HAProxy known bugs for maintenance branch 2.5 : 0

This is maintenance branch 2.5 whose latest version is 2.5.14. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.5 version other than 2.5.14, you're running with known bugs.

Quick links

full changelog for 2.5 : here
browse history for 2.5 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2023-05-02 2.5.14 ⇐ last

2023-03-17 2.5.13

2023-02-14 2.5.12

2023-01-24 2.5.11

2022-12-05 2.5.10

2022-09-23 2.5.9

2022-07-25 2.5.8

2022-05-13 2.5.7

2022-04-26 2.5.6

2022-03-14 2.5.5

2022-02-25 2.5.4

2022-02-18 2.5.3

2022-02-16 2.5.2

2022-01-11 2.5.1

2021-11-23 2.5.0

Date	Version	Comment
2023-05-02	2.5.14	⇐ last
2023-03-17	2.5.13
2023-02-14	2.5.12
2023-01-24	2.5.11
2022-12-05	2.5.10
2022-09-23	2.5.9
2022-07-25	2.5.8
2022-05-13	2.5.7
2022-04-26	2.5.6
2022-03-14	2.5.5
2022-02-25	2.5.4
2022-02-18	2.5.3
2022-02-16	2.5.2
2022-01-11	2.5.1
2021-11-23	2.5.0

Fixes for known bugs pending in this branch since the last release (2.5.14)

These fixes have already been queued for the next 2.5 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

