HAProxy known bugs for version v3.2.9 (maintenance branch 3.2) : 195

This version (3.2.9) is a release belonging to maintenance branch 3.2 whose latest version is 3.2.16. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches.

Quick links

full changelog for 3.2 : here
browse history for 3.2 : here

Other versions in the same branch

This branch contains the following releases :

Date Version Comment

2026-04-23 3.2.16 ⇐ last

2026-03-19 3.2.15

2026-03-09 3.2.14

2026-02-19 3.2.13

2026-02-12 3.2.12

2026-01-29 3.2.11

2025-12-18 3.2.10

2025-11-21 3.2.9 ⇐ yours

2025-11-07 3.2.8

2025-10-23 3.2.7

2025-10-03 3.2.6

2025-09-23 3.2.5

2025-08-13 3.2.4

2025-07-09 3.2.3

2025-07-02 3.2.2

2025-06-11 3.2.1

2025-05-28 3.2.0

Date	Version	Comment
2026-04-23	3.2.16	⇐ last
2026-03-19	3.2.15
2026-03-09	3.2.14
2026-02-19	3.2.13
2026-02-12	3.2.12
2026-01-29	3.2.11
2025-12-18	3.2.10
2025-11-21	3.2.9	⇐ yours
2025-11-07	3.2.8
2025-10-23	3.2.7
2025-10-03	3.2.6
2025-09-23	3.2.5
2025-08-13	3.2.4
2025-07-09	3.2.3
2025-07-02	3.2.2
2025-06-11	3.2.1
2025-05-28	3.2.0

Known bugs affecting this version, and already fixed in the maintenance branch

These fixes have already been queued for a more recent 3.2 version. Some of them might have already been released in a more recent version than yours, and other ones might still be pending in the maintenance branch for a future release. The list may be empty if you're already on the latest version and no new fix was backported.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in this version by category :

Total CRITICAL MAJOR MEDIUM MINOR

195 0 11 59 125

Total	CRITICAL	MAJOR	MEDIUM	MINOR
195	0	11	59	125

Click on the subjects below to get the full description of the bug :

