.9 / 4.0.9 builds. Reported by
@addcontent.

CVE-2026-48773 — Pre-auth heap overflow in first-packet handling

Critical · CVSS 9.8 · CWE-787 · GHSA-58ww-865x-grpr

An unauthenticated client could trigger a heap buffer overflow in the
first-packet handling of both the MySQL and PostgreSQL data streams. ProxySQL now
bounds the first-packet recv() on both protocols (commit 1cb2ecc1, with the
oversize_first_pkt-t regression test). Affects 2.0.18–3.0.8; fixed in the 3.0.9 / 3.1.9 / 4.0.9 builds.
Reported by @kamil-sawicki.

New Features

Backend-pool session scheduler (#5819, #5825)

Under heavy connection-pool contention — many client sessions competing for a
small backend pool — ProxySQL's per-thread session loop could spend its time
re-examining sessions that had no work to do, and could keep serving newer
pool-waiters ahead of older ones. This release adds a session-partitioning pass
to Base_Thread (shared by both the MySQL and PostgreSQL threads) that, on each
outer iteration, groups sessions into running / waiting-on-pool / idle bands so
that a connection released at the end of one session's query is handed to a
waiting session within the same iteration.

The pass is gated: it only engages when the pool is actually under pressure,
detected from the ratio of failed get_MyConn_from_pool() acquisitions with a
short hysteresis and a minimum-attempts floor so that low-volume noise does not
trip it. When contention is detected, the longest-waiting session in the
CONNECTING_SERVER band is promoted to be served first, so the session closest
to hitting connect_timeout_server_max is the one that gets the next freed
connection instead of being starved to an abort. A 1-in-N local
connection-cache change removes the per-thread connection hoarding that
previously caused a throughput cliff at higher thread counts. On a sustained
4 KB-row, TLS workload this moved a single worker from ~1,303 to ~1,487 tps
(384 ms → 336 ms average latency) and scaled cleanly with thread count. The
behavior is automatic; there is nothing to configure.

ParserSQL: optional AST SQL parser engine (#5736)

ProxySQL now vendors ParserSQL (1.0.9) as a static library and wires it in
through an adapter that can provide three things: query-digest generation,
command-type classification, and SET-statement parsing, for both the MySQL and
PostgreSQL dialects. It is disabled by default — the existing parser remains
in charge — and is enabled per protocol through two runtime variables:
set_parser_algorithm=3 switches only SET parsing to ParserSQL (conservative),
while query_processor_parser=1 routes digest, command-type, and SET through
it (full mode). The parser runs as per-thread state on the query hot path (no
locks, O(1) arena reset) and preserves SpookyHash digesting for backward
compatibility. This cycle also extended the engine's PostgreSQL SET handling to
cover the SET TIME ZONE alias and multi-value lists such as
SET search_path TO "$user", public (#5805).

Independent PostgreSQL DNS cache (#5806, fixes #5768)

The PostgreSQL side now owns a DNS cache that mirrors the MySQL one — its own
cache instance, resolver loop, and counters — so admin changes to one protocol's
cache no longer affect the other. On a cache hit, PgSQL_Connection passes
hostaddr=<ip> to libpq, so PQconnectStart() no longer blocks synchronously
inside getaddrinfo when the resolver is slow or broken. That synchronous stall
was the root cause behind the watchdog asserts reported in #5768. Three new
counters — PgSQL_Monitor_dns_cache_queried, _lookup_success, and
_record_updated — are exposed in stats_pgsql_global.

Faster PostgreSQL SCRAM-SHA-256 authentication (#5689)

On OpenSSL 3.x, EVP_sha256() performs a global, lock-contended EVP_MD_fetch()
on every call — roughly 4,096 redundant fetches per SCRAM PBKDF2 derivation, and
the dominant cost (~58% of CPU) on SCRAM-heavy PostgreSQL workloads. ProxySQL now
fetches the SHA-256 digest once and reuses it, and caches the derived SCRAM
verifier for plaintext-password accounts so repeat connections skip PBKDF2
entirely. In a serial connect/disconnect benchmark over SCRAM-SHA-256 + TLS this
raised throughput from ~137 to ~229 connections/sec — parity with PgBouncer.

