Hi,
This is a friendly bot that watches fixes pending for the next haproxy-stable
release! One such e-mail is sent periodically once patches are waiting in the
last maintenance branch, and an ideal release date is computed based on the
severity of these fixes and their merge date. Responses to this mail must be
sent to the mailing list.
Last release 3.3.10 was issued on 2026-05-11. There are currently 96
patches in the queue cut down this way:
- 36 MEDIUM, first one merged on 2026-05-13
- 60 MINOR, first one merged on 2026-05-21
Thus the computed ideal release date for 3.3.11 would be 2026-06-12, which is
in one week or less.
Last release 3.2.19 was issued on 2026-05-11. There are currently 83
patches in the queue cut down this way:
- 31 MEDIUM, first one merged on 2026-05-11
- 52 MINOR, first one merged on 2026-05-21
Thus the computed ideal release date for 3.2.20 would be 2026-07-10, which is
in five weeks or less.
Last release 3.0.23 was issued on 2026-05-11. There are currently 67
patches in the queue cut down this way:
- 25 MEDIUM, first one merged on 2026-05-21
- 42 MINOR, first one merged on 2026-05-21
Thus the computed ideal release date for 3.0.24 would be 2026-08-13, which is
in ten weeks or less.
The current list of patches in the queue is:
- 3.0, 3.2, 3.3 - MEDIUM : dns: fix memory leak of sockaddr in
dns_session_init() error path
- 3.0, 3.2, 3.3 - MEDIUM : mux-fcgi: reject stream ID 0 for
application records
- 3.0, 3.2, 3.3 - MEDIUM : applet: Fix transfer of HTX data to
the applet
- 3.0, 3.2, 3.3 - MEDIUM : server/cli: unlock server lock on
failure in cli_parse_set_server
- 3.3 - MEDIUM : limits: properly account for
global.maxpipes in compute_ideal_maxconn()
- 3.0, 3.2, 3.3 - MEDIUM : mux-h1: Dup connection/upgrade value
to parse it when making headers
- 3.0, 3.2, 3.3 - MEDIUM : resolvers: fix name compression
pointer validation in resolv_read_name()
- 3.0, 3.2, 3.3 - MEDIUM : quic: handle ECONNREFUSED on RX side
- 3.0, 3.2, 3.3 - MEDIUM : h3: reject client push stream
- 3.0, 3.2, 3.3 - MEDIUM : cache: fix a refcount leak for missed
secondary entries
- 3.0, 3.2, 3.3 - MEDIUM : dns: fix long loops in additional
records parse on name failure"
- 3.0, 3.2, 3.3 - MEDIUM : h1-htx: Sanitize parsing to properly
handle upgrade requests
- 3.0, 3.2, 3.3 - MEDIUM : h1: Skip all h2c values from Upgrade
headers during parsing
- 3.0, 3.2, 3.3 - MEDIUM : auth: fix unconfigured password NULL
deref
- 3.0, 3.2, 3.3 - MEDIUM : dict: hold lock while decrementing
refcount in dict_entry_unref
- 3.2, 3.3 - MEDIUM : tcpcheck/spoe: bound the SPOP error
code to valid values
- 3.2, 3.3 - MEDIUM : cpu-topo: Enforce thread-hard-limit on
policy
- 3.2, 3.3 - MEDIUM : acme: protect against risk of
null-deref on connection failure
- 3.0, 3.2, 3.3 - MEDIUM : resolvers: Fix test on dn label size
in resolv_dn_label_to_str()
- 3.0, 3.2, 3.3 - MEDIUM : resolvers: Wait a bit before calling
the xprt prepare_srv
- 3.0, 3.2, 3.3 - MEDIUM : quic: reset cwnd in slow_start on
persistent congestion (cubic)
- 3.0, 3.2, 3.3 - MEDIUM : ssl-gencert: Unlock LRU cache if
failing to generate certificate
- 3.3 - MEDIUM : h3: fix MAX_PUSH_ID handling
- 3.3 - MEDIUM : servers: Don't forget to set srv_hash
when needed
- 3.0, 3.2 - MEDIUM : mux_quic: adjust qcc_is_dead() to
account detached streams
- 3.0, 3.2, 3.3 - MEDIUM : hlua: Fix integer underflow when
receiving line from lua cosocket
- 3.0, 3.2, 3.3 - MEDIUM : dns: fix long loops in additional
records parse on name failure
- 3.0, 3.2, 3.3 - MEDIUM : applet: Properly handle receives of
size 0
- 3.2, 3.3 - MEDIUM : h1: drop headers whose names contain
invalid chars
- 3.3 - MEDIUM : servers: Store the connection hash
with the parameter cache
- 3.3 - MEDIUM : regex: allocate a large enough pcre2
match for all matches
- 3.0, 3.2, 3.3 - MEDIUM : log-forward: make sure the month is
unsigned
- 3.2, 3.3 - MEDIUM : h1: limit status codes to 3 digits by
default
- 3.3 - MEDIUM : http-client: Only consume input buffer
when hc one is empty
- 3.2, 3.3 - MEDIUM : quic: reset consecutive_losses on exit
from recovery period (cubic)
- 3.0, 3.2, 3.3 - MEDIUM : dict: hold read lock while
incrementing refcount in dict_insert
- 3.0, 3.2, 3.3 - MEDIUM : cache: always verify the primary hash
in get_secondary_entry()
- 3.0, 3.2, 3.3 - MINOR : http-ext: always check remaining data
when reading rfc7239 nodeport
- 3.0, 3.2, 3.3 - MINOR : tcpcheck: Check LDAP response to not
read more data than available
- 3.0, 3.2, 3.3 - MINOR : mux-h2: validate HEADERS frame length
before reading stream dep
- 3.2, 3.3 - MINOR : mux-spop: Use relative offset to
compute contig data in demux buf
- 3.3 - MINOR : mux_quic: open an idle QCS on reset on
BE side
- 3.3 - MINOR : h3: reject server push stream
- 3.0, 3.2, 3.3 - MINOR : mux-h2: Count padding for connection
flow control on error path
- 3.2, 3.3 - MINOR : server: Properly handle init-state
value during haproxy startup
- 3.0, 3.2, 3.3 - MINOR : payload: fix the handshake length
bounds check smp_client_hello_parse()
- 3.0, 3.2, 3.3 - MINOR : http-fetch: check against the whole
token in get_http_auth()
- 3.2, 3.3 - MINOR : quic: update drs->lost before calling
on_ack_recv
- 3.0, 3.2, 3.3 - MINOR : dict: fix refcount race on insert
collision
- 3.0, 3.2, 3.3 - MINOR : qpack: fix potential null-pointer
dereference in qpack_dht_insert()
- 3.0, 3.2, 3.3 - MINOR : config/dns: properly fail on duplicate
nameserver name detection
- 3.3 - MINOR : server: accept server IDs above 2^31
and clarify error message
- 3.2, 3.3 - MINOR : cache: also recognize directives in
the form "token="
- 3.3 - MINOR : mux_quic: do not exceed
stream.max-concurrent on backend side
- 3.0, 3.2, 3.3 - MINOR : quic: fix ODCID lookup from derived
value
- 3.0, 3.2, 3.3 - MINOR : qpack: fix sign bit mask in
qpack_decode_fs_pfx()
- 3.3 - MINOR : httpclient-cli: fix uninit variable in
error label
- 3.0, 3.2, 3.3 - MINOR : qpack: fix huff_dec() error handling
in qpack_decode_fs()
- 3.0, 3.2, 3.3 - MINOR : ssl-hello: make use of the
null-terminated servername
- 3.0, 3.2, 3.3 - MINOR : hlua: prevent Lua from passing
CR/LF/NUL in HTTP headers
- 3.3 - MINOR : h3: add missing break on rcv_buf()
- 3.0, 3.2, 3.3 - MINOR : base64: return empty string for empty
input in base64dec()
