HAProxy known bugs for maintenance branch 2.6 : 16

This is maintenance branch 2.6 whose latest version is 2.6.22. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.6 version other than 2.6.22, you're running with known bugs.

Quick links

full changelog for 2.6 : here
browse history for 2.6 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2025-04-22 2.6.22 ⇐ last

2025-01-29 2.6.21

2024-11-08 2.6.20

2024-09-19 2.6.19

2024-06-18 2.6.18

2024-04-05 2.6.17

2023-12-13 2.6.16

2023-08-09 2.6.15

2023-06-09 2.6.14

2023-05-02 2.6.13

2023-03-28 2.6.12

2023-03-17 2.6.11

2023-03-10 2.6.10

2023-02-14 2.6.9

2023-01-24 2.6.8

2022-12-02 2.6.7

2022-09-22 2.6.6

2022-09-03 2.6.5

2022-08-22 2.6.4

2022-08-19 2.6.3

2022-07-22 2.6.2

2022-06-21 2.6.1

2022-05-31 2.6.0

Date	Version	Comment
2025-04-22	2.6.22	⇐ last
2025-01-29	2.6.21
2024-11-08	2.6.20
2024-09-19	2.6.19
2024-06-18	2.6.18
2024-04-05	2.6.17
2023-12-13	2.6.16
2023-08-09	2.6.15
2023-06-09	2.6.14
2023-05-02	2.6.13
2023-03-28	2.6.12
2023-03-17	2.6.11
2023-03-10	2.6.10
2023-02-14	2.6.9
2023-01-24	2.6.8
2022-12-02	2.6.7
2022-09-22	2.6.6
2022-09-03	2.6.5
2022-08-22	2.6.4
2022-08-19	2.6.3
2022-07-22	2.6.2
2022-06-21	2.6.1
2022-05-31	2.6.0

Fixes for known bugs pending in this branch since the last release (2.6.22)

These fixes have already been queued for the next 2.6 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

16 0 0 0 16

Total	CRITICAL	MAJOR	MEDIUM	MINOR
16	0	0	0	16

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2025-05-28	BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
2025-05-28	BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request
2025-05-28	BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
2025-05-28	BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers
2025-05-28	BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation
2025-05-28	BUG/MINOR: cli: fix too many args detection for commands
2025-05-28	BUG/MINOR: quic: reject invalid max_udp_payload size
2025-05-28	BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
2025-05-28	BUG/MINOR: quic: use proper error code on invalid received TP value
2025-05-28	BUG/MINOR: quic: reject retry_source_cid TP on server side
2025-05-28	BUG/MINOR: quic: use proper error code on invalid server TP
2025-05-28	BUG/MINOR: quic: use proper error code on missing CID in TPs
2025-05-28	BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection
2025-05-28	BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade
2025-05-28	BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers
2025-05-28	BUG/MINOR: cli: Issue an error when too many args are passed for a command

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date Subject

2025-07-01 BUG/MINOR: httpclient: wrongly named httpproxy flag

2025-06-30 BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter

2025-06-30 BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending

2025-06-30 BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services

2025-06-30 BUG/MEDIUM: counters/server: fix server and proxy last_change mixup

2025-06-27 BUG/MINOR: quic-be: Wrong retry_source_connection_id check

2025-06-26 BUG/MINOR: tools: use my_unsetenv instead of unsetenv

2025-06-26 BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding

2025-06-25 BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers

2025-06-24 BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation

2025-06-24 BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself

2025-06-23 BUG/MINOR: tools: only reset argument start upon new argument

2025-06-20 BUG/MEDIUM: quic: do not release BE quic-conn prior to upper conn

2025-06-20 BUG/MAJOR: fwlc: Count an avoided server as unusable.