0 0 0 0 0

Total	CRITICAL	MAJOR	MEDIUM	MINOR
0	0	0	0	0

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date	Subject
2025-11-03	BUG/MAJOR: stats-file: fix crash on non-x86 platform caused by unaligned cast
2025-11-02	BUG/MINOR: resolvers: ensure fair round robin iteration
2025-10-30	BUG/MINOR: mux-h2: send the preface along with the first request if needed
2025-10-30	BUG/MINOR: ech: non destructive parsing in cli_find_ech_specific_ctx()
2025-10-30	BUG/MINOR: ssl: returns when SSL_CTX_new failed during init
2025-10-29	BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records
2025-10-29	BUG/MINOR: init: Do not close previously created fd in stdio_quiet
2025-10-28	BUG/MINOR: acl: warn if "_sub" derivative used with an explicit match
2025-10-28	BUG/MINOR: ssl: Remove unreachable code in CLI function
2025-10-28	BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance
2025-10-27	BUG/MEDIUM: cli: do not return ACKs one char at a time
2025-10-24	BUG/MEDIUM: mt_list: Use atomic operations to prevent compiler optims
2025-10-24	BUG/MINOR: stick-tables: properly index string-type keys
2025-10-24	BUG/MAJOR: stats-file: ensure shm_stats_file_object struct mapping consistency (2nd attempt)
2025-10-24	Revert "BUG/MAJOR: stats-file: ensure shm_stats_file_object struct mapping consistency"
2025-10-24	BUG/MEDIUM: applet: Improve again spinning loops detection with the new API
2025-10-23	BUG/MINOR: quic: rename and duplicate stream settings
2025-10-23	BUG/MINOR: quic: split option for congestion max window size
2025-10-23	BUG/MINOR: quic: split max-idle-timeout option for FE/BE usage
2025-10-23	BUG/MEDIUM: mt_lists: Avoid el->prev = el->next = el
2025-10-23	BUG/MEDIUM: stick-tables: Don't loop if there's nothing left
2025-10-23	BUG/MEDIUM: build: limit excessive and counter-productive gcc-15 vectorization
2025-10-22	BUG/MAJOR: stats-file: ensure shm_stats_file_object struct mapping consistency
2025-10-22	BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling
2025-10-22	BUG/MAJOR: pools: fix default pool alignment
2025-10-21	BUG/MEDIUM: h3: properly encode response after interim one in same buf
2025-10-21	BUG/MEDIUM: h1-htx: Don't set HTX_FL_EOM flag on 1xx informational messages
2025-10-20	BUG/MEDIUM: cli: also free the trash chunk on the error path
2025-10-20	BUG/MINOR: quic-be: unchecked connections during handshakes
2025-10-19	BUG/MEDIUM: mt_list: Make sure not to unlock the element twice
2025-10-17	BUG/MEDIUM: threads/config: drop absent threads from thread groups
2025-10-17	BUG/MINOR: quic: SSL counters not handled
2025-10-17	BUG/MAJOR: quic: do not reset QUIC backends fds in closing state
2025-10-17	BUG/MAJOR: quic: uninitialized quic_conn_closed struct members
2025-10-17	BUG/MINOR: quic: check applet_putchk() for 'show quic' first line
2025-10-16	BUG/MEDIUM: stick-tables: Don't forget to dec count on failure.
2025-10-16	BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id
2025-10-16	BUG/MINOR: pools: don't report "limited to the first X entries" by default
2025-10-16	BUG/MEDIUM: pools: fix crash on filtered "show pools" output
2025-10-13	BUG/MEDIUM: pools: fix bad freeing of aligned pools in UAF mode
2025-10-13	BUG/MINOR: ssl: Potential NULL deref in trace macro
2025-10-10	BUG/MINOR: ssl: Free key_base from global_ssl structure during deinit
2025-10-10	BUG/MINOR: ssl: Free global_ssl structure contents during deinit
2025-10-10	BUG/MEDIUM: apppet: Improve spinning loop detection with the new API
2025-10-10	BUG/MINOR: ssl: leak crtlist_name in ssl-f-use
2025-10-10	BUG/MINOR: ssl: leak in ssl-f-use
2025-10-10	DEBUG: mux-h1: Dump and values with sedesc info
2025-10-10	BUG/MEDIUM: stconn: Properly forward kip to the opposite SE descriptor
2025-10-09	BUG/MINOR: ssl: always clear the remains of the first hello for the second one
2025-10-09	BUG/MEDIUM: ssl: take care of second client hello
2025-10-09	BUG/MINOR: acme: memory leak from the config parser
2025-10-07	BUG/MINOR: acme: avoid overflow when diff > notAfter
2025-10-03	BUG/MINOR: http-ana: Reset analyse_exp date after 'wait-for-body' action
2025-10-03	BUG/MINOR: sink: retry attempt for sft server may never occur
2025-10-03	BUG/MEDIUM: connections: Only avoid creating a mux if we have one
2025-10-03	BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response()
2025-10-02	BUG/MINOR: h3: forbid 'Z' as well in header field names checks
2025-10-02	BUG/MINOR: h2: forbid 'Z' as well in header field names checks
2025-10-02	BUG/CRITICAL: mjson: fix possible DoS when parsing numbers
2025-10-01	BUG/MEDIUM: fwlc: Handle memory allocation failures.
2025-10-01	BUG/MEDIUM: wdt: improve stuck task detection accuracy
2025-09-30	BUG/MEDIUM: stick-tables: Make sure not to free a pending entry
2025-09-29	BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC
2025-09-27	BUG/MEDIUM: acme: cfg_postsection_acme() don't init correctly acme sections
2025-09-27	BUG/MINOR: acme: don't unlink from acme_ctx_destroy()
2025-09-26	BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file
2025-09-25	BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix
2025-09-25	BUG/MINOR: acme: possible overflow in acme_will_expire()
2025-09-25	BUG/MINOR: acme: possible overflow on scheduling computation
2025-09-25	BUG/MINOR: pattern: Properly flag virtual maps as using samples
