github sysown/proxysql v3.1.9
ProxySQL 3.1.9
on GitHub

latest release: v3.0.9
pre-release6 hours ago

ProxySQL 3.1.9 Release Notes

Release date: 2026-06-04

ProxySQL 3.1.9 is a maintenance and feature release for the Innovative Tier
(the Stable core plus FFTO and TSDB). It carries the same core changes as 3.0.9
(below), plus a TSDB dashboard fix. Its
headline change is a new backend-pool session scheduler that keeps tail
latency in check when the connection pool is saturated. Alongside it, this
release introduces an optional, AST-based SQL parser engine (ParserSQL,
disabled by default), a major round of PostgreSQL work (an independent DNS
cache, much faster SCRAM-SHA-256 authentication, and several digest/startup
correctness fixes), MySQL/MariaDB protocol and charset fixes, AWS Aurora
replica autopurge, a long-standing query-routing bug fix, and a broad sweep of
dependency, build, and packaging hardening (GCC 16, new distros, signed-package
compatibility).

Release commit: 7ddb3dc01

Highlights

  • Security: two critical CVEs fixed — a PROXY-Protocol-v1 source-IP spoof
    that bypassed client_addr ACLs (CVE-2026-48772) and a pre-auth heap overflow
    in first-packet handling (CVE-2026-48773). Upgrading is strongly recommended;
    see Security.
  • Backend-pool session scheduler: a new per-thread session-partitioning pass
    that engages only under pool contention, cutting average and tail latency and
    preventing the oldest connection-waiters from being starved to timeout (#5819,
    #5825).
  • ParserSQL (optional, off by default): a new vendored AST SQL parser that
    can drive query-digest generation, command-type classification, and SET
    parsing for both MySQL and PostgreSQL. Opt-in via mysql-set_parser_algorithm=3
    or mysql-query_processor_parser=1 (and the pgsql- equivalents); the legacy
    parser remains the default (#5736).
  • Independent PostgreSQL DNS cache: PgSQL backends now resolve through their
    own DNS cache, removing a synchronous getaddrinfo stall inside libpq that
    could trip the watchdog when a resolver was degraded (#5806).
  • Faster PostgreSQL SCRAM-SHA-256 authentication: caching the OpenSSL digest
    and SCRAM verifier roughly doubles connection throughput on SCRAM-heavy
    workloads, reaching parity with PgBouncer (#5689).
  • AWS Aurora replica autopurge and a monitor race-condition fix (#5760).
  • TSDB dashboard fixed: the embedded dashboard is now served from the REST
    API port so its metric queries resolve same-origin (#5775).
  • Correctness fixes for query-rule fast routing, MariaDB collations,
    PostgreSQL query digests, and a large-packet double-free that could
    crash the proxy (#5763, #5807, #5764, #5808).

Security

This release fixes two critical, remotely-triggerable vulnerabilities. All
users on 3.0.8 and earlier should upgrade.

CVE-2026-48772 — PROXY-Protocol-v1 UNKNOWN source-IP spoofing

Critical · CVSS 10.0 · CWE-348/863 · GHSA-gw94-85m2-x8v2

When ProxySQL is configured to accept the PROXY protocol (v1), a header using the
UNKNOWN transport could still carry address fields, which ProxySQL parsed as
the client's source IP. A client able to speak the PROXY protocol to ProxySQL
could therefore present an arbitrary source address and bypass
mysql_query_rules.client_addr access-control rules. ProxySQL now rejects
address fields in UNKNOWN frames (commits 1d2e080a, 3ad60f68, with
regression tests). Affects 2.0.0–3.0.8; fixed in the 3.0.9 / 3.1.9 / 4.0.9 builds. Reported by
@addcontent.

CVE-2026-48773 — Pre-auth heap overflow in first-packet handling

Critical · CVSS 9.8 · CWE-787 · GHSA-58ww-865x-grpr

An unauthenticated client could trigger a heap buffer overflow in the
first-packet handling of both the MySQL and PostgreSQL data streams. ProxySQL now
bounds the first-packet recv() on both protocols (commit 1cb2ecc1, with the
oversize_first_pkt-t regression test). Affects 2.0.18–3.0.8; fixed in the 3.0.9 / 3.1.9 / 4.0.9 builds.
Reported by @kamil-sawicki.

