HAProxy known bugs for maintenance branch 2.3 :  0 

This is maintenance branch 2.3 whose latest version is 2.3.21. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.3 version other than 2.3.21, you're running with known bugs.

Quick links

Versions available in this branch

This branch contains the following releases :

DateVersionComment
2022-07-272.3.21 ⇐ last
2022-04-292.3.20 
2022-03-142.3.19 
2022-03-022.3.18 
2022-01-112.3.17 
2021-11-242.3.16 
2021-11-042.3.15 
2021-09-072.3.14 
2021-08-172.3.13 
2021-07-082.3.12 
2021-07-072.3.11 
2021-04-232.3.10 
2021-03-302.3.9 
2021-03-252.3.8 
2021-03-162.3.7 
2021-03-032.3.6 
2021-02-062.3.5 
2021-01-132.3.4 
2021-01-082.3.3 
2020-11-282.3.2 
2020-11-132.3.1 
2020-11-052.3.0 

Fixes for known bugs pending in this branch since the last release (2.3.21)

These fixes have already been queued for the next 2.3 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

Total known bugs in the latest version of this branch by category :

TotalCRITICALMAJORMEDIUMMINOR
0 0 0 0 0

Click on the subjects below to get the full description of the bug :

Merge dateSubject - Severity (minor, medium, major, critical)

