HAProxy known bugs for maintenance branch 3.0 : 18

This is maintenance branch 3.0 whose latest version is 3.0.23. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 3.0 version other than 3.0.23, you're running with known bugs.

Quick links

full changelog for 3.0 : here
browse history for 3.0 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2026-05-11 3.0.23 ⇐ last

2026-05-06 3.0.22

2026-04-30 3.0.21

2026-04-23 3.0.20

2026-03-19 3.0.19

2026-03-09 3.0.18

2026-02-19 3.0.17

2026-02-12 3.0.16

2026-01-29 3.0.15

2025-12-22 3.0.14

2025-12-17 3.0.13

2025-10-03 3.0.12

2025-06-02 3.0.11

2025-04-22 3.0.10

2025-03-20 3.0.9

2025-01-29 3.0.8

2024-12-12 3.0.7

2024-11-07 3.0.6

2024-09-19 3.0.5

2024-09-03 3.0.4

2024-07-11 3.0.3

2024-06-14 3.0.2

2024-06-10 3.0.1

2024-05-29 3.0.0

Date	Version	Comment
2026-05-11	3.0.23	⇐ last
2026-05-06	3.0.22
2026-04-30	3.0.21
2026-04-23	3.0.20
2026-03-19	3.0.19
2026-03-09	3.0.18
2026-02-19	3.0.17
2026-02-12	3.0.16
2026-01-29	3.0.15
2025-12-22	3.0.14
2025-12-17	3.0.13
2025-10-03	3.0.12
2025-06-02	3.0.11
2025-04-22	3.0.10
2025-03-20	3.0.9
2025-01-29	3.0.8
2024-12-12	3.0.7
2024-11-07	3.0.6
2024-09-19	3.0.5
2024-09-03	3.0.4
2024-07-11	3.0.3
2024-06-14	3.0.2
2024-06-10	3.0.1
2024-05-29	3.0.0

Fixes for known bugs pending in this branch since the last release (3.0.23)

These fixes have already been queued for the next 3.0 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

18 0 0 8 10

Total	CRITICAL	MAJOR	MEDIUM	MINOR
18	0	0	8	10

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2026-05-21	BUG/MINOR: backend: fix balance hash calculation when using hash-type none
2026-05-21	BUG/MINOR: h1: Don't mask websocket protocol if multiple protocols used
2026-05-21	BUG/MEDIUM: h1: Skip all h2c values from Upgrade headers during parsing
2026-05-21	BUG/MINOR: httpclient-cli: Destroy http-client context if failing to start it
2026-05-21	BUG/MINOR: jwt: fix possible memory leak in convert_ecdsa_sig() error path
2026-05-21	BUG/MINOR: check: properly report errno in chk_report_conn_err()
2026-05-21	BUG/MINOR: resolvers: fix leaked dgram and dns_ring struct in parse_resolve_conf()
2026-05-21	BUG/MINOR: resolvers: report the expression error in the do-resolve() action parser
2026-05-21	BUG/MINOR: dns: fix dangling dgram pointer on dns_dgram_init() failure path
2026-05-21	BUG/MEDIUM: server/cli: unlock server lock on failure in cli_parse_set_server
2026-05-21	BUG/MEDIUM: dns: fix memory leak of sockaddr in dns_session_init() error path
2026-05-21	BUG/MEDIUM: resolvers: fix name compression pointer validation in resolv_read_name()
2026-05-21	BUG/MEDIUM: dns: fix long loops in additional records parse on name failure
2026-05-21	BUG/MINOR: config/dns: properly fail on duplicate nameserver name detection
2026-05-21	BUG/MINOR: backend: correct parameter value validation in get_server_ph_post()
2026-05-21	BUG/MEDIUM: applet: Fix transfer of HTX data to the applet
2026-05-21	BUG/MEDIUM: dict: hold read lock while incrementing refcount in dict_insert
2026-05-21	BUG/MEDIUM: mux_quic: adjust qcc_is_dead() to account detached streams

