HAProxy known bugs for version v3.3.0 (maintenance branch 3.3) : 98

This version (3.3.0) is a release belonging to maintenance branch 3.3 whose latest version is 3.3.4. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches.

Quick links

full changelog for 3.3 : here
browse history for 3.3 : here

Other versions in the same branch

This branch contains the following releases :

Date Version Comment

2026-02-19 3.3.4 ⇐ last

2026-02-12 3.3.3

2026-01-29 3.3.2

2025-12-19 3.3.1

2025-11-26 3.3.0 ⇐ yours

Date	Version	Comment
2026-02-19	3.3.4	⇐ last
2026-02-12	3.3.3
2026-01-29	3.3.2
2025-12-19	3.3.1
2025-11-26	3.3.0	⇐ yours

Known bugs affecting this version, and already fixed in the maintenance branch

These fixes have already been queued for a more recent 3.3 version. Some of them might have already been released in a more recent version than yours, and other ones might still be pending in the maintenance branch for a future release. The list may be empty if you're already on the latest version and no new fix was backported.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in this version by category :

Total CRITICAL MAJOR MEDIUM MINOR

98 0 4 38 56

Total	CRITICAL	MAJOR	MEDIUM	MINOR
98	0	4	38	56

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

2026-02-19 BUG/MINOR: backend: check delay MUX before conn_prepare()

2026-02-19 BUG/MINOR: acme: fix X509_NAME leak when X509_set_issuer_name() fails

2026-02-19 BUG/MEDIUM: ssl: SSL backend sessions used after free

2026-02-18 BUG/MINOR: http-ana: Stop to wait for body on client error/abort

2026-02-18 BUG/MINOR: flt-trace: Properly compute length of the first DATA block

2026-02-18 BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2)

2026-02-18 BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states

2026-02-18 BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed

2026-02-18 BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented

2026-02-18 BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS"

2026-02-18 BUG/MINOR: ssl: error with ssl-f-use when no "crt"

2026-02-18 BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing

2026-02-18 BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error

2026-02-18 BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser

2026-02-18 BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration

2026-02-18 BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance

2026-02-18 BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized

2026-02-18 BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure

2026-02-18 BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst

2026-02-18 BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction

2026-02-18 BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv()

2026-02-18 BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths

2026-02-18 BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers

2026-02-18 BUG/MINOR: deviceatlas: add missing return on error in config parsers

2026-02-12 BUG/MAJOR: quic: fix parsing frame type

2026-02-12 BUG/MAJOR: quic: reject invalid token

2026-02-12 BUG/MINOR: backend: fix access on shared counters array

2026-02-12 BUG/MINOR: quic: ensure handshake speed up is only run once per conn

2026-02-12 BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy

2026-02-10 BUG/MINOR: startup: handle a possible strdup() failure

2026-02-10 BUG/MINOR: startup: fix allocation error message of progname string

2026-02-10 BUG/MINOR: config: Fix setting of alt_proto

2026-02-10 BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers

2026-02-10 BUG/MINOR: cpu-topo: count cores not cpus to distinguish core types

2026-02-10 BUG/MEDIUM: threads: Atomically set TH_FL_SLEEPING and clr FL_NOTIFIED

2026-01-30 BUG/MEDIUM: applet: Fix test on shut flags for legacy applets

2026-01-29 BUG/MEDIUM: debug: only dump Lua state when panicking

2026-01-29 BUG/MEDIUM: ssl: fix msg callbacks on QUIC connections

2026-01-29 BUG/MINOR: config/ssl: fix spelling of "expose-experimental-directives"

2026-01-29 BUG/MINOR: config: check capture pool creations for failures

2026-01-29 BUG/MINOR: stick-tables: abort startup on stk_ctr pool creation failure

2026-01-29 BUG/MAJOR: applet: Don't call I/O handler if the applet was shut

2026-01-29 BUG/MINOR: ssl: Encrypted keys could not be loaded when given alongside certificate

2026-01-29 BUG/MINOR: ssl: Properly manage alloc failures in SSL passphrase callback

