HAProxy known bugs for maintenance branch 2.4 : 0

This is maintenance branch 2.4 whose latest version is 2.4.31. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 2.4 version other than 2.4.31, you're running with known bugs.

Quick links

full changelog for 2.4 : here
browse history for 2.4 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2026-03-09 2.4.31 ⇐ last

2025-10-03 2.4.30

2025-04-22 2.4.29

2024-11-08 2.4.28

2024-06-18 2.4.27

2024-04-05 2.4.26

2023-12-14 2.4.25

2023-08-19 2.4.24

2023-06-09 2.4.23

2023-02-14 2.4.22

2023-01-27 2.4.21

2022-12-09 2.4.20

2022-09-28 2.4.19

2022-07-27 2.4.18

2022-05-13 2.4.17

2022-04-29 2.4.16

2022-03-14 2.4.15

2022-02-25 2.4.14

2022-02-16 2.4.13

2022-01-11 2.4.12

2022-01-07 2.4.11

2021-12-23 2.4.10

2021-11-24 2.4.9

2021-11-03 2.4.8

2021-10-04 2.4.7

2021-10-04 2.4.6

2021-10-01 2.4.5

2021-09-07 2.4.4

2021-08-17 2.4.3

2021-07-07 2.4.2

2021-06-17 2.4.1

2021-05-14 2.4.0

Date	Version	Comment
2026-03-09	2.4.31	⇐ last
2025-10-03	2.4.30
2025-04-22	2.4.29
2024-11-08	2.4.28
2024-06-18	2.4.27
2024-04-05	2.4.26
2023-12-14	2.4.25
2023-08-19	2.4.24
2023-06-09	2.4.23
2023-02-14	2.4.22
2023-01-27	2.4.21
2022-12-09	2.4.20
2022-09-28	2.4.19
2022-07-27	2.4.18
2022-05-13	2.4.17
2022-04-29	2.4.16
2022-03-14	2.4.15
2022-02-25	2.4.14
2022-02-16	2.4.13
2022-01-11	2.4.12
2022-01-07	2.4.11
2021-12-23	2.4.10
2021-11-24	2.4.9
2021-11-03	2.4.8
2021-10-04	2.4.7
2021-10-04	2.4.6
2021-10-01	2.4.5
2021-09-07	2.4.4
2021-08-17	2.4.3
2021-07-07	2.4.2
2021-06-17	2.4.1
2021-05-14	2.4.0

Fixes for known bugs pending in this branch since the last release (2.4.31)

These fixes have already been queued for the next 2.4 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

