HAProxy known bugs for version v3.2.5 (maintenance branch 3.2) : 68

This version (3.2.5) is a release belonging to maintenance branch 3.2 whose latest version is 3.2.7. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches.

Quick links

full changelog for 3.2 : here
browse history for 3.2 : here

Other versions in the same branch

This branch contains the following releases :

Date Version Comment

2025-10-23 3.2.7 ⇐ last

2025-10-03 3.2.6

2025-09-23 3.2.5 ⇐ yours

2025-08-13 3.2.4

2025-07-09 3.2.3

2025-07-02 3.2.2

2025-06-11 3.2.1

2025-05-28 3.2.0

Date	Version	Comment
2025-10-23	3.2.7	⇐ last
2025-10-03	3.2.6
2025-09-23	3.2.5	⇐ yours
2025-08-13	3.2.4
2025-07-09	3.2.3
2025-07-02	3.2.2
2025-06-11	3.2.1
2025-05-28	3.2.0

Known bugs affecting this version, and already fixed in the maintenance branch

These fixes have already been queued for a more recent 3.2 version. Some of them might have already been released in a more recent version than yours, and other ones might still be pending in the maintenance branch for a future release. The list may be empty if you're already on the latest version and no new fix was backported.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in this version by category :

Total CRITICAL MAJOR MEDIUM MINOR

68 1 3 32 32

Total	CRITICAL	MAJOR	MEDIUM	MINOR
68	1	3	32	32

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

2025-11-07 BUG/MEDIUM: server: close a race around ready_srv when deleting a server

2025-11-05 BUG/MEDIUM: connections: permit to permanently remove an idle conn

2025-11-05 BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle

2025-11-05 BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting

2025-11-05 BUG/MINOR: resolvers: ensure fair round robin iteration

2025-11-05 BUG/MINOR: ssl: returns when SSL_CTX_new failed during init

2025-11-05 BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records

2025-11-05 BUG/MINOR: init: Do not close previously created fd in stdio_quiet

2025-11-05 BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance

2025-10-27 BUG/MEDIUM: cli: do not return ACKs one char at a time

2025-10-27 BUG/MEDIUM: mt_list: Use atomic operations to prevent compiler optims

2025-10-27 BUG/MINOR: stick-tables: properly index string-type keys

2025-10-27 BUG/MEDIUM: applet: Improve again spinning loops detection with the new API

2025-10-27 BUG/MEDIUM: mt_lists: Avoid el->prev = el->next = el

2025-10-23 BUG/MINOR: acme: memory leak from the config parser

2025-10-23 BUG/MEDIUM: build: limit excessive and counter-productive gcc-15 vectorization

2025-10-23 BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling

2025-10-23 BUG/MEDIUM: h3: properly encode response after interim one in same buf

2025-10-20 BUG/MAJOR: quic: uninitialized quic_conn_closed struct members

2025-10-20 BUG/MINOR: quic: SSL counters not handled

2025-10-20 BUG/MEDIUM: cli: also free the trash chunk on the error path

2025-10-20 BUG/MEDIUM: mt_list: Make sure not to unlock the element twice

2025-10-20 BUG/MEDIUM: threads/config: drop absent threads from thread groups

2025-10-20 BUG/MINOR: quic: check applet_putchk() for 'show quic' first line

2025-10-20 BUG/MEDIUM: stick-tables: Don't forget to dec count on failure.

2025-10-17 BUG/MINOR: quic: too short PADDING frame for too short packets

2025-10-16 BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id

2025-10-16 BUG/MINOR: pools: don't report "limited to the first X entries" by default

2025-10-16 BUG/MEDIUM: pools: fix crash on filtered "show pools" output

2025-10-16 BUG/MINOR: ssl: Potential NULL deref in trace macro

2025-10-16 BUG/MINOR: ssl: Free key_base from global_ssl structure during deinit

2025-10-16 BUG/MINOR: ssl: Free global_ssl structure contents during deinit

2025-10-14 BUG/MINOR: sink: retry attempt for sft server may never occur

2025-10-10 BUG/MEDIUM: apppet: Improve spinning loop detection with the new API

2025-10-10 BUG/MINOR: ssl: leak crtlist_name in ssl-f-use

2025-10-10 BUG/MINOR: ssl: leak in ssl-f-use

2025-10-10 BUG/MINOR: ssl: always clear the remains of the first hello for the second one