AWS Aurora replica autopurge (#5760)

Aurora replicas that disappear from REPLICA_HOST_STATUS are now removed from
mysql_servers once they have been missing for the configured
autopurge_missing_checks threshold, instead of lingering as stale entries. The
change also fixes a monitor race condition in the Aurora discovery path.

Galera wsrep session variables and MariaDB SET STATEMENT ... FOR (#5708, closes #5686)

wsrep_trx_fragment_size and wsrep_trx_fragment_unit are now tracked
session variables, captured on SET and synchronized to backend connections like
the existing wsrep_sync_wait. ProxySQL also recognizes MariaDB's
SET STATEMENT var=val ... FOR <statement> syntax and forwards it without locking
the session to a hostgroup — previously this syntax was unrecognized and could
lock the session, surfacing as error 9006 on a later query bound to a different
hostgroup.

MySQL greeting advertises CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA (#5744, closes #4760)

ProxySQL already parsed length-encoded client auth data but never advertised the
corresponding capability bit, so stricter clients such as Boost.MySQL refused to
connect. The flag is now set in the server greeting.

Bug Fixes (Core ProxySQL)

  • Large-packet COM_STMT_EXECUTE double-free / SIGSEGV (#5808, fixes #5639):
    an oversized binary prepared-statement packet that tripped
    mysql-max_allowed_packet could free the same buffer twice in
    handler_WCD_SS_MCQ_qpo_LargePacket(). With jemalloc this silently corrupted
    the allocator and crashed intermittently under load; the handler now detects
    the aliased buffer and frees it once.
  • MariaDB collation regression (#5807, fixes #5790): a MySQL-9.x charset fix
    inadvertently made ProxySQL treat MariaDB 10.x/11.x as MySQL ≥ 8 and forward
    SET NAMES utf8mb4 COLLATE utf8mb4_0900_ai_ci unmodified, failing with
    ERROR 1273: Unknown collation. MariaDB is now detected explicitly. The same
    PR repairs sibling version-detection sites, including two in MySQL_Monitor
    that broke health checks against MySQL 9.x Galera/PXC.
  • Query rule apply=1 could bypass fast routing (#5763, closes #5620): when
    no mysql_query_rules rule matched but the last-iterated rule happened to have
    apply=1, mysql_query_rules_fast_routing was skipped, sending traffic to the
    default_hostgroup (or failing with ERROR 9001). The matcher no longer leaks
    the last-iterated rule past a non-match.
  • PostgreSQL query-digest truncation on typecasts (#5764, closes #5755): a
    ::TYPE cast in the middle of a statement caused stats_pgsql_query_digest to
    drop everything after the cast, making query analytics misleading for ORM
    workloads. The query itself was always forwarded correctly; only the recorded
    digest was wrong.
  • PostgreSQL backend startup options trailing space (#5816, closes #5801):
    the StartupMessage options value ended in a stray space, which PostgreSQL
    tolerated but PgBouncer rejected, breaking client → ProxySQL → PgBouncer → PostgreSQL setups. Untracked options parameters are now also accumulated
    rather than overwritten, so all of them reach the backend.
  • SET STATEMENT ... FOR detection across whitespace (#5794): the #5708
    detection required a literal space on both sides of FOR, so a query with a
    newline after FOR (common when typed across lines) was missed and locked the
    hostgroup, surfacing as error 9006. Detection now runs on the
    whitespace-normalized digest.
  • Skewed traffic from a broken PRNG (#5743, closes #4530): MySQL server and
    connection-pool selection used an unseeded thread-local fastrand() (and the
    thread-unsafe rand()), so all threads produced correlated choices and equal-
    weight backends could see 3–4× traffic skew. Both now use the seeded
    rand_fast() (xoshiro128++) already proven on the PgSQL path.
  • Static-analysis BLOCKER fixes (#5739): lock unlock-order reversal in the
    MySQL/PgSQL/ClickHouse authentication paths, a potential out-of-bounds in
    SQLite3_result::dump_to_stderr, a memcpy on an unallocated buffer, added
    null guards around server_myds teardown, and removal of dead alerting code.