2026-01-27 BUG/MINOR: ssl: fix error message of tune.ssl.certificate-compression

2026-01-23 BUG/MINOR: proto_tcp: Properly report support for HAVE_TCP_MD5SIG feature

2026-01-23 BUG/MEDIUM: mux-h1: Skip UNUSED htx block when formating the start line

2026-01-23 BUG/MINOR: promex: Detach promex from the server on error dump its metrics dump

2026-01-23 BUG/MINOR: hlua: consume error object if ignored after a failing lua_pcall()

2026-01-23 BUG/MEDIUM: hlua: fix invalid lua_pcall() usage in hlua_traceback()

2026-01-23 BUG/MINOR: proxy: fix deinit crash on defaults with duplicate name

2026-01-23 BUG/MEDIUM: mux-quic: prevent BUG_ON() on aborted uni stream close

2026-01-23 BUG/MEDIUM: ssl: fix generate-certificates option when SNI greater than 64bytes

2026-01-23 BUG/MEDIUM: ssl: fix error path on generate-certificates

2026-01-23 BUG/MEDIUM: log: parsing log-forward options may result in segfault

2026-01-23 BUG/MEDIUM: promex: server iteration may rely on stale server

2026-01-23 BUG/MINOR: server: ensure server is detached from proxy list before being freed

2026-01-23 BUG/MINOR: cfgparse: fix "default" prefix parsing

2026-01-23 BUG/MINOR: proxy: free persist_rules

2026-01-23 BUG/MINOR: http_act: fix deinit performed on uninitialized lf_expr in release_http_map()

2026-01-23 BUG/MEDIUM: quic: fix ACK ECN frame parsing

2026-01-23 BUG/MINOR: hlua_fcn: ensure Patref:add_bulk() is given a table object before using it

2026-01-23 BUG/MINOR: hlua_fcn: fix broken yield for Patref:add_bulk()

2026-01-09 BUG/MINOR: ech/quic: enable ech configuration also for quic listeners

2026-01-09 BUG/MINOR: cli/stick-tables: argument to "show table" is optional

2026-01-09 BUG/MINOR: cfgparse: wrong section name upon error

2026-01-09 BUG/MINOR: quic: fix deprecated warning for window size keyword

2026-01-09 BUG/MEDIUM: stconn: Move data from to during zero-copy forwarding

2026-01-09 BUG/MEDIUM: mworker: can't use signals after a failed reload

2026-01-09 BUG/MEDIUM: mux-h1: Take care to update value during zero-copy forwarding

2026-01-09 BUG/MEDIUM: peers: Properly handle shutdown when trying to get a line

2026-01-09 BUG/MINOR: mworker/cli: fix show proc pagination using reload counter

2026-01-09 BUG/MINOR: backend: inspect request not response buffer to check for TFO

2026-01-09 BUG/MINOR: backend: fix the conn_retries check for TFO

2025-12-18 BUG/MEDIUM: mux-h2: synchronize all conditions to create a new backend stream

2025-12-18 BUG/MEDIUM: backend: Do not remove CO_FL_SESS_IDLE in assign_server()

2025-12-16 BUG/MEDIUM: quic: Don't try to use hystart if not implemented

2025-12-12 BUG/MINOR: quic-be: Missing keywords array NULL termination

2025-12-12 BUG/MEDIUM: stconn: Don't report abort from SC if read0 was already received

2025-12-12 BUG/MEDIUM: http-ana: Properly detect client abort when forwarding response (v2)

2025-12-12 BUG/MEDIUM: h3: fix access to QCS definitely

2025-12-12 BUG/MEDIUM: ssl: Don't resume session for check connections

2025-12-12 BUG/MEDIUM: ssl: Don't store the ALPN for check connections

2025-12-12 BUG/MEDIUM: ssl: Always check the ALPN after handshake

2025-12-12 BUG/MEDIUM: ssl: Don't reuse TLS session if the connection's SNI differs

2025-12-12 BUG/MINOR: mworker/cli: 'show proc' is limited by buffer size

2025-12-12 BUG/MEDIUM: h3: do not access QCS if not allocated

2025-12-12 BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode

2025-12-12 BUG/MINOR: log: Dump good %B and %U values in logs

2025-12-12 BUG/MINOR: ssl: Don't allow to set NULL sni

2025-12-12 BUG/MINOR: quic: do not set first the default QUIC curves

2025-12-12 BUG/MINOR: quic-be: missing connection stream closure upon TLS alert to send

