HAProxy known bugs for version v3.3.6 (maintenance branch 3.3) : 151

This version (3.3.6) is a release belonging to maintenance branch 3.3 whose latest version is 3.3.10. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches.

Quick links

full changelog for 3.3 : here
browse history for 3.3 : here

Other versions in the same branch

This branch contains the following releases :

Date Version Comment

2026-05-11 3.3.10 ⇐ last

2026-05-06 3.3.9

2026-04-30 3.3.8

2026-04-23 3.3.7

2026-03-19 3.3.6 ⇐ yours

2026-03-09 3.3.5

2026-02-19 3.3.4

2026-02-12 3.3.3

2026-01-29 3.3.2

2025-12-19 3.3.1

2025-11-26 3.3.0

Date	Version	Comment
2026-05-11	3.3.10	⇐ last
2026-05-06	3.3.9
2026-04-30	3.3.8
2026-04-23	3.3.7
2026-03-19	3.3.6	⇐ yours
2026-03-09	3.3.5
2026-02-19	3.3.4
2026-02-12	3.3.3
2026-01-29	3.3.2
2025-12-19	3.3.1
2025-11-26	3.3.0

Known bugs affecting this version, and already fixed in the maintenance branch

These fixes have already been queued for a more recent 3.3 version. Some of them might have already been released in a more recent version than yours, and other ones might still be pending in the maintenance branch for a future release. The list may be empty if you're already on the latest version and no new fix was backported.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in this version by category :

