HAProxy known bugs for maintenance branch 3.1 :  61 

This is maintenance branch 3.1 whose latest version is 3.1.8. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 3.1 version other than 3.1.8, you're running with known bugs.

Quick links

Versions available in this branch

This branch contains the following releases :

DateVersionComment
2025-06-023.1.8 ⇐ last
2025-04-173.1.7 
2025-03-203.1.6 
2025-02-203.1.5 
2025-02-193.1.4 
2025-01-293.1.3 
2025-01-083.1.2 
2024-12-113.1.1 
2024-11-263.1.0 

Fixes for known bugs pending in this branch since the last release (3.1.8)

These fixes have already been queued for the next 3.1 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

Total known bugs in the latest version of this branch by category :

TotalCRITICALMAJORMEDIUMMINOR
61 0 1 29 31

Click on the subjects below to get the full description of the bug :

Merge dateSubject - Severity (minor, medium, major, critical)
2025-08-26BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort
2025-08-26BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend
2025-08-26BUG/MINOR: quic: don't coalesce probing and ACK packet of same type
2025-08-26BUG/MAJOR: quic: fix INITIAL padding with probing packet only
2025-08-26BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
2025-08-26BUG/MEDIUM: quic: reset padding when building GSO datagrams
2025-08-26BUG/MEDIUM: mworker: more verbose error upon loading failure
2025-08-26BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames
2025-08-26BUG/MINOR: mux-h1: fix wrong lock label
2025-08-26BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer
2025-08-26BUG/MINOR: init: Initialize random seed earlier in the init process
2025-08-26BUG/MEDIUM: ssl: fix build with AWS-LC
2025-08-26BUG/MEDIUM: ssl: Fix 0rtt to the server
2025-08-26BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
2025-08-26BUG/MINOR mux-quic: apply correctly timeout on output pending data
2025-08-26BUG/MINOR: hq-interop: fix FIN transmission
2025-08-26BUG/MINOR: logs: fix log-steps extra log origins selection
2025-08-26BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
2025-08-26BUG/MINOR: halog: exit with error when some output filters are set simultaneosly
2025-08-26BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
2025-08-26BUG/MINOR: quic: Wrong source address use on FreeBSD
2025-08-26BUG/MEDIUM: h3: handle interim response properly on FE side
2025-08-26BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
2025-08-26BUG/MINOR: h3: properly realloc buffer after interim response encoding
2025-08-26BUG/MEDIUM: h3: do not overwrite interim with final response
2025-08-26BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM
2025-08-26BUG/MEDIUM: http-client: Drain the request if an early response is received
2025-08-26BUG/MINOR: http-client: Reject any 101-switching-protocols response
2025-08-26BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
2025-08-26BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred
2025-08-26BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred
2025-08-26BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred
2025-08-26BUG/MINOR: listener: really assign distinct IDs to shards
2025-08-26BUG/MINOR: hlua: take default-path into account with lua-load-per-thread
2025-08-26BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options
2025-08-26BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established
2025-08-26BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
2025-08-26BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
2025-08-26BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
2025-08-26BUG/MINOR: httpclient: wrongly named httpproxy flag
2025-08-26BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
2025-08-26BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
2025-08-26BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
2025-08-26BUG/MINOR: tools: use my_unsetenv instead of unsetenv
2025-08-26BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding
2025-08-26BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
2025-08-26BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
2025-08-26BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
2025-08-05BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
2025-07-22BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
2025-06-17BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
2025-06-17BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
2025-06-17BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS
2025-06-17BUG/MINOR: config/server: reject QUIC addresses
2025-06-17BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
2025-06-17BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
2025-06-17BUG/MINOR: quic: Missing SSL session object freeing
2025-06-17BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure
2025-06-17BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
2025-06-02BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field
2025-06-02BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

DateSubject
2025-09-02BUG/MINOR: haproxy: be sure not to quit too early on soft stop
2025-09-02MEDIUM: quic: strengthen BUG_ON() for unpad Initial packet on client
2025-09-02BUG/MINOR: quic: pad Initial pkt with CONNECTION_CLOSE on client
2025-09-02BUG/MINOR: quic: fix padding issue on INITIAL retransmit
2025-09-02BUG/MINOR: quic: fix room check if padding requested
2025-09-02BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames
2025-09-02BUG/MINOR: tools: Add OOM check for malloc() in indent_msg()
2025-09-02BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options()
2025-09-02BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen()
2025-09-02BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
2025-09-02BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger()
2025-09-02BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url()
2025-09-01BUG/MINOR: acl: Properly detect overwritten matching method
2025-09-01BUG/MINOR: server: Duplicate healthcheck's sni inherited from default server
2025-09-01BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
2025-09-01BUG/MAJOR: mux-quic: fix crash on reload during emission
2025-09-01BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
2025-08-29BUG/BUILD: stats: fix build due to missing stat enum definition
2025-08-28BUG/MINOR: mux-quic: do not access conn after idle list insert
2025-08-28BUG/MINOR: server: decrement session idle_conns on del server
2025-08-28BUG/MINOR: connection: remove extra session_unown_conn() on reverse
2025-08-28BUG/MINOR: connection: rearrange union list members
2025-08-28BUG/MEDIUM: mworker: fix startup and reload on macOS
2025-08-28BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found
2025-08-28BUG/MINOR: mux-quic: trace with non initialized qcc
2025-08-27BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
2025-08-27BUG/MEDIUM: quic-be: avoid crashes when releasing Initial pktns
2025-08-26BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort

Back to the list of branches and versions
Back to the HAProxy page