New Features

Backend-pool session scheduler (#5819, #5825)

Under heavy connection-pool contention — many client sessions competing for a
small backend pool — ProxySQL's per-thread session loop could spend its time
re-examining sessions that had no work to do, and could keep serving newer
pool-waiters ahead of older ones. This release adds a session-partitioning pass
to Base_Thread (shared by both the MySQL and PostgreSQL threads) that, on each
outer iteration, groups sessions into running / waiting-on-pool / idle bands so
that a connection released at the end of one session's query is handed to a
waiting session within the same iteration.

The pass is gated: it only engages when the pool is actually under pressure,
detected from the ratio of failed get_MyConn_from_pool() acquisitions with a
short hysteresis and a minimum-attempts floor so that low-volume noise does not
trip it. When contention is detected, the longest-waiting session in the
CONNECTING_SERVER band is promoted to be served first, so the session closest
to hitting connect_timeout_server_max is the one that gets the next freed
connection instead of being starved to an abort. A 1-in-N local
connection-cache change removes the per-thread connection hoarding that
previously caused a throughput cliff at higher thread counts. On a sustained
4 KB-row, TLS workload this moved a single worker from ~1,303 to ~1,487 tps
(384 ms → 336 ms average latency) and scaled cleanly with thread count. The
behavior is automatic; there is nothing to configure.

ParserSQL: optional AST SQL parser engine (#5736)

ProxySQL now vendors ParserSQL (1.0.9) as a static library and wires it in
through an adapter that can provide three things: query-digest generation,
command-type classification, and SET-statement parsing, for both the MySQL and
PostgreSQL dialects. It is disabled by default — the existing parser remains
in charge — and is enabled per protocol through two runtime variables:
set_parser_algorithm=3 switches only SET parsing to ParserSQL (conservative),
while query_processor_parser=1 routes digest, command-type, and SET through
it (full mode). The parser runs as per-thread state on the query hot path (no
locks, O(1) arena reset) and preserves SpookyHash digesting for backward
compatibility. This cycle also extended the engine's PostgreSQL SET handling to
cover the SET TIME ZONE alias and multi-value lists such as
SET search_path TO "$user", public (#5805).

Independent PostgreSQL DNS cache (#5806, fixes #5768)

The PostgreSQL side now owns a DNS cache that mirrors the MySQL one — its own
cache instance, resolver loop, and counters — so admin changes to one protocol's
cache no longer affect the other. On a cache hit, PgSQL_Connection passes
hostaddr=<ip> to libpq, so PQconnectStart() no longer blocks synchronously
inside getaddrinfo when the resolver is slow or broken. That synchronous stall
was the root cause behind the watchdog asserts reported in #5768. Three new
counters — PgSQL_Monitor_dns_cache_queried, _lookup_success, and
_record_updated — are exposed in stats_pgsql_global.

Faster PostgreSQL SCRAM-SHA-256 authentication (#5689)

On OpenSSL 3.x, EVP_sha256() performs a global, lock-contended EVP_MD_fetch()
on every call — roughly 4,096 redundant fetches per SCRAM PBKDF2 derivation, and
the dominant cost (~58% of CPU) on SCRAM-heavy PostgreSQL workloads. ProxySQL now
fetches the SHA-256 digest once and reuses it, and caches the derived SCRAM
verifier for plaintext-password accounts so repeat connections skip PBKDF2
entirely. In a serial connect/disconnect benchmark over SCRAM-SHA-256 + TLS this
raised throughput from ~137 to ~229 connections/sec — parity with PgBouncer.

AWS Aurora replica autopurge (#5760)

Aurora replicas that disappear from REPLICA_HOST_STATUS are now removed from
mysql_servers once they have been missing for the configured
autopurge_missing_checks threshold, instead of lingering as stale entries. The
change also fixes a monitor race condition in the Aurora discovery path.

