HAProxy known bugs for maintenance branch 2.2 : 21

This is maintenance branch 2.2 whose latest version is 2.2.33. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.2 version other than 2.2.33, you're running with known bugs.

Quick links

full changelog for 2.2 : here
browse history for 2.2 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2024-04-05 2.2.33 ⇐ last

2023-12-19 2.2.32

2023-08-19 2.2.31

2023-06-12 2.2.30

2023-02-14 2.2.29

2023-01-31 2.2.28

2023-01-27 2.2.27

2022-12-09 2.2.26

2022-07-28 2.2.25

2022-05-13 2.2.24

2022-05-06 2.2.23

2022-03-14 2.2.22

2022-03-02 2.2.21

2022-01-12 2.2.20

2021-11-29 2.2.19

2021-11-05 2.2.18

2021-09-07 2.2.17

2021-08-17 2.2.16

2021-07-16 2.2.15

2021-04-29 2.2.14

2021-04-02 2.2.13

2021-03-31 2.2.12

2021-03-18 2.2.11

2021-03-03 2.2.10

2021-02-06 2.2.9

2021-01-13 2.2.8

2021-01-08 2.2.7

2020-11-30 2.2.6

2020-11-05 2.2.5

2020-09-30 2.2.4

2020-09-08 2.2.3

2020-07-31 2.2.2

2020-07-23 2.2.1

2020-07-07 2.2.0

Date	Version	Comment
2024-04-05	2.2.33	⇐ last
2023-12-19	2.2.32
2023-08-19	2.2.31
2023-06-12	2.2.30
2023-02-14	2.2.29
2023-01-31	2.2.28
2023-01-27	2.2.27
2022-12-09	2.2.26
2022-07-28	2.2.25
2022-05-13	2.2.24
2022-05-06	2.2.23
2022-03-14	2.2.22
2022-03-02	2.2.21
2022-01-12	2.2.20
2021-11-29	2.2.19
2021-11-05	2.2.18
2021-09-07	2.2.17
2021-08-17	2.2.16
2021-07-16	2.2.15
2021-04-29	2.2.14
2021-04-02	2.2.13
2021-03-31	2.2.12
2021-03-18	2.2.11
2021-03-03	2.2.10
2021-02-06	2.2.9
2021-01-13	2.2.8
2021-01-08	2.2.7
2020-11-30	2.2.6
2020-11-05	2.2.5
2020-09-30	2.2.4
2020-09-08	2.2.3
2020-07-31	2.2.2
2020-07-23	2.2.1
2020-07-07	2.2.0

Fixes for known bugs pending in this branch since the last release (2.2.33)

These fixes have already been queued for the next 2.2 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

21 0 0 8 13

Total	CRITICAL	MAJOR	MEDIUM	MINOR
21	0	0	8	13

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2024-07-03	BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct()
2024-07-03	BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning
2024-07-03	BUG/MINOR: haproxy: only tid 0 must not sleep if got signal
2024-07-03	BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
2024-07-03	BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
2024-07-03	BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory
2024-07-03	BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser
2024-07-03	BUG/MINOR: ssl/ocsp: init callback func ptr as NULL
2024-07-03	BUG/MINOR: stats: Don't state the 303 redirect response is chunked
2024-07-03	BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header
2024-07-03	BUG/MEDIUM: fd: prevent memory waste in fdtab array
2024-07-03	BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned
2024-07-03	BUG/MINOR: h1: fix detection of upper bytes in the URI
2024-07-03	BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets
2024-07-03	BUG/MEDIUM: evports: do not clear returned events list on signal
2024-07-03	BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered
2024-07-03	BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection
2024-07-03	BUG/MINOR: log: invalid snprintf() usage in sess_build_logline()
2024-07-03	BUG/MINOR: tools/log: invalid encode_{chunk,string} usage
2024-07-03	BUG/MINOR: log: fix lf_text_len() truncate inconsistency
2024-04-08	BUG/MEDIUM: connection: report connection errors even when no mux is installed

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date Subject

2024-07-26 BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature

2024-07-26 BUG/MEDIUM: quic: fix invalid conn reject with CONNECTION_REFUSED

2024-07-24 BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)

2024-07-24 BUG/MEDIUM: sink: properly init applet under sft lock

2024-07-19 BUG/MINOR: quic: Non optimal first datagram.

2024-07-18 BUG/MINOR: cli: Atomically inc the global request counter between CLI commands

2024-07-18 BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution

2024-07-18 BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter

2024-07-18 BUG/MEDIUM: startup: fix zero-warning mode

2024-07-17 BUG/MAJOR: mux-h2: force a hard error upon short read with pending error

2024-07-17 BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path

2024-07-16 BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts

2024-07-16 BUG/MINOR: do not close uninit FD in quic_test_socketops()

2024-07-12 BUG/MINOR: session: Eval L4/L5 rules defined in the default section

2024-07-11 BUG/MINOR: limits: fix license type in limits.h

2024-07-11 BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past

2024-07-10 BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread

2024-07-10 BUG/MEDIUM: h1: Reject empty Transfer-encoding header

2024-07-10 BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value

2024-07-10 BUG/MINOR: h1: Fail to parse empty transfer coding names

2024-07-08 BUG/MINOR: jwt: fix variable initialisation

2024-07-08 BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn

2024-07-05 BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx

2024-07-04 BUG/MEDIUM: quic: prevent crash on accept queue full

2024-07-03 MINOR: quic: add 2 BUG_ON() on datagram dispatch

2024-07-03 BUG/MINOR: jwt: don't try to load files with HMAC algorithm

Date	Subject
2024-07-26	BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature
2024-07-26	BUG/MEDIUM: quic: fix invalid conn reject with CONNECTION_REFUSED
2024-07-24	BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
2024-07-24	BUG/MEDIUM: sink: properly init applet under sft lock
2024-07-19	BUG/MINOR: quic: Non optimal first datagram.
2024-07-18	BUG/MINOR: cli: Atomically inc the global request counter between CLI commands
2024-07-18	BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution
2024-07-18	BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
2024-07-18	BUG/MEDIUM: startup: fix zero-warning mode
2024-07-17	BUG/MAJOR: mux-h2: force a hard error upon short read with pending error
2024-07-17	BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
2024-07-16	BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
2024-07-16	BUG/MINOR: do not close uninit FD in quic_test_socketops()
2024-07-12	BUG/MINOR: session: Eval L4/L5 rules defined in the default section
2024-07-11	BUG/MINOR: limits: fix license type in limits.h
2024-07-11	BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past
2024-07-10	BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread
2024-07-10	BUG/MEDIUM: h1: Reject empty Transfer-encoding header
2024-07-10	BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
2024-07-10	BUG/MINOR: h1: Fail to parse empty transfer coding names
2024-07-08	BUG/MINOR: jwt: fix variable initialisation
2024-07-08	BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn
2024-07-05	BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx
2024-07-04	BUG/MEDIUM: quic: prevent crash on accept queue full
2024-07-03	MINOR: quic: add 2 BUG_ON() on datagram dispatch
2024-07-03	BUG/MINOR: jwt: don't try to load files with HMAC algorithm

Back to the list of branches and versions
Back to the HAProxy page