2025-12-12 BUG/MINOR: quic-be: handshake errors without connection stream closure

2025-12-12 BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces

2025-12-12 BUG/MEDIUM: config: ignore empty args in skipped blocks

2025-12-12 BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo

2025-12-12 BUG/MINOR: jwt: Missing "case" in switch statement

2025-12-11 BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards

Merge date	Subject - Severity (minor, medium, major, critical)
2026-02-19	BUG/MINOR: backend: check delay MUX before conn_prepare()
2026-02-19	BUG/MINOR: acme: fix X509_NAME leak when X509_set_issuer_name() fails
2026-02-19	BUG/MEDIUM: ssl: SSL backend sessions used after free
2026-02-18	BUG/MINOR: http-ana: Stop to wait for body on client error/abort
2026-02-18	BUG/MINOR: flt-trace: Properly compute length of the first DATA block
2026-02-18	BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2)
2026-02-18	BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states
2026-02-18	BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed
2026-02-18	BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented
2026-02-18	BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS"
2026-02-18	BUG/MINOR: ssl: error with ssl-f-use when no "crt"
2026-02-18	BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing
2026-02-18	BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error
2026-02-18	BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser
2026-02-18	BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration
2026-02-18	BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance
2026-02-18	BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized
2026-02-18	BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure
2026-02-18	BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst
2026-02-18	BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction
2026-02-18	BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv()
2026-02-18	BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths
2026-02-18	BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers
2026-02-18	BUG/MINOR: deviceatlas: add missing return on error in config parsers
2026-02-12	BUG/MAJOR: quic: fix parsing frame type
2026-02-12	BUG/MAJOR: quic: reject invalid token
2026-02-12	BUG/MINOR: backend: fix access on shared counters array
2026-02-12	BUG/MINOR: quic: ensure handshake speed up is only run once per conn
2026-02-12	BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy
2026-02-10	BUG/MINOR: startup: handle a possible strdup() failure
2026-02-10	BUG/MINOR: startup: fix allocation error message of progname string
2026-02-10	BUG/MINOR: config: Fix setting of alt_proto
2026-02-10	BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers
2026-02-10	BUG/MINOR: cpu-topo: count cores not cpus to distinguish core types
2026-02-10	BUG/MEDIUM: threads: Atomically set TH_FL_SLEEPING and clr FL_NOTIFIED
2026-01-30	BUG/MEDIUM: applet: Fix test on shut flags for legacy applets
2026-01-29	BUG/MEDIUM: debug: only dump Lua state when panicking
2026-01-29	BUG/MEDIUM: ssl: fix msg callbacks on QUIC connections
2026-01-29	BUG/MINOR: config/ssl: fix spelling of "expose-experimental-directives"
2026-01-29	BUG/MINOR: config: check capture pool creations for failures
2026-01-29	BUG/MINOR: stick-tables: abort startup on stk_ctr pool creation failure
2026-01-29	BUG/MAJOR: applet: Don't call I/O handler if the applet was shut
2026-01-29	BUG/MINOR: ssl: Encrypted keys could not be loaded when given alongside certificate
2026-01-29	BUG/MINOR: ssl: Properly manage alloc failures in SSL passphrase callback
2026-01-27	BUG/MINOR: ssl: fix error message of tune.ssl.certificate-compression
2026-01-23	BUG/MINOR: proto_tcp: Properly report support for HAVE_TCP_MD5SIG feature
2026-01-23	BUG/MEDIUM: mux-h1: Skip UNUSED htx block when formating the start line
