| Merge date | Subject - Severity (minor, medium, major, critical) |
|---|
| 2025-10-01 | Revert "BUG/MINOR: config/server: reject QUIC addresses" |
| 2025-10-01 | BUG/MINOR: h3: Fix errors introduced because of failed backport |
| 2025-10-01 | BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file |
| 2025-10-01 | BUG/MINOR: server: Update healthcheck when server settings are changed via CLI |
| 2025-10-01 | BUG/MINOR: resolvers: always normalize FQDN from response |
| 2025-10-01 | BUG/MINOR: ocsp: Crash when updating CA during ocsp updates |
| 2025-10-01 | BUG/MINOR: activity: fix reporting of task latency |
| 2025-10-01 | BUG/MEDIUM: ssl: create the mux immediately on early data |
| 2025-10-01 | BUG/MEDIUM: h1: Allow reception if we have early data |
| 2025-10-01 | BUG/MEDIUM: checks: fix ALPN inheritance from server |
| 2025-10-01 | BUG/MINOR: haproxy: be sure not to quit too early on soft stop |
| 2025-10-01 | BUG/MINOR: quic: fix room check if padding requested |
| 2025-10-01 | BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server |
| 2025-10-01 | BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found |
| 2025-10-01 | BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested |
| 2025-10-01 | BUG/MINOR: mux-h1: fix wrong lock label |
| 2025-10-01 | BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer |
| 2025-10-01 | BUG/MINOR: init: Initialize random seed earlier in the init process |
| 2025-10-01 | BUG/MEDIUM: ssl: fix build with AWS-LC |
| 2025-10-01 | BUG/MEDIUM: ssl: Fix 0rtt to the server |
| 2025-10-01 | BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR |
| 2025-10-01 | BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS |
| 2025-10-01 | BUG/MINOR: halog: exit with error when some output filters are set simultaneosly |
| 2025-10-01 | BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init |
| 2025-10-01 | BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM |
| 2025-10-01 | BUG/MEDIUM: http-client: Drain the request if an early response is received |
| 2025-10-01 | BUG/MINOR: http-client: Reject any 101-switching-protocols response |
| 2025-10-01 | BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode |
| 2025-10-01 | BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred |
| 2025-10-01 | BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred |
| 2025-10-01 | BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred |
| 2025-10-01 | BUG/MINOR: listener: really assign distinct IDs to shards |
| 2025-10-01 | BUG/MINOR: hlua: take default-path into account with lua-load-per-thread |
| 2025-10-01 | BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established |
| 2025-10-01 | BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket |
| 2025-10-01 | BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket |
| 2025-10-01 | BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet |
| 2025-10-01 | BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter |
| 2025-10-01 | BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending |
| 2025-10-01 | BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services |
| 2025-10-01 | BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding |
| 2025-10-01 | BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation |
| 2025-10-01 | BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself |
| 2025-10-01 | BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field |
| 2025-10-01 | BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly |
| 2025-10-01 | BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers |
| 2025-10-01 | BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported |
| 2025-10-01 | BUG/MINOR: config/server: reject QUIC addresses |
| 2025-10-01 | BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info |
| 2025-10-01 | BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout |
| 2025-10-01 | BUG/MINOR: mux-quic: do not decode if conn in error |
| 2025-10-01 | BUG/MEDIUM: httpclient: Throw an error if an lua httpclient instance is reused |
| 2025-06-18 | BUG/MINOR: init: relax LSTCHK_NETADM checks for non root |
| 2025-05-28 | BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0 |
| 2025-05-27 | BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request |
| 2025-05-27 | BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent |
| 2025-05-27 | BUG/MINOR: h3: don't insert more than one Host header |
| 2025-05-27 | BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers |
| 2025-05-27 | BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation |
| 2025-05-27 | BUG/MINOR: threads: fix soft-stop without multithreading support |
| 2025-05-27 | BUG/MINOR: cli: fix too many args detection for commands |
| 2025-05-27 | BUG/MINOR: quic: reject invalid max_udp_payload size |
| 2025-05-27 | BUG/MINOR: quic: fix TP reject on invalid max-ack-delay |
| 2025-05-27 | BUG/MINOR: quic: use proper error code on invalid received TP value |
| 2025-05-27 | BUG/MINOR: quic: reject retry_source_cid TP on server side |
| 2025-05-27 | BUG/MINOR: quic: use proper error code on invalid server TP |
| 2025-05-27 | BUG/MINOR: quic: use proper error code on missing CID in TPs |
