HAProxy known bugs for maintenance branch 2.8 : 20

This is maintenance branch 2.8 whose latest version is 2.8.18. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.8 version other than 2.8.18, you're running with known bugs.

Quick links

full changelog for 2.8 : here
browse history for 2.8 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2025-12-25 2.8.18 ⇐ last

2025-12-19 2.8.17

2025-10-03 2.8.16

2025-04-22 2.8.15

2025-01-29 2.8.14

2024-12-12 2.8.13

2024-11-08 2.8.12

2024-09-19 2.8.11

2024-06-14 2.8.10

2024-04-05 2.8.9

2024-04-05 2.8.8

2024-02-26 2.8.7

2024-02-15 2.8.6

2023-12-07 2.8.5

2023-11-17 2.8.4

2023-09-07 2.8.3

2023-08-09 2.8.2

2023-07-03 2.8.1

2023-05-31 2.8.0

Date	Version	Comment
2025-12-25	2.8.18	⇐ last
2025-12-19	2.8.17
2025-10-03	2.8.16
2025-04-22	2.8.15
2025-01-29	2.8.14
2024-12-12	2.8.13
2024-11-08	2.8.12
2024-09-19	2.8.11
2024-06-14	2.8.10
2024-04-05	2.8.9
2024-04-05	2.8.8
2024-02-26	2.8.7
2024-02-15	2.8.6
2023-12-07	2.8.5
2023-11-17	2.8.4
2023-09-07	2.8.3
2023-08-09	2.8.2
2023-07-03	2.8.1
2023-05-31	2.8.0

Fixes for known bugs pending in this branch since the last release (2.8.18)

These fixes have already been queued for the next 2.8 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

20 0 0 9 11

Total	CRITICAL	MAJOR	MEDIUM	MINOR
20	0	0	9	11

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

2026-01-30 BUG/MEDIUM: mux-h2: synchronize all conditions to create a new backend stream

2026-01-30 BUG/MEDIUM: debug: only dump Lua state when panicking

2026-01-30 BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux

2026-01-27 BUG/MINOR: ssl: fix error message of tune.ssl.certificate-compression

2026-01-23 BUG/MINOR: promex: Detach promex from the server on error dump its metrics dump

2026-01-23 BUG/MINOR: hlua: consume error object if ignored after a failing lua_pcall()

2026-01-23 BUG/MEDIUM: hlua: fix invalid lua_pcall() usage in hlua_traceback()

2026-01-23 BUG/MEDIUM: ssl: fix generate-certificates option when SNI greater than 64bytes

2026-01-23 BUG/MEDIUM: ssl: fix error path on generate-certificates

2026-01-23 BUG/MINOR: cfgparse: fix "default" prefix parsing

2026-01-23 BUG/MINOR: proxy: free persist_rules

2026-01-23 BUG/MINOR: http_act: fix deinit performed on uninitialized lf_expr in release_http_map()

2026-01-23 BUG/MEDIUM: quic: fix ACK ECN frame parsing

2026-01-09 BUG/MINOR: cli/stick-tables: argument to "show table" is optional

2026-01-09 BUG/MINOR: cfgparse: wrong section name upon error

2026-01-09 BUG/MINOR: backend: inspect request not response buffer to check for TFO

2026-01-09 BUG/MINOR: backend: fix the conn_retries check for TFO

2026-01-09 BUG/MEDIUM: config: Use the mux protocol ALPN by default for listeners if forced

2026-01-07 BUG/MEDIUM: stconn: Don't report abort from SC if read0 was already received

2026-01-07 BUG/MEDIUM: http-ana: Properly detect client abort when forwarding response (v2)