Merge date	Subject - Severity (minor, medium, major, critical)
2026-04-23	BUG/MEDIUM: mux-h1: Force close mode for bodyless message announcing a C-L
2026-04-23	BUG/MAJOR: mux-h2: detect incomplete transfers on HEADERS frames as well
2026-04-23	BUG/MINOR: debug: properly mark the entire libs archive read-only
2026-04-23	BUG/MINOR: compression: properly disable request when setting response
2026-04-23	BUG/MINOR: mux-h1: Fix test to skip trailers from chunked messages
2026-04-23	BUG/MINOR: mux-h1: Fix condition to send null-chunk for bodyless message
2026-04-23	BUG/MINOR: log: also wait for the response when logging response headers
2026-04-23	BUG/MINOR: H2: Don't forget to free shared_rx_bufs on failure
2026-04-23	BUG/MINOR: h2: Don't look at the exclusive bit for PRIORITY frame
2026-04-23	BUG/MINOR: h2: make tune.h2.log-errors actually work
2026-04-23	BUG/MEDIUM: tasks: Make sure we don't schedule a task already running
2026-04-23	BUG/MINOR: mux-h2: count a proto error when rejecting a stream on parsing error
2026-04-23	BUG/MINOR: mux-h2: count a protocol error when failing to parse a trailer
2026-04-23	BUG/MAJOR: sched: protect task->expire on 32-bit platforms
2026-04-21	BUG/MINOR: sample: adjust dependencies for channel output bytes counters
2026-04-21	BUG/MINOR: log: consider format expression dependencies to decide when to log
2026-04-17	BUG/MINOR: task: fix uninitialised read in run_tasks_from_lists()
2026-04-17	BUG/MEDIUM: mux-h2: ignore conn->owner when deciding if a connection is dead
2026-04-17	BUG/MEDIUM: peers: trash of expired entries delayed after fullresync
2026-04-17	BUG/MINOR: acme: don't pass NULL into format string
2026-04-17	BUG/MEDIUM: htx: Don't count delta twice when block value is replaced
2026-04-17	BUG/MEDIUM: htx: Fix function used to change part of a block value when defrag
2026-04-17	BUG/MEDIUM: cli: Properly handle too big payload on a command line
2026-04-17	BUG/MINOR: log: Fix error message when using unavailable fetch in logfmt
2026-04-17	BUG/MINOR: ot: fixed wrong NULL check in flt_ot_parse_cfg_group()
2026-04-10	BUG/MINOR: hlua: fix use-after-free of HTTP reason string
2026-04-10	BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize
2026-04-10	BUG/MINOR: sample: fix info leak in regsub when exp_replace fails
2026-04-10	BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples
2026-04-10	BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer()
2026-04-10	BUG/MINOR: resolvers: fix memory leak on AAAA additional records
2026-04-10	BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals
2026-04-10	BUG/MINOR: peers: fix OOB heap write in dictionary cache update
2026-04-10	BUG/MINOR: hlua: fix format-string vulnerability in Patref error path
2026-04-10	BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion
2026-04-10	BUG: hlua: fix stack overflow in httpclient headers conversion
2026-04-10	BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion
2026-04-10	BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni
2026-04-10	BUG/MINOR: http-act: fix a typo in the "pause" action error message
2026-04-10	BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request
2026-04-10	BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
2026-04-10	BUG/MINOR: cfgcond: always set the error string on openssl_version checks
2026-04-10	BUG/MINOR: cfgcond: properly set the error pointer on evaluation error
2026-04-10	BUG/MINOR: quic: fix documentation for transport params decoding
2026-04-10	BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing
2026-04-10	BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples
2026-04-10	BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option
2026-04-10	BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client
2026-04-10	BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level
2026-04-10	BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level
2026-04-10	BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level
2026-03-31	BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC
2026-03-31	BUG/MINOR: quic: close conn on packet reception with incompatible frame
2026-03-31	BUG/MINOR: acme: fix task allocation leaked upon error
2026-03-31	BUG/MEDIUM: acme: skip doing challenge if it is already valid
2026-03-31	BUG/MINOR: http-ana: Only consider client abort for abortonclose
2026-03-31	BUG/MINOR: config: Properly test warnif_misplaced_* return values
2026-03-31	BUG/MINOR: acme: permission checks on the CLI
2026-03-23	BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready'
2026-03-23	BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after
2026-03-23	BUG/MINOR: acme: free() DER buffer on a2base64url error path
2026-03-23	BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame
2026-03-23	BUG/MINOR: acme: fix incorrect number of arguments allowed in config
2026-03-23	BUG/MINOR: acme: wrong labels logic always memprintf errmsg
