HAProxy known bugs for maintenance branch 2.8 : 17

This is maintenance branch 2.8 whose latest version is 2.8.10. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.8 version other than 2.8.10, you're running with known bugs.

Quick links

full changelog for 2.8 : here
browse history for 2.8 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2024-06-14 2.8.10 ⇐ last

2024-04-05 2.8.9

2024-04-05 2.8.8

2024-02-26 2.8.7

2024-02-15 2.8.6

2023-12-07 2.8.5

2023-11-17 2.8.4

2023-09-07 2.8.3

2023-08-09 2.8.2

2023-07-03 2.8.1

2023-05-31 2.8.0

Date	Version	Comment
2024-06-14	2.8.10	⇐ last
2024-04-05	2.8.9
2024-04-05	2.8.8
2024-02-26	2.8.7
2024-02-15	2.8.6
2023-12-07	2.8.5
2023-11-17	2.8.4
2023-09-07	2.8.3
2023-08-09	2.8.2
2023-07-03	2.8.1
2023-05-31	2.8.0

Fixes for known bugs pending in this branch since the last release (2.8.10)

These fixes have already been queued for the next 2.8 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

17 0 0 4 13

Total	CRITICAL	MAJOR	MEDIUM	MINOR
17	0	0	4	13

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2024-07-03	BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking
2024-07-03	BUG/MINOR: quic: fix race-condition on trace for CID retrieval
2024-07-03	BUG/MINOR: quic: fix race condition in qc_check_dcid()
2024-07-03	BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid()
2024-07-03	BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
2024-07-03	BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
2024-07-03	BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct()
2024-07-03	BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
2024-07-03	BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
2024-07-03	BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission
2024-07-03	BUG/MINOR: proxy: fix header_unique_id leak on deinit()
2024-07-03	BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit()
2024-07-03	BUG/MINOR: proxy: fix dyncookie_key leak on deinit()
2024-07-03	BUG/MINOR: proxy: fix check_{command,path} leak on deinit()
2024-07-03	BUG/MINOR: proxy: fix log_tag leak on deinit()
2024-07-03	BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit()
2024-07-03	BUG/MINOR: quic: fix computed length of emitted STREAM frames

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date Subject

2024-07-26 BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature

2024-07-26 BUG/MEDIUM: quic: fix invalid conn reject with CONNECTION_REFUSED

2024-07-24 BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)

2024-07-24 BUG/MEDIUM: sink: properly init applet under sft lock

2024-07-19 BUG/MINOR: quic: Non optimal first datagram.

2024-07-18 BUG/MINOR: cli: Atomically inc the global request counter between CLI commands

2024-07-18 BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution

2024-07-18 BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter

2024-07-18 BUG/MEDIUM: startup: fix zero-warning mode

2024-07-17 BUG/MAJOR: mux-h2: force a hard error upon short read with pending error

2024-07-17 BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path

2024-07-16 BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts

2024-07-16 BUG/MINOR: do not close uninit FD in quic_test_socketops()

2024-07-12 BUG/MINOR: session: Eval L4/L5 rules defined in the default section

Date	Subject
2024-07-26	BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature
2024-07-26	BUG/MEDIUM: quic: fix invalid conn reject with CONNECTION_REFUSED
2024-07-24	BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
2024-07-24	BUG/MEDIUM: sink: properly init applet under sft lock
2024-07-19	BUG/MINOR: quic: Non optimal first datagram.
2024-07-18	BUG/MINOR: cli: Atomically inc the global request counter between CLI commands
2024-07-18	BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution
2024-07-18	BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
2024-07-18	BUG/MEDIUM: startup: fix zero-warning mode
2024-07-17	BUG/MAJOR: mux-h2: force a hard error upon short read with pending error
2024-07-17	BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
2024-07-16	BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
2024-07-16	BUG/MINOR: do not close uninit FD in quic_test_socketops()
2024-07-12	BUG/MINOR: session: Eval L4/L5 rules defined in the default section

Back to the list of branches and versions
Back to the HAProxy page