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

DateSubject
2022-12-02BUG/MINOR: ssl: initialize WolfSSL before parsing
2022-12-02BUG/MINOR: ssl: initialize SSL error before parsing
2022-11-29BUG/MINOR: peers: always update the stksess shard number on incoming updates
2022-11-29BUG/MEDIUM: mux-h1: Close client H1C on EOS when there is no output data
2022-11-29BUG/MINOR: peers: always initialize the stksess shard value
2022-11-29BUG/MINOR: quic: Endless loop during retransmissions
2022-11-29CLEANUP: ncbuf: use standard BUG_ON with DEBUG_STRICT
2022-11-24BUG/MINOR: ssl: shut the ca-file errors emitted during httpclient init
2022-11-24BUG/MEDIUM: quic: fix datagram dropping on queueing failed
2022-11-23BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out
2022-11-23BUG/MEDIUM: mux-h1: Remove H1C_F_WAIT_NEXT_REQ flag on a next request
2022-11-22BUG/MEDIUM: mux-h1: Subscribe for reads on error on sending path
2022-11-22BUG/MEDIUM: mux-h1: Don't release H1C on timeout if there is a SC attached
2022-11-22BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action
2022-11-22BUG/MINOR: h1: Replace authority validation to conform RFC3986
2022-11-22BUG/MINOR: http-htx: Normalized absolute URIs with an empty port
2022-11-22BUG/MINOR: log: fix parse_log_message rfc5424 size check
2022-11-22BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance
2022-11-22BUILD: sched: fix build with DEBUG_THREAD with the previous commit
2022-11-22BUG/MAJOR: sched: protect task during removal from wait queue
2022-11-21BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns
2022-11-21BUG/MINOR: resolvers: do not run the timeout task when there's no resolution
2022-11-20BUG/MAJOR: quic: Crash after discarding packet number spaces
2022-11-19BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets
2022-11-18BUG/MEDIUM: quic: fix memleak for out-of-order crypto data
2022-11-18BUG/MEDIUM: quic: fix unsuccessful handshakes on ncb_advance error
2022-11-18BUG/MEDIUM: peers: messages about unkown tables not correctly ignored
2022-11-18BUG/MINOR: ssl: don't initialize the keylog callback when not required
2022-11-18BUG/MEDIUM: raw-sock: Don't report connection error if something was received
2022-11-18BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists
2022-11-17BUG/MINOR: mux-h1: Fix error handling when H1S allocation failed on client side
2022-11-17BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task
2022-11-17BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes
2022-11-16BUG/MEDIUM: ring: fix creation of server in uninitialized ring
2022-11-16BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers
2022-11-16BUG/MINOR: ssl: SSL_load_error_strings might not be defined
2022-11-16BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once
2022-11-16BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy
2022-11-16BUG/MINOR: resolvers: Set port before IP address when processing SRV records
2022-11-16BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure
2022-11-16BUG/MINOR: http-htx: Fix error handling during parsing http replies
2022-11-14BUG/MEDIUM: wdt/clock: properly handle early task hangs
2022-11-14BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task
2022-11-14BUG/MINOR: ssl: Fix potential overflow
2022-11-14BUG/MINOR: ssl: crt-ignore-err memory leak with 'all' parameter
2022-11-10BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC
2022-11-10BUG/MEDIUM: ssl: Verify error codes can exceed 63
2022-11-04BUG/MINOR: ssl: ocsp structure not freed properly in case of error
2022-11-04BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer
2022-11-04BUG/MINOR: ssl: Memory leak of DH BIGNUM fields
2022-11-04BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file
2022-10-27BUG/MINOR: quic: fix race condition on datagram purging
2022-10-27BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting
2022-10-26BUG/MINOR: quic: fix subscribe operation
2022-10-25BUG/MAJOR: stick-table: don't process store-response rules for applets
2022-10-24BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers
2022-10-24BUG/MINOR: sink: Only use backend capability for the sink proxies
2022-10-24BUG/MEDIUM: compression: handle rewrite errors when updating response headers
2022-10-21BUG/MINOR: mux-quic: complete flow-control for uni streams
2022-10-20BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler
2022-10-20BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient
2022-10-20BUG/MINOR: ring: Properly parse connect timeout
2022-10-20BUG/MINOR: log: Preserve message facility when the log target is a ring buffer
2022-10-18BUG/MINOR: quic: fix buffer overflow on retry token generation
2022-10-17BUG/MEDIUM: httpclient: segfault when the httpclient parser fails
2022-10-14BUG/MEDIUM: httpclient: Don't set EOM flag on an empty HTX message
2022-10-13BUG/MINOR: quic: Stalled 0RTT connections with big ClientHello TLS message
2022-10-12BUG/MINOR: server: make sure "show servers state" hides private bits
2022-10-12BUG/MEDIUM: mux-h1: Handle abort with an incomplete message during parsing
2022-10-12BUG/MEDIUM: mux-h1: Add connection error handling when reading/sending on a pipe
2022-10-12BUG/MINOR: stick-table: fix build with DEBUG_THREAD
2022-10-12BUG/MAJOR: stick-tables: do not try to index a server name for applets
2022-10-11BUG/MINOR: quic: set IP_PKTINFO socket option for QUIC receivers only
2022-10-05BUG/MINOR: hlua: hlua_channel_insert_data() behavior conflicts with documentation
2022-10-04BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth()