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date	Subject
2026-05-26	BUG/MINOR: mux-spop: Use relative offset to compute contig data in demux buf
2026-05-26	BUG/MINOR: mux-fcgi: Use relative offset to compute contig data in demux buf
2026-05-26	BUG/MEDIUM: h1-htx: Sanitize parsing to properly handle upgrade requests
2026-05-26	BUG/MEDIUM: mux-fcgi: reject stream ID 0 for application records
2026-05-26	BUG/MEDIUM: jwe: substitute random CEK on RSA1_5 decryption failure per RFC 7516 #11.5
2026-05-26	BUG/MINOR: jwe: enforce GCM tag length to 128 bits
2026-05-26	BUG/MINOR: quic: reject packet too short for HP decryption
2026-05-26	BUG/MINOR: qmux: do not crash on frame parsing issue
2026-05-26	BUG/MINOR: hlua: prevent Lua from passing CR/LF/NUL in HTTP headers
2026-05-26	BUG/MINOR: h3: add missing break on rcv_buf()
2026-05-26	BUG/MEDIUM: auth: fix unconfigured password NULL deref
2026-05-26	BUG/MINOR: h3: reject server MAX_PUSH_ID frame
2026-05-26	BUG/MINOR: h3: adjust error on PUSH_PROMISE frame reception
2026-05-26	BUG/MINOR: h3: reject client CANCEL_PUSH frame
2026-05-26	BUG/MINOR: h3: reject server push stream
2026-05-26	BUG/MEDIUM: h3: reject client push stream
2026-05-26	BUG/MEDIUM: tools: insert an XXH64 layer on the PRNG output
2026-05-26	BUG/MINOR: addons/51d: NUL-terminate headers before passing them to Trie API
2026-05-26	BUG/MINOR: resolvers: switch to a better PRNG for query IDs
2026-05-26	BUG/MINOR: ssl-hello: make use of the null-terminated servername
2026-05-26	BUG/MINOR: payload: fix the handshake length bounds check smp_client_hello_parse()
2026-05-26	BUG/MINOR: base64: return empty string for empty input in base64dec()
2026-05-26	BUG/MINOR: http-ext: always check remaining data when reading rfc7239 nodeport
2026-05-26	BUG/MEDIUM: acme: protect against risk of null-deref on connection failure
2026-05-26	BUG/MINOR: http-fetch: check against the whole token in get_http_auth()
2026-05-26	BUG/MINOR: sample: request an extra output byte for the url_dec converter
2026-05-26	BUG/MINOR: resolvers: relax size checks in authority record parsing
2026-05-26	BUG/MINOR: cache: also recognize directives in the form "token="
2026-05-26	BUG/MEDIUM: cache: always verify the primary hash in get_secondary_entry()
2026-05-26	BUG/MEDIUM: h1: limit status codes to 3 digits by default
2026-05-26	BUG/MEDIUM: h1: drop headers whose names contain invalid chars
2026-05-25	BUG/MINOR: haterm: fix the random suffix multiplication
2026-05-25	BUG/MINOR: sample: limit the be2hex converter's chunk size
2026-05-25	BUG/MINOR: init: use more than ha_random64() for the cluster secret
2026-05-25	BUG/MINOR: dict: fix refcount race on insert collision
2026-05-25	BUG/MINOR: log: look for the end of priority before the end of the buffer
2026-05-25	BUG/MINOR: mux-h2: validate HEADERS frame length before reading stream dep
2026-05-25	BUG/MINOR: resolvers: fix risk of appending garbage past the domain name
2026-05-25	BUG/MINOR: resolvers: fix room for trailing zero in resolv_dn_label_to_str()
2026-05-25	BUG/MINOR: log: free logformat expr on compile failure in cfg_parse_log_profile
2026-05-25	BUG/MEDIUM: cache: fix a refcount leak for missed secondary entries
2026-05-25	BUG/MEDIUM: tcpcheck/spoe: bound the SPOP error code to valid values
2026-05-25	BUG/MEDIUM: regex: allocate a large enough pcre2 match for all matches
2026-05-25	BUG/MEDIUM: log-forward: make sure the month is unsigned
2026-05-23	BUG/MEDIUM: acme: NUL terminate response buffer before PEM parsing
2026-05-22	BUG/MEDIUM: cli: Fix parsing of pattern finishing a command payload
2026-05-22	BUG/MEDIUM: hlua: Fix integer underflow when receiving line from lua cosocket
2026-05-22	BUG/MINOR: tcpchecks: Limit parsing of agent-check reply to the buffer
2026-05-22	BUG/MEDIUM: dict: hold lock while decrementing refcount in dict_entry_unref
2026-05-22	BUG/MINOR: quic: fix ODCID lookup from derived value
2026-05-22	BUG/MEDIUM: ssl-gencert: Unlock LRU cache if failing to generate certificate
2026-05-22	BUG/MEDIUM: resolvers: Fix test on dn label size in resolv_dn_label_to_str()
2026-05-22	BUG/MEDIUM: applet: Properly handle receives of size 0

Back to the list of branches and versions
Back to the HAProxy page