2026-01-23	BUG/MINOR: promex: Detach promex from the server on error dump its metrics dump
2026-01-23	BUG/MINOR: hlua: consume error object if ignored after a failing lua_pcall()
2026-01-23	BUG/MEDIUM: hlua: fix invalid lua_pcall() usage in hlua_traceback()
2026-01-23	BUG/MINOR: proxy: fix deinit crash on defaults with duplicate name
2026-01-23	BUG/MEDIUM: mux-quic: prevent BUG_ON() on aborted uni stream close
2026-01-23	BUG/MEDIUM: ssl: fix generate-certificates option when SNI greater than 64bytes
2026-01-23	BUG/MEDIUM: ssl: fix error path on generate-certificates
2026-01-23	BUG/MEDIUM: log: parsing log-forward options may result in segfault
2026-01-23	BUG/MEDIUM: promex: server iteration may rely on stale server
2026-01-23	BUG/MINOR: server: ensure server is detached from proxy list before being freed
2026-01-23	BUG/MINOR: cfgparse: fix "default" prefix parsing
2026-01-23	BUG/MINOR: proxy: free persist_rules
2026-01-23	BUG/MINOR: http_act: fix deinit performed on uninitialized lf_expr in release_http_map()
2026-01-23	BUG/MEDIUM: quic: fix ACK ECN frame parsing
2026-01-23	BUG/MINOR: hlua_fcn: ensure Patref:add_bulk() is given a table object before using it
2026-01-23	BUG/MINOR: hlua_fcn: fix broken yield for Patref:add_bulk()
2026-01-09	BUG/MINOR: ech/quic: enable ech configuration also for quic listeners
2026-01-09	BUG/MINOR: cli/stick-tables: argument to "show table" is optional
2026-01-09	BUG/MINOR: cfgparse: wrong section name upon error
2026-01-09	BUG/MINOR: quic: fix deprecated warning for window size keyword
2026-01-09	BUG/MEDIUM: stconn: Move data from to during zero-copy forwarding
2026-01-09	BUG/MEDIUM: mworker: can't use signals after a failed reload
2026-01-09	BUG/MEDIUM: mux-h1: Take care to update value during zero-copy forwarding
2026-01-09	BUG/MEDIUM: peers: Properly handle shutdown when trying to get a line
2026-01-09	BUG/MINOR: mworker/cli: fix show proc pagination using reload counter
2026-01-09	BUG/MINOR: backend: inspect request not response buffer to check for TFO
2026-01-09	BUG/MINOR: backend: fix the conn_retries check for TFO
2025-12-18	BUG/MEDIUM: mux-h2: synchronize all conditions to create a new backend stream
2025-12-18	BUG/MEDIUM: backend: Do not remove CO_FL_SESS_IDLE in assign_server()
2025-12-16	BUG/MEDIUM: quic: Don't try to use hystart if not implemented
2025-12-12	BUG/MINOR: quic-be: Missing keywords array NULL termination
2025-12-12	BUG/MEDIUM: stconn: Don't report abort from SC if read0 was already received
2025-12-12	BUG/MEDIUM: http-ana: Properly detect client abort when forwarding response (v2)
2025-12-12	BUG/MEDIUM: h3: fix access to QCS definitely
2025-12-12	BUG/MEDIUM: ssl: Don't resume session for check connections
2025-12-12	BUG/MEDIUM: ssl: Don't store the ALPN for check connections
2025-12-12	BUG/MEDIUM: ssl: Always check the ALPN after handshake
2025-12-12	BUG/MEDIUM: ssl: Don't reuse TLS session if the connection's SNI differs
2025-12-12	BUG/MINOR: mworker/cli: 'show proc' is limited by buffer size
2025-12-12	BUG/MEDIUM: h3: do not access QCS if not allocated
2025-12-12	BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode
2025-12-12	BUG/MINOR: log: Dump good %B and %U values in logs
2025-12-12	BUG/MINOR: ssl: Don't allow to set NULL sni
2025-12-12	BUG/MINOR: quic: do not set first the default QUIC curves
2025-12-12	BUG/MINOR: quic-be: missing connection stream closure upon TLS alert to send
2025-12-12	BUG/MINOR: quic-be: handshake errors without connection stream closure
2025-12-12	BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces
2025-12-12	BUG/MEDIUM: config: ignore empty args in skipped blocks
2025-12-12	BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo
2025-12-12	BUG/MINOR: jwt: Missing "case" in switch statement
2025-12-11	BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards

Back to the list of branches and versions
Back to the HAProxy page