Dependencies, Build & Packaging

  • ParserSQL 1.0.9 vendored. The bundled parser's Makefile now honors an
    environment-provided compiler, fixing clang package builds that previously
    failed where g++ was absent (ProxySQL/ParserSQL#45).
  • jemalloc patched for GCC 16 (#5774, fixes #5770): bundled jemalloc 5.2.0
    referenced a libstdc++ internal symbol that GCC 16 no longer exposes, breaking
    the build on GCC 16 distros. Fedora 44 (GCC 16) is added to the package
    matrix as the regression net.
  • libconfig \a \b \v passthrough restored (#5773, fixes #5766): the
    1.7.3 → 1.8.1 bump silently collapsed these escape sequences inside quoted
    proxysql.cnf strings, corrupting values such as passwords. The bundled
    libconfig is patched to preserve them.
  • DEB packages normalized to xz (#5762, closes #5580): Ubuntu's dpkg-deb
    defaults to zstd, which the release server's dpkg-sig could not verify
    (BADSIG). DEB output is now repacked to xz for all distros.
  • arm64 package install-verification fixed to use a portable ELF check, so
    the pre-upload smoke test no longer fails on minimal images lacking file.
  • PROXYSQLGENAI build flag removed (#5815): all GenAI/MCP/AI/RAG code lives
    in plugins/genai/ and is built by PROXYSQL40=1; the separate flag is gone.
    No effect on 3.0.x binaries.

Contributors

Thanks to everyone who contributed to this release: @renecannao, @rahim-kanji,
and @wazir-ahmed.

Security reporters — thank you for the responsible disclosures: @addcontent
(CVE-2026-48772) and @kamil-sawicki (CVE-2026-48773).

SHA256s: 