Galera wsrep session variables and MariaDB SET STATEMENT ... FOR (#5708, closes #5686)

wsrep_trx_fragment_size and wsrep_trx_fragment_unit are now tracked
session variables, captured on SET and synchronized to backend connections like
the existing wsrep_sync_wait. ProxySQL also recognizes MariaDB's
SET STATEMENT var=val ... FOR <statement> syntax and forwards it without locking
the session to a hostgroup — previously this syntax was unrecognized and could
lock the session, surfacing as error 9006 on a later query bound to a different
hostgroup.

MySQL greeting advertises CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA (#5744, closes #4760)

ProxySQL already parsed length-encoded client auth data but never advertised the
corresponding capability bit, so stricter clients such as Boost.MySQL refused to
connect. The flag is now set in the server greeting.

TSDB dashboard served from the REST API port (#5775, fixes #5684)

The embedded TSDB dashboard issues relative-URL fetch() calls to /api/tsdb/*,
but it was served from admin-web_port (default 6080) while those endpoints live
on admin-restapi_port (default 6070), so every request 404'd and the dashboard
showed "Error loading metrics". The dashboard is now served from the REST API
port, making its requests same-origin with the API they call — no CORS, no
configuration changes.

Bug Fixes (Core ProxySQL)

  • Large-packet COM_STMT_EXECUTE double-free / SIGSEGV (#5808, fixes #5639):
    an oversized binary prepared-statement packet that tripped
    mysql-max_allowed_packet could free the same buffer twice in
    handler_WCD_SS_MCQ_qpo_LargePacket(). With jemalloc this silently corrupted
    the allocator and crashed intermittently under load; the handler now detects
    the aliased buffer and frees it once.
  • MariaDB collation regression (#5807, fixes #5790): a MySQL-9.x charset fix
    inadvertently made ProxySQL treat MariaDB 10.x/11.x as MySQL ≥ 8 and forward
    SET NAMES utf8mb4 COLLATE utf8mb4_0900_ai_ci unmodified, failing with
    ERROR 1273: Unknown collation. MariaDB is now detected explicitly. The same
    PR repairs sibling version-detection sites, including two in MySQL_Monitor
    that broke health checks against MySQL 9.x Galera/PXC.
  • Query rule apply=1 could bypass fast routing (#5763, closes #5620): when
    no mysql_query_rules rule matched but the last-iterated rule happened to have
    apply=1, mysql_query_rules_fast_routing was skipped, sending traffic to the
    default_hostgroup (or failing with ERROR 9001). The matcher no longer leaks
    the last-iterated rule past a non-match.
  • PostgreSQL query-digest truncation on typecasts (#5764, closes #5755): a
    ::TYPE cast in the middle of a statement caused stats_pgsql_query_digest to
    drop everything after the cast, making query analytics misleading for ORM
    workloads. The query itself was always forwarded correctly; only the recorded
    digest was wrong.
  • PostgreSQL backend startup options trailing space (#5816, closes #5801):
    the StartupMessage options value ended in a stray space, which PostgreSQL
    tolerated but PgBouncer rejected, breaking client → ProxySQL → PgBouncer → PostgreSQL setups. Untracked options parameters are now also accumulated
    rather than overwritten, so all of them reach the backend.
  • SET STATEMENT ... FOR detection across whitespace (#5794): the #5708
    detection required a literal space on both sides of FOR, so a query with a
    newline after FOR (common when typed across lines) was missed and locked the
    hostgroup, surfacing as error 9006. Detection now runs on the
    whitespace-normalized digest.
  • Skewed traffic from a broken PRNG (#5743, closes #4530): MySQL server and
    connection-pool selection used an unseeded thread-local fastrand() (and the
    thread-unsafe rand()), so all threads produced correlated choices and equal-
    weight backends could see 3–4× traffic skew. Both now use the seeded
    rand_fast() (xoshiro128++) already proven on the PgSQL path.
  • Static-analysis BLOCKER fixes (#5739): lock unlock-order reversal in the
    MySQL/PgSQL/ClickHouse authentication paths, a potential out-of-bounds in
    SQLite3_result::dump_to_stderr, a memcpy on an unallocated buffer, added
    null guards around server_myds teardown, and removal of dead alerting code.

Dependencies, Build & Packaging

  • ParserSQL 1.0.9 vendored. The bundled parser's Makefile now honors an
    environment-provided compiler, fixing clang package builds that previously
    failed where g++ was absent (ProxySQL/ParserSQL#45).
  • jemalloc patched for GCC 16 (#5774, fixes #5770): bundled jemalloc 5.2.0
    referenced a libstdc++ internal symbol that GCC 16 no longer exposes, breaking
    the build on GCC 16 distros. Fedora 44 (GCC 16) is added to the package
    matrix as the regression net.
  • libconfig \a \b \v passthrough restored (#5773, fixes #5766): the
    1.7.3 → 1.8.1 bump silently collapsed these escape sequences inside quoted
    proxysql.cnf strings, corrupting values such as passwords. The bundled
    libconfig is patched to preserve them.
  • DEB packages normalized to xz (#5762, closes #5580): Ubuntu's dpkg-deb
    defaults to zstd, which the release server's dpkg-sig could not verify
    (BADSIG). DEB output is now repacked to xz for all distros.
  • arm64 package install-verification fixed to use a portable ELF check, so
    the pre-upload smoke test no longer fails on minimal images lacking file.
  • PROXYSQLGENAI build flag removed (#5815): all GenAI/MCP/AI/RAG code lives
    in plugins/genai/ and is built by PROXYSQL40=1; the separate flag is gone.
    No effect on 3.0.x binaries.

Contributors

Thanks to everyone who contributed to this release: @renecannao, @rahim-kanji,
and @wazir-ahmed.

Security reporters — thank you for the responsible disclosures: @addcontent
(CVE-2026-48772) and @kamil-sawicki (CVE-2026-48773).

SHA256s: 