2026-03-23	BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns
2026-03-23	Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream"
2026-03-23	BUG/MINOR: acme/cli: wrong argument check in 'acme renew'
2026-03-23	BUG/MINOR: acme: wrong error when checking for duplicate section
2026-03-23	BUG/MINOR: acme: leak of ext_san upon insertion error
2026-03-23	BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req()
2026-03-23	BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
2026-03-23	BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
2026-03-23	BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc'
2026-03-19	BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume
2026-03-19	BUG/MEDIUM: h3: reject unaligned frames except DATA
2026-03-19	BUG/MAJOR: h3: check body size with content-length on empty FIN
2026-03-19	BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments
2026-03-19	BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID
2026-03-19	BUG/MEDIUM: peers: enforce check on incoming table key type
2026-03-19	BUG/MINOR: mworker: don't try to access an initializing process
2026-03-18	BUG/MINOR: spoe: Fix condition to abort processing on client abort
2026-03-18	BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads
2026-03-18	BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword
2026-03-18	BUG/MINOR: proxy: do not forget to validate quic-initial rules
2026-03-18	BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand
2026-03-18	BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message
2026-03-18	BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX message
2026-03-18	BUG/MEDIUM: spoe: Properly abort processing on client abort
2026-03-18	BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state
2026-03-18	BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS
2026-03-18	BUG/MINOR: mworker: avoid passing NULL version in proc list serialization
2026-03-18	BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup
2026-03-18	BUG/MINOR: mworker: fix typo &= instead of & in proc list serialization
2026-03-18	BUG/MINOR: mworker: only match worker processes when looking for unspawned proc
2026-03-18	BUG/MINOR: memprof: avoid a small memory leak in "show profiling"
2026-03-18	BUG/MINOR: mworker: always stop the receiving listener
2026-03-18	BUG/MINOR: jws: fix memory leak in jws_b64_signature
2026-03-18	BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect`
2026-03-18	BUG/MINOR: mworker: don't set the PROC_O_LEAVING flag on master process
2026-03-09	BUG/MINOR: backend: Don't get proto to use for webscoket if there is no server
2026-03-09	BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures
2026-03-05	BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending
2026-03-05	BUG/MAJOR: resolvers: Properly lowered the names found in DNS response
2026-03-05	BUG/MAJOR: fcgi: Fix param decoding by properly checking its size
2026-03-05	DEBUG: stream: Display the currently running rule in stream dump
2026-03-05	BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/"
2026-03-05	BUG/MEDIUM: qpack: correctly deal with too large decoded numbers
2026-03-05	BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx()
2026-03-05	BUG/MAJOR: qpack: unchecked length passed to huffman decoder
2026-03-05	BUG/MEDIUM: hpack: correctly deal with too large decoded numbers
2026-03-05	BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event
2026-03-05	BUG/MINOR: promex: fix server iteration when last server is deleted
2026-02-26	BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream
2026-02-18	BUG/MINOR: http-ana: Stop to wait for body on client error/abort
2026-02-18	BUG/MINOR: flt-trace: Properly compute length of the first DATA block
2026-02-18	BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2)
2026-02-18	BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states
2026-02-18	BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed
2026-02-18	BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented
2026-02-18	BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS"
2026-02-18	BUG/MINOR: ssl: error with ssl-f-use when no "crt"
2026-02-18	BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing
2026-02-18	BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error
2026-02-18	BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser
2026-02-18	BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration
2026-02-18	BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance
2026-02-18	BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized
2026-02-18	BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure
2026-02-18	BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst
2026-02-18	BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction
2026-02-18	BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv()
2026-02-18	BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths
2026-02-18	BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers
2026-02-18	BUG/MINOR: deviceatlas: add missing return on error in config parsers
2026-02-12	BUG/MAJOR: quic: fix parsing frame type
2026-02-12	BUG/MAJOR: quic: reject invalid token
2026-02-11	BUG/MINOR: startup: handle a possible strdup() failure
2026-02-11	BUG/MINOR: startup: fix allocation error message of progname string
2026-02-11	BUG/MINOR: config: Fix setting of alt_proto
2026-02-11	BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers
2026-02-11	BUG/MINOR: cpu-topo: count cores not cpus to distinguish core types
2026-02-11	BUG/MEDIUM: threads: Atomically set TH_FL_SLEEPING and clr FL_NOTIFIED
2026-01-30	BUG/MEDIUM: applet: Fix test on shut flags for legacy applets
2026-01-30	BUG/MAJOR: applet: Don't call I/O handler if the applet was shut
2026-01-29	BUG/MEDIUM: debug: only dump Lua state when panicking
2026-01-29	BUG/MINOR: config: check capture pool creations for failures
2026-01-29	BUG/MEDIUM: mux-h2: synchronize all conditions to create a new backend stream
2026-01-28	BUG/MINOR: mworker/cli: fix show proc pagination using reload counter
2026-01-28	BUG/MINOR: mworker/cli: 'show proc' is limited by buffer size
2026-01-27	BUG/MINOR: ssl: fix error message of tune.ssl.certificate-compression
2026-01-23	BUG/MEDIUM: mux-h1: Skip UNUSED htx block when formating the start line
2026-01-23	BUG/MINOR: promex: Detach promex from the server on error dump its metrics dump
2026-01-23	BUG/MINOR: hlua: consume error object if ignored after a failing lua_pcall()
2026-01-23	BUG/MEDIUM: hlua: fix invalid lua_pcall() usage in hlua_traceback()
2026-01-23	BUG/MINOR: proxy: fix deinit crash on defaults with duplicate name
2026-01-23	BUG/MEDIUM: mux-quic: prevent BUG_ON() on aborted uni stream close
2026-01-23	BUG/MEDIUM: ssl: fix generate-certificates option when SNI greater than 64bytes
2026-01-23	BUG/MEDIUM: ssl: fix error path on generate-certificates
2026-01-23	BUG/MEDIUM: log: parsing log-forward options may result in segfault
2026-01-23	BUG/MEDIUM: promex: server iteration may rely on stale server
2026-01-23	BUG/MINOR: cfgparse: fix "default" prefix parsing
2026-01-23	BUG/MINOR: proxy: free persist_rules
2026-01-23	BUG/MINOR: http_act: fix deinit performed on uninitialized lf_expr in release_http_map()
2026-01-23	BUG/MEDIUM: quic: fix ACK ECN frame parsing
2026-01-23	BUG/MINOR: hlua_fcn: ensure Patref:add_bulk() is given a table object before using it
2026-01-23	BUG/MINOR: hlua_fcn: fix broken yield for Patref:add_bulk()
2026-01-09	BUG/MINOR: cli/stick-tables: argument to "show table" is optional
2026-01-09	BUG/MINOR: cfgparse: wrong section name upon error
2026-01-09	BUG/MEDIUM: mworker: can't use signals after a failed reload
2026-01-09	BUG/MINOR: backend: inspect request not response buffer to check for TFO
2026-01-09	BUG/MINOR: backend: fix the conn_retries check for TFO
2026-01-09	BUG/MEDIUM: ssl: Don't resume session for check connections
2026-01-09	BUG/MEDIUM: ssl: Don't reuse TLS session if the connection's SNI differs
2026-01-09	BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux
2026-01-07	BUG/MEDIUM: stconn: Don't report abort from SC if read0 was already received
2026-01-07	BUG/MEDIUM: http-ana: Properly detect client abort when forwarding response (v2)
2025-12-16	BUG/MEDIUM: quic: Don't try to use hystart if not implemented
2025-12-15	BUG/MEDIUM: quic: handle collision on CID generation
2025-12-15	BUG/MINOR: check: only try connection reuse for http-check rulesets
2025-12-15	BUG/MINOR: mux-h2: send the preface along with the first request if needed
2025-12-15	BUG/MINOR: cfgparse-listen: update err_code for fatal error on proxy directive
2025-12-15	BUG/MEDIUM: quic: support some ciphersuites and curves related options
2025-12-12	BUG/MEDIUM: http-ana: Don't close server connection on read0 in TUNNEL mode
2025-12-12	BUG/MINOR: ssl: Don't allow to set NULL sni
2025-12-12	BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces
2025-12-12	BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo
2025-12-12	BUG/MINOR: jwt: Missing "case" in switch statement
2025-12-12	BUG/MINOR: acme: fix ha_alert() call
2025-12-12	BUG/MINOR: acme: warning ‘ctx’ may be used uninitialized
2025-12-12	BUG/MINOR: acme: better challenge_ready processing
2025-12-12	BUG/MINOR: acme: prevent creating map entries with dns-01
2025-12-12	BUG/MINOR: acme: handle multiple auth with the same name
2025-12-12	BUG/MEDIUM: cli: State the cli have no more data to deliver if it yields
2025-12-12	BUG/MEDIUM: applet: Fix conditions to detect spinning loop with the new API
2025-12-12	BUG/MINOR: http-ana: Reset analyse_exp date after 'wait-for-body' action
2025-12-12	BUG/MEDIUM: h1-htx: Don't set HTX_FL_EOM flag on 1xx informational messages
2025-12-11	BUG/MEDIUM: mworker/listener: ambiguous use of RX_F_INHERITED with shards

Back to the list of branches and versions
Back to the HAProxy page