April 27, 2026 by Rene Cannao · Release
#proxysql-3-0 #postgresql #mysql #security #ssl #open-source

Announcing ProxySQL 3.0.8, 3.1.8, and 4.0.8

Today we are pleased to announce that over the weekend we released ProxySQL 3.0.8, 3.1.8, and 4.0.8 across all three release tiers. This is a substantial release that brings major new capabilities to both the MySQL and PostgreSQL sides of ProxySQL, along with significant infrastructure improvements.

ProxySQL 3.0.8 (Stable Tier)

ProxySQL 3.0.8 is a recommended upgrade for all production deployments — particularly for users of 3.0.7, which introduced a regression that dropped four MySQL greeting capability bits (CLIENT_MULTI_STATEMENTS, CLIENT_MULTI_RESULTS, CLIENT_PS_MULTI_RESULTS, CLIENT_REMEMBER_OPTIONS), breaking clients that depend on them. This release restores those capabilities and adds two large new subsystems, along with several important PostgreSQL parity improvements.

MySQL Session-Variable Tracking

ProxySQL has long tracked session variables by parsing SET statements and replaying them on backend swaps. This works well for explicit SET commands, but cannot capture variables changed by stored procedures, triggers, or other server-side mechanisms that emit session-state notifications without a matching parsed statement.

This release introduces a mode-driven mechanism powered by MySQL’s own session_track_system_variables and session_track_state_change notifications. The new mysql-session_track_system_variables global variable supports three modes:

  • DISABLED (default) — existing behavior, zero overhead.
  • OPTIONAL — ProxySQL configures tracking on backends, captures change notifications from OK packets, and reconciles client-side and server-side variable maps. Backends that reject the configured set are automatically deprioritized via per-server backoff.
  • ENFORCED — same as OPTIONAL, but additionally preserves the full capability bitset in the client handshake so clients negotiating on those bits continue working through the proxy.

PostgreSQL Cluster Sync

PostgreSQL configurations can now be synchronized across ProxySQL instances via peer-to-peer cluster sync, bringing PgSQL to parity with the existing MySQL cluster sync. The implementation covers pgsql_query_rules, pgsql_servers (both runtime and v2 layouts), pgsql_users, pgsql_variables, and the new pgsql_servers_ssl_params table. Runtime checksums, save-to-disk persistence, and dedicated admin controls are all included.

Per-Server PostgreSQL Backend SSL

A new admin table pgsql_servers_ssl_params brings per-backend CA, client certificate, key, cipher, TLS protocol range, and CRL configuration to PostgreSQL backends. This eliminates the previous limitation where all PgSQL backends shared global pgsql-ssl_p2s_* settings, making heterogeneous fleets, per-tenant mTLS, and per-server CRLs practical.

PostgreSQL Mid-Transaction Backend-Death Recovery

When a PostgreSQL backend dies inside a transaction, ProxySQL now keeps the client session open and surfaces SQLSTATE 25P02 (in_failed_sql_transaction). The application can recover with ROLLBACK instead of having its connection torn down. This is gated by pgsql-preserve_client_on_broken_backend_in_tx (default true), with three new counters in stats_pgsql_global for monitoring.

PostgreSQL Backend SSL Keylog

NSS-format keylog support, previously available only for MySQL backends, is now extended to PostgreSQL backends. No new variables are needed — the existing admin-ssl_keylog_file covers PgSQL backends automatically.

MySQL Improvements

  • Configurable zstd compression level: The new mysql-zstd_compression_level variable (range 1–22, default 3) decouples zstd from mysql-protocol_compression_level, which now controls zlib only.
  • DNS resolution family: New mysql-resolution_family variable (system/ipv4/ipv6) makes backend hostname resolution deterministic on dual-stack hosts.
  • Greeting capabilities restored: The four capability bits dropped by the v3.0.7 regression are re-advertised, restoring full compatibility with affected clients.
  • Authentication fix: caching_sha2_password rounds field is now parsed as hexadecimal per the MySQL spec, fixing auth failures for accounts with rounds ≥ 10000.

Build & Platform

  • macOS build support: ProxySQL now compiles cleanly on macOS (Apple Silicon and Intel) for development use.
  • No more Rust toolchain: The experimental sqlite-rembed extension has been removed, eliminating the rustc/cargo requirement for all build tiers.
  • 156 on-demand package workflows: A new CI pipeline produces packages for 13 distros × 3 tiers × 2 architectures, converging on a single canonical draft release per commit.
  • Code quality sweep: A clang-tidy + cppcheck pass touched ~100+ files with include guard normalization, reserved identifier fixes, NULLnullptr, and memory-safety improvements.

ProxySQL 3.1.8 (Innovative Tier)

ProxySQL 3.1.8 inherits all improvements from 3.0.8. FFTO remains disabled by default in 3.1.x — administrators who need deep traffic observability must explicitly enable it via mysql-enable_ffto / pgsql-enable_ffto. No 3.1.x-specific features were added this cycle; the FFTO and TSDB subsystems receive only cross-cutting code-quality improvements from the lint sweep.

ProxySQL 4.0.8 (AI/MCP Tier)

ProxySQL 4.0.8 inherits all improvements from 3.1.8 and 3.0.8, with FFTO enabled by default. The headline change is the removal of the experimental sqlite-rembed Rust extension, which was never registered at runtime in any tier. With it gone, PROXYSQLGENAI=1 builds no longer require the Rust toolchain. sqlite-vec (the C-only sibling) is preserved unchanged.

Note: The GenAI tier relies on C++17 features unavailable on AlmaLinux 8 and openSUSE Leap 15. Packages for those distributions are not produced for the 4.0.x series.

Contributors

We would like to thank @rahim-kanji , @wazir-ahmed and @proton-lisandro-pin for their contributions to this release.

Ready to upgrade? Check out the full release notes for 3.0.8, 3.1.8, and 4.0.8.