| Merge date | Subject - Severity (minor, medium, major, critical) |
|---|
| 2025-05-28 | BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0 |
| 2025-05-28 | BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request |
| 2025-05-28 | BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent |
| 2025-05-28 | BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers |
| 2025-05-28 | BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation |
| 2025-05-28 | BUG/MINOR: cli: fix too many args detection for commands |
| 2025-05-28 | BUG/MINOR: quic: reject invalid max_udp_payload size |
| 2025-05-28 | BUG/MINOR: quic: fix TP reject on invalid max-ack-delay |
| 2025-05-28 | BUG/MINOR: quic: use proper error code on invalid received TP value |
| 2025-05-28 | BUG/MINOR: quic: reject retry_source_cid TP on server side |
| 2025-05-28 | BUG/MINOR: quic: use proper error code on invalid server TP |
| 2025-05-28 | BUG/MINOR: quic: use proper error code on missing CID in TPs |
| 2025-05-28 | BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection |
| 2025-05-28 | BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade |
| 2025-05-28 | BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers |
| 2025-05-28 | BUG/MINOR: cli: Issue an error when too many args are passed for a command |
| 2025-04-22 | BUG/MINOR: mux-quic: fix BUG_ON() crash on init failure after app-ops |
| 2025-04-22 | BUG/MINOR: mux-h2: prevent past scheduling with idle connections |
| 2025-04-22 | BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure |
| 2025-04-22 | BUG/MINOR: h3: reject request URI with invalid characters |
| 2025-04-22 | BUG/MINOR: h3: reject invalid :path in request |
| 2025-04-22 | BUG/MINOR: h3: filter upgrade connection header |
| 2025-04-22 | BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding |
| 2025-04-22 | BUG/MEDIUM: h3: trim whitespaces when parsing headers value |
| 2025-04-17 | BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers (2) |
| 2025-04-17 | BUG/MINOR: hlua: fix invalid errmsg use in hlua_init() |
| 2025-04-17 | BUG/MINOR: backend: do not use the source port when hashing clientip |
| 2025-04-17 | BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs |
| 2025-04-17 | BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port |
| 2025-04-17 | BUG/MINOR: backend: do not overwrite srv dst address on reuse |
| 2025-04-17 | BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays |
| 2025-04-17 | BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node |
| 2025-04-17 | BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks |
| 2025-04-17 | BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup() |
| 2025-04-17 | BUG/MINOR: namespace: handle a possible strdup() failure |
| 2025-04-17 | BUG/MINOR: server: dont return immediately from parse_server() when skipping checks |
| 2025-04-17 | BUG/MINOR: cfgparse/peers: properly handle ignored local peer case |
| 2025-04-17 | BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server |
| 2025-04-17 | BUG/MEIDUM: startup: return to initial cwd only after check_config_validity() |
| 2025-04-17 | BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer |
| 2025-04-17 | BUG/MINOR: h2: always trim leading and trailing LWS in header values |
| 2025-04-17 | BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers |
| 2025-04-17 | BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers |
| 2025-04-17 | BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer |
| 2025-04-17 | BUG/MINOR: flt-trace: Support only one name option |
| 2025-04-17 | BUG/MINOR: auth: Fix a leak on error path when parsing user's groups |
| 2025-04-17 | BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive |
| 2025-04-17 | BUG/MINOR: cli: Fix a possible infinite loop in _getsocks() |
| 2025-04-17 | BUG/MINOR: cli: Fix memory leak on error for _getsocks command |
| 2025-04-17 | BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval |
| 2025-04-17 | BUG/MINOR: quic: prevent crash on conn access after MUX init failure |
| 2025-04-17 | BUG/MINOR: fcgi: Don't set the status to 302 if it is already set |
| 2025-04-17 | BUG/MEDIUM: filters: Handle filters registered on data with no payload callback |
| 2025-04-17 | BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker |
| 2025-04-17 | BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding |
| 2025-04-17 | BUG/MINOR: quic: reserve length field for long header encoding |
| 2025-04-17 | BUG/MINOR: server: fix the "server-template" prefix memory leak |
| 2025-04-16 | BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity |
| 2025-04-16 | BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks() |
| 2025-04-16 | BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED |
| 2025-04-16 | BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY |
| 2025-02-19 | BUG/MEDIUM: spoe: Don't wakeup idle applets in loop during stopping |
| 2025-02-19 | BUG/MINOR: spoe: Allow applet creation when closing the last one during stopping |
| 2025-02-19 | BUG/MINOR: spoe: Check the shared waiting queue to shut applets during stopping |
| 2025-02-19 | BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade |
| 2025-02-19 | BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only |
| 2025-02-19 | BUG/MINOR: h2: reject extended connect for h2c protocol |
| 2025-02-19 | BUG/MINOR: h1: do not forward h2c upgrade header token |
| 2025-02-19 | BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit |
| 2025-02-11 | BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3 |
| 2025-01-28 | BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions" |
| 2025-01-28 | BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES |
| 2025-01-28 | BUG/MINOR: quic: do not increase congestion window if app limited |
| 2025-01-23 | MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount |
| 2025-01-23 | BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours |
| 2025-01-23 | BUG/MAJOR: quic: reject too large CRYPTO frames |
| 2025-01-23 | BUG/MEDIUM: stktable: fix missing lock on some table converters |
| 2025-01-23 | BUG/MINOR: quic: reject NEW_TOKEN frames from clients |
| 2025-01-23 | BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey() |
| 2025-01-09 | BUG/MEDIUM: queue: Make process_srv_queue return the number of streams |
| 2025-01-09 | BUG/MEDIUM: queues: Do not use pendconn_grab_from_px(). |
| 2025-01-09 | BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving |
| 2025-01-09 | BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state |
| 2025-01-09 | BUG/MINOR: stream: unblock stream on wait-for-handshake completion |
| 2025-01-09 | BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg} |
| 2025-01-09 | BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections |
| 2025-01-09 | BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks |
| 2025-01-09 | BUG/MINOR: signal: register default handler for SIGINT in signal_init() |
| 2025-01-09 | BUG/MINOR: h1-htx: Use default reason if not set when formatting the response |
| 2025-01-09 | BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry |
| 2025-01-09 | BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set |
| 2025-01-09 | BUG/MEDIUM: http-ana: Don't release too early the L7 buffer |
| 2025-01-09 | BUG/MAJOR: quic: fix wrong packet building due to already acked frames |
| 2025-01-09 | BUG/MEDIUM: h3: Increase max number of headers when sending headers |
| 2025-01-09 | BUG/MEDIUM: h3: Properly limit the number of headers received |
| 2025-01-09 | BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding |
| 2025-01-09 | BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames |
| 2025-01-09 | BUG/MINOR: http-ana: Adjust the server status before the L7 retries |
| 2025-01-09 | BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only |
| 2025-01-09 | BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration |
| 2025-01-09 | BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration |
| 2025-01-09 | BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration |
| 2025-01-09 | BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID |
| 2025-01-09 | BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list |
| 2025-01-09 | BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI |
| 2025-01-09 | BUG/MEDIUM: queue: make sure never to queue when there's no more served conns |
| 2025-01-09 | BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server |
| 2025-01-09 | BUG/MEDIUM: stream: make stream_shutdown() async-safe |
| 2024-11-08 | BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown |
| 2024-11-06 | BUG/MINOR: http-ana: Report internal error if an action yields on a final eval |
| 2024-11-06 | BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly |
| 2024-11-06 | BUG/MEDIUM: server: fix race on servers_list during server deletion |
| 2024-11-06 | BUG/MINOR: server: fix dynamic server leak with check on failed init |
| 2024-11-06 | BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families |
| 2024-11-06 | BUG/MINOR: mworker: fix mworker-max-reloads parser |
| 2024-11-06 | BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid |
| 2024-11-06 | BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() |
| 2024-11-06 | BUG/MEDIUM: hlua: make hlua_ctx_renew() safe |
| 2024-11-06 | BUG/MEDIUM: server: server stuck in maintenance after FQDN change |
| 2024-11-06 | BUG/MINOR: cfgparse-global: fix allowed args number for setenv |
| 2024-11-06 | BUG/MEDIUM: cli: Deadlock when setting frontend maxconn |
| 2024-09-18 | BUG/MINOR: cfgparse-listen: fix option httpslog override warning message |
| 2024-09-17 | BUG/MEDIUM: promex: Wait to have the request before sending the response |
| 2024-09-17 | BUG/MEDIUM: cache/stats: Wait to have the request before sending the response |
| 2024-09-17 | BUG/MEDIUM: queue: implement a flag to check for the dequeuing |
| 2024-09-17 | BUG/MINOR: polling: fix time reporting when using busy polling |
| 2024-09-17 | BUG/MEDIUM: pattern: prevent UAF on reused pattern expr |
| 2024-09-17 | BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() |
| 2024-09-17 | BUG/MINOR: pattern: do not leave a leading comma on "set" error messages |
| 2024-09-17 | BUG/MINOR: pattern: pat_ref_set: return 0 if err was found |
| 2024-09-17 | BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity |
| 2024-09-17 | BUG/MINOR: h3: properly reject too long header responses |
| 2024-09-17 | BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails |
| 2024-09-17 | BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID |
| 2024-09-17 | BUG/MINOR: proto_tcp: keep error msg if listen() fails |
| 2024-09-17 | BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails |
| 2024-09-17 | BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE |
| 2024-09-17 | BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion |
| 2024-09-17 | BUG/MINOR: trace: automatically start in waiting mode with "start " |
| 2024-09-17 | BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc |
| 2024-09-17 | BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn |
| 2024-09-17 | BUG/MINOR: fcgi-app: handle a possible strdup() failure |
| 2024-09-17 | BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams |
| 2024-09-17 | BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content |
| 2024-09-17 | BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli |
| 2024-09-17 | BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready |
| 2024-07-31 | BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn |
| 2024-07-31 | BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() |
| 2024-07-31 | BUG/MINOR: cli: Atomically inc the global request counter between CLI commands |