2022-10-03BUG/MEDIUM: lua: handle stick table implicit arguments right.
2022-10-03BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure
2022-10-03BUG/MINOR: mux-quic: ignore STOP_SENDING for locally closed stream
2022-10-03BUG/MINOR: quic: adjust quic_tls prototypes
2022-10-03BUG/MINOR: checks: update pgsql regex on auth packet
2022-10-03BUG/MINOR: backend: only enforce turn-around state when not redispatching
2022-10-03BUG/MINOR: config: insufficient syntax check of the global "maxconn" value
2022-10-03BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns
2022-10-03BUG/MEDIUM: config: count line arguments without dereferencing the output
2022-09-30BUG/MINOR: config: don't count trailing spaces as empty arg (v2)
2022-09-30BUG/MINOR: hlua: prevent crash when loading numerous arguments using lua-load(per-thread)
2022-09-29BUG/MINOR: hlua: _hlua_http_msg_delete incorrect behavior when offset is used
2022-09-28BUG/MINOR: hlua: fixing hlua_http_msg_insert_data behavior
2022-09-28BUG/MINOR: hlua: fixing hlua_http_msg_del_data behavior
2022-09-28Revert "BUG/MINOR: config: don't count trailing spaces as empty arg"
2022-09-28BUG/MINOR: config: don't count trailing spaces as empty arg
2022-09-27BUG/MINOR: ring: fix the size check in ring_make_from_area()
2022-09-27BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree
2022-09-27BUG/MEDIUM: stconn: Reset SE descriptor when we fail to create a stream
2022-09-27BUG/MINOR: stream: Perform errors handling in right order in stream_new()
2022-09-23BUG/MINOR: hlua: fixing ambiguous sizeof in hlua_load_per_thread
2022-09-22BUG/MINOR: anon: memory illegal accesses in tools.c with hash_anon and hash_ipanon
2022-09-21BUG/MINOR: hlua: Remove \n in Lua error message built with memprintf
2022-09-21BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction
2022-09-20BUG/MINOR: log: improper behavior when escaping log data
2022-09-20BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error
2022-09-20BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset
2022-09-20BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers
2022-09-19BUG/MEDIUM: mux-quic: fix nb_hreq decrement
2022-09-17BUG/MEDIUM: captures: free() an error capture out of the proxy lock
2022-09-17BUG/MEDIUM: server: segv when adding server with hostname from CLI
2022-09-16BUG/MINOR: mux-quic: do not remotely close stream too early
2022-09-15BUG/MEDIUM: mux-quic: fix crash on early app-ops release
2022-09-13BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring.
2022-09-12BUG/MINOR: listener: null pointer dereference suspected by coverity
2022-09-12BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created
2022-09-09BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN'
2022-09-09BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
2022-09-09BUG/MINOR: signals/poller: ensure wakeup from signals
2022-09-08BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal"
2022-09-08BUG/MINOR: quic: Trace fix about packet number space information.
2022-09-08BUG/MINOR: quic: Speed up the handshake completion only one time
2022-09-08BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals
2022-09-08DEBUG: quic: export the few task handlers that often appear in task dumps
2022-09-08DEBUG: resolvers: unstatify process_resolvers() to make it appear in profiling
2022-09-08DEBUG: task: simplify the caller recording in DEBUG_TASK
2022-09-08DEBUG: applet: instrument appctx_wakeup() to log the caller's location
2022-09-08DEBUG: task: use struct ha_caller instead of arrays of file:line
2022-09-08DEBUG: task: define a series of wakeup types for tasks and tasklets
2022-09-08BUG/MINOR: stream/sched: take into account CPU profiling for the last call
2022-09-08BUG/MINOR: sched: properly account for the CPU time of dying tasks
2022-09-08BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet
2022-09-08BUG/MINOR: task: always reset a new tasklet's call date
2022-09-07BUG/MINOR: quic: Wrong connection ID to thread ID association
2022-09-06BUG/MINOR: quic: Possible crash when verifying certificates
2022-09-06BUG/MINOR: h1: Support headers case adjustment for TCP proxies
2022-09-06BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines
2022-09-06BUG/MINOR: quic: Retransmitted frames marked as acknowledged
2022-09-02BUG/MINOR: http-act: initialize http fmt head earlier
2022-09-02DEBUG: stream: minor rearrangement of a few fields in struct stream.
2022-09-02BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber
2022-09-02BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber
2022-09-02BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber
2022-09-02BUG/MINOR: httpclient: keep-alive was accidentely disabled
2022-09-02BUG/MINOR: httpclient: only ask for more room on failed writes
2022-09-02BUG/MEDIUM: httpclient: always detach the caller before self-killing
2022-09-02BUG/MINOR: h2: properly set the direction flag on HTX response
2022-09-02BUG/MINOR: quic: Frames leak during retransmissions
2022-09-02BUG/MINOR: quic: Do not ack when probing
2022-09-01BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools
2022-09-01BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support
2022-08-31BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2
2022-08-31BUG/MINOR: quic: TX frames memleak
2022-08-31BUG/MINOR: dev/udp: properly preset the rx address size
2022-08-30BUG/MINOR: ssl: revert two wrong fixes with ckhi_link
2022-08-30BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released
2022-08-30BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule)
2022-08-29BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free()