2025-10-10 BUG/MEDIUM: ssl: take care of second client hello

2025-10-07 BUG/MINOr: hlua: Fix receive from HTTP applet by properly accounting data

2025-10-07 BUG/MINOR: acme: avoid overflow when diff > notAfter

2025-10-03 BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response()

2025-10-02 BUG/MINOR: h3: forbid 'Z' as well in header field names checks

2025-10-02 BUG/MINOR: h2: forbid 'Z' as well in header field names checks

2025-10-02 BUG/CRITICAL: mjson: fix possible DoS when parsing numbers

2025-10-02 BUG/MEDIUM: fwlc: Handle memory allocation failures.

2025-10-01 BUG/MEDIUM: stick-tables: Make sure not to free a pending entry

2025-10-01 BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file

2025-10-01 BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix

2025-10-01 BUG/MINOR: acme: possible overflow in acme_will_expire()

2025-10-01 BUG/MINOR: acme: possible overflow on scheduling computation

2025-10-01 BUG/MINOR: pattern: Properly flag virtual maps as using samples

2025-10-01 BUG/MINOR: compression: Test payload size only if content-length is specified

2025-10-01 BUG/MEDIUM: wdt: improve stuck task detection accuracy

2025-09-29 BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC

2025-09-29 BUG/MEDIUM: acme: cfg_postsection_acme() don't init correctly acme sections

2025-09-29 BUG/MINOR: acme: don't unlink from acme_ctx_destroy()

2025-09-23 BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations

2025-09-23 BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt

2025-09-23 BUG/MINOR: acme/cli: wrong description for "acme challenge_ready"

2025-09-23 BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester

2025-09-23 BUG/MEDIUM: resolvers: Accept to create resolution without hostname

2025-09-23 BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value

2025-09-23 BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer

2025-09-23 BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers

2025-09-23 BUG/MEDIUM: resolvers: Properly cache do-resolv resolution

2025-09-23 DEBUG: peers: export functions that use locks

2025-09-23 DEBUG: stream: count the number of passes in the connect loop

2025-09-23 BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections

2025-09-23 BUG/MINOR: server: Update healthcheck when server settings are changed via CLI

2025-09-23 BUG/MEDIUM: server: Use sni as pool connection name for SSL server only

