HAProxy known bugs for maintenance branch 1.6

This is maintenance branch 1.6 whose latest version is 1.6.15. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 1.6 version other than 1.6.15, you're running with known bugs.

Quick links

Versions available in this branch

This branch contains the following releases :

2019-10-251.6.15 ⇐ last

Fixes for known bugs pending in this branch since the last release (1.6.15)

These fixes have already been queued for the next 1.6 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

Total known bugs in the latest version of this branch by category :

16 0 2 2 12

Click on the subjects below to get the full description of the bug :

Merge dateSubject - Severity (minor, medium, major, critical)
2020-02-11BUG/MINOR: dns: allow 63 char in hostname
2020-02-11BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
2020-02-04BUG/MINOR: http_act: don't check capture id in backend
2020-02-04BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
2020-02-04BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
2020-02-04BUG/MINOR: dns: Make dns_query_id_seed unsigned
2020-02-04BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
2020-02-04BUG/MINOR: stream: don't mistake match rules for store-request rules
2020-02-04BUG/MAJOR: hashes: fix the signedness of the hash inputs
2020-02-04BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
2019-12-11BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
2019-12-11BUG/MAJOR: dns: add minimalist error processing on the Rx path
2019-12-11BUG/MINOR: listener: also clear the error flag on a paused listener
2019-12-11BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
2019-12-11BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams
2019-12-11BUG/MINOR: config: Update cookie domain warn to RFC6265

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

2020-05-27BUG/MEDIUM: backend: set the connection owner to the session when using alpn.
2020-05-26BUG/MINOR: connection: Always get the stream when available to send PP2 line
2020-05-26BUG/MEDIUM: connection: Ignore PP2 unique ID for stream-less connections
2020-05-26BUG/MEDIUM: contrib/spoa: do not register python3.8 if --embed fail
2020-05-26BUG/MEDIUM: checks: Refresh the conn-stream and the connection after a connect
2020-05-25BUG/MINOR: http-htx: Fix a leak on error path during http reply parsing
2020-05-25BUG/MINOR: http-htx: Don't forget to release the http reply in release function
2020-05-20BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
2020-05-20BUG/MINOR: http-rules: Mark http return rules as final
2020-05-19BUG/MEDIUM: ring: write-lock the ring while attaching/detaching
2020-05-19BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason
2020-05-19BUG/MINOR: logs: prevent double line returns in some events.
2020-05-18BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
2020-05-13BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
2020-05-13BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
2020-05-13BUG/MINOR: soft-stop: always wake up waiting threads on stopping
2020-05-13BUG/MINOR: pollers: remove uneeded free in global init
2020-05-13BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
2020-05-12BUG/MINOR: sample/ssl: Fix digest converter for openssl < 1.1.0
2020-05-12BUG/MEDIUM: checks: Subscribe to I/O events only if a mux was installed
2020-05-12BUG/MINOR: checks: Rely on next I/O oriented rule when waiting for a connection
2020-05-12BUG/MINOR: checks: Don't subscribe to I/O events if it is already done
2020-05-12BUG/MEDIUM: checks: Subscribe to I/O events on an unfinished connect
2020-05-07BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
2020-05-07BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
2020-05-07BUG/MINOR: http-ana: fix NTLM response parsing again
2020-05-07BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
2020-05-07BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
2020-05-05BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
2020-05-05BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
2020-05-05BUG/MINOR: 51d: Fix HTX message prefetch
2020-05-05BUG/MINOR: wurfl: Fix HTX message prefetch
2020-05-05BUG/MINOR: da: Fix HTX message prefetch
2020-05-05BUG/MINOR: checks: Support multiple HTTP expect rules
2020-05-05BUG/MINOR: sample: Set the correct type when a binary is converted to a string
2020-05-04BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
2020-05-04BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed
2020-05-02BUG/MEDIUM: connections: force connections cleanup on server changes
2020-05-02BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
2020-05-02BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release()
2020-05-02BUG/MEDIUM: mux-fcgi: Return from detach if server don't keep the connection
2020-05-01BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
2020-05-01BUG/MEDIUM: shctx: really check the lock's value while waiting
2020-05-01BUG/MINOR: debug: properly use long long instead of long for the thread ID
2020-05-01BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
2020-04-29BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
2020-04-29BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
2020-04-29BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
2020-04-29BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
2020-04-29BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
2020-04-28BUG/MEDIUM: mux-h1: make sure we always have a timeout on front connections
2020-04-28BUG/MINOR: checks: Set the output buffer length before calling parse_binary()
2020-04-28BUG/MINOR: checks: Don't lose warning on proxy capability
2020-04-28BUG/MINOR: checks: Remove bad call to free() when an expect rule is parsed
2020-04-28BUG/MINOR: checks: Avoid incompatible cast when a binary string is parsed
2020-04-28BUG/MINOR: checks: Properly handle truncated mysql server messages
2020-04-28BUG/MINOR: checks: Remove wrong variable redeclaration
2020-04-27BUG/MINOR: checks: Fix PostgreSQL regex on the authentication packet
2020-04-27BUG/MEDIUM: checks: Destroy the conn-stream before the session
2020-04-27BUG/MEDIUM: sessions: Always pass the mux context as argument to destroy a mux
2020-04-27BUG/MINOR: checks/server: use_ssl member must be signed
2020-04-27BUG/MINOR: checks: Only use ssl_sock_is_ssl() if compiled with SSL support
2020-04-27BUG/MEDIUM: checks: unsubscribe for events on the old conn-stream on connect
2020-04-27BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
2020-04-27BUG/MEDIUM: checks: Unsubscribe to mux events when a conn-stream is destroyed
2020-04-27BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
2020-04-27BUG/MEDIUM: checks: Use the mux protocol specified on the server line
2020-04-27BUG/MINOR: checks: Send the right amount of outgoing data for HTTP checks
2020-04-27BUG/MEDIUM: checks: Be sure to subscribe for sends if outgoing data remains
2020-04-27BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
2020-04-27BUG/MINOR: checks: Forbid tcp-check lines in default section as documented
2020-04-27BUG/MINOR: checks: chained expect will not properly wait for enough data
2020-04-27BUG/MEDIUM: server/checks: Init server check during config validity check
2020-04-27BUG/MINOR: checks: Respect the no-check-ssl option
2020-04-27BUG/MINOR: check: Update server address and port to execute an external check
2020-04-27BUG/MINOR: http-ana: Throw a 500 error if after-response ruleset fails on errors
2020-04-23BUG/MINOR: http: make url_decode() optionally convert '+' to SP
2020-04-23BUG/MINOR: mux-fcgi/trace: fix wrong set of trace flags in fcgi_strm_add_eom()
2020-04-23BUG/MINOR: tools: fix the i386 version of the div64_32 function
2020-04-22BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
2020-04-22BUG/MINOR: ssl: default settings for ssl server options are not used
2020-04-15BUG/MINOR: peers: Incomplete peers sections should be validated.
2020-04-14BUG/MINOR: connection: always send address-less LOCAL PROXY connections
2020-04-10BUG/MINOR: ssl: ssl_conf always set to NULL on crt-list parsing
2020-04-09BUG/MEDIUM: ssl/cli: trying to access to free'd memory
2020-04-09BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
2020-04-08BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
2020-04-08BUG/MINOR: ssl: trailing slashes in directory names wrongly cached
2020-04-08BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete
2020-04-07CI: travis-ci: enable DEBUG_STRICT=1 for CI builds
2020-04-02BUG/MINOR: ssl/cli: fix spaces in 'show ssl crt-list'
2020-04-02BUG/MINOR: ssl/cli: initialize fcount int crtlist_entry
2020-04-02BUG/MINOR: protocol_buffer: Wrong maximum shifting.
2020-04-02BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
2020-04-01BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive
2020-03-31BUG/MINOR: stats: Fix color of draining servers on stats page
2020-03-31BUG/MINOR: ssl: entry->ckch_inst not initialized
2020-03-31BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry
2020-03-26BUG/MEDIUM: dns: improper parsing of aditional records
2020-03-25BUG/MEDIUM: mux_h1: Process a new request if we already received it.
2020-03-24BUG/MINOR: peers: Use after free of "peers" section.
2020-03-24BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
2020-03-24BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
2020-03-23BUG/MINOR: ssl: memory leak when find_chain is NULL
2020-03-23BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
2020-03-22BUG/MINOR: connections: Set idle_time before adding to idle list.
2020-03-22BUG/MEDIUM: h1: Make sure we subscribe before going into idle list.
2020-03-20BUG/MINOR: ssl/cli: fix a potential NULL dereference
2020-03-20BUG/MINOR: connections: Make sure we free the connection on failure.
2020-03-20BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'
2020-03-20BUG/MEDIUM: build: Fix compilation by spelling decl correctly.
2020-03-20BUG/MINOR: ssl: crtlist_dup_filters() must return NULL with fcount == 0
2020-03-20BUG/MINOR: ssl: Correctly add the 1 for the sentinel to the number of elements
2020-03-20BUG/MINOR: ssl: Do not free garbage pointers on memory allocation failure
2020-03-19BUG/MEDIUM: connections: Don't forget to decrement idle connection counters.
2020-03-18BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
2020-03-18MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
2020-03-18BUG/MINOR: pattern: Do not pass len = 0 to calloc()
2020-03-17BUG/MINOR: ssl: memleak of struct crtlist_entry
2020-03-17BUG/MINOR: ssl: memory leak in crtlist_parse_file()
2020-03-17BUG/MINOR: ssl/cli: free the trash chunk in dump_crtlist
2020-03-16BUG/MEDIUM: spoe: dup agent's engine_id string from trash.area
2020-03-16BUG/MINOR: ssl: can't open directories anymore
2020-03-16BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
2020-03-14BUILD: pools: silence build warnings with DEBUG_MEMORY_POOLS and DEBUG_UAF
2020-03-14MINOR: debug: consume the write() result in BUG_ON() to silence a warning
2020-03-12BUG/MINOR: haproxy/threads: try to make all threads leave together
2020-03-12BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
2020-03-12BUG/MINOR: haproxy: always initialize sleeping_thread_mask
2020-03-12BUG/MEDIUM: pools: Always update free_list in pool_gc().
2020-03-12BUG/MEDIUM: connections: Don't assume the connection has a valid session.
2020-03-12BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
2020-03-11BUG/MAJOR: list: fix invalid element address calculation
2020-03-10BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
2020-03-10BUG/MINOR: buffers: MT_LIST_DEL_SAFE() expects the temporary pointer.
2020-03-09BUG/MINOR: ssl/cli: sni_ctx' mustn't always be used as filters
2020-03-08BUG/MINOR: checks/threads: use ha_random() and not rand()
2020-03-08BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
2020-03-07Revert "BUG/MEDIUM: random: implement per-thread and per-process random sequences"
2020-03-07BUG/MEDIUM: random: implement per-thread and per-process random sequences
2020-03-07BUG/MEDIUM: random: initialize the random pool a bit better
2020-03-06BUG/MINOR: http-rules: Abort transaction when a redirect is applied on response
2020-03-06BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
2020-03-06BUG/MINOR: rules: Return ACT_RET_ABRT when a silent-drop action is executed
2020-03-06BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
2020-03-06BUG/MINOR: http-rules: Fix a typo in the reject action function
2020-03-06BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
2020-03-06BUG/MINOR: http-rules: Return ACT_RET_ABRT to abort a transaction
2020-03-06BUG/MINOR: lua: Init the lua wake_time value before calling a lua function
2020-03-06BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
2020-03-06BUG/MINOR: lua: Abort when txn:done() is called from a Lua action
2020-03-06BUG/MINOR: http-ana: Reset request analysers on a response side error
2020-03-06BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
2020-03-06BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
2020-03-06BUG/MINOR: filters: Forward everything if no data filters are called
2020-03-06BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
2020-03-06BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
2020-03-06BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
2020-03-05BUG/MINOR: ssl-sock: do not return an uninitialized pointer in ckch_inst_sni_ctx_to_sni_filters
2020-03-05BUG/MINOR: connection/debug: do not enforce !event_type on subscribe() anymore
2020-03-04BUG/MEDIUM: connection: stop polling for sending when the event is ready
2020-03-04BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
2020-03-03BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
2020-02-28BUG/MINOR: arg: don't reject missing optional args
2020-02-28BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
2020-02-28BUG/MINOR: dns: ignore trailing dot
2020-02-27BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
2020-02-27BUG/MEDIUM: ssl: chain must be initialized with sk_X509_new_null()
2020-02-27BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
2020-02-26BUG/MINOR: h2: reject again empty :path pseudo-headers
2020-02-25BUG/MINOR: connection: make sure to correctly tag local PROXY connections
2020-02-25BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
2020-02-25BUG/MINOR: sample: fix the json converter's endian-sensitivity
2020-02-24BUG/MINOR: ssl: load .key in a directory only after PEM
2020-02-21BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
2020-02-21BUG/MEDIUM: shctx: make sure to keep all blocks aligned
2020-02-21BUG/MINOR: http: http-request replace-path duplicates the query string
2020-02-21BUG/MINOR: mux: do not call conn_xprt_stop_recv() on buffer shortage
2020-02-21BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
2020-02-19BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
2020-02-18BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
2020-02-18BUG/MINOR: sample: exit regsub() in case of trash allocation error
2020-02-18BUG/MINOR: stream: Don't incr frontend cum_req counter when stream is closed
2020-02-18BUG/MINOR: http-htx: Don't return error if authority is updated without changes
2020-02-18BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
2020-02-17BUG/MINOR: tools: also accept '+' as a valid character in an identifier
2020-02-16BUG/MINOR: arg: fix again incorrect argument length check
2020-02-15BUG/MINOR: arg: report an error if an argument is larger than bufsize
2020-02-14BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
2020-02-14BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
2020-02-14BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
2020-02-12BUG/MINOR: tcp: don't try to set defaultmss when value is negative
2020-02-12BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
2020-02-12BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
2020-02-12BUG/MEDIUM: listener: only consider running threads when resuming listeners
2020-02-11BUG/MINOR: connection: correctly retry I/O on signals
2020-02-11BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
2020-02-11BUG/MAJOR: mux-h2: don't wake streams after connection was destroyed

Back to the list of branches and versions
Back to the HAProxy page