HAProxy known bugs for maintenance branch 2.8 : 11

This is maintenance branch 2.8 whose latest version is 2.8.16. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.8 version other than 2.8.16, you're running with known bugs.

Quick links

full changelog for 2.8 : here
browse history for 2.8 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2025-10-03 2.8.16 ⇐ last

2025-04-22 2.8.15

2025-01-29 2.8.14

2024-12-12 2.8.13

2024-11-08 2.8.12

2024-09-19 2.8.11

2024-06-14 2.8.10

2024-04-05 2.8.9

2024-04-05 2.8.8

2024-02-26 2.8.7

2024-02-15 2.8.6

2023-12-07 2.8.5

2023-11-17 2.8.4

2023-09-07 2.8.3

2023-08-09 2.8.2

2023-07-03 2.8.1

2023-05-31 2.8.0

Date	Version	Comment
2025-10-03	2.8.16	⇐ last
2025-04-22	2.8.15
2025-01-29	2.8.14
2024-12-12	2.8.13
2024-11-08	2.8.12
2024-09-19	2.8.11
2024-06-14	2.8.10
2024-04-05	2.8.9
2024-04-05	2.8.8
2024-02-26	2.8.7
2024-02-15	2.8.6
2023-12-07	2.8.5
2023-11-17	2.8.4
2023-09-07	2.8.3
2023-08-09	2.8.2
2023-07-03	2.8.1
2023-05-31	2.8.0

Fixes for known bugs pending in this branch since the last release (2.8.16)

These fixes have already been queued for the next 2.8 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

11 0 0 2 9

Total	CRITICAL	MAJOR	MEDIUM	MINOR
11	0	0	2	9

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

2025-10-24 BUG/MINOR: quic: Wrong source address use on FreeBSD

2025-10-24 BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream

2025-10-24 BUG/MINOR: quic: Missing SSL session object freeing

2025-10-24 BUG/MINOR: quic: ensure cwnd limits are always enforced

2025-10-20 BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames

2025-10-20 BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()

2025-10-20 BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets

2025-10-14 BUG/MINOR: sink: retry attempt for sft server may never occur

2025-10-10 BUG/MINOR: ssl: always clear the remains of the first hello for the second one

2025-10-10 BUG/MEDIUM: ssl: take care of second client hello

2025-10-10 BUG/MINOr: hlua: Fix receive from HTTP applet by properly accounting data

Merge date	Subject - Severity (minor, medium, major, critical)
2025-10-24	BUG/MINOR: quic: Wrong source address use on FreeBSD
2025-10-24	BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
2025-10-24	BUG/MINOR: quic: Missing SSL session object freeing
2025-10-24	BUG/MINOR: quic: ensure cwnd limits are always enforced
2025-10-20	BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames
2025-10-20	BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
2025-10-20	BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
2025-10-14	BUG/MINOR: sink: retry attempt for sft server may never occur
2025-10-10	BUG/MINOR: ssl: always clear the remains of the first hello for the second one
2025-10-10	BUG/MEDIUM: ssl: take care of second client hello
2025-10-10	BUG/MINOr: hlua: Fix receive from HTTP applet by properly accounting data

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date Subject

2025-11-05 BUG/MEDIUM: stick-tables: Make sure we handle expiration on all tables

2025-11-05 BUG/MEDIUM: connections: permit to permanently remove an idle conn

2025-11-05 BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle

2025-11-05 BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting

2025-11-04 BUG/MEDIUM: server: Also call srv_reset_path_parameters() on srv up

2025-11-04 BUG/MEDIUM: server: Add a rwlock to path parameter

2025-11-04 BUG/MINOR: quic: fix crash on client handshake abort

2025-11-03 BUG/MAJOR: stats-file: fix crash on non-x86 platform caused by unaligned cast

2025-11-02 BUG/MINOR: resolvers: ensure fair round robin iteration

2025-10-30 BUG/MINOR: mux-h2: send the preface along with the first request if needed

2025-10-30 BUG/MINOR: ech: non destructive parsing in cli_find_ech_specific_ctx()

2025-10-30 BUG/MINOR: ssl: returns when SSL_CTX_new failed during init

2025-10-29 BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records

2025-10-29 BUG/MINOR: init: Do not close previously created fd in stdio_quiet

2025-10-28 BUG/MINOR: acl: warn if "_sub" derivative used with an explicit match

2025-10-28 BUG/MINOR: ssl: Remove unreachable code in CLI function

2025-10-28 BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance

2025-10-27 BUG/MEDIUM: cli: do not return ACKs one char at a time

Date	Subject
2025-11-05	BUG/MEDIUM: stick-tables: Make sure we handle expiration on all tables
2025-11-05	BUG/MEDIUM: connections: permit to permanently remove an idle conn
2025-11-05	BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle
2025-11-05	BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting
2025-11-04	BUG/MEDIUM: server: Also call srv_reset_path_parameters() on srv up
2025-11-04	BUG/MEDIUM: server: Add a rwlock to path parameter
2025-11-04	BUG/MINOR: quic: fix crash on client handshake abort
2025-11-03	BUG/MAJOR: stats-file: fix crash on non-x86 platform caused by unaligned cast
2025-11-02	BUG/MINOR: resolvers: ensure fair round robin iteration
2025-10-30	BUG/MINOR: mux-h2: send the preface along with the first request if needed
2025-10-30	BUG/MINOR: ech: non destructive parsing in cli_find_ech_specific_ctx()
2025-10-30	BUG/MINOR: ssl: returns when SSL_CTX_new failed during init
2025-10-29	BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records
2025-10-29	BUG/MINOR: init: Do not close previously created fd in stdio_quiet
2025-10-28	BUG/MINOR: acl: warn if "_sub" derivative used with an explicit match
2025-10-28	BUG/MINOR: ssl: Remove unreachable code in CLI function
2025-10-28	BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance
2025-10-27	BUG/MEDIUM: cli: do not return ACKs one char at a time

Back to the list of branches and versions
Back to the HAProxy page