| 2024-07-31 | BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution |
| 2024-07-31 | BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter |
| 2024-07-31 | BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread |
| 2024-07-31 | BUG/MEDIUM: h1: Reject empty Transfer-encoding header |
| 2024-07-31 | BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value |
| 2024-07-31 | BUG/MINOR: h1: Fail to parse empty transfer coding names |
| 2024-07-31 | BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature |
| 2024-07-31 | BUG/MINOR: jwt: fix variable initialisation |
| 2024-07-31 | BUG/MINOR: jwt: don't try to load files with HMAC algorithm |
| 2024-07-31 | BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) |
| 2024-07-03 | BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid |
| 2024-07-03 | BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid |
| 2024-07-03 | BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() |
| 2024-07-03 | BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure |
| 2024-07-03 | BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure |
| 2024-07-03 | BUG/MINOR: quic: fix computed length of emitted STREAM frames |
| 2024-06-19 | BUG/MEDIUM: cli: fix cli_output_msg() regression |
| 2024-06-07 | BUG/MINOR: haproxy: only tid 0 must not sleep if got signal |
| 2024-06-07 | BUG/MEDIUM: quic: don't blindly rely on unaligned accesses |
| 2024-06-07 | BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe |
| 2024-06-07 | BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1 |
| 2024-06-07 | BUG/MAJOR: server: do not delete srv referenced by session |
| 2024-06-07 | BUG/MEDIUM: quic: fix connection freeze on post handshake |
| 2024-06-07 | BUG/MEDIUM: server: fix dynamic servers initial settings |
| 2024-06-07 | BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration |
| 2024-06-07 | BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path |
| 2024-06-07 | BUG/MINOR: hlua: prevent LJMP in hlua_traceback() |
| 2024-06-07 | BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage |
| 2024-06-07 | BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP |
| 2024-06-07 | BUG/MINOR: quic: prevent crash on qc_kill_conn() |
| 2024-06-07 | BUG/MINOR: hlua: use CertCache.set() from various hlua contexts |
| 2024-06-07 | BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory |
| 2024-06-07 | BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser |
| 2024-06-07 | BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning |
| 2024-06-07 | BUG/MINOR: activity: fix Delta_calls and Delta_bytes count |
| 2024-06-07 | BUG/MINOR: ssl/ocsp: init callback func ptr as NULL |
| 2024-06-07 | BUG/MINOR: server: Don't reset resolver options on a new default-server line |
| 2024-06-07 | BUG/MINOR: http-htx: Support default path during scheme based normalization |
| 2024-06-07 | BUG/MINOR: quic: adjust restriction for stateless reset emission |
| 2024-06-07 | BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream |
| 2024-06-07 | BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305 |
| 2024-06-07 | BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only) |
| 2024-06-07 | BUG/MINOR: connection: parse PROXY TLV for LOCAL mode |
| 2024-06-07 | BUG/MINOR: stats: Don't state the 303 redirect response is chunked |
| 2024-06-07 | BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header |
| 2024-06-07 | BUG/MEDIUM: fd: prevent memory waste in fdtab array |
| 2024-06-07 | BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme |
| 2024-06-07 | BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found |
| 2024-06-07 | BUG/MEDIUM: stick-tables: properly mark stktable_data as packed |
| 2024-06-07 | BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned |
| 2024-06-07 | BUG/MINOR: qpack: fix error code reported on QPACK decoding failure |
| 2024-06-07 | BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3 |
| 2024-06-07 | BUG/MINOR: log: smp_rgs array issues with inherited global log directives |
| 2024-06-07 | BUG/MINOR: log: keep the ref in dup_logger() |
| 2024-06-07 | BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null |
| 2024-06-07 | BUG/MINOR: h1: fix detection of upper bytes in the URI |
| 2024-06-07 | BUG/MINOR: backend: use cum_sess counters instead of cum_conn |
| 2024-06-07 | BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets |
| 2024-06-07 | BUG/MINOR: sock: handle a weird condition with connect() |
| 2024-06-07 | BUG/MINOR: stconn: Fix sc_mux_strm() return value |
| 2024-06-07 | BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding |
| 2024-04-19 | BUG/MINOR: server: fix slowstart behavior |
| 2024-04-19 | BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached |
| 2024-04-19 | BUG/MEDIUM: evports: do not clear returned events list on signal |
| 2024-04-19 | BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered |
| 2024-04-19 | BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses |
| 2024-04-19 | BUG/MEDIUM: peers/trace: fix crash when listing event types |
| 2024-04-19 | BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented |
| 2024-04-19 | BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values |
| 2024-04-19 | BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection |
| 2024-04-19 | BUG/MINOR: log: invalid snprintf() usage in sess_build_logline() |
| 2024-04-19 | BUG/MINOR: tools/log: invalid encode_{chunk,string} usage |
| 2024-04-19 | BUG/MINOR: log: fix lf_text_len() truncate inconsistency |
| 2024-04-08 | BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n |
| 2024-04-08 | BUG/MINOR: ext-check: cannot use without preserve-env |
| 2024-04-08 | BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf |
| 2024-04-08 | BUG/MEDIUM: mux-quic: report early error on stream |
| 2024-04-08 | BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs |