HAProxy known bugs for maintenance branch 3.0 : 13

This is maintenance branch 3.0 whose latest version is 3.0.11. If your version is not the last one in the maintenance branch, you are missing fixes for known bugs, and by not updating you are needlessly taking the responsibility for the risk of unexpected service outages and exposing your web site to possible security issues.

The HAProxy development team takes a great care of maintaining stable versions so that all users can apply bug fixes without having to take the risk of upgrading to a new branch. In turn users are expected to apply the fixes when the development team estimates that they were worth being backported to stable branches. In short, if you are running any 3.0 version other than 3.0.11, you're running with known bugs.

Quick links

full changelog for 3.0 : here
browse history for 3.0 : here

Versions available in this branch

This branch contains the following releases :

Date Version Comment

2025-06-02 3.0.11 ⇐ last

2025-04-22 3.0.10

2025-03-20 3.0.9

2025-01-29 3.0.8

2024-12-12 3.0.7

2024-11-07 3.0.6

2024-09-19 3.0.5

2024-09-03 3.0.4

2024-07-11 3.0.3

2024-06-14 3.0.2

2024-06-10 3.0.1

2024-05-29 3.0.0

Date	Version	Comment
2025-06-02	3.0.11	⇐ last
2025-04-22	3.0.10
2025-03-20	3.0.9
2025-01-29	3.0.8
2024-12-12	3.0.7
2024-11-07	3.0.6
2024-09-19	3.0.5
2024-09-03	3.0.4
2024-07-11	3.0.3
2024-06-14	3.0.2
2024-06-10	3.0.1
2024-05-29	3.0.0

Fixes for known bugs pending in this branch since the last release (3.0.11)

These fixes have already been queued for the next 3.0 release but no version was released with them yet. Note that fixes are backported several at a time from the development branch to maintenance branches, and the absence of a fix here doesn't mean none will be issued soon.

Bugs are almost always tagged with a severity (some people forget the severity tag when the bug is minor). The following severities are used :

MINOR: the bug presents a limited impact and can easily be mitigated ; users rarely upgrade just for these ones ;
MEDIUM: the bug can cause some undesired behaviour and may require some tricky configuration changes to avoid hitting it ; users normally upgrade to get rid of them, or temporarily disable a functionality.
MAJOR: the bug affects short term reliability and cannot easily be worked around without a significant performance penalty or without a significant functional loss ; such bugs don't stay long in the queue without a release and users must plan an upgrade as soon as possible ;
CRITICAL: this one very rarely happens ; it indicates a short-term reliability or security issue for which there is no workaround. A release will be emitted for this fix even if it's alone and users are urged to upgrade immediately. Some distro maintainers might have been informed in advance in order to agree on a coordinated release date.

Total known bugs in the latest version of this branch by category :

Total CRITICAL MAJOR MEDIUM MINOR

13 0 0 7 6

Total	CRITICAL	MAJOR	MEDIUM	MINOR
13	0	0	7	6

Click on the subjects below to get the full description of the bug :

Merge date Subject - Severity (minor, medium, major, critical)

2025-08-05 BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator

2025-08-05 BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency

2025-07-22 BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers

2025-06-17 BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported

2025-06-17 BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available

2025-06-17 BUG/MINOR: config/server: reject QUIC addresses

2025-06-17 BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing

2025-06-17 BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info

2025-06-17 BUG/MINOR: quic: Missing SSL session object freeing

2025-06-17 BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout

2025-06-02 BUG/MINOR: quic: ensure cwnd limits are always enforced

2025-06-02 BUG/MINOR: mux-quic: do not decode if conn in error

2025-06-02 BUG/MEDIUM: peers: also limit the number of incoming updates

Merge date	Subject - Severity (minor, medium, major, critical)
2025-08-05	BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
2025-08-05	BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency
2025-07-22	BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
2025-06-17	BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
2025-06-17	BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
2025-06-17	BUG/MINOR: config/server: reject QUIC addresses
2025-06-17	BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
2025-06-17	BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
2025-06-17	BUG/MINOR: quic: Missing SSL session object freeing
2025-06-17	BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
2025-06-02	BUG/MINOR: quic: ensure cwnd limits are always enforced
2025-06-02	BUG/MINOR: mux-quic: do not decode if conn in error
2025-06-02	BUG/MEDIUM: peers: also limit the number of incoming updates

Known bugs fixed in the development branch after the last commit in this branch

It is important to understand that not all of these commits are necessarily relevant to this version, but clicking on them will show the bug description. All fixes are made first in the development branch and then backported to the maintenance branches. This ensures no fix is lost when upgrading. If a fix was marked for backporting to this branch and is not there yet, it's likely that it is still missing. Do not hesitate to ask on the haproxy mailing list if you feel like a fix has been skipped.