2022-08-29BUG/MINOR: ssl: fix deinit of the ca-file tree
2022-08-29BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2)
2022-08-29BUG/MINOR: epoll: do not actively poll for Rx after an error
2022-08-29BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input
2022-08-29BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets
2022-08-29BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date
2022-08-29BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
2022-08-29BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
2022-08-29BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
2022-08-27BUG/MINOR: quic: Frames added to packets even if not built.
2022-08-27BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace
2022-08-26BUG/MINOR: httpclient: fix resolution with port
2022-08-24BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
2022-08-24BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets
2022-08-24Revert "BUG/MINOR: quix: Memleak for non in flight TX packets"
2022-08-24BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect
2022-08-24BUG/MINOR: mworker: does not create the "default" resolvers in wait mode
2022-08-24BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config()
2022-08-23BUG/MINOR: applet: make the call_rate only count the no-progress calls
2022-08-23BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler
2022-08-23BUG/MINOR: quic: Safer QUIC frame builders
2022-08-23BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt()
2022-08-22BUG/MINOR: quix: Memleak for non in flight TX packets
2022-08-22BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
2022-08-22BUG/MEDIUM: cpu-map: fix thread 1's affinity affecting all threads
2022-08-20BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data
2022-08-19BUG/MINOR: ssl/cli: error when the ca-file is empty
2022-08-19BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured
2022-08-19BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
2022-08-19BUG/MINOR: quic: Wrong splitted duplicated frames handling
2022-08-19BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member
2022-08-19BUG/MINOR: mux-h2: send a CANCEL instead of ES on truncated writes
2022-08-19BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
2022-08-18BUG/MEDIUM: cli: always reset the service context between commands
2022-08-18BUG/MEDIUM: quic: fix crash on MUX send notification
2022-08-18BUG/MINOR: quic: Missing initializations for ducplicated frames.
2022-08-17BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names
2022-08-17BUG/MINOR: quic: do not notify MUX on frame retransmit
2022-08-17BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control
2022-08-16BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt()
2022-08-16BUG/MINOR: quic: MIssing check when building TX packets
2022-08-12BUG/MINOR: mux-quic: fix crash with traces in qc_detach()
2022-08-12BUG/MINOR: quic: memleak on wrong datagram receipt
2022-08-11BUG/MEDIUM: quic: Wrong use of in qc_lsntr_pkt_rcv()
2022-08-11BUG/MEDIUM: ring: fix too lax 'size' parser
2022-08-11BUG/MEDIUM: quic: Possible use of uninitialized variable in qc_lstnr_params_init()
2022-08-11BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg
2022-08-11BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames()
2022-08-10BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq()
2022-08-10BUG/MEDIUM: poller: use fd_delete() to release the poller pipes
2022-08-10BUG/MEDIUM: quic: always remove the connection from the accept list on close
2022-08-09BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level
2022-08-09BUG/MINOR: mux-quic: open stream on STOP_SENDING
2022-08-08BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection
2022-08-08BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp()
2022-08-06BUG/MEDIUM: fix DH length when EC key is used
2022-08-05BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr
2022-08-05BUG/MINOR: quic: adjust errno handling on sendto
2022-08-05BUG/MINOR: quic: Missing Initial packet dropping case
2022-08-05BUG/MINOR: quic: do not reject datagrams matching minimum permitted size
2022-08-04BUG/MINOR: sink: fix a race condition between the writer and the reader
2022-08-04BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing
2022-08-04BUG/MINOR: ring/cli: fix a race condition between the writer and the reader
2022-08-03BUG/MINOR: quic: Avoid sending truncated datagrams
2022-08-03BUG/MEDIUM: quic: Floating point exception in cubic_root()
2022-08-03BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement
2022-08-03BUG/MEDIUM: proxy: Perform a custom copy for default server settings
2022-08-03BUG/MINOR: backend: Don't increment conn_retries counter too early
2022-08-03BUG/MEDIUM: dns: Properly initialize new DNS session
2022-08-03BUG/MINOR: peers: Use right channel flag to consider the peer as connected
2022-08-03BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
2022-08-01BUG/MINOR: mux-quic: do not free conn if attached streams
2022-08-01BUG/MINOR: mux-quic: prevent crash if conn released during IO callback
2022-08-01BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions
2022-08-01DEBUG: tools: provide a tree dump function for ebmbtrees as well
2022-07-30BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once
2022-07-29BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts()
2022-07-29BUG/MINOR: quic: loss time limit variable computed but not used
2022-07-29BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks

Back to the list of branches and versions
Back to the HAProxy page