4cf95d06d98f013ba2fdc911cb7564c34d7c7d45da88a78bc6476ad035c1b614  proxysql-3.1.9-1-almalinux10-clang.x86_64.rpm
759b7778d7b2f29ab35ac9910698aa221ad4115d975713c987091e9f0b6ee06c  proxysql-3.1.9-1-almalinux10.aarch64.rpm
037c71ba652534c0089351680b8e9f78377c64c933ce8beeb2ebe4c8e2d749a2  proxysql-3.1.9-1-almalinux10.x86_64.rpm
500d0fdaa4888df11d7cdb2958d42616ac5692e40d003b3345086e95e35bffa5  proxysql-3.1.9-1-almalinux8-clang.x86_64.rpm
ba5ba9cb9eda62e37316e0253f2fc1c1a47cb8717f86992e6aaebdbe84b12311  proxysql-3.1.9-1-almalinux8.aarch64.rpm
73dca1657aad8cdc8b6a00d0b8fbd4099385f5e074a174fcb15a2d08524d07e9  proxysql-3.1.9-1-almalinux8.x86_64.rpm
28959a5ef0c9c876818ef9fb76737dc6fefc3fce6166f1b6a85dc8da2eb291be  proxysql-3.1.9-1-almalinux9-clang.x86_64.rpm
dcdbe68c7ebcfe4bfb6e8b70e2ea2c34ed1eb5919c2ba5ed1590777d2ed8a05f  proxysql-3.1.9-1-almalinux9.aarch64.rpm
cf8096d6d153771907a25b09f35ccf56caeedaaa7c80b6491b111009ab71d9cf  proxysql-3.1.9-1-almalinux9.x86_64.rpm
9f71e1c755b9827a8387e3e7f20ccc5dbda79b12bee8f3d40661b6ce3f486411  proxysql-3.1.9-1-centos10-clang.x86_64.rpm
1bcb99cef4e6e312be856da4e723ba1a416fc7074c0275582df66ab36a472869  proxysql-3.1.9-1-centos10.aarch64.rpm
1d4402a8e5b5cb4b9062535e5a1ff829641d24db3c5b1f6760d7e94f6f4737d4  proxysql-3.1.9-1-centos10.x86_64.rpm
93796a49feb872a844e3214a353a2d24e58af22c6bd97e8c968e8839f6d20a22  proxysql-3.1.9-1-centos9-clang.x86_64.rpm
ad9ebfefb9a8ff1cbf86ade4fa83cdc2c69e34d06cdd72ab14784e275e9d150b  proxysql-3.1.9-1-centos9.aarch64.rpm
a0780c43504c6a1ede807572a1cf9db6bf56d063cbdaaa9cb3e9e78c9e7674ad  proxysql-3.1.9-1-centos9.x86_64.rpm
3089e320e42e684caa76684aa73b17bd8adbf45f8826039cafb37533c0d1d9fe  proxysql-3.1.9-1-dbg-almalinux10.x86_64.rpm
0d2887caeae81979f981002e3d97f1c5b4383145097f476f9d7c142537e1b73c  proxysql-3.1.9-1-dbg-almalinux8.x86_64.rpm
1e1d50f653a19605f88b63a2b6135000665f578f82048e79910889d8b1b9ae1d  proxysql-3.1.9-1-dbg-almalinux9.x86_64.rpm
ac2c1881386370ca95560d4dafc085441245dc883e5fcad14cad8173ab7f0168  proxysql-3.1.9-1-dbg-centos10.x86_64.rpm
cc5ac7af675c602002d878368fa3a7ce9ebdc3f5a3cca75841875f8c90c0a2c8  proxysql-3.1.9-1-dbg-centos9.x86_64.rpm
19c3e3a9fff4cb16959f5603604b7122a81e5553ef364a3bf751e5b87f060ab3  proxysql-3.1.9-1-dbg-fedora42.x86_64.rpm
cee1b17f8b9ddf2165c4e42a3ce448037fa0f14e1754846da247dd9a53b51556  proxysql-3.1.9-1-dbg-fedora43.x86_64.rpm
cd19344504e2549f8c2241cd2f2912414703ab0a4fa5befb3c7456f6a2195301  proxysql-3.1.9-1-dbg-fedora44.x86_64.rpm
450f1ba29fdfa03fb9d3df866c18f72198283590e03a2b3e00b3e38bf656469f  proxysql-3.1.9-1-dbg-opensuse15.x86_64.rpm
068b90b4478f5be858060ee388ba5a59de9282fd053faf73180e0263aa2b7605  proxysql-3.1.9-1-dbg-opensuse16.x86_64.rpm
076c377756b5435d4ce23d93ac1d2a28a889a22fbb78465989960d25cc7cfe02  proxysql-3.1.9-1-fedora42-clang.x86_64.rpm
9fe35d0b5ffb0b9bcfb6745933e71906b7f856152ff6bfbc06d14d807e16885d  proxysql-3.1.9-1-fedora42.aarch64.rpm
22295844fd7a1c1a88df3768410463a6b941c2926fc5537d50c668a8eeb3ce0c  proxysql-3.1.9-1-fedora42.x86_64.rpm
7f318e9105fa1ad75de8ead96ceedffc64ce4acc2bd0c01d1c8a88b06ecb1d6d  proxysql-3.1.9-1-fedora43-clang.x86_64.rpm