2025-09-25	BUG/MINOR: compression: Test payload size only if content-length is specified
2025-09-22	BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt
2025-09-22	BUG/MINOR: acme/cli: wrong description for "acme challenge_ready"
2025-09-19	BUG/MEDIUM: http-client: Fix the test on the response start-line
2025-09-18	BUG/MEDIUM: sink: fix unexpected double postinit of sink backend
2025-09-17	BUG/MEDIUM: ring: invert the length check to avoid an int overflow
2025-09-16	BUG/MEDIUM: pattern: fix possible infinite loops on deletion (try 2)
2025-09-16	Revert "BUG/MEDIUM: pattern: fix possible infinite loops on deletion"
2025-09-16	BUG/MEDIUM: pattern: fix possible infinite loops on deletion
2025-09-15	BUG/MINOR: resolvers: always normalize FQDN from response
2025-09-15	BUG/MINOR: ocsp: Crash when updating CA during ocsp updates
2025-09-15	BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common()
2025-09-15	Revert "BUG/MINOR: ocsp: Crash when updating CA during ocsp updates"
2025-09-15	BUG/MINOR: ocsp: Crash when updating CA during ocsp updates
2025-09-15	BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester
2025-09-12	BUG/MEDIUM: resolvers: Accept to create resolution without hostname
2025-09-12	BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value
2025-09-12	BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer
2025-09-11	BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers
2025-09-11	BUG/MEDIUM: resolvers: Properly cache do-resolv resolution
2025-09-11	BUG/MINOR: ocsp: prototype inconsistency
2025-09-11	BUG/MINOR: ssl: Fix potential NULL deref in trace callback
2025-09-11	BUG/MINOR: ssl: Potential NULL deref in trace macro
2025-09-11	BUG/MEDIUM: jws: return size_t in JWS functions
2025-09-11	BUG/MINOR: acme: null pointer dereference upon allocation failure
2025-09-11	BUG/MAJOR: stream: Force channel analysis on successful synchronous send
2025-09-10	BUG/MINOR: stick-table: make sure never to miss a process_table_expire update
2025-09-10	BUG/MEDIUM: ssl: Fix a crash if we failed to create the mux
2025-09-10	BUG/MEDIUM: ssl: Fix a crash when using QUIC
2025-09-10	DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting
2025-09-10	BUG/MEDIUM: stick-tables: don't loop on non-expirable entries
2025-09-10	BUG/MINOR: activity: fix reporting of task latency
2025-09-09	BUG/MEDIUM: ssl: create the mux immediately on early data
2025-09-09	BUG/MEDIUM: h1: Allow reception if we have early data
2025-09-09	DEBUG: peers: export functions that use locks
2025-09-09	DEBUG: stream: count the number of passes in the connect loop
2025-09-09	BUG/MINOR: check: ensure checks are compatible with QUIC servers
2025-09-09	BUG/MEDIUM: checks: fix ALPN inheritance from server
2025-09-09	BUG/MINOR: hq-interop: adjust parsing/encoding on backend side
2025-09-09	BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream
2025-09-09	BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding
2025-09-09	BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset
2025-09-09	BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full
2025-09-09	BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states
2025-09-09	BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught
2025-09-08	BUG/MINOR: quic: properly support GSO on backend side
2025-09-08	BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations
2025-09-08	BUG/MEDIUM: proxy: fix crash with stop_proxy() called during init
2025-09-06	BUG/MEDIUM: ssl: Properly initialize msg_controllen.
2025-09-06	BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET()
2025-09-05	BUG/MINOR: quic: too short PADDING frame for too short packets
2025-09-05	BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections
2025-09-05	BUG/MINOR: server: Update healthcheck when server settings are changed via CLI
2025-09-05	BUG/MEDIUM: server: Use sni as pool connection name for SSL server only
2025-09-05	BUG/MINOR: acl: Fix error message about several '-m' parameters
2025-09-04	BUG/MINOR: log: fix potential memory leak upon error in add_to_logformat_list()
2025-09-04	BUG/MEDIUM: quic-be: too early SSL_SESSION initialization
2025-09-04	BUG/MINOR: connection: streamline conn detach from lists
2025-09-04	BUG/MEDIUM: conn: fix UAF on connection after reversal on edge
2025-09-03	BUG/MINOR: check: fix dst address when reusing a connection
2025-09-03	BUG/MINOR: check: ensure check-reuse is compatible with SSL
2025-09-03	MEDIUM: stats-file: add some BUG_ON() guards to ensure exported structs are not changed by accident
2025-09-03	BUG/MEDIUM: peers: don't fail twice to grab the update lock
2025-09-03	BUG/MINOR: stick-tables: never leave used entries without expiration
2025-09-03	BUG/MEDIUM: stick-tables: don't leave the expire loop with elements deleted
2025-09-02	BUG/MINOR: haproxy: be sure not to quit too early on soft stop
2025-09-02	MEDIUM: quic: strengthen BUG_ON() for unpad Initial packet on client
2025-09-02	BUG/MINOR: quic: pad Initial pkt with CONNECTION_CLOSE on client
2025-09-02	BUG/MINOR: quic: fix padding issue on INITIAL retransmit
2025-09-02	BUG/MINOR: quic: fix room check if padding requested
2025-09-02	BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames
2025-09-02	BUG/MINOR: tools: Add OOM check for malloc() in indent_msg()
2025-09-02	BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options()