c06cf97256cdda81a9098ef5a765952c8e95e2b5b8dffa7636c9600461959a68  proxysql-3.0.9-1-almalinux10-clang.x86_64.rpm
b107abb4c0809153ed050db30f2ec8a022b247e3f266ae2c4e87f20bb4213c8e  proxysql-3.0.9-1-almalinux10.aarch64.rpm
09e76c40d1e4aad5b7261c180a228623dc0fea7fff9f44bb55d80cfbe94b627b  proxysql-3.0.9-1-almalinux10.x86_64.rpm
25cfbeb22599957ca0c10e2cddf716294f9c8f12bc3795080f8cd5844487f789  proxysql-3.0.9-1-almalinux8-clang.x86_64.rpm
5f35ad989eee9796018852a6b1a8162bd61f31e7e72add63238e6e2067808cfc  proxysql-3.0.9-1-almalinux8.aarch64.rpm
9166356f0a9243a1190780d6a54da265a2de88644c8cfb5eb9d1835173be4829  proxysql-3.0.9-1-almalinux8.x86_64.rpm
3b1b98fc765e60069c72aca7c424c34745843aa307a1ece9a7cda7130e9474ac  proxysql-3.0.9-1-almalinux9-clang.x86_64.rpm
d99e8d73e11bf66a34a0bb23c0d541a268540abaae01f576aae0111fb530bd9d  proxysql-3.0.9-1-almalinux9.aarch64.rpm
e6c9191fd0f3fddc39cdd42df6b0a91a2b4f1817b74509f6ed514925774498cc  proxysql-3.0.9-1-almalinux9.x86_64.rpm
8a1dfe23b426c6808e6aa02fdbe7885eb9a87616c2549643c7692a5eb36ef3da  proxysql-3.0.9-1-centos10-clang.x86_64.rpm
9947593602b741fc3724372828244d5e450be6cd4ca91cf8d4a77c7eba94bfd5  proxysql-3.0.9-1-centos10.aarch64.rpm
4a3e86ef6f96668028398e4841c6d894c3ac058d9a8de0fa60dc9875dc59832e  proxysql-3.0.9-1-centos10.x86_64.rpm
0fcdd33079b2179d5f574f023915cf874a259e928caeb7a712895d44ae5c9299  proxysql-3.0.9-1-centos9-clang.x86_64.rpm
beec5838af8a5a0e5de35688e680b3696952955242e619ba8c3a82adbd07453d  proxysql-3.0.9-1-centos9.aarch64.rpm
ca209152e5162aa73474b999e4ab289e89e6dcc2762f12c3018d33a11af1b6da  proxysql-3.0.9-1-centos9.x86_64.rpm
d2cbd37a28ee78a65686b500e7a3f66f88396a476c0891d1db0656fd30432d55  proxysql-3.0.9-1-dbg-almalinux10.x86_64.rpm
fbb6a7ef52575fcffa36363fa57dc8f2d347d04187ac1f8fa301df64e26456d1  proxysql-3.0.9-1-dbg-almalinux8.x86_64.rpm
c78746c8075cdf4a7b9771b899f0912e2883824585b9920c7e923ac49a023ede  proxysql-3.0.9-1-dbg-almalinux9.x86_64.rpm
3184ce5ec10a59d0a03a35bf5062a0db3f254d3f65ace32372018b5a55e97e9d  proxysql-3.0.9-1-dbg-centos10.x86_64.rpm
d4bccbd94652656e604eb2ba69df4c9f60828745ad3600785bbe062d56866ace  proxysql-3.0.9-1-dbg-centos9.x86_64.rpm
fa2b57d9f379584ed25f32dc25bddf92c342bbc9576b3c387112076a48864a91  proxysql-3.0.9-1-dbg-fedora42.x86_64.rpm
85ac475786980e51ae9217616b716bce960a24cb4ca8b2a8e914fad6d0476fbe  proxysql-3.0.9-1-dbg-fedora43.x86_64.rpm
d7d2d359c87358861aa18295c1b9e67bfac6c6ae9557c83d924f5e697f1af46d  proxysql-3.0.9-1-dbg-fedora44.x86_64.rpm
07bd78d4d7e6eadcc8f2dc6b884d15580206eaff8968072df67c87d94b831ea3  proxysql-3.0.9-1-dbg-opensuse15.x86_64.rpm
fadcbcf3af1289dd47f956a217c486071cf32e091a7bb3c881c0d94f14509310  proxysql-3.0.9-1-dbg-opensuse16.x86_64.rpm
85900cc163872b5314ec6512b6b2d187c092f5af90efaa73eeecb1d94e616211  proxysql-3.0.9-1-fedora42-clang.x86_64.rpm
81d1f188ed3f32479b6403476e0f066cc7a5430ba249a14a4d0bf876ef7c8ef6  proxysql-3.0.9-1-fedora42.aarch64.rpm
b36e5ab0f1f4bba2ccb2e287041b80f14600ba2b3b2245090de307b48a487eaa  proxysql-3.0.9-1-fedora42.x86_64.rpm
18fa8bbba2659116dc96bf0c8ffa6595b5d19f104cee55138dd8fbf6b2f03c99  proxysql-3.0.9-1-fedora43-clang.x86_64.rpm