Merge date	Subject - Severity (minor, medium, major, critical)
2025-11-07	BUG/MEDIUM: server: close a race around ready_srv when deleting a server
2025-11-05	BUG/MEDIUM: connections: permit to permanently remove an idle conn
2025-11-05	BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle
2025-11-05	BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting
2025-11-05	BUG/MINOR: resolvers: ensure fair round robin iteration
2025-11-05	BUG/MINOR: ssl: returns when SSL_CTX_new failed during init
2025-11-05	BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records
2025-11-05	BUG/MINOR: init: Do not close previously created fd in stdio_quiet
2025-11-05	BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance
2025-10-27	BUG/MEDIUM: cli: do not return ACKs one char at a time
2025-10-27	BUG/MEDIUM: mt_list: Use atomic operations to prevent compiler optims
2025-10-27	BUG/MINOR: stick-tables: properly index string-type keys
2025-10-27	BUG/MEDIUM: applet: Improve again spinning loops detection with the new API
2025-10-27	BUG/MEDIUM: mt_lists: Avoid el->prev = el->next = el
2025-10-23	BUG/MINOR: acme: memory leak from the config parser
2025-10-23	BUG/MEDIUM: build: limit excessive and counter-productive gcc-15 vectorization
2025-10-23	BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling
2025-10-23	BUG/MEDIUM: h3: properly encode response after interim one in same buf
2025-10-20	BUG/MAJOR: quic: uninitialized quic_conn_closed struct members
2025-10-20	BUG/MINOR: quic: SSL counters not handled
2025-10-20	BUG/MEDIUM: cli: also free the trash chunk on the error path
2025-10-20	BUG/MEDIUM: mt_list: Make sure not to unlock the element twice
2025-10-20	BUG/MEDIUM: threads/config: drop absent threads from thread groups
2025-10-20	BUG/MINOR: quic: check applet_putchk() for 'show quic' first line
2025-10-20	BUG/MEDIUM: stick-tables: Don't forget to dec count on failure.
2025-10-17	BUG/MINOR: quic: too short PADDING frame for too short packets
2025-10-16	BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id
2025-10-16	BUG/MINOR: pools: don't report "limited to the first X entries" by default
2025-10-16	BUG/MEDIUM: pools: fix crash on filtered "show pools" output
2025-10-16	BUG/MINOR: ssl: Potential NULL deref in trace macro
2025-10-16	BUG/MINOR: ssl: Free key_base from global_ssl structure during deinit
2025-10-16	BUG/MINOR: ssl: Free global_ssl structure contents during deinit
2025-10-14	BUG/MINOR: sink: retry attempt for sft server may never occur
2025-10-10	BUG/MEDIUM: apppet: Improve spinning loop detection with the new API
2025-10-10	BUG/MINOR: ssl: leak crtlist_name in ssl-f-use
2025-10-10	BUG/MINOR: ssl: leak in ssl-f-use
2025-10-10	BUG/MINOR: ssl: always clear the remains of the first hello for the second one
2025-10-10	BUG/MEDIUM: ssl: take care of second client hello
2025-10-07	BUG/MINOr: hlua: Fix receive from HTTP applet by properly accounting data
2025-10-07	BUG/MINOR: acme: avoid overflow when diff > notAfter
2025-10-03	BUG/MEDIUM: resolvers: break an infinite loop in resolv_get_ip_from_response()
2025-10-02	BUG/MINOR: h3: forbid 'Z' as well in header field names checks
2025-10-02	BUG/MINOR: h2: forbid 'Z' as well in header field names checks
2025-10-02	BUG/CRITICAL: mjson: fix possible DoS when parsing numbers
2025-10-02	BUG/MEDIUM: fwlc: Handle memory allocation failures.
2025-10-01	BUG/MEDIUM: stick-tables: Make sure not to free a pending entry
2025-10-01	BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file
2025-10-01	BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix
2025-10-01	BUG/MINOR: acme: possible overflow in acme_will_expire()
2025-10-01	BUG/MINOR: acme: possible overflow on scheduling computation
2025-10-01	BUG/MINOR: pattern: Properly flag virtual maps as using samples
2025-10-01	BUG/MINOR: compression: Test payload size only if content-length is specified
2025-10-01	BUG/MEDIUM: wdt: improve stuck task detection accuracy
2025-09-29	BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC
2025-09-29	BUG/MEDIUM: acme: cfg_postsection_acme() don't init correctly acme sections
2025-09-29	BUG/MINOR: acme: don't unlink from acme_ctx_destroy()
2025-09-23	BUG/MINOR: pools: Fix the dump of pools info to deal with buffers limitations
2025-09-23	BUG/MEDIUM: stick-tables: Don't let table_process_entry() handle refcnt
2025-09-23	BUG/MINOR: acme/cli: wrong description for "acme challenge_ready"
2025-09-23	BUG/MEDIUM: resolvers: Wake resolver task up whne unlinking a stream requester
2025-09-23	BUG/MEDIUM: resolvers: Accept to create resolution without hostname
2025-09-23	BUG/MEDIUM: resolvers: Make resolution owns its hostname_dn value
2025-09-23	BUG/MEDIUM: resolvers: Test for empty tree when getting a record from DNS answer
2025-09-23	BUG/MINOR: resolvers: Restore round-robin selection on records in DNS answers
2025-09-23	BUG/MEDIUM: resolvers: Properly cache do-resolv resolution
2025-09-23	DEBUG: peers: export functions that use locks
2025-09-23	DEBUG: stream: count the number of passes in the connect loop
2025-09-23	BUG/MINOR: tcpcheck: Don't use sni as pool-conn-name for non-SSL connections
2025-09-23	BUG/MINOR: server: Update healthcheck when server settings are changed via CLI
2025-09-23	BUG/MEDIUM: server: Use sni as pool connection name for SSL server only

Back to the list of branches and versions
Back to the HAProxy page