| 2025-05-27 | BUG/MINOR: proxy: only use proxy_inc_fe_cum_sess_ver_ctr() with frontends |
| 2025-05-27 | BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection |
| 2025-05-27 | BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade |
| 2025-05-27 | BUG/MINOR: dns: prevent ds accumulation within dss |
| 2025-05-27 | BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers |
| 2025-05-27 | BUG/MAJOR: listeners: transfer connection accounting when switching listeners |
| 2025-05-27 | BUG/MINOR: cli: Issue an error when too many args are passed for a command |
| 2025-04-22 | BUG/MINOR: mux-h2: prevent past scheduling with idle connections |
| 2025-04-22 | BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill() |
| 2025-04-22 | BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure |
| 2025-04-18 | BUG/MINOR: mux-quic: fix BUG_ON() crash on init failure after app-ops |
| 2025-04-17 | BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) |
| 2025-04-17 | BUG/MINOR: h3: reject request URI with invalid characters |
| 2025-04-17 | BUG/MINOR: h3: reject invalid :path in request |
| 2025-04-17 | BUG/MINOR: h3: filter upgrade connection header |
| 2025-04-17 | BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding |
| 2025-04-17 | BUG/MEDIUM: h3: trim whitespaces when parsing headers value |
| 2025-04-17 | BUG/MEDIUM: backend: do not overwrite srv dst address on reuse (2) |
| 2025-04-17 | BUG/MINOR: backend: fix reuse with set-dst/set-dst-port (2) |
| 2025-04-16 | BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers (2) |
| 2025-04-16 | BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut |
| 2025-04-16 | BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding |
| 2025-04-16 | BUG/MINOR: http-ana: Properly detect client abort when forwarding the response |
| 2025-04-16 | BUG/MINOR: hlua: fix invalid errmsg use in hlua_init() |
| 2025-04-16 | BUG/MINOR: backend: do not use the source port when hashing clientip |
| 2025-04-16 | BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs |
| 2025-04-16 | BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait() |
| 2025-04-16 | BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port |
| 2025-04-16 | BUG/MINOR: backend: do not overwrite srv dst address on reuse |
| 2025-04-16 | BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays |
| 2025-04-16 | BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream() |
| 2025-04-16 | BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local |
| 2025-04-16 | BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node |
| 2025-04-16 | BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks |
| 2025-04-16 | BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup() |
| 2025-04-16 | BUG/MINOR: namespace: handle a possible strdup() failure |
| 2025-04-16 | BUG/MINOR: server: dont return immediately from parse_server() when skipping checks |
| 2025-04-16 | BUG/MINOR: cfgparse/peers: properly handle ignored local peer case |
| 2025-04-16 | BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server |
| 2025-04-16 | BUG/MEIDUM: startup: return to initial cwd only after check_config_validity() |
| 2025-04-16 | BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer |
| 2025-04-16 | BUG/MINOR: h2: always trim leading and trailing LWS in header values |
| 2025-04-16 | BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info() |
| 2025-04-16 | BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers |
| 2025-04-16 | BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers |
| 2025-04-16 | BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer |
| 2025-04-16 | BUG/MINOR: flt-trace: Support only one name option |
| 2025-04-16 | BUG/MINOR: auth: Fix a leak on error path when parsing user's groups |
| 2025-04-16 | BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive |
| 2025-04-16 | BUG/MINOR: cli: Fix a possible infinite loop in _getsocks() |
| 2025-04-16 | BUG/MINOR: cli: Fix memory leak on error for _getsocks command |
| 2025-04-16 | BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval |
| 2025-04-16 | BUG/MINOR: quic: prevent crash on conn access after MUX init failure |
| 2025-04-16 | BUG/MINOR: fcgi: Don't set the status to 302 if it is already set |
| 2025-04-16 | BUG/MEDIUM: filters: Handle filters registered on data with no payload callback |
| 2025-04-16 | BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker |
| 2025-04-16 | BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals |
| 2025-04-16 | BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals |
| 2025-04-16 | BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding |
| 2025-04-16 | BUG/MINOR: quic: reserve length field for long header encoding |
| 2025-04-16 | BUG/MEDIUM: debug: close a possible race between thread dump and panic() |
| 2025-04-16 | BUG/MINOR: server: fix the "server-template" prefix memory leak |
| 2025-04-16 | BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity |
| 2025-04-16 | BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks() |
| 2025-04-16 | BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED |
| 2025-04-16 | BUG/MINOR: mux-quic: handle closure of uni-stream |
| 2025-04-16 | BUG/MEDIUM: mux-quic: do not attach on already closed stream |
| 2025-02-19 | BUG/MEDIUM: spoe: Don't wakeup idle applets in loop during stopping |
| 2025-02-19 | BUG/MINOR: spoe: Allow applet creation when closing the last one during stopping |
| 2025-02-19 | BUG/MINOR: spoe: Check the shared waiting queue to shut applets during stopping |
| 2025-02-19 | BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY |
| 2025-02-11 | BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3 |
| 2025-01-28 | BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions" |
| 2025-01-28 | BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES |
| 2025-01-28 | BUG/MINOR: quic: do not increase congestion window if app limited |
| 2025-01-23 | BUG/MEDIUM: mux-h1: Properly close H1C if an error is reported before sending data |
| 2025-01-23 | MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount |
| 2025-01-23 | BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours |
| 2025-01-23 | BUG/MINOR: init: set HAPROXY_STARTUP_VERSION from the variable, not the macro |
| 2025-01-23 | BUG/MAJOR: quic: reject too large CRYPTO frames |
| 2025-01-23 | BUG/MEDIUM: stktable: fix missing lock on some table converters |
| 2025-01-23 | BUG/MINOR: quic: reject NEW_TOKEN frames from clients |
| 2025-01-23 | BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey() |
| 2025-01-09 | BUG/MEDIUM: queue: Make process_srv_queue return the number of streams |
| 2025-01-09 | BUG/MEDIUM: queues: Do not use pendconn_grab_from_px(). |
| 2025-01-09 | BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving |
| 2025-01-09 | BUG/MEDIUM: stconn: Only consider I/O timers to update stream's expiration date |
| 2025-01-09 | BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state |
| 2025-01-09 | BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error |
| 2025-01-09 | BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO |
| 2025-01-09 | BUG/MEDIUM: quic: support wait-for-handshake |
| 2025-01-09 | BUG/MINOR: stream: unblock stream on wait-for-handshake completion |
| 2025-01-09 | BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg} |
| 2025-01-02 | DEBUG: add a tainted flag when ha_panic() is called |
| 2025-01-02 | BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections |
| 2025-01-02 | BUG/MEDIUM: stconn: Really report blocked send if sends are blocked by an error |
| 2024-12-11 | BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks |
| 2024-12-11 | BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported |
| 2024-12-11 | BUG/MINOR: signal: register default handler for SIGINT in signal_init() |
| 2024-12-11 | BUG/MINOR: h1-htx: Use default reason if not set when formatting the response |
| 2024-12-11 | BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry |
| 2024-12-11 | BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided |
| 2024-11-27 | BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set |
| 2024-11-27 | BUG/MEDIUM: http-ana: Don't release too early the L7 buffer |
| 2024-11-27 | BUG/MAJOR: quic: fix wrong packet building due to already acked frames |
| 2024-11-26 | BUG/MINOR: quic: prevent freeze after early QCS closure |
| 2024-11-26 | BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM |
| 2024-11-22 | BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy() |
| 2024-11-22 | BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler() |
| 2024-11-22 | BUG/MEDIUM: h3: Increase max number of headers when sending headers |
| 2024-11-22 | BUG/MEDIUM: h3: Properly limit the number of headers received |
| 2024-11-22 | BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding |
| 2024-11-22 | BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames |
| 2024-11-22 | BUG/MINOR: http-ana: Adjust the server status before the L7 retries |
| 2024-11-22 | BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only |
| 2024-11-22 | BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration |
| 2024-11-22 | BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration |
| 2024-11-22 | BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration |
| 2024-11-22 | BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration |
| 2024-11-22 | BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state |
| 2024-11-22 | BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID |
| 2024-11-22 | BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list |
| 2024-11-22 | BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI |
| 2024-11-08 | BUG/MEDIUM: queue: make sure never to queue when there's no more served conns |
| 2024-11-08 | BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade |
| 2024-11-08 | BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server |
| 2024-11-08 | BUG/MEDIUM: stream: make stream_shutdown() async-safe |
| 2024-11-08 | BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only |
| 2024-11-08 | BUG/MINOR: h2: reject extended connect for h2c protocol |
| 2024-11-08 | BUG/MINOR: h1: do not forward h2c upgrade header token |
| 2024-11-08 | BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit |