HAProxy known bugs for version v3.0.9 (maintenance branch 3.0) : 150

This version (3.0.9) is a release belonging to maintenance branch 3.0 whose latest version is 3.0.11. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches.

Quick links

full changelog for 3.0 : here
browse history for 3.0 : here

Other versions in the same branch

This branch contains the following releases :

Date Version Comment

2025-06-02 3.0.11 ⇐ last

2025-04-22 3.0.10

2025-03-20 3.0.9 ⇐ yours

2025-01-29 3.0.8

2024-12-12 3.0.7

2024-11-07 3.0.6

2024-09-19 3.0.5

2024-09-03 3.0.4

2024-07-11 3.0.3

2024-06-14 3.0.2

2024-06-10 3.0.1

2024-05-29 3.0.0

Date	Version	Comment
2025-06-02	3.0.11	⇐ last
2025-04-22	3.0.10
2025-03-20	3.0.9	⇐ yours
2025-01-29	3.0.8
2024-12-12	3.0.7
2024-11-07	3.0.6
2024-09-19	3.0.5
2024-09-03	3.0.4
2024-07-11	3.0.3
2024-06-14	3.0.2
2024-06-10	3.0.1
2024-05-29	3.0.0

Known bugs affecting this version, and already fixed in the maintenance branch

These fixes have already been queued for a more recent 3.0 version. Some of them might have already been released in a more recent version than yours, and other ones might still be pending in the maintenance branch for a future release. The list may be empty if you're already on the latest version and no new fix was backported.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in this version by category :