2025-09-02	BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen()
2025-09-02	BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
2025-09-02	BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger()
2025-09-02	BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url()
2025-09-01	BUG/MINOR: acl: Properly detect overwritten matching method
2025-09-01	BUG/MINOR: server: Duplicate healthcheck's sni inherited from default server
2025-09-01	BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
2025-09-01	BUG/MAJOR: mux-quic: fix crash on reload during emission
2025-09-01	BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
2025-08-29	BUG/BUILD: stats: fix build due to missing stat enum definition
2025-08-28	BUG/MINOR: mux-quic: do not access conn after idle list insert
2025-08-28	BUG/MINOR: server: decrement session idle_conns on del server
2025-08-28	BUG/MINOR: connection: remove extra session_unown_conn() on reverse
2025-08-28	BUG/MINOR: connection: rearrange union list members
2025-08-28	BUG/MEDIUM: mworker: fix startup and reload on macOS
2025-08-28	BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found
2025-08-28	BUG/MINOR: mux-quic: trace with non initialized qcc
2025-08-27	BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
2025-08-27	BUG/MEDIUM: quic-be: avoid crashes when releasing Initial pktns
2025-08-26	BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort
2025-08-25	BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend
2025-08-25	BUG/MEDIUM: http_ana: handle yield for "stats http-request" evaluation
2025-08-22	BUG/MINOR: quic: don't coalesce probing and ACK packet of same type
2025-08-22	BUG/MAJOR: quic: fix INITIAL padding with probing packet only
2025-08-22	BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
2025-08-22	BUG/MEDIUM: quic: reset padding when building GSO datagrams
2025-08-21	BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
2025-08-21	BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind
2025-08-21	BUG/MEDIUM: quic-be: crash after backend CID allocation failures
2025-08-21	BUG/MINOR: quic-be: missing Initial packet number space discarding
2025-08-21	BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW
2025-08-20	BUG/MEDIUM: mworker: more verbose error upon loading failure
2025-08-20	BUG/MEDIUM: quic-be: do not initialize ->conn too early
2025-08-20	BUG/MEDIUM: quic: crash after quic_conn allocation failures
2025-08-20	BUG/MEDIUM: cli: Report inbuf is no longer full when a line is consumed
2025-08-20	BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames
2025-08-14	BUG/MINOR: mux-h1: fix wrong lock label
2025-08-14	BUG/MEDIUM: quic: listener connection stuck during handshakes (OpenSSL 3.5)
2025-08-11	BUG/MINOR: init: Initialize random seed earlier in the init process
2025-08-08	BUG/MEDIUM: ssl: fix build with AWS-LC
2025-08-08	BUG/MEDIUM: ssl: Fix 0rtt to the server
2025-08-08	BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
2025-08-07	BUG/MINOR: proxy: avoid NULL-deref in post_section_px_cleanup()
2025-08-07	BUG/MINOR: cfgparse-listen: update err_code for fatal error on proxy directive
2025-08-07	BUG/MINOR: cfgparse: immediately stop after hard error in srv_init()
2025-08-06	DEBUG: pools: also retrieve file and line for direct callers of create_pool()
2025-08-06	DEBUG: pools: store the pool registration file name and line number
2025-08-05	BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
2025-08-05	BUG/MINOR: acme: possible integer underflow in acme_txt_record()
2025-07-31	BUG/MEDIUM: mux-quic: ensure Early-data header is set
2025-07-29	BUG/MINOR: hlua: take default-path into account with lua-load-per-thread
2025-07-28	BUG/MEDIUM: queue/stats: also use stream_set_srv_target() for pendconns
2025-07-25	BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options
2025-07-24	BUG/MINOR: httpclient-cli: Don't try to dump raw headers in HTX mode
2025-07-24	BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established
2025-07-24	BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
2025-07-24	BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
2025-07-24	BUG/MEDIUM: Remove sync sends from streams to applets
2025-07-24	BUG/MINOR: applet: Fix applet_getword() to not return one extra byte
2025-07-24	BUG/MEDIUM: stconn: Fix conditions to know an applet can get data from stream
2025-07-24	BUG/MEDIUM: applet: State inbuf is no longer full if input data are skipped
2025-07-24	BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
2025-07-23	BUG/MINOR: acme: allow "processing" in challenge requests
2025-07-23	BUG/MINOR: mux-quic: ensure close-spread-time is properly applied
2025-07-23	BUG/MINOR mux-quic: apply correctly timeout on output pending data
2025-07-23	BUG/MEDIUM: acme: use POST-as-GET instead of GET for resources
2025-07-22	BUG/MINOR: h3: fix uninitialized value in h3_req_headers_send()
2025-07-21	BUG/MINOR: hq-interop: fix FIN transmission
2025-07-21	BUG/MINOR: logs: fix log-steps extra log origins selection
2025-07-21	BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
2025-07-17	BUG/MINOR: halog: exit with error when some output filters are set simultaneosly
2025-07-17	BUG/MEDIUM: quic-be: CC buffer released from wrong pool
2025-07-16	BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