- 3.0, 3.2, 3.3 - MINOR : qpack: Fix index calculation in debug
functions
- 3.2, 3.3 - MINOR : jws: Add missing return value check
(EVP_PKEY_get_bn_param)
- 3.0, 3.2, 3.3 - MINOR : tcpchecks: Limit parsing of
agent-check reply to the buffer
- 3.0, 3.2, 3.3 - MINOR : addons/51d: NUL-terminate headers
before passing them to Trie API
- 3.0, 3.2, 3.3 - MINOR : check: properly report errno in
chk_report_conn_err()
- 3.0, 3.2, 3.3 - MINOR : resolvers: fix risk of appending
garbage past the domain name
- 3.0, 3.2, 3.3 - MINOR : cache: Fix copy of value when parsing
maxage
- 3.0, 3.2, 3.3 - MINOR : init: use more than ha_random64() for
the cluster secret
- 3.0, 3.2, 3.3 - MINOR : jwt: fix possible memory leak in
convert_ecdsa_sig() error path
- 3.0, 3.2, 3.3 - MINOR : resolvers: report the expression error
in the do-resolve() action parser
- 3.2, 3.3 - MINOR : resolvers: fix dangling list pointer
in resolvers_new() error paths
- 3.0, 3.2, 3.3 - MINOR : quic: fix ack range node pool_free
call passing wrong pointer type
- 3.0, 3.2, 3.3 - MINOR : httpclient-cli: Destroy http-client
context if failing to start it
- 3.3 - MINOR : h3: reject server MAX_PUSH_ID frame
- 3.2, 3.3 - MINOR : jws: fix OpenSSL 3.0 version check
from > to >=
- 3.0, 3.2, 3.3 - MINOR : sample: limit the be2hex converter's
chunk size
- 3.0, 3.2, 3.3 - MINOR : ocsp: Manage date too far away in the
future
- 3.0, 3.2, 3.3 - MINOR : cache: fix cache tree iteration
- 3.2, 3.3 - MINOR : servers: use proper source of
pool_conn_name in srv_settings_cpy()
- 3.2, 3.3 - MINOR : threads: set at least grp_max when
mtpg is too small
- 3.0, 3.2, 3.3 - MINOR : resolvers: switch to a better PRNG for
query IDs
- 3.0, 3.2, 3.3 - MINOR : backend: correct parameter value
validation in get_server_ph_post()
- 3.0, 3.2, 3.3 - MINOR : resolvers: relax size checks in
authority record parsing
- 3.2, 3.3 - MINOR : session/trace: use distinct flags for
SESS_EV_END and _ERR
- 3.0, 3.2, 3.3 - MINOR : dns: fix dangling dgram pointer on
dns_dgram_init() failure path
- 3.0, 3.2, 3.3 - MINOR : log: look for the end of priority
before the end of the buffer
- 3.0, 3.2, 3.3 - MINOR : mux-fcgi: Use relative offset to
compute contig data in demux buf
- 3.0, 3.2, 3.3 - MINOR : quic: reject packet too short for HP
decryption
- 3.3 - MINOR : h3: adjust error on PUSH_PROMISE frame
reception
- 3.0, 3.2, 3.3 - MINOR : backend: fix balance hash calculation
when using hash-type none
- 3.0, 3.2, 3.3 - MINOR : resolvers: fix leaked dgram and
dns_ring struct in parse_resolve_conf()
- 3.0, 3.2, 3.3 - MINOR : ssl-gencert: validate SNI characters
to prevent SAN certificate injection
- 3.0, 3.2, 3.3 - MINOR : resolvers: fix room for trailing zero
in resolv_dn_label_to_str()
- 3.0, 3.2, 3.3 - MINOR : h3: reject client CANCEL_PUSH frame
- 3.0, 3.2, 3.3 - MINOR : h1: Don't mask websocket protocol if
multiple protocols used
--
The haproxy stable-bot is freely provided by HAProxy Technologies to help
improve the quality of each HAProxy release. If you have any issue with these
emails or if you want to suggest some improvements, please post them on the
list so that the solutions suiting the most users can be found.