c912d34ccbaaae276e47a5b95e7f0192e9204d1ea1f9d929866b822e3a2bb772  proxysql-3.1.9-1-fedora43.aarch64.rpm
607316f8083fa368d7354a7f0546787987edb7ec85281caea87d2a54a74b5e2f  proxysql-3.1.9-1-fedora43.x86_64.rpm
4c47e1c1d934c54edb431f3c540db7fb5c719b8d74c2450326a501e7da1e920a  proxysql-3.1.9-1-fedora44-clang.x86_64.rpm
0afe3401effe639fa1858082c24fca4ac5c9d9c223a9ed19c719540a133acd43  proxysql-3.1.9-1-fedora44.aarch64.rpm
71ad18a003db53fc1767da3809dfcb950186b63cc581268c93f6088362185664  proxysql-3.1.9-1-fedora44.x86_64.rpm
c8dabeb9872de30c4945b4153fef8fdf1855e1a4aea30e51b2a177d59b3cce8a  proxysql-3.1.9-1-opensuse15-clang.x86_64.rpm
184a7a9217b582b9ad47cc934bd56354556e9af996103082973e3f8ede8eabda  proxysql-3.1.9-1-opensuse15.aarch64.rpm
dd4953ff9ab553257d62bfaa41c9c1fc5a907b3e68965eb60d3055a2205bbbcd  proxysql-3.1.9-1-opensuse15.x86_64.rpm
96336559fd337a26b6827886c60af5a1891f00362f5cd722bef7c46170f8047c  proxysql-3.1.9-1-opensuse16-clang.x86_64.rpm
8e85ac0359b03d895214d04ea775c9e4d0a78400760b007ab4b747cd5d01b69f  proxysql-3.1.9-1-opensuse16.aarch64.rpm
4b2cac0017cb686391e1f3cb0a8d747b54b29d8301c518762efb3c6c43f94873  proxysql-3.1.9-1-opensuse16.x86_64.rpm
eda044fec81923eb9ce318a8fffb0a2d5a0eb1daea4500889544373379231c98  proxysql-3.1.9.id-hash
4cdcd247488008d228cfe87c665dd4b27e4812e1111c677baee193adb345d856  proxysql_3.1.9-dbg-debian12_amd64.deb
8e95505017844fa00f79824d1ecedd991c17536dcce7b85d097e8df1c8e1273e  proxysql_3.1.9-dbg-debian13_amd64.deb
af1533b4f001856e68cd4e61d059b76f0b29843b8a6670b9af142c6fa8a98751  proxysql_3.1.9-dbg-ubuntu22_amd64.deb
1c5b16454f9a2fec95900de501ad6a126f4228ac62fd70ea6b2f53c325f19532  proxysql_3.1.9-dbg-ubuntu24_amd64.deb
6817b63b1da8350483b6677c60d407629be1c5edb01649881e396ce119244f89  proxysql_3.1.9-debian12-clang_amd64.deb
14712beecd6b555ef05699b2972e66ef0b5395002ad65ae2daf0a614262f1236  proxysql_3.1.9-debian12_amd64.deb
29f8d775ed8044f211dd7344481bad7da0a61149c5e187c4dd32a19903a20ae4  proxysql_3.1.9-debian12_arm64.deb
6dddd6ab026a76b4d555da040f25b98fdf87e2ab43404065b82a99a492129df4  proxysql_3.1.9-debian13-clang_amd64.deb
b75ca54595c3148cd8200e720786a8d69ed1f3ad33ab144fd23862fc811dd603  proxysql_3.1.9-debian13_amd64.deb
1a2e91ebcc2edc7d1f16ecd79d839c2d9d9bbfffce63423480693853329f5998  proxysql_3.1.9-debian13_arm64.deb
67c93d32c040217dac52cdc0332fb1038fa91caf5d1e5146e3f069303bdb4622  proxysql_3.1.9-ubuntu22-clang_amd64.deb
2e3fcf72330b268b54a49522b8ec26bd642c01e49798b173b7d408f3ab1034e7  proxysql_3.1.9-ubuntu22_amd64.deb
f050f30c33dc873892cf73d1c7407aa72604fe80c7653445e0d19513a0b81b79  proxysql_3.1.9-ubuntu22_arm64.deb
0a1a9e2af645df8d24c314804d2988983fd05650b75691706497cf07abb6d689  proxysql_3.1.9-ubuntu24-clang_amd64.deb
e6bdf32b7a0f723283ab1c5ee5ccda6631335012f55363cdba51550c3f817c7d  proxysql_3.1.9-ubuntu24_amd64.deb
09437bbdfdd8cb7617c3d96f6d397656929af75928d2957c9073463c1afc7a6b  proxysql_3.1.9-ubuntu24_arm64.deb
Check out latest releases or
releases around sysown/proxysql v3.1.9

Don't miss a new proxysql release

NewReleases is sending notifications on new releases.

Get notifications