2025-07-16	BUG/MINOR: quic: Wrong source address use on FreeBSD
2025-07-15	BUG/MINOR: h3: properly handle interim response on BE side
2025-07-15	BUG/MEDIUM: h3: handle interim response properly on FE side
2025-07-15	BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
2025-07-15	BUG/MINOR: h3: properly realloc buffer after interim response encoding
2025-07-15	BUG/MEDIUM: h3: do not overwrite interim with final response
2025-07-10	BUG/MINOR: h1-htx: Don't forget to init flags in h1_format_htx_msg function
2025-07-10	BUG/MINOR: mux-h1: Use configured error files if possible for early H1 errors
2025-07-09	BUG/MINOR: h3: fix https scheme request encoding for BE side
2025-07-09	BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM
2025-07-09	BUG/MEDIUM: http-client: Drain the request if an early response is received
2025-07-09	BUG/MINOR: http-client: Reject any 101-switching-protocols response
2025-07-09	BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
2025-07-09	BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer
2025-07-09	BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred
2025-07-09	BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred
2025-07-09	BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred
2025-07-09	BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5)
2025-07-09	BUG/MINOR: listener: really assign distinct IDs to shards
2025-07-08	BUG/MINOR: resolvers: don't lower the case of binary DNS format
2025-07-07	BUG/MINOR: quic-be: Malformed coalesced Initial packets
2025-07-07	BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits (OpenSSL 3.5 QUIC API)
2025-07-07	BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
2025-07-06	CI: set DEBUG_STRICT=2 for coverity scan
2025-07-04	BUG/MINOR: http-act: Fix parsing of the expression argument for pause action
2025-07-04	BUG/MINOR: proto-tcp: Take care to initialized tcp_md5sig structure
2025-07-03	BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
2025-07-02	BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections
2025-07-01	BUG/MINOR: httpclient: wrongly named httpproxy flag
2025-06-30	BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
2025-06-30	BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
2025-06-30	BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
2025-06-30	BUG/MEDIUM: counters/server: fix server and proxy last_change mixup
2025-06-27	BUG/MINOR: quic-be: Wrong retry_source_connection_id check
2025-06-26	BUG/MINOR: tools: use my_unsetenv instead of unsetenv
2025-06-26	BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding
2025-06-25	BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
2025-06-24	BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
2025-06-24	BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
2025-06-23	BUG/MINOR: tools: only reset argument start upon new argument
2025-06-20	BUG/MEDIUM: quic: do not release BE quic-conn prior to upper conn
2025-06-20	BUG/MAJOR: fwlc: Count an avoided server as unusable.
2025-06-18	BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
2025-06-17	MINOR: h3: use BUG_ON() on missing request start-line
2025-06-16	BUG/MINOR: mux-quic: check sc_attach_mux return value
2025-06-16	BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
2025-06-16	BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
2025-06-16	BUG/MINOR: quic: fix ODCID initialization on frontend side
2025-06-16	BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5)
2025-06-13	BUG/MINOR: quic: don't restrict reception on backend privileged ports
2025-06-13	BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS
2025-06-12	BUG/MINOR: quic: work around NEW_TOKEN parsing error on backend side
2025-06-12	BUG/MINOR: quic: prevent crash on startup with -dt
2025-06-12	BUG/MINOR: quic-be: CID double free upon qc_new_conn() failures
2025-06-12	BUG/MEDIUM: mux-quic: adjust wakeup behavior
2025-06-12	BUG/MINOR: hlua: Don't forget the return statement after a hlua_yieldk()
2025-06-11	BUG/MINOR: config/server: reject QUIC addresses
2025-06-10	BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
2025-06-10	BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
2025-06-06	BUG/MINOR: quic: Missing SSL session object freeing
2025-06-06	BUG/MINOR: config: fix arg number reported on empty arg warning
2025-06-06	BUG/MINOR: config: emit warning for empty args only in discovery mode
2025-06-05	BUG/MEDIUM: cli: Properly parse empty lines and avoid crashed
2025-06-04	BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure
2025-06-03	DEBUG: check: Add the healthcheck's expiration date in the trace messags
2025-06-03	BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
2025-06-03	BUG/MAJOR: leastconn: Protect tree_elt with the lbprm lock
2025-05-27	BUG/MEDIUM: httpclient: Throw an error if an lua httpclient instance is reused
2025-05-27	BUG/MEDIUM: hlua: Fix receive API for TCP applets to properly handle shutdowns
2025-05-27	BUG/MEDIUM: hlua: Fix getline() for TCP applets to work with applet's buffers
2025-05-26	BUG/MEDIUM: hlua: Properly detect shudowns for TCP applets based on the new API
2025-05-26	BUG/MEDIUM: cli/ring: Properly handle shutdown in "show event" I/O handler
2025-05-26	BUG/MEDIUM: h3: Declare absolute URI as normalized when a :authority is found
2025-05-26	BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request
2025-05-23	BUG/MAJOR: cache: Crash because of wrong cache entry deleted
2025-05-22	BUG/MEDIUM: server: fix potential null-deref after previous fix
2025-05-22	BUG/MEDIUM: server: fix crash after duplicate GUID insertion
2025-05-21	BUG/MINOR: acme: fix formatting issue in error and logs
2025-05-21	BUG/MEDIUM: acme: check if acme domains are configured
2025-05-21	BUG/MEDIUM: mux-quic: fix BUG_ON() on rxbuf alloc error
2025-05-20	BUG/MEDIUM: wdt: always ignore the first watchdog wakeup
2025-05-19	BUG/MAJOR: leastconn: never reuse the node after dropping the lock
2025-05-19	BUG/MINOR: quic: fix crash on quic_conn alloc failure
2025-05-17	BUG/MAJOR: queue: properly keep count of the queue length
2025-05-17	BUG/MAJOR: leastconn: do not loop forever when facing saturated servers
2025-05-16	BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field
2025-05-16	BUG/MINOR: h3: don't insert more than one Host header
2025-05-16	BUG/MEDIUM: stconn: Disable 0-copy forwarding for filters altering the payload
2025-05-15	BUG/MEDIUM: peers: also limit the number of incoming updates
2025-05-15	BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers
2025-05-14	DEBUG: mux-spop: Review some trace messages to adjust the message or the level
2025-05-14	BUG/MEDIUM: mux-spop; Don't report a read error if there are pending data
2025-05-14	BUG/MEDIUM: mux-spop: Properly detect truncated frames on demux to report error
2025-05-14	BUG/MEDIUM: spop-conn: Report short read for partial frames payload
2025-05-14	BUG/MEDIUM: mux-spop: Properly handle CLOSING state
2025-05-13	BUG/MEDIUM: mux-spop: Remove frame parsing states from the SPOP connection state
2025-05-13	BUG/MINOR: mux-spop: Don't open new streams for SPOP connection on error
2025-05-13	BUG/MINOR: mux-spop: Make the demux stream ID a signed integer
2025-05-13	BUG/MINOR: mux-spop: Don't report error for stream if ACK was already received
2025-05-13	BUG/MINOR: spoe: Don't report error on applet release if filter is in DONE state
2025-05-13	BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation
2025-05-13	BUG/MINOR: cpu-topo: fix group-by-cluster policy for disordered clusters
2025-05-12	BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly
2025-05-12	BUG/MINOR: server: perform lbprm deinit for dynamic servers
2025-05-12	BUG/MINOR: server: dont depend on proxy for server cleanup in srv_drop()
2025-05-12	BUG/MINOR: cfgparse: improve the empty arg position report's robustness
2025-05-12	BUG/MINOR: tools: improve parse_line()'s robustness against empty args
2025-05-12	BUG/MINOR: threads: fix soft-stop without multithreading support
2025-05-09	BUG/MINOR: ssl/ckch: always ha_freearray() the previous entry during parsing
2025-05-09	BUG/MINOR: ssl/ckch: always free() the previous entry during parsing
2025-05-09	BUG/MINOR: ssl: prevent multiple 'crt' on the same ssl-f-use line
2025-05-09	BUG/MINOR: ssl: doesn't fill conf->crt with first arg
2025-05-09	DEBUG: pools: add a new integrity mode "backup" to copy the released area
2025-05-09	DEBUG: pool: permit per-pool UAF configuration
2025-05-09	BUG/MEDIUM: mux-quic: fix crash on invalid fctl frame dereference
2025-05-09	BUG/MINOR: cfgparse: consider the special case of empty arg caused by \x00
2025-05-09	BUG/MEDIUM: quic: free stream_desc on all data acked
2025-05-08	BUG/MEDIUM: stick-table: always remove update before adding a new one
2025-05-08	BUG/MINOR: cli: fix too many args detection for commands
2025-05-07	BUG/MEDIUM: stick-tables: close a tiny race in __stksess_kill()
2025-05-07	BUG/MEDIUM: peers: hold the refcnt until updating ts->seen
2025-05-07	BUG/MINOR: quic: reject invalid max_udp_payload size
2025-05-07	BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
2025-05-07	BUG/MINOR: quic: use proper error code on invalid received TP value
2025-05-07	BUG/MINOR: quic: reject retry_source_cid TP on server side
2025-05-07	BUG/MINOR: quic: use proper error code on invalid server TP
2025-05-07	BUG/MINOR: quic: use proper error code on missing CID in TPs
2025-05-07	BUG/MINOR: tools: only fill first empty arg when not out of range
2025-05-06	BUG/MINOR: ssl: can't use crt-store some certificates in ssl-f-use
2025-05-06	BUG/MAJOR: queue: lock around the call to pendconn_process_next_strm()
2025-05-06	Revert "BUG/MEDIUM: mux-spop: Handle CLOSING state and wait for AGENT DISCONNECT frame"
2025-05-06	BUG/MINOR: proxy: only use proxy_inc_fe_cum_sess_ver_ctr() with frontends
2025-05-06	DEBUG: threads: display held locks in threads dumps
2025-05-05	DEBUG: threads: merge successive idempotent lock operations in history
2025-05-05	DEBUG: threads: don't keep lock label "OTHER" in the per-thread history
2025-05-05	BUG/MINOR: tools: make parseline report the required space for the trailing 0
2025-05-05	BUG/MINOR: tools: always terminate empty lines
2025-05-05	BUG/MINOR: tools: do not create an empty arg from trailing spaces
2025-05-02	BUG/MINOR: acme/cli: don't output error on success
2025-05-02	BUG/MEDIUM: stktable: fix sc_*() BUG_ON() regression with ctx > 9
2025-05-02	BUG/MAJOR: tasks: fix task accounting when killed
2025-05-02	BUG/MEDIUM: quic: Let it be known if the tasklet has been released.
2025-05-02	BUG/MINOR: acme: reinit the retries only at next request
2025-04-30	BUG/MEDIUM: connections: Report connection closing in conn_create_mux()