Total CRITICAL MAJOR MEDIUM MINOR

151 0 7 40 104

Total	CRITICAL	MAJOR	MEDIUM	MINOR
151	0	7	40	104

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2026-05-11	BUG/MEDIUM: tasks: Keep the TASK_RUNNING flag until queued
2026-05-11	BUG/MINOR: cfgparse-listen: do not emit extraneous line in rule order warnings
2026-05-11	BUG/MEDIUM: servers: Only requeue servers if they are up
2026-05-11	BUG/MINOR: mux_quic: refresh timeout only if I/O performed
2026-05-11	BUG/MEDIUM: mux_quic: adjust qcc_is_dead() to account detached streams
2026-05-07	BUG/MEDIUM: stick-table: properly check permissions on CLI's set/clear cmd
2026-05-07	BUG/MEDIUM: mux-h2: fix the detection of the ext connect support
2026-05-07	Revert "BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting"
2026-05-07	Revert "BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect"
2026-05-07	BUG/MEDIUM: mux-h2: Properly consume padding for DATA frames
2026-05-07	BUG/MINOR: mux_quic: fix max stream ID reuse estimation
2026-05-07	BUG/MINOR: ssl: Use the sequence number with kTLS and TLS 1.2
2026-05-06	BUG/MEDIUM: h1: Enforce the authority validation during H1 request parsing
2026-05-06	BUG/MAJOR: http: forbid comma character in authority value
2026-05-06	BUG/MINOR: tools: read_line_to_trash() handle empty files without \n
2026-05-06	BUG/MEDIUM: h1_htx: Remove reverved block on error during contig chunks parsing
2026-05-06	BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used
2026-05-06	BUG/MINOR: acme: contact mail should be optional, don't pass ToS bool
2026-05-06	BUG/MINOR: h2: only accept :protocol with extended CONNECT
2026-05-06	BUG/MINOR: mux-h2: condition the processing of 8441 extension to global setting
2026-05-06	BUG/MINOR: h2: add decoding for :protocol in traces
2026-05-04	BUG/MINOR: mworker/cli: check ci_insert() return value in pcli_parse_request()
2026-05-04	BUG/MEDIUM: mworker/cli: fix user and operator permission via @@ in master CLI
2026-05-04	BUG/MINOR: resolvers: Free opts on parse error in resolv_parse_do_resolve()
2026-05-04	BUG/MINOR: resolvers: Fix lookup for a hostname in the state-file tree
2026-05-04	BUG/MINOR: resolvers: Free new requester on error when linking a resolution
2026-05-04	BUG/MINOR: tcpcheck: Properly report error for http health-checks
2026-05-04	BUG/MINOR: dns: always validate the source address in responses
2026-05-04	BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
2026-05-04	BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
2026-05-04	CI: github: add DEBUG_STRICT=2 to ASAN jobs
2026-05-04	BUG/MINOR: pattern: release the reference on failure to load from file
2026-05-04	BUG/MINOR: map: do not leak a map descriptor on load error
2026-05-04	BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
2026-05-04	BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
2026-05-04	BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
2026-05-04	BUG/MINOR: vars: only print first invalid char in fill_desc()
2026-05-04	BUG/MINOR: vars: don't store the variable twice with set-var-fmt
2026-05-04	BUG/MINOR: vars: make parse_store() return error on var_set() failure
2026-05-04	BUG/MINOR: sink: do not free existing sinks on allocation error
2026-04-30	BUG/MINOR: acme: skip auth/challenge steps when newOrder returns a certificate
2026-04-30	BUG/MEDIUM: acme: fix segfault on newOrder with empty authorizations
2026-04-29	BUG/MINOR: http-htx: Don't normalize emtpy path for OPTIONS requests
2026-04-29	BUG/MEDIUM: mux-fcgi: Properly handle full buffer for FCGI_PARAM record
2026-04-29	BUG/MINOR: payload: prevent integer overflow in distcc token parsing
2026-04-29	BUG/MINOR: payload: validate minimum keyshare_len in smp_fetch_ssl_keyshare_groups
2026-04-29	BUG/MINOR: fix various typos and spelling mistakes in user-visible messages
2026-04-29	BUG/MEDIUM: tasks: Do not loop in task_schedule() if a task is running
2026-04-29	BUG/MAJOR: mux-h1: Deal with true 64-bits integer to emit chunks size
2026-04-29	BUG/MEDIUM: http-htx: Loop on full host value during scheme based normalization
2026-04-29	BUG/MEDIUM: http-htx: Don't use data from HTX message to update authority
2026-04-29	BUG/MAJOR: http-htx: Store new host in a chunk for scheme-based normalization
2026-04-29	BUG/MINOR: http_ana: use scf to report term_evts in http_wait_for_request()
2026-04-29	BUG/MEDIUM: mux_h1: fix stack buffer overflow in h1_append_chunk_size()
2026-04-29	BUG/MINOR: peers: fix wrong flag reported twice for dump_flags
2026-04-29	BUG/MINOR: peers: fix logical "and" when checking for local in PEER_APP_ST_STARTING
2026-04-29	BUG/MINOR: sample: fix NULL strm dereference in sample_conv_when
2026-04-29	BUG/MINOR: sample: fix memory leak in check_when_cond() when ACL is not found
2026-04-29	BUG/MINOR: tools: free previously allocated strings on strdup failure in backup_env()
2026-04-29	BUG/MINOR: tools: fix memory leak in indent_msg() on out of memory
2026-04-29	BUG/MINOR: tools: my_memspn/my_memcspn wrong cast causing incorrect byte reading
2026-04-29	BUG/MINOR: ssl: fix double-free on failed realloc in ssl_sock.c
2026-04-29	BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_sock.c
2026-04-29	BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_ckch.c
2026-04-29	BUG/MINOR: tcpcheck: Allow connection reuse without prior traffic
2026-04-23	BUG/MEDIUM: mux-h1: Force close mode for bodyless message announcing a C-L
2026-04-23	BUG/MAJOR: mux-h2: detect incomplete transfers on HEADERS frames as well
2026-04-23	BUG/MINOR: server: fix a possible leak of an error message in dynamic servers
2026-04-23	BUG/MINOR: debug: properly mark the entire libs archive read-only
2026-04-23	BUG/MINOR: compression: properly disable request when setting response
2026-04-23	BUG/MINOR: mux-h1: Fix test to skip trailers from chunked messages
2026-04-23	BUG/MINOR: mux-h1: Fix condition to send null-chunk for bodyless message
2026-04-23	BUG/MINOR: log: also wait for the response when logging response headers
2026-04-23	BUG/MINOR: H2: Don't forget to free shared_rx_bufs on failure
2026-04-23	BUG/MINOR: h2: Don't look at the exclusive bit for PRIORITY frame