Date Subject

2025-08-22 BUG/MINOR: quic: don't coalesce probing and ACK packet of same type

2025-08-22 BUG/MAJOR: quic: fix INITIAL padding with probing packet only

2025-08-22 BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested

2025-08-22 BUG/MEDIUM: quic: reset padding when building GSO datagrams

2025-08-21 BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval

2025-08-21 BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind

2025-08-21 BUG/MEDIUM: quic-be: crash after backend CID allocation failures

2025-08-21 BUG/MINOR: quic-be: missing Initial packet number space discarding

2025-08-21 BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW

2025-08-20 BUG/MEDIUM: mworker: more verbose error upon loading failure

2025-08-20 BUG/MEDIUM: quic-be: do not initialize ->conn too early

2025-08-20 BUG/MEDIUM: quic: crash after quic_conn allocation failures

2025-08-20 BUG/MEDIUM: cli: Report inbuf is no longer full when a line is consumed

2025-08-20 BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames

2025-08-14 BUG/MINOR: mux-h1: fix wrong lock label

2025-08-14 BUG/MEDIUM: quic: listener connection stuck during handshakes (OpenSSL 3.5)

2025-08-11 BUG/MINOR: init: Initialize random seed earlier in the init process

2025-08-08 BUG/MEDIUM: ssl: fix build with AWS-LC

2025-08-08 BUG/MEDIUM: ssl: Fix 0rtt to the server

2025-08-08 BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR

2025-08-07 BUG/MINOR: proxy: avoid NULL-deref in post_section_px_cleanup()

2025-08-07 BUG/MINOR: cfgparse-listen: update err_code for fatal error on proxy directive

2025-08-07 BUG/MINOR: cfgparse: immediately stop after hard error in srv_init()

2025-08-06 DEBUG: pools: also retrieve file and line for direct callers of create_pool()

2025-08-06 DEBUG: pools: store the pool registration file name and line number

2025-08-05 BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator

2025-08-05 BUG/MINOR: acme: possible integer underflow in acme_txt_record()

Date	Subject
2025-08-22	BUG/MINOR: quic: don't coalesce probing and ACK packet of same type
2025-08-22	BUG/MAJOR: quic: fix INITIAL padding with probing packet only
2025-08-22	BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
2025-08-22	BUG/MEDIUM: quic: reset padding when building GSO datagrams
2025-08-21	BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
2025-08-21	BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind
2025-08-21	BUG/MEDIUM: quic-be: crash after backend CID allocation failures
2025-08-21	BUG/MINOR: quic-be: missing Initial packet number space discarding
2025-08-21	BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW
2025-08-20	BUG/MEDIUM: mworker: more verbose error upon loading failure
2025-08-20	BUG/MEDIUM: quic-be: do not initialize ->conn too early
2025-08-20	BUG/MEDIUM: quic: crash after quic_conn allocation failures
2025-08-20	BUG/MEDIUM: cli: Report inbuf is no longer full when a line is consumed
2025-08-20	BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames
2025-08-14	BUG/MINOR: mux-h1: fix wrong lock label
2025-08-14	BUG/MEDIUM: quic: listener connection stuck during handshakes (OpenSSL 3.5)
2025-08-11	BUG/MINOR: init: Initialize random seed earlier in the init process
2025-08-08	BUG/MEDIUM: ssl: fix build with AWS-LC
2025-08-08	BUG/MEDIUM: ssl: Fix 0rtt to the server
2025-08-08	BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
2025-08-07	BUG/MINOR: proxy: avoid NULL-deref in post_section_px_cleanup()
2025-08-07	BUG/MINOR: cfgparse-listen: update err_code for fatal error on proxy directive
2025-08-07	BUG/MINOR: cfgparse: immediately stop after hard error in srv_init()
2025-08-06	DEBUG: pools: also retrieve file and line for direct callers of create_pool()
2025-08-06	DEBUG: pools: store the pool registration file name and line number
2025-08-05	BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
2025-08-05	BUG/MINOR: acme: possible integer underflow in acme_txt_record()

Back to the list of branches and versions
Back to the HAProxy page