Operations | Monitoring | ITSM | DevOps | Cloud

Across two AWS Summit events in London and New York City, we had the chance to speak with more than 1,000 engineers. They came from startups building their first production stack, and enterprises managing large AWS and multi-cloud deployments. The energy was exactly what you'd expect: major AWS launches, dozens of new service announcements, wall-to-wall cloud conversations. And HAProxy right in the middle of it.

Clover’s platform handles more than just payments: inventory, employee management, online sales, and customer loyalty programs are all running on a single monolith called the Clover Operating System (COS). Releasing updates to that platform reliably and without disrupting merchants is one of the hardest operational problems a platform team can face. For a decade, Clover ran HAProxy at the center of its infrastructure.

On June 2, 2026, security researchers disclosed a remote denial-of-service (DoS) exploit named the HTTP/2 Bomb. This flaw allows unauthenticated remote attackers to rapidly exhaust server memory, rendering major web servers inaccessible.

HAProxy 3.4 is a milestone release that significantly advances HAProxy’s legendary flexibility, performance, security, reliability, and observability. Dynamic backend management simplifies integration with modern architectures, memory efficiency improves across a broader range of workloads, native cryptographic operations at the proxy layer open new possibilities for API security architectures, and OpenTelemetry support makes HAProxy a first-class participant in distributed tracing pipelines.