Hi,
This is a friendly bot that watches fixes pending for the next haproxy-stable
release! One such e-mail is sent periodically once patches are waiting in the
last maintenance branch, and an ideal release date is computed based on the
severity of these fixes and their merge date. Responses to this mail must be
sent to the mailing list.
Last release 3.3.6 was issued on 2026-03-19. There are currently 62
patches in the queue cut down this way:
- 1 BUG, first one merged on 2026-04-10
- 1 MAJOR, first one merged on 2026-04-10
- 17 MEDIUM, first one merged on 2026-03-23
- 43 MINOR, first one merged on 2026-03-23
Thus the computed ideal release date for 3.3.7 would be 2026-04-20, which was
within the last week.
Last release 3.2.15 was issued on 2026-03-19. There are currently 48
patches in the queue cut down this way:
- 1 BUG, first one merged on 2026-04-10
- 1 MAJOR, first one merged on 2026-04-10
- 13 MEDIUM, first one merged on 2026-03-23
- 33 MINOR, first one merged on 2026-03-23
Thus the computed ideal release date for 3.2.16 would be 2026-04-20, which was
within the last week.
The current list of patches in the queue is:
- 3.2, 3.3 - BUG : hlua: fix stack overflow in httpclient
headers conversion
- 3.2, 3.3 - MAJOR : slz: always make sure to limit fixed
output to less than worst case literals
- 3.2, 3.3 - MEDIUM : spoe: Acquire context buffer in applet
before consuming a frame
- 3.3 - MEDIUM : ssl/ocsp: ocsp commands are missing
permission checks
- 3.2, 3.3 - MEDIUM : payload: validate SNI name_len in
req.ssl_sni
- 3.2, 3.3 - MEDIUM : ssl/ocsp: ocsp commands warn when
accessed without admin level
- 3.3 - MEDIUM : ssl/cli: tls-keys commands are missing
permission checks
- 3.2, 3.3 - MEDIUM : samples: Fix handling of SMP_T_METH
samples
- 3.2, 3.3 - MEDIUM : mux-h2: make sure to always report
pending errors to the stream"
- 3.3 - MEDIUM : map/cli: CLI commands lack admin
permission checks
- 3.2, 3.3 - MEDIUM : jwt: fix heap overflow in ECDSA
signature DER conversion
- 3.2, 3.3 - MEDIUM : mux-h1: Disable 0-copy forwarding when
draining the request
- 3.2, 3.3 - MEDIUM : mux-h1: Don't set MSG_MORE on bodyless
responses forwarded to client
- 3.2, 3.3 - MEDIUM : ssl/cli: tls-keys commands warn when
accessed without admin level
- 3.2, 3.3 - MEDIUM : acme: fix multiple resource leaks in
acme_x509_req()
- 3.2, 3.3 - MEDIUM : mux-fcgi: prevent record-length
truncation with large bufsize
- 3.3 - MEDIUM : stats-file: detect and fix
inconsistent shared clock when resuming from shm-stats-file
- 3.2, 3.3 - MEDIUM : map/cli: map/acl commands warn when
accessed without admin level
- 3.2, 3.3 - MEDIUM : acme: skip doing challenge if it is
already valid
- 3.2, 3.3 - MINOR : resolvers: fix memory leak on AAAA
additional records
- 3.3 - MINOR : quic: fix counters used on BE side
- 3.2, 3.3 - MINOR : acme: acme_ctx_destroy() leaks
auth->dns
- 3.2, 3.3 - MINOR : acme: leak of ext_san upon insertion
error
- 3.2, 3.3 - MINOR : hlua: fix stack overflow in httpclient
headers conversion
- 3.2, 3.3 - MINOR : acme: fix task allocation leaked upon
error
- 3.2, 3.3 - MINOR : quic: close conn on packet reception
with incompatible frame
- 3.3 - MINOR : quic/h3: display QUIC/H3 backend
module on HTML stats
- 3.2, 3.3 - MINOR : hlua: fix format-string vulnerability
in Patref error path
- 3.2, 3.3 - MINOR : quic: fix documentation for transport
params decoding
- 3.2, 3.3 - MINOR : http-ana: Only consider client abort
for abortonclose
- 3.2, 3.3 - MINOR : peers: fix OOB heap write in
dictionary cache update
- 3.2, 3.3 - MINOR : mworker: fix sort order of
mworker_proc in 'show proc'
- 3.2, 3.3 - MINOR : sample: fix info leak in regsub when
exp_replace fails
- 3.2, 3.3 - MINOR : qpack: fix 62-bit overflow and 1-byte
OOB reads in decoding
- 3.2, 3.3 - MINOR : cfgcond: fail cleanly on missing
argument for "feature"
- 3.2, 3.3 - MINOR : acme: free() DER buffer on a2base64url
error path
- 3.2, 3.3 - MINOR : tcpcheck: Use tcpcheck context for
expressions parsing
- 3.3 - MINOR : quic: missing app ops init during
backend 0-RTT sessions
- 3.2, 3.3 - MINOR : cfgcond: properly set the error
pointer on evaluation error
- 3.3 - MINOR : server: set auto SNI for dynamic
servers
- 3.2, 3.3 - MINOR : spoe: fix pointer arithmetic overflow
in spoe_decode_buffer()
- 3.2, 3.3 - MINOR : acme: wrong labels logic always
memprintf errmsg
- 3.3 - MINOR : server: enable no-check-sni-auto for
dynamic servers
- 3.2, 3.3 - MINOR : hlua: fix use-after-free of HTTP
reason string
- 3.2, 3.3 - MINOR : http-act: fix a typo in the "pause"
action error message
- 3.2, 3.3 - MINOR : tcpcheck: Remove unexpected flag on
tcpcheck rules for httchck option
- 3.2, 3.3 - MINOR : stconn: Always declare the SC created
from healthchecks as a back SC
- 3.2, 3.3 - MINOR : acme: permission checks on the CLI
- 3.3 - MINOR : ech: permission checks on the CLI
- 3.2, 3.3 - MINOR : config: Properly test
warnif_misplaced_* return values
- 3.2, 3.3 - MINOR : tcpcheck: Don't enable http_needed
when parsing HTTP samples
- 3.3 - MINOR : stats-file: manipulate shm-stats-file
heartbeat using unsigned int
- 3.2, 3.3 - MINOR : sock: adjust accept() error messages
for ENFILE and ENOMEM
- 3.3 - MINOR : counters: fix unexpected 127 char GUID
truncation for shm-stats-file objects
- 3.2, 3.3 - MINOR : cfgcond: always set the error string
on openssl_version checks
- 3.3 - MINOR : proxy: detect strdup error on server
auto SNI
- 3.2, 3.3 - MINOR : acme: fix incorrect number of
arguments allowed in config
- 3.2, 3.3 - MINOR : acme/cli: fix argument check and error
in 'acme challenge_ready'
- 3.2, 3.3 - MINOR : acme: wrong error when checking for
duplicate section
- 3.2, 3.3 - MINOR : acme: replace atol with len-bounded
__strl2uic() for retry-after
- 3.2, 3.3 - MINOR : acme/cli: wrong argument check in
'acme renew'
- 3.3 - MINOR : cfgcond: always set the error string
on awslc_api checks
--
The haproxy stable-bot is freely provided by HAProxy Technologies to help
improve the quality of each HAProxy release. If you have any issue with these
emails or if you want to suggest some improvements, please post them on the
list so that the solutions suiting the most users can be found.