2025-04-30	BUG/MINOR: mux-spop: Use the right bitwise operator in spop_ctl()
2025-04-30	BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection
2025-04-30	BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade
2025-04-30	BUG/MEDIUM: mux-spop: Handle CLOSING state and wait for AGENT DISCONNECT frame
2025-04-30	BUG/MEDIUM: mux-spop: Wait end of handshake to declare a spop connection ready
2025-04-29	BUG/MINOR: dns: prevent ds accumulation within dss
2025-04-29	BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers
2025-04-29	BUG/MINOR: acme: remove references to virt@acme
2025-04-29	BUG/MINOR: quic: ensure cwnd limits are always enforced
2025-04-29	BUG/MINOR: acme: creating an account should not end the task
2025-04-29	BUG/MINOR: mux-h2: fix the offset of the pattern for the ping frame
2025-04-29	BUG/MINOR: acme: does not try to unlock after a failed trylock
2025-04-28	BUG/MINOR: ssl/acme: free EVP_PKEY upon error
2025-04-28	MEDIUM: thread: set DEBUG_THREAD to 1 by default
2025-04-28	MEDIUM: threads: keep history of taken locks with DEBUG_THREAD > 0
2025-04-28	MINOR: threads: turn the full lock debugging to DEBUG_THREAD=2
2025-04-28	MINOR: threads: prepare DEBUG_THREAD to receive more values
2025-04-25	BUG/MAJOR: listeners: transfer connection accounting when switching listeners
2025-04-25	BUG/MAJOR: tasklets: Make sure he tasklet can't run twice
2025-04-25	BUG/MINOR: master/cli: only parse the '@@' prefix on complete lines
2025-04-25	Revert "BUG/MINOR: master/cli: properly trim the '@@' process name in error messages"
2025-04-25	BUG/MEDIUM: cli: Handle applet shutdown when waiting for a command line
2025-04-24	BUG/MINOR: master/cli: properly trim the '@@' process name in error messages
2025-04-24	BUG/MINOR: ring: Fix I/O handler of "show event" command to not rely on the SC
2025-04-24	BUG/MINOR: hlua: Fix I/O handler of lua CLI commands to not rely on the SC
2025-04-24	BUG/MINOR: cli: Issue an error when too many args are passed for a command
2025-04-24	BUG/MINOR: mux-quic: do not decode if conn in error
2025-04-24	BUG/MINOR: mux-quic: fix possible infinite loop during decoding
2025-04-22	BUG/MEDIUM: mux-spop: Respect the negociated max-frame-size value to send frames
2025-04-18	BUG/MINOR: proxy: always detach a proxy from the names tree on free()
2025-04-18	BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure
2025-04-17	BUG/MINOR: debug: detect and prevent re-entrance in ha_thread_dump_fill()
2025-04-17	BUG/MINOR: wdt/debug: avoid signal re-entrance between debugger and watchdog
2025-04-17	BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill()
2025-04-17	BUG/MINOR: threads: set threads_idle and threads_harmless even with no threads
2025-04-17	BUG/MINOR: mux-h2: do not apply timer on idle backend connection
2025-04-17	BUG/MINOR: rhttp: ensure GOAWAY can be emitted after reversal
2025-04-17	BUG/MINOR: rhttp: fix reconnect if timeout connect unset
2025-04-17	BUG/MINOR: mux-h2: prevent past scheduling with idle connections
2025-04-17	BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data)
2025-04-16	BUG/MINOR: h3: reject request URI with invalid characters
2025-04-16	BUG/MINOR: h3: reject invalid :path in request
2025-04-16	BUG/MINOR: h3: filter upgrade connection header
2025-04-16	BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding
2025-04-16	BUG/MEDIUM: h3: trim whitespaces when parsing headers value
2025-04-16	BUG/MINOR: acme/cli: fix certificate name in error message
2025-04-16	BUG/MINOR: acme: fix the exponential backoff of retries
2025-04-16	BUG/MINOR: acme: key not restored upon error in acme_res_certificate() V2
2025-04-16	Revert "BUG/MINOR: acme: key not restored upon error in acme_res_certificate()"
2025-04-15	BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding
2025-04-15	BUG/MINOR: http-ana: Properly detect client abort when forwarding the response
2025-04-15	BUILD: incompatible pointer type suspected with -DDEBUG_UNIT
2025-04-15	BUG/MINOR: acme: fix possible NULL deref
2025-04-14	DEBUG: counters: add the ability to enable/disable updating the COUNT_IF counters
2025-04-14	DEBUG: counters: make COUNT_IF() only appear at DEBUG_COUNTERS>=1
2025-04-14	DEBUG: rename DEBUG_GLITCHES to DEBUG_COUNTERS and enable it by default
2025-04-14	DEBUG: init: report invalid characters in debug description strings
2025-04-14	BUG/MINOR: debug: remove the trailing \n from BUG_ON() statements
2025-04-14	BUG/MINOR: thread: protect thread_cpus_enabled_at_boot with USE_THREAD
2025-04-14	BUG/MINOR: acme: key not restored upon error in acme_res_certificate()
2025-04-12	BUG/MINOR: cpu-topo: check the correct variable for NULL after malloc()
2025-04-12	BUG/MINOR: acme: ckch_conf_acme_init() when no filename
2025-04-10	BUG/MINOR: hlua: fix invalid errmsg use in hlua_init()
2025-04-09	BUG/MINOR: backend: do not use the source port when hashing clientip
2025-04-07	BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs
2025-04-07	BUG/MINOR: log: fix CBOR encoding with LOG_VARTEXT_START() + lf_encode_chunk()
2025-04-03	BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait()
2025-04-03	BUG/MINOR: server: ensure check-reuse-pool is copied from default-server
2025-04-03	BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node
2025-04-03	BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks
2025-04-03	BUG/MEDIUM: stream: Fix a possible freeze during a forced shut on a stream
2025-04-02	BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
2025-04-02	BUG/MINOR: backend: do not overwrite srv dst address on reuse
2025-04-02	BUG/MINOR: rhttp: fix incorrect dst/dst_port values
2025-04-02	BUG/MEDIUM: leastconn: Don't try to reposition if the server is down
2025-04-02	BUG/MINOR: ssl/ckch: leak in error path
2025-04-01	BUG/MINOR: config: silence .notice/.warning/.alert in discovery mode
2025-03-27	BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays
2025-03-20	BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream()
2025-03-20	BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local
2025-03-20	BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
2025-03-19	BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup()
2025-03-18	BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
2025-03-18	BUG/MINOR: hlua: fix optional timeout argument index for AppletTCP:receive()
2025-03-18	BUG/MINOR: log: prevent saddr NULL deref in syslog_io_handler()
2025-03-13	BUG/MINOR: stats: fix capabilities and hide settings for some generic metrics
2025-03-12	BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity
2025-03-07	BUG/MINOR: cfgparse-tcp: relax namespace bind check
2025-03-07	BUG/MINOR: stream: fix age calculation in "show sess" output
2025-03-07	BUG/MINOR: server: dont return immediately from parse_server() when skipping checks
2025-03-06	BUG/MINOR: cfgparse/peers: properly handle ignored local peer case
2025-03-06	BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server
2025-03-06	BUG/MEIDUM: startup: return to initial cwd only after check_config_validity()
2025-03-05	BUG/MINOR: log: set proper smp size for balance log-hash
2025-03-04	DEBUG: init: Add a macro to register unit tests
2025-03-03	DEBUG: init: add a way to register functions for unit tests
2025-03-03	BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer
2025-02-28	BUG/MINOR: hq-interop: fix leak in case of rcv_buf early return
2025-02-28	BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not empty
2025-02-27	BUG/MINOR: h3: do not report transfer as aborted on preemptive response
2025-02-27	BUG/MINOR: server: fix the "server-template" prefix memory leak
2025-02-27	BUG/MEDIUM: server: properly initialize PROXY v2 TLVs
2025-02-24	BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler
2025-02-24	BUG/MINOR: h2: always trim leading and trailing LWS in header values
2025-02-21	BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper
2025-02-21	BUG/MEDIUM: stream: never allocate connection addresses from signal handler
2025-02-21	BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info()
2025-02-21	BUG/MINOR: stream: do not call co_data() from __strm_dump_to_buffer()
2025-02-21	BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers
2025-02-21	BUG/MINOR: log: fix outgoing abns address family
2025-02-21	BUG/MEDIUM: uxst: fix outgoing abns address family in connect()
2025-02-20	BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers
2025-02-20	BUG/MEDIUM: spoe/mux-spop: Introduce an NOOP action to deal with empty ACK
2025-02-20	BUG/MEDIUM: applet: Don't handle EOI/EOS/ERROR is applet is waiting for room
2025-02-18	BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut
2025-02-18	BUG/MINOR: mux-quic: prevent crash after MUX init failure
2025-02-18	BUG/MINOR: quic: prevent crash on conn access after MUX init failure
2025-02-17	BUG/MINOR: fcgi: Don't set the status to 302 if it is already set
2025-02-17	BUG/MEDIUM: filters: Handle filters registered on data with no payload callback
2025-02-17	BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker
2025-02-17	BUG/MEDIUM: cli: Be sure to drop all input data in END state
2025-02-17	BUG/MINOR: startup: hap_register_feature() fix for partial feature name
2025-02-17	BUG/MINOR: startup: leave at first post_section_parser which fails
2025-02-12	BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals
2025-02-12	BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals
2025-02-12	BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED
2025-02-12	BUG/MINOR: mworker: post_section_parser for the last section in discovery
2025-02-12	BUG/MINOR: mworker: section ignored in discovery after a post_section_parser
2025-02-12	BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding
2025-02-12	BUG/MINOR: quic: reserve length field for long header encoding
2025-02-10	DEBUG: thread: reduce the struct lock_stat to store only 30 buckets
2025-02-10	DEBUG: thread: make lock_stat per operation instead of for all operations
2025-02-10	DEBUG: thread: don't keep the redundant _locked counter
2025-02-10	DEBUG: thread: report the wait time buckets for lock classes
2025-02-10	DEBUG: thread: make lock time computation more consistent
2025-02-10	DEBUG: thread: report the spin lock counters as seek locks
2025-02-10	BUG/MEDIUM: debug: close a possible race between thread dump and panic()
2025-02-07	BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3
2025-02-07	BUG/MINOR: debug: make sure the "debug dev sched" tasks don't block stopping
2025-02-07	BUG/MINOR: debug: make "debug dev sched" accept a negative TID

Back to the list of branches and versions
Back to the HAProxy page