Total CRITICAL MAJOR MEDIUM MINOR

150 0 6 54 90

Total	CRITICAL	MAJOR	MEDIUM	MINOR
150	0	6	54	90

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2025-10-01	BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file
2025-10-01	BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix
2025-10-01	BUG/MINOR: pattern: Properly flag virtual maps as using samples
2025-10-01	BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt
2025-10-01	BUG/MINOR: server: Update healthcheck when server settings are changed via CLI
2025-10-01	BUG/MEDIUM: server: Use sni as pool connection name for SSL server only
2025-10-01	BUG/MEDIUM: ring: invert the length check to avoid an int overflow
2025-10-01	BUG/MINOR: resolvers: always normalize FQDN from response
2025-10-01	BUG/MINOR: ocsp: Crash when updating CA during ocsp updates
2025-10-01	BUG/MAJOR: stream: Force channel analysis on successful synchronous send
2025-10-01	BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
2025-10-01	BUG/MINOR: activity: fix reporting of task latency
2025-10-01	BUG/MEDIUM: ssl: create the mux immediately on early data
2025-10-01	BUG/MEDIUM: h1: Allow reception if we have early data
2025-10-01	BUG/MEDIUM: checks: fix ALPN inheritance from server
2025-10-01	BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET()
2025-10-01	BUG/MINOR: log: fix potential memory leak upon error in add_to_logformat_list()
2025-10-01	BUG/MINOR: connection: streamline conn detach from lists
2025-10-01	BUG/MEDIUM: conn: fix UAF on connection after reversal on edge
2025-10-01	BUG/MINOR: haproxy: be sure not to quit too early on soft stop
2025-10-01	BUG/MINOR: quic: fix padding issue on INITIAL retransmit
2025-10-01	BUG/MINOR: quic: fix room check if padding requested
2025-10-01	BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames
2025-10-01	BUG/MINOR: tools: Add OOM check for malloc() in indent_msg()
2025-10-01	BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options()
2025-10-01	BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen()
2025-10-01	BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
2025-10-01	BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger()
2025-10-01	BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url()
2025-10-01	BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
2025-10-01	BUG/MAJOR: mux-quic: fix crash on reload during emission
2025-10-01	BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
2025-10-01	BUG/MINOR: server: decrement session idle_conns on del server
2025-10-01	BUG/MINOR: connection: remove extra session_unown_conn() on reverse
2025-10-01	BUG/MINOR: connection: rearrange union list members
2025-10-01	BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found
2025-10-01	BUG/MINOR: mux-quic: trace with non initialized qcc
2025-10-01	BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
2025-10-01	BUG/MEDIUM: Remove sync sends from streams to applets
2025-10-01	BUG/MEDIUM: stconn: Fix conditions to know an applet can get data from stream
2025-10-01	BUG/MAJOR: quic: fix INITIAL padding with probing packet only
2025-10-01	BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
2025-10-01	BUG/MINOR: mux-h1: fix wrong lock label
2025-10-01	BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer
2025-10-01	BUG/MINOR: init: Initialize random seed earlier in the init process
2025-10-01	BUG/MEDIUM: ssl: fix build with AWS-LC
2025-10-01	BUG/MEDIUM: ssl: Fix 0rtt to the server
2025-10-01	BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
2025-10-01	BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
2025-10-01	BUG/MINOR: halog: exit with error when some output filters are set simultaneosly
2025-10-01	BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
2025-10-01	BUG/MINOR: quic: Wrong source address use on FreeBSD
2025-10-01	BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM
2025-10-01	BUG/MEDIUM: http-client: Drain the request if an early response is received
2025-10-01	BUG/MINOR: http-client: Reject any 101-switching-protocols response
2025-10-01	BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
2025-10-01	BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred
2025-10-01	BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred
2025-10-01	BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred
2025-10-01	BUG/MINOR: listener: really assign distinct IDs to shards
2025-10-01	BUG/MINOR: hlua: take default-path into account with lua-load-per-thread
2025-10-01	BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options
2025-10-01	BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established
2025-10-01	BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
2025-10-01	BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
2025-10-01	BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
2025-10-01	BUG/MINOR: httpclient: wrongly named httpproxy flag
2025-10-01	BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
2025-10-01	BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
2025-10-01	BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
2025-10-01	BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding
2025-10-01	BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
2025-10-01	BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
2025-10-01	BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
2025-10-01	BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field
2025-10-01	BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly
2025-08-05	BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
2025-08-05	BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency
2025-07-22	BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
2025-06-17	BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
2025-06-17	BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
2025-06-17	BUG/MINOR: config/server: reject QUIC addresses
2025-06-17	BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
2025-06-17	BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
2025-06-17	BUG/MINOR: quic: Missing SSL session object freeing
2025-06-17	BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
2025-06-02	BUG/MINOR: quic: ensure cwnd limits are always enforced
2025-06-02	BUG/MINOR: mux-quic: do not decode if conn in error
2025-06-02	BUG/MEDIUM: peers: also limit the number of incoming updates
2025-06-02	BUG/MEDIUM: httpclient: Throw an error if an lua httpclient instance is reused
2025-05-28	BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
2025-05-27	BUG/MEDIUM: hlua: Fix getline() for TCP applets to work with applet's buffers
2025-05-27	BUG/MEDIUM: hlua: Properly detect shudowns for TCP applets based on the new API
2025-05-27	BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request
2025-05-27	BUG/MAJOR: cache: Crash because of wrong cache entry deleted
2025-05-27	BUG/MEDIUM: server: fix potential null-deref after previous fix
2025-05-27	BUG/MEDIUM: server: fix crash after duplicate GUID insertion
2025-05-20	BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
2025-05-20	BUG/MEDIUM: stconn: Disable 0-copy forwarding for filters altering the payload
2025-05-20	BUG/MINOR: h3: don't insert more than one Host header
2025-05-20	BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers
2025-05-20	BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation
2025-05-20	BUG/MINOR: threads: fix soft-stop without multithreading support
2025-05-20	BUG/MINOR: ssl/ckch: always free() the previous entry during parsing
2025-05-20	BUG/MINOR: cli: fix too many args detection for commands
2025-05-20	BUG/MEDIUM: peers: hold the refcnt until updating ts->seen
2025-05-20	BUG/MINOR: quic: reject invalid max_udp_payload size
2025-05-20	BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
2025-05-20	BUG/MINOR: quic: use proper error code on invalid received TP value
2025-05-20	BUG/MINOR: quic: reject retry_source_cid TP on server side
2025-05-20	BUG/MINOR: quic: use proper error code on invalid server TP
2025-05-20	BUG/MINOR: quic: use proper error code on missing CID in TPs
2025-05-20	BUG/MINOR: proxy: only use proxy_inc_fe_cum_sess_ver_ctr() with frontends
2025-05-20	BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection
2025-05-20	BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade
2025-05-20	BUG/MINOR: dns: prevent ds accumulation within dss
2025-05-20	BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers
2025-05-20	BUG/MAJOR: listeners: transfer connection accounting when switching listeners
2025-05-20	BUG/MINOR: cli: Issue an error when too many args are passed for a command
2025-04-30	BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not empty
2025-04-22	BUG/MINOR: rhttp: ensure GOAWAY can be emitted after reversal
2025-04-22	BUG/MINOR: rhttp: fix reconnect if timeout connect unset
2025-04-22	BUG/MINOR: mux-h2: prevent past scheduling with idle connections
2025-04-22	BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill()
2025-04-22	DEBUG: epoll: store and compare the FD's generation count with reported event
2025-04-22	DEBUG: fd: add a counter of takeovers of an FD since it was last opened
2025-04-22	BUG/MEDIUM: mux-fcgi: Properly handle read0 on partial records
2025-04-22	BUG/MINOR: stktable: invalid use of stkctr_set_entry() with mixed table types
2025-04-22	DEBUG: stream: Add debug counters to track some client/server aborts
2025-04-22	BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure
2025-04-17	BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data)
2025-04-17	BUG/MINOR: h3: reject request URI with invalid characters
2025-04-17	BUG/MINOR: h3: reject invalid :path in request
2025-04-17	BUG/MINOR: h3: filter upgrade connection header
2025-04-17	BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding
2025-04-17	BUG/MEDIUM: h3: trim whitespaces when parsing headers value
2025-04-16	BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers (2)
2025-04-15	BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding
2025-04-15	BUG/MINOR: http-ana: Properly detect client abort when forwarding the response
2025-04-15	BUG/MINOR: hlua: fix invalid errmsg use in hlua_init()
2025-04-15	BUG/MINOR: backend: do not use the source port when hashing clientip
2025-04-15	BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs
2025-04-15	BUG/MINOR: log: fix CBOR encoding with LOG_VARTEXT_START() + lf_encode_chunk()
2025-04-15	BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait()
2025-04-15	BUG/MEDIUM: stream: Fix a possible freeze during a forced shut on a stream
2025-04-15	BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
2025-04-15	BUG/MINOR: backend: do not overwrite srv dst address on reuse
2025-04-15	BUG/MINOR: rhttp: fix incorrect dst/dst_port values
2025-04-15	BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays
2025-04-15	BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream()
2025-04-15	BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local
2025-04-03	BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node
2025-04-03	BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks

Back to the list of branches and versions
Back to the HAProxy page