2026-04-23	BUG/MINOR: h2: make tune.h2.log-errors actually work
2026-04-23	BUG/MEDIUM: tasks: Make sure we don't schedule a task already running
2026-04-23	BUG/MINOR: mux-h2: count a proto error when rejecting a stream on parsing error
2026-04-23	BUG/MINOR: mux-h2: count a protocol error when failing to parse a trailer
2026-04-23	BUG/MAJOR: sched: protect task->expire on 32-bit platforms
2026-04-21	BUG/MINOR: sample: adjust dependencies for channel output bytes counters
2026-04-21	BUG/MINOR: log: consider format expression dependencies to decide when to log
2026-04-21	BUG/MINOR: mux_quic: limit avail_streams() to 2^62
2026-04-17	BUG/MINOR: task: fix uninitialised read in run_tasks_from_lists()
2026-04-17	BUG/MEDIUM: mux-h2: ignore conn->owner when deciding if a connection is dead
2026-04-17	BUG/MINOR: threads: properly set the number of tgroups when non using policy
2026-04-17	BUG/MEDIUM: peers: trash of expired entries delayed after fullresync
2026-04-17	BUG/MINOR: acme: don't pass NULL into format string
2026-04-17	BUG/MEDIUM: htx: Don't count delta twice when block value is replaced
2026-04-17	BUG/MEDIUM: htx: Fix function used to change part of a block value when defrag
2026-04-17	BUG/MEDIUM: cli: Properly handle too big payload on a command line
2026-04-17	BUG/MINOR: log: Fix error message when using unavailable fetch in logfmt
2026-04-17	BUG/MINOR: ot: fixed wrong NULL check in flt_ot_parse_cfg_group()
2026-04-10	BUG/MINOR: hlua: fix use-after-free of HTTP reason string
2026-04-10	BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize
2026-04-10	BUG/MINOR: sample: fix info leak in regsub when exp_replace fails
2026-04-10	BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples
2026-04-10	BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer()
2026-04-10	BUG/MINOR: resolvers: fix memory leak on AAAA additional records
2026-04-10	BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals
2026-04-10	BUG/MINOR: peers: fix OOB heap write in dictionary cache update
2026-04-10	BUG/MINOR: hlua: fix format-string vulnerability in Patref error path
2026-04-10	BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion
2026-04-10	BUG: hlua: fix stack overflow in httpclient headers conversion
2026-04-10	BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion
2026-04-10	BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni
2026-04-10	BUG/MINOR: counters: fix unexpected 127 char GUID truncation for shm-stats-file objects
2026-04-10	BUG/MINOR: http-act: fix a typo in the "pause" action error message
2026-04-10	BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request
2026-04-10	BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
2026-04-10	BUG/MINOR: cfgcond: always set the error string on awslc_api checks
2026-04-10	BUG/MINOR: cfgcond: always set the error string on openssl_version checks
2026-04-10	BUG/MINOR: cfgcond: properly set the error pointer on evaluation error
2026-04-10	BUG/MINOR: quic: fix documentation for transport params decoding
2026-04-10	BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing
2026-04-10	BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples
2026-04-10	BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option
2026-04-10	BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client
2026-04-10	BUG/MEDIUM: map/cli: CLI commands lack admin permission checks
2026-04-10	BUG/MEDIUM: ssl/ocsp: ocsp commands are missing permission checks
2026-04-10	BUG/MEDIUM: ssl/cli: tls-keys commands are missing permission checks
2026-04-10	BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level
2026-04-10	BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level
2026-04-10	BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level
2026-03-31	BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC
2026-03-31	BUG/MINOR: quic: close conn on packet reception with incompatible frame
2026-03-31	BUG/MINOR: acme: fix task allocation leaked upon error
2026-03-31	BUG/MEDIUM: acme: skip doing challenge if it is already valid
2026-03-31	BUG/MINOR: http-ana: Only consider client abort for abortonclose
2026-03-31	BUG/MINOR: config: Properly test warnif_misplaced_* return values
2026-03-31	BUG/MINOR: acme: permission checks on the CLI
2026-03-31	BUG/MINOR: ech: permission checks on the CLI
2026-03-23	BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready'
2026-03-23	BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after
2026-03-23	BUG/MINOR: acme: free() DER buffer on a2base64url error path
2026-03-23	BUG/MINOR: quic: missing app ops init during backend 0-RTT sessions
2026-03-23	BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame
2026-03-23	BUG/MINOR: acme: fix incorrect number of arguments allowed in config
2026-03-23	BUG/MINOR: acme: wrong labels logic always memprintf errmsg
2026-03-23	BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns
2026-03-23	BUG/MINOR: quic/h3: display QUIC/H3 backend module on HTML stats
2026-03-23	BUG/MINOR: quic: fix counters used on BE side
2026-03-23	BUG/MINOR: server: enable no-check-sni-auto for dynamic servers
2026-03-23	BUG/MINOR: server: set auto SNI for dynamic servers
2026-03-23	BUG/MINOR: proxy: detect strdup error on server auto SNI
2026-03-23	BUG/MEDIUM: stats-file: detect and fix inconsistent shared clock when resuming from shm-stats-file
2026-03-23	BUG/MINOR: stats-file: manipulate shm-stats-file heartbeat using unsigned int
2026-03-23	Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream"
2026-03-23	BUG/MINOR: acme/cli: wrong argument check in 'acme renew'
2026-03-23	BUG/MINOR: acme: wrong error when checking for duplicate section
2026-03-23	BUG/MINOR: acme: leak of ext_san upon insertion error
2026-03-23	BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req()
2026-03-23	BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
2026-03-23	BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
2026-03-23	BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc'

Back to the list of branches and versions
Back to the HAProxy page