0 0 0 0 0

Total	CRITICAL	MAJOR	MEDIUM	MINOR
0	0	0	0	0

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date	Subject
2026-04-15	BUG/MINOR: threads: properly set the number of tgroups when non using policy
2026-04-15	BUG/MINOR: acme: fix fallback state after failed initial DNS check
2026-04-15	BUG/MEDIUM: peers: trash of expired entries delayed after fullresync
2026-04-14	BUG/MEDIUM: htx: Don't count delta twice when block value is replaced
2026-04-14	BUG/MEDIUM: htx: Properly handle block modification during defragmentation
2026-04-13	BUG/MINOR: haterm: don't apply the default pipe size margin twice
2026-04-13	BUG/MINOR: acme: don't pass NULL into format string
2026-04-13	BUG/MINOR: acme: read the wildcard flag from the authorization response
2026-04-13	BUG/MINOR: haterm: preserve the pipe size margin for splicing
2026-04-13	BUG/MEDIUM: cli: Properly handle too big payload on a command line
2026-04-13	BUG/MINOR: log: Fix error message when using unavailable fetch in logfmt
2026-04-13	BUG/MINOR: quic: do not use hardcoded values in QMux TP frame builder
2026-04-13	BUG/MINOR: ot: fixed wrong NULL check in flt_ot_parse_cfg_group()
2026-04-13	BUG/MINOR: ot: removed dead code in flt_ot_parse_cfg_str()
2026-04-13	BUG/MINOR: xprt_qstrm: do not parse record length on read again
2026-04-13	BUG/MINOR: mux_quic: prevent QMux crash on qcc_io_send() error path
2026-04-10	BUG/MEDIUM: haterm: Properly initialize the splicing support for haterm
2026-04-10	Revert "BUG/MEDIUM: haterm: Move all init functions of haterm in haterm_init.c"
2026-04-10	BUG/MINOR: do not crash on QMux reception of BLOCKED frames
2026-04-10	BUG/MINOR: quic: increment pos pointer on QMux transport params parsing
2026-04-10	BUG/MINOR: mux-quic: fix potential NULL deref on qcc_release()
2026-04-10	BUG/MINOR: hlua: fix use-after-free of HTTP reason string
2026-04-10	BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize
2026-04-10	BUG/MINOR: sample: fix info leak in regsub when exp_replace fails
2026-04-09	BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples
2026-04-09	BUG/MINOR: haterm: Return the good start-line for 100-continue interim message
2026-04-09	BUG/MINOR: http-act: validate decoded lengths in *-headers-bin
2026-04-09	BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer()
2026-04-09	BUG/MINOR: resolvers: fix memory leak on AAAA additional records
2026-04-08	BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals
2026-04-08	Revert "BUG: hlua: fix stack overflow in httpclient headers conversion"
2026-04-08	BUG/MEDIUM: connection: Wake the stconn on error when failing to create mux
2026-04-07	BUG/MINOR: peers: fix OOB heap write in dictionary cache update
2026-04-07	BUG/MEDIUM: chunk: fix infinite loop in get_larger_trash_chunk()
2026-04-07	BUG/MEDIUM: chunk: fix typo allocating small trash with bufsize_large
2026-04-07	BUG/MINOR: hlua: fix format-string vulnerability in Patref error path
2026-04-07	BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion
2026-04-07	BUG: hlua: fix stack overflow in httpclient headers conversion
2026-04-07	BUG/MEDIUM: jwe: fix memory leak in jwt_decrypt_secret with var argument
2026-04-07	BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion
2026-04-07	BUG/MEDIUM: jwe: fix NULL deref crash with empty CEK and non-dir alg
2026-04-07	BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni
2026-04-05	BUG/MEDIUM: tcpcheck: Properly retrieve tcpcheck type to install the best mux
2026-04-04	BUG/MINOR: counters: fix unexpected 127 char GUID truncation for shm-stats-file objects
2026-04-03	BUG/MEDIUM: tcpcheck/server: Fix parsing of healthcheck param for dynamic servers
2026-04-03	BUG/MINOR: http-act: fix a typo in the "pause" action error message
2026-04-03	BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request
2026-04-03	BUG/MEDIUM: haterm: Move all init functions of haterm in haterm_init.c
2026-04-03	BUG/MINOR: ssl: fix memory leak in ssl_fc_crtname by using SSL_CTX ex_data index
2026-04-03	BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
2026-04-03	BUG/MINOR: cfgcond: always set the error string on awslc_api checks
2026-04-03	BUG/MINOR: cfgcond: always set the error string on openssl_version checks
2026-04-03	BUG/MINOR: cfgcond: properly set the error pointer on evaluation error
2026-04-02	BUG/MINOR: mux_quic: fix uninit for QMux emission
2026-04-02	DEBUG: connection/flags: add QSTRM flags for the decoder
2026-04-02	BUG/MINOR: quic: fix documentation for transport params decoding
2026-04-01	BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing
2026-04-01	BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples
2026-04-01	BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option
2026-04-01	BUG/MINOR: http_act: Make set/add-headers-bin compatible with ACL conditions