Merge date	Subject - Severity (minor, medium, major, critical)
2026-01-30	BUG/MEDIUM: mux-h2: synchronize all conditions to create a new backend stream
2026-01-30	BUG/MEDIUM: debug: only dump Lua state when panicking
2026-01-30	BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux
2026-01-27	BUG/MINOR: ssl: fix error message of tune.ssl.certificate-compression
2026-01-23	BUG/MINOR: promex: Detach promex from the server on error dump its metrics dump
2026-01-23	BUG/MINOR: hlua: consume error object if ignored after a failing lua_pcall()
2026-01-23	BUG/MEDIUM: hlua: fix invalid lua_pcall() usage in hlua_traceback()
2026-01-23	BUG/MEDIUM: ssl: fix generate-certificates option when SNI greater than 64bytes
2026-01-23	BUG/MEDIUM: ssl: fix error path on generate-certificates
2026-01-23	BUG/MINOR: cfgparse: fix "default" prefix parsing
2026-01-23	BUG/MINOR: proxy: free persist_rules
2026-01-23	BUG/MINOR: http_act: fix deinit performed on uninitialized lf_expr in release_http_map()
2026-01-23	BUG/MEDIUM: quic: fix ACK ECN frame parsing
2026-01-09	BUG/MINOR: cli/stick-tables: argument to "show table" is optional
2026-01-09	BUG/MINOR: cfgparse: wrong section name upon error
2026-01-09	BUG/MINOR: backend: inspect request not response buffer to check for TFO
2026-01-09	BUG/MINOR: backend: fix the conn_retries check for TFO
2026-01-09	BUG/MEDIUM: config: Use the mux protocol ALPN by default for listeners if forced
2026-01-07	BUG/MEDIUM: stconn: Don't report abort from SC if read0 was already received
2026-01-07	BUG/MEDIUM: http-ana: Properly detect client abort when forwarding response (v2)

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date Subject

2026-03-05 BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending

2026-03-05 BUG/MAJOR: resolvers: Properly lowered the names found in DNS response

2026-03-05 BUG/MAJOR: fcgi: Fix param decoding by properly checking its size

2026-03-05 BUG/MINOR: http-ana: Increment scf bytes_out value if an haproxy error is sent

2026-03-05 BUG/MINOR: sample: Fix sample to retrieve the number of bytes received and sent

2026-03-05 BUG/MINOR: channel: Increase the stconn bytes_in value in channel_add_input()

2026-03-05 DEBUG: stream: Display the currently running rule in stream dump

2026-03-05 BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/"

2026-03-05 BUG/MINOR: hlua: Properly enable/disable receives for TCP applets

2026-03-05 BUG/MEDIUM: hlua: Fix end of request detection when retrieving payload

2026-03-05 BUG/MINOR: hlua: Properly enable/disable line receives from HTTP applet

2026-03-05 BUG/MEDIUM: qpack: correctly deal with too large decoded numbers

2026-03-05 BUG/MINOR: quic: fix OOB read in preferred_address transport parameter

2026-03-05 BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx()

2026-03-05 BUG/MAJOR: qpack: unchecked length passed to huffman decoder

2026-03-05 BUG/MEDIUM: hpack: correctly deal with too large decoded numbers

2026-03-03 BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event

2026-03-03 BUG/MINOR: hlua: fix return with push nil on proxy check

2026-02-26 BUG/MINOR: proxy: add dynamic backend into ID tree

2026-02-26 BUG/MINOR: promex: fix server iteration when last server is deleted

2026-02-26 BUG/MINOR: call EXTRA_COUNTERS_FREE() before srv_free_params() in srv_drop()

2026-02-26 BUG/MINOR: server: adjust initialization order for dynamic servers

2026-02-26 BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream

2026-02-25 BUG/MINOR: quic: missing app ops init during backend 0-RTT sessions

2026-02-24 BUG/MEDIUM: cpu-topo: Distribute CPUs fairly across groups

2026-02-23 BUG/MINOR: haterm: cannot reset default "haterm" mode

2026-02-23 BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame

2026-02-23 BUG/MINOR: acme: fix incorrect number of arguments allowed in config

2026-02-22 BUG/MINOR: acme: wrong labels logic always memprintf errmsg

2026-02-21 BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns

2026-02-20 BUG/MINOR: quic/h3: display QUIC/H3 backend module on HTML stats

2026-02-20 MINOR: quic: add BUG_ON() on half_open_conn counter access from BE

2026-02-20 BUG/MINOR: quic: fix counters used on BE side

2026-02-20 BUG/MINOR: haterm: missing allocation check in copy_argv()

2026-02-20 BUG/MINOR: server: enable no-check-sni-auto for dynamic servers

2026-02-20 BUG/MINOR: server: set auto SNI for dynamic servers

2026-02-20 BUG/MINOR: proxy: detect strdup error on server auto SNI

2026-02-19 BUG/MEDIUM: stats-file: detect and fix inconsistent shared clock when resuming from shm-stats-file

2026-02-19 BUG/MINOR: stats-file: manipulate shm-stats-file heartbeat using unsigned int

2026-02-19 BUG/MEDIUM: stats-file: fix shm-stats-file recover when all process slots are full

2026-02-19 BUG/MINOR: backend: check delay MUX before conn_prepare()

2026-02-19 BUG/MINOR: acme: fix X509_NAME leak when X509_set_issuer_name() fails

Date	Subject
2026-03-05	BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending
2026-03-05	BUG/MAJOR: resolvers: Properly lowered the names found in DNS response
2026-03-05	BUG/MAJOR: fcgi: Fix param decoding by properly checking its size
2026-03-05	BUG/MINOR: http-ana: Increment scf bytes_out value if an haproxy error is sent
2026-03-05	BUG/MINOR: sample: Fix sample to retrieve the number of bytes received and sent
2026-03-05	BUG/MINOR: channel: Increase the stconn bytes_in value in channel_add_input()
2026-03-05	DEBUG: stream: Display the currently running rule in stream dump
2026-03-05	BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/"
2026-03-05	BUG/MINOR: hlua: Properly enable/disable receives for TCP applets
2026-03-05	BUG/MEDIUM: hlua: Fix end of request detection when retrieving payload
2026-03-05	BUG/MINOR: hlua: Properly enable/disable line receives from HTTP applet
2026-03-05	BUG/MEDIUM: qpack: correctly deal with too large decoded numbers
2026-03-05	BUG/MINOR: quic: fix OOB read in preferred_address transport parameter
2026-03-05	BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx()
2026-03-05	BUG/MAJOR: qpack: unchecked length passed to huffman decoder
2026-03-05	BUG/MEDIUM: hpack: correctly deal with too large decoded numbers
2026-03-03	BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event
2026-03-03	BUG/MINOR: hlua: fix return with push nil on proxy check
2026-02-26	BUG/MINOR: proxy: add dynamic backend into ID tree
2026-02-26	BUG/MINOR: promex: fix server iteration when last server is deleted
2026-02-26	BUG/MINOR: call EXTRA_COUNTERS_FREE() before srv_free_params() in srv_drop()
2026-02-26	BUG/MINOR: server: adjust initialization order for dynamic servers
2026-02-26	BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream
2026-02-25	BUG/MINOR: quic: missing app ops init during backend 0-RTT sessions
2026-02-24	BUG/MEDIUM: cpu-topo: Distribute CPUs fairly across groups
2026-02-23	BUG/MINOR: haterm: cannot reset default "haterm" mode
2026-02-23	BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame
2026-02-23	BUG/MINOR: acme: fix incorrect number of arguments allowed in config
2026-02-22	BUG/MINOR: acme: wrong labels logic always memprintf errmsg
2026-02-21	BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns
2026-02-20	BUG/MINOR: quic/h3: display QUIC/H3 backend module on HTML stats
2026-02-20	MINOR: quic: add BUG_ON() on half_open_conn counter access from BE
2026-02-20	BUG/MINOR: quic: fix counters used on BE side
2026-02-20	BUG/MINOR: haterm: missing allocation check in copy_argv()
2026-02-20	BUG/MINOR: server: enable no-check-sni-auto for dynamic servers
2026-02-20	BUG/MINOR: server: set auto SNI for dynamic servers
2026-02-20	BUG/MINOR: proxy: detect strdup error on server auto SNI
2026-02-19	BUG/MEDIUM: stats-file: detect and fix inconsistent shared clock when resuming from shm-stats-file
2026-02-19	BUG/MINOR: stats-file: manipulate shm-stats-file heartbeat using unsigned int
2026-02-19	BUG/MEDIUM: stats-file: fix shm-stats-file recover when all process slots are full
2026-02-19	BUG/MINOR: backend: check delay MUX before conn_prepare()
2026-02-19	BUG/MINOR: acme: fix X509_NAME leak when X509_set_issuer_name() fails

Back to the list of branches and versions
Back to the HAProxy page