HAProxy known bugs for version v2.6.22 (maintenance branch 2.6) : 46

This version (2.6.22) is a release belonging to maintenance branch 2.6 whose latest version is 2.6.25. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches.

Quick links

full changelog for 2.6 : here
browse history for 2.6 : here

Other versions in the same branch

This branch contains the following releases :

Date Version Comment

2026-03-20 2.6.25 ⇐ last

2026-03-09 2.6.24

2025-10-03 2.6.23

2025-04-22 2.6.22 ⇐ yours

2025-01-29 2.6.21

2024-11-08 2.6.20

2024-09-19 2.6.19

2024-06-18 2.6.18

2024-04-05 2.6.17

2023-12-13 2.6.16

2023-08-09 2.6.15

2023-06-09 2.6.14

2023-05-02 2.6.13

2023-03-28 2.6.12

2023-03-17 2.6.11

2023-03-10 2.6.10

2023-02-14 2.6.9

2023-01-24 2.6.8

2022-12-02 2.6.7

2022-09-22 2.6.6

2022-09-03 2.6.5

2022-08-22 2.6.4

2022-08-19 2.6.3

2022-07-22 2.6.2

2022-06-21 2.6.1

2022-05-31 2.6.0

Date	Version	Comment
2026-03-20	2.6.25	⇐ last
2026-03-09	2.6.24
2025-10-03	2.6.23
2025-04-22	2.6.22	⇐ yours
2025-01-29	2.6.21
2024-11-08	2.6.20
2024-09-19	2.6.19
2024-06-18	2.6.18
2024-04-05	2.6.17
2023-12-13	2.6.16
2023-08-09	2.6.15
2023-06-09	2.6.14
2023-05-02	2.6.13
2023-03-28	2.6.12
2023-03-17	2.6.11
2023-03-10	2.6.10
2023-02-14	2.6.9
2023-01-24	2.6.8
2022-12-02	2.6.7
2022-09-22	2.6.6
2022-09-03	2.6.5
2022-08-22	2.6.4
2022-08-19	2.6.3
2022-07-22	2.6.2
2022-06-21	2.6.1
2022-05-31	2.6.0

Known bugs affecting this version, and already fixed in the maintenance branch

These fixes have already been queued for a more recent 2.6 version. Some of them might have already been released in a more recent version than yours, and other ones might still be pending in the maintenance branch for a future release. The list may be empty if you're already on the latest version and no new fix was backported.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in this version by category :

Total CRITICAL MAJOR MEDIUM MINOR

46 1 4 6 35

Total	CRITICAL	MAJOR	MEDIUM	MINOR
46	1	4	6	35

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2026-03-20	BUG/MEDIUM: h3: reject unaligned frames except DATA
2026-03-20	BUG/MAJOR: h3: check body size with content-length on empty FIN
2026-03-20	BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments
2026-03-20	BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID
2026-03-20	BUG/MEDIUM: peers: enforce check on incoming table key type
2026-03-20	BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads
2026-03-20	BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword
2026-03-20	BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand
2026-03-20	BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message
2026-03-20	BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX message
2026-03-20	BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS
2026-03-20	BUG/MINOR: mworker: fix typo &= instead of & in proc list serialization
2026-03-20	BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect`
2026-03-09	BUG/MINOR: backend: Don't get proto to use for webscoket if there is no server
2026-03-09	BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures
2026-03-05	BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending
2026-03-05	BUG/MAJOR: resolvers: Properly lowered the names found in DNS response
2026-03-05	BUG/MINOR: resolvers: always normalize FQDN from response
2026-03-05	BUG/MAJOR: fcgi: Fix param decoding by properly checking its size
2026-03-05	BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/"
2026-03-05	BUG/MEDIUM: qpack: correctly deal with too large decoded numbers
2026-03-05	BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx()
2026-03-05	BUG/MAJOR: qpack: unchecked length passed to huffman decoder
2026-03-05	BUG/MEDIUM: hpack: correctly deal with too large decoded numbers
2025-10-14	BUG/MINOR: sink: retry attempt for sft server may never occur
2025-10-10	BUG/MINOR: ssl: always clear the remains of the first hello for the second one
2025-10-10	BUG/MEDIUM: ssl: take care of second client hello
2025-10-02	BUG/MINOR: h3: forbid 'Z' as well in header field names checks
2025-10-02	BUG/MINOR: h2: forbid 'Z' as well in header field names checks
2025-10-02	BUG/CRITICAL: mjson: fix possible DoS when parsing numbers
2025-05-28	BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
2025-05-28	BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request
2025-05-28	BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
2025-05-28	BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers
2025-05-28	BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation
2025-05-28	BUG/MINOR: cli: fix too many args detection for commands
2025-05-28	BUG/MINOR: quic: reject invalid max_udp_payload size
2025-05-28	BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
2025-05-28	BUG/MINOR: quic: use proper error code on invalid received TP value
2025-05-28	BUG/MINOR: quic: reject retry_source_cid TP on server side
2025-05-28	BUG/MINOR: quic: use proper error code on invalid server TP
2025-05-28	BUG/MINOR: quic: use proper error code on missing CID in TPs
2025-05-28	BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection
2025-05-28	BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade
2025-05-28	BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers
2025-05-28	BUG/MINOR: cli: Issue an error when too many args are passed for a command

Back to the list of branches and versions
Back to the HAProxy page