3c87ace77b3be5ae2988a4a81a428acebe8128e5e69be4e55a0522e13a9b1da3  proxysql-3.0.9-1-fedora43.aarch64.rpm
8aaa55fe513b6f07fb3dfbbfa2a27b4feb4552dc8369c10581444e7333e6aa9f  proxysql-3.0.9-1-fedora43.x86_64.rpm
325e5ecb7e35bac6e388816f694b5282c0675af39c6cfe2c1162d20c04aebb15  proxysql-3.0.9-1-fedora44-clang.x86_64.rpm
eb8171aa3a404f81e9bb15bfe43b1415463b4fa0221fe4779d00c1f6b1d150ce  proxysql-3.0.9-1-fedora44.aarch64.rpm
cd66696e9e56442416874af9ae48a512680d2a616b391d99d45014de752cd1a9  proxysql-3.0.9-1-fedora44.x86_64.rpm
379f2673eb16c0987f035b503ebc359b699db760d5e02e6ba4dbf0abcc01658f  proxysql-3.0.9-1-opensuse15-clang.x86_64.rpm
dcf8397a7c96a1135784deb76f177091776e9612168ab7faa463e33e1c78128b  proxysql-3.0.9-1-opensuse15.aarch64.rpm
679344706dd261dc17548abafe7fa7c61b9201ff98a185e8a906b9068f9f47f6  proxysql-3.0.9-1-opensuse15.x86_64.rpm
b23b5efb4643dca915bba957eaec1e9ccf17884a4c4e2c6c858cc5c1066c6d75  proxysql-3.0.9-1-opensuse16-clang.x86_64.rpm
7f111477713aa222ebb639448848fc6776e32cfc450e1551f710eaf4cb0797b7  proxysql-3.0.9-1-opensuse16.aarch64.rpm
028b71ea975d58f85560b9e4d2e2f7cccd42fa7f3f8842fa3676fc562715c2b3  proxysql-3.0.9-1-opensuse16.x86_64.rpm
1647bf542fcacb9fe8b6a98c7151fb5b238d46b43ebdad1c0c139f0d1fbe8e21  proxysql-3.0.9.id-hash
1bc343424d407fe3cb9c4f544e0559f4f3a89206d2347211a8cfa3017afc3876  proxysql_3.0.9-dbg-debian12_amd64.deb
faf51cef2356dd620632ab223f60ebfb41ca3b2e35a5dd6c490d788065fb14a2  proxysql_3.0.9-dbg-debian13_amd64.deb
5ab0669a9a849ce9832538e3008aad8cb376d62c695e624760023a2e671e0967  proxysql_3.0.9-dbg-ubuntu22_amd64.deb
3c13a463d89888f1a50735386f184917866856c684d3448b66e0bc6e6edc5d3e  proxysql_3.0.9-dbg-ubuntu24_amd64.deb
413c1710e55f8bed557eb087a27b09a73de91829df8edbfbc49be355b4af52c2  proxysql_3.0.9-debian12-clang_amd64.deb
f5b575c2a8f174c7b547581d771eb5edfe645196cbb9ff3961e2edfa11e980cc  proxysql_3.0.9-debian12_amd64.deb
b51f52f5973c862c438d72960a1ee9e9aacba8b433fee0698478558cadaca763  proxysql_3.0.9-debian12_arm64.deb
1729cd17a901fc5a306bf73822b336c8d36cba7409e209e5327ba1caf0395b75  proxysql_3.0.9-debian13-clang_amd64.deb
f7f1324e1aa047df72a07b9141a19bb3bddd2a709420909a437949a0c09c08ac  proxysql_3.0.9-debian13_amd64.deb
29bf63ef097a0ee9c9b7c3660b9dd16ab3380438a7c379f4d6c4bcce85d083ec  proxysql_3.0.9-debian13_arm64.deb
78c4de6d0ef4f5cd2400577bf730f5e2eb940515a91cc8c2fe4193b70a82370a  proxysql_3.0.9-ubuntu22-clang_amd64.deb
712301b7d65f67a414c76fda49dce67c2b74ddb0955820b90b90e80a4d8a1969  proxysql_3.0.9-ubuntu22_amd64.deb
7cad6df304e22a270563c9d1d61b3e7a9c58304844916ef64840cdd6b66130a9  proxysql_3.0.9-ubuntu22_arm64.deb
fb3db1e5d2a73cadf595cf61b74f77c583795196dc94cb84a59729f5f7a9f87a  proxysql_3.0.9-ubuntu24-clang_amd64.deb
a20548b17ede6d9e014decb1eefb1cb0775f643932561388770d2f50c8d316ab  proxysql_3.0.9-ubuntu24_amd64.deb
e12b272107f1ac65ae8a9f9015a9c696b7b2f78b6ad35f84b5ce086449eb2a0f  proxysql_3.0.9-ubuntu24_arm64.deb
Check out latest releases or
releases around sysown/proxysql v3.0.9

Don't miss a new proxysql release

NewReleases is sending notifications on new releases.

Get notifications