2026-04-01	BUG/MINOR: http_act: Properly handle decoding errors in *-headers-bin actions
2026-03-31	BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client
2026-03-31	BUG/MEDIUM: map/cli: CLI commands lack admin permission checks
2026-03-31	BUG/MEDIUM: ssl/ocsp: ocsp commands are missing permission checks
2026-03-31	BUG/MEDIUM: ssl/cli: tls-keys commands are missing permission checks
2026-03-31	BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level
2026-03-31	BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level
2026-03-31	BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level
2026-03-30	BUG/MINOR: net_helper: fix length controls on ip.fp tcp options parsing
2026-03-30	BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC
2026-03-30	BUG/MINOR: quic: close conn on packet reception with incompatible frame
2026-03-27	BUG/MEDIUM: htx: Fix htx_xfer() to consume more data than expected
2026-03-27	BUG/MINOR: acme: fix task allocation leaked upon error
2026-03-27	BUG/MEDIUM: acme: skip doing challenge if it is already valid
2026-03-27	BUG/MINOR: http-ana: Only consider client abort for abortonclose
2026-03-27	BUG/MINOR: config: Properly test warnif_misplaced_* return values
2026-03-27	BUG/MINOR: config: Warn only if warnif_cond_conflicts report a conflict
2026-03-26	BUG/MEDIUM: check: Don't reuse the server xprt if we should not
2026-03-25	BUG/MINOR: acme: permission checks on the CLI
2026-03-25	BUG/MINOR: ech: permission checks on the CLI
2026-03-23	BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready'
2026-03-23	BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after
2026-03-23	BUG/MINOR: acme: free() DER buffer on a2base64url error path
2026-03-23	BUG/MINOR: acme: NULL check on my_strndup()
2026-03-23	Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream"
2026-03-23	BUG/MINOR: http_htx: fix null deref in http-errors config check
2026-03-23	BUG/MINOR: acme/cli: wrong argument check in 'acme renew'
2026-03-23	BUG/MINOR: acme: wrong error when checking for duplicate section
2026-03-23	BUG/MINOR: acme: leak of ext_san upon insertion error
2026-03-23	BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req()
2026-03-20	BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
2026-03-20	BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
2026-03-19	BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc'
2026-03-19	BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume
2026-03-19	BUG/MEDIUM: h3: reject unaligned frames except DATA
2026-03-19	BUG/MAJOR: h3: check body size with content-length on empty FIN
2026-03-19	BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments
2026-03-19	BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID
2026-03-19	BUG/MEDIUM: peers: enforce check on incoming table key type
2026-03-18	BUG/MINOR: mworker: don't try to access an initializing process
2026-03-18	BUG/MINOR: spoe: Fix condition to abort processing on client abort
2026-03-17	BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads
2026-03-17	BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword
2026-03-17	BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand
2026-03-17	BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message
2026-03-17	BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX message
2026-03-17	BUG/MEDIUM: stconn: Don't perform L7 retries with large buffer
2026-03-17	BUG/MEDIUM: stconn: Fix abort on close when a large buffer is used
2026-03-17	BUG/MEDIUM: spoe: Properly abort processing on client abort
2026-03-17	BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state
2026-03-17	BUG/MEDIUM: stconn: Don't forget to wakeup applets on shutdown
2026-03-16	BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS
2026-03-13	BUG/MINOR: mworker: avoid passing NULL version in proc list serialization
2026-03-13	BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup
2026-03-13	BUG/MINOR: mworker: fix typo &= instead of & in proc list serialization
2026-03-13	BUG/MINOR: mworker: only match worker processes when looking for unspawned proc
2026-03-12	BUG/MINOR: proxy: do not forget to validate quic-initial rules
2026-03-12	BUG/MINOR: memprof: avoid a small memory leak in "show profiling"
2026-03-12	BUG/MEDIUM: ssl: Don't report read data as early data with AWS-LC
2026-03-12	BUG/MINOR: mworker: always stop the receiving listener
2026-03-12	BUG/MEDIUM: ssl: Handle receiving early data with BoringSSL/AWS-LC
2026-03-12	BUG/MINOR: jws: fix memory leak in jws_b64_signature
2026-03-12	BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect`
2026-03-10	DEBUG: stconn: Add a CHECK_IF() when I/O are performed on a orphan SC

Back to the list of branches and versions
Back to the HAProxy page