2025-06-18 BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream

2025-06-17 MINOR: h3: use BUG_ON() on missing request start-line

2025-06-16 BUG/MINOR: mux-quic: check sc_attach_mux return value

2025-06-16 BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported

2025-06-16 BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available

2025-06-16 BUG/MINOR: quic: fix ODCID initialization on frontend side

2025-06-16 BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5)

2025-06-13 BUG/MINOR: quic: don't restrict reception on backend privileged ports

2025-06-13 BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS

2025-06-12 BUG/MINOR: quic: work around NEW_TOKEN parsing error on backend side

2025-06-12 BUG/MINOR: quic: prevent crash on startup with -dt

2025-06-12 BUG/MINOR: quic-be: CID double free upon qc_new_conn() failures

2025-06-12 BUG/MEDIUM: mux-quic: adjust wakeup behavior

2025-06-12 BUG/MINOR: hlua: Don't forget the return statement after a hlua_yieldk()

2025-06-11 BUG/MINOR: config/server: reject QUIC addresses

2025-06-10 BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing

2025-06-10 BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info

2025-06-06 BUG/MINOR: quic: Missing SSL session object freeing

2025-06-06 BUG/MINOR: config: fix arg number reported on empty arg warning

2025-06-06 BUG/MINOR: config: emit warning for empty args only in discovery mode

2025-06-05 BUG/MEDIUM: cli: Properly parse empty lines and avoid crashed

2025-06-04 BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure

2025-06-03 DEBUG: check: Add the healthcheck's expiration date in the trace messags

2025-06-03 BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout

2025-06-03 BUG/MAJOR: leastconn: Protect tree_elt with the lbprm lock

Date	Subject
2025-07-01	BUG/MINOR: httpclient: wrongly named httpproxy flag
2025-06-30	BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
2025-06-30	BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
2025-06-30	BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
2025-06-30	BUG/MEDIUM: counters/server: fix server and proxy last_change mixup
2025-06-27	BUG/MINOR: quic-be: Wrong retry_source_connection_id check
2025-06-26	BUG/MINOR: tools: use my_unsetenv instead of unsetenv
2025-06-26	BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding
2025-06-25	BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
2025-06-24	BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
2025-06-24	BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
2025-06-23	BUG/MINOR: tools: only reset argument start upon new argument
2025-06-20	BUG/MEDIUM: quic: do not release BE quic-conn prior to upper conn
2025-06-20	BUG/MAJOR: fwlc: Count an avoided server as unusable.
2025-06-18	BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
2025-06-17	MINOR: h3: use BUG_ON() on missing request start-line
2025-06-16	BUG/MINOR: mux-quic: check sc_attach_mux return value
2025-06-16	BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
2025-06-16	BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
2025-06-16	BUG/MINOR: quic: fix ODCID initialization on frontend side
2025-06-16	BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5)
2025-06-13	BUG/MINOR: quic: don't restrict reception on backend privileged ports
2025-06-13	BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS
2025-06-12	BUG/MINOR: quic: work around NEW_TOKEN parsing error on backend side
2025-06-12	BUG/MINOR: quic: prevent crash on startup with -dt
2025-06-12	BUG/MINOR: quic-be: CID double free upon qc_new_conn() failures
2025-06-12	BUG/MEDIUM: mux-quic: adjust wakeup behavior
2025-06-12	BUG/MINOR: hlua: Don't forget the return statement after a hlua_yieldk()
2025-06-11	BUG/MINOR: config/server: reject QUIC addresses
2025-06-10	BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
2025-06-10	BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
2025-06-06	BUG/MINOR: quic: Missing SSL session object freeing
2025-06-06	BUG/MINOR: config: fix arg number reported on empty arg warning
2025-06-06	BUG/MINOR: config: emit warning for empty args only in discovery mode
2025-06-05	BUG/MEDIUM: cli: Properly parse empty lines and avoid crashed
2025-06-04	BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure
2025-06-03	DEBUG: check: Add the healthcheck's expiration date in the trace messags
2025-06-03	BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
2025-06-03	BUG/MAJOR: leastconn: Protect tree_elt with the lbprm lock

Back to the list of branches and versions
Back to the HAProxy page