HAProxy known bugs for maintenance branch 2.4 : 0

This is maintenance branch 2.4 whose latest version is 2.4.32. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.4 version other than 2.4.32, you're running with known bugs.

Quick links

full changelog for 2.4 : here
browse history for 2.4 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2026-04-23 2.4.32 ⇐ last

2026-03-09 2.4.31

2025-10-03 2.4.30

2025-04-22 2.4.29

2024-11-08 2.4.28

2024-06-18 2.4.27

2024-04-05 2.4.26

2023-12-14 2.4.25

2023-08-19 2.4.24

2023-06-09 2.4.23

2023-02-14 2.4.22

2023-01-27 2.4.21

2022-12-09 2.4.20

2022-09-28 2.4.19

2022-07-27 2.4.18

2022-05-13 2.4.17

2022-04-29 2.4.16

2022-03-14 2.4.15

2022-02-25 2.4.14

2022-02-16 2.4.13

2022-01-11 2.4.12

2022-01-07 2.4.11

2021-12-23 2.4.10

2021-11-24 2.4.9

2021-11-03 2.4.8

2021-10-04 2.4.7

2021-10-04 2.4.6

2021-10-01 2.4.5

2021-09-07 2.4.4

2021-08-17 2.4.3

2021-07-07 2.4.2

2021-06-17 2.4.1

2021-05-14 2.4.0

Date	Version	Comment
2026-04-23	2.4.32	⇐ last
2026-03-09	2.4.31
2025-10-03	2.4.30
2025-04-22	2.4.29
2024-11-08	2.4.28
2024-06-18	2.4.27
2024-04-05	2.4.26
2023-12-14	2.4.25
2023-08-19	2.4.24
2023-06-09	2.4.23
2023-02-14	2.4.22
2023-01-27	2.4.21
2022-12-09	2.4.20
2022-09-28	2.4.19
2022-07-27	2.4.18
2022-05-13	2.4.17
2022-04-29	2.4.16
2022-03-14	2.4.15
2022-02-25	2.4.14
2022-02-16	2.4.13
2022-01-11	2.4.12
2022-01-07	2.4.11
2021-12-23	2.4.10
2021-11-24	2.4.9
2021-11-03	2.4.8
2021-10-04	2.4.7
2021-10-04	2.4.6
2021-10-01	2.4.5
2021-09-07	2.4.4
2021-08-17	2.4.3
2021-07-07	2.4.2
2021-06-17	2.4.1
2021-05-14	2.4.0

Fixes for known bugs pending in this branch since the last release (2.4.32)

These fixes have already been queued for the next 2.4 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

0 0 0 0 0

Total	CRITICAL	MAJOR	MEDIUM	MINOR
0	0	0	0	0

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date	Subject
2026-04-29	BUG/MINOR: http-htx: Don't normalize emtpy path for OPTIONS requests
2026-04-29	BUG/MEDIUM: mux-fcgi: Properly handle full buffer for FCGI_PARAM record
2026-04-29	BUG/MINOR: net_helper: fix incomplete decoding in sample_conv_eth_vlan
2026-04-29	BUG/MINOR: net_helper: fix out-of-bounds read in sample_conv_tcp_options_list
2026-04-29	BUG/MINOR: net_helper: fix out-of-bounds read in tcp_fullhdr_find_opt
2026-04-29	BUG/MINOR: payload: prevent integer overflow in distcc token parsing
2026-04-29	BUG/MINOR: payload: validate minimum keyshare_len in smp_fetch_ssl_keyshare_groups
2026-04-29	BUG/MINOR: fix various typos and spelling mistakes in user-visible messages
2026-04-29	BUG/MEDIUM: tasks: Do not loop in task_schedule() if a task is running
2026-04-29	BUG/MAJOR: mux-h1: Deal with true 64-bits integer to emit chunks size
2026-04-29	BUG/MEDIUM: h1: Enforce the authority validation during H1 request parsing
2026-04-29	BUG/MAJOR: http: forbid comma character in authority value
2026-04-29	BUG/MEDIUM: http-htx: Loop on full host value during scheme based normalization
2026-04-29	BUG/MEDIUM: http-htx: Don't use data from HTX message to update authority
2026-04-29	BUG/MAJOR: http-htx: Store new host in a chunk for scheme-based normalization
2026-04-28	BUG/MINOR: mux_quic: free frames emitted with QMux
2026-04-27	BUG/MINOR: http_ana: use scf to report term_evts in http_wait_for_request()
2026-04-27	BUG/MEDIUM: mux_h1: fix stack buffer overflow in h1_append_chunk_size()
2026-04-27	BUG/MINOR: peers: fix wrong flag reported twice for dump_flags
2026-04-27	BUG/MINOR: peers: fix logical "and" when checking for local in PEER_APP_ST_STARTING
2026-04-27	BUG/MINOR: sample: fix NULL strm dereference in sample_conv_when
2026-04-27	BUG/MINOR: sample: fix memory leak in smp_resolve_args error paths
2026-04-27	BUG/MINOR: sample: fix memory leak in check_when_cond() when ACL is not found
2026-04-27	BUG/MINOR: tools: free previously allocated strings on strdup failure in backup_env()
2026-04-27	BUG/MINOR: tools: fix memory leak in indent_msg() on out of memory
2026-04-27	BUG/MINOR: tools: my_memspn/my_memcspn wrong cast causing incorrect byte reading
2026-04-27	BUG/MINOR: tree-wide: fix a few user-visible spelling mistakes from dev7
2026-04-27	BUG/MINOR: ssl: fix double-free on failed realloc in ssl_sock.c
2026-04-25	BUG/MINOR: ssl: fix memory leak on realloc failure in acme.ips
2026-04-25	BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_sock.c
2026-04-25	BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_ckch.c
2026-04-24	BUG/MEDIUM: stats: fix crash on 'dump stats-file'
2026-04-24	BUG/MINOR: tcpcheck: Allow connection reuse without prior traffic
2026-04-24	BUG/MINOR: mux_quic: do not release conn on qcc_recv() for QMux
2026-04-24	BUG/MINOR: xprt_qstrm: prevent crash if conn release on MUX wake
2026-04-24	BUG/MINOR: xprt_qstrm: ensure all local TPs are allocated
2026-04-24	BUG/MINOR: mux_quic: prevent crash on qc_frm_free() with QMux
2026-04-23	BUG/MEDIUM: mux-h1: Force close mode for bodyless message announcing a C-L
2026-04-23	BUG/MAJOR: mux-h2: detect incomplete transfers on HEADERS frames as well

Back to the list of branches and versions
Back to the HAProxy page