Hi,
This is a friendly bot that watches fixes pending for the next haproxy-stable
release! One such e-mail is sent periodically once patches are waiting in the
last maintenance branch, and an ideal release date is computed based on the
severity of these fixes and their merge date. Responses to this mail must be
sent to the mailing list.
Last release 3.3.10 was issued on 2026-05-11. There are currently 96
patches in the queue cut down this way:
- 36 MEDIUM, first one merged on 2026-05-13
- 60 MINOR, first one merged on 2026-05-21
Thus the computed ideal release date for 3.3.11 would be 2026-06-12, which was
two weeks ago.
Last release 3.2.19 was issued on 2026-05-11. There are currently 83
patches in the queue cut down this way:
- 31 MEDIUM, first one merged on 2026-05-11
- 52 MINOR, first one merged on 2026-05-21
Thus the computed ideal release date for 3.2.20 would be 2026-07-10, which is
in two weeks or less.
Last release 3.0.23 was issued on 2026-05-11. There are currently 67
patches in the queue cut down this way:
- 25 MEDIUM, first one merged on 2026-05-21
- 42 MINOR, first one merged on 2026-05-21
Thus the computed ideal release date for 3.0.24 would be 2026-08-13, which is
in seven weeks or less.
The current list of patches in the queue is:
- 3.0, 3.2, 3.3 - MEDIUM : quic: handle ECONNREFUSED on RX side
- 3.3 - MEDIUM : h3: fix MAX_PUSH_ID handling
- 3.3 - MEDIUM : servers: Store the connection hash
with the parameter cache
- 3.0, 3.2, 3.3 - MEDIUM : cache: fix a refcount leak for missed
secondary entries
- 3.0, 3.2, 3.3 - MEDIUM : h1-htx: Sanitize parsing to properly
handle upgrade requests
- 3.2, 3.3 - MEDIUM : h1: limit status codes to 3 digits by
default
- 3.0, 3.2, 3.3 - MEDIUM : h3: reject client push stream
- 3.0, 3.2, 3.3 - MEDIUM : dns: fix long loops in additional
records parse on name failure"
- 3.2, 3.3 - MEDIUM : acme: protect against risk of
null-deref on connection failure
- 3.0, 3.2, 3.3 - MEDIUM : mux-fcgi: reject stream ID 0 for
application records
- 3.0, 3.2, 3.3 - MEDIUM : auth: fix unconfigured password NULL
deref
- 3.0, 3.2, 3.3 - MEDIUM : dns: fix memory leak of sockaddr in
dns_session_init() error path
- 3.3 - MEDIUM : servers: Don't forget to set srv_hash
when needed
- 3.0, 3.2, 3.3 - MEDIUM : log-forward: make sure the month is
unsigned
- 3.0, 3.2, 3.3 - MEDIUM : hlua: Fix integer underflow when
receiving line from lua cosocket
- 3.0, 3.2, 3.3 - MEDIUM : dict: hold read lock while
incrementing refcount in dict_insert
- 3.2, 3.3 - MEDIUM : cpu-topo: Enforce thread-hard-limit on
policy
- 3.0, 3.2, 3.3 - MEDIUM : quic: reset cwnd in slow_start on
persistent congestion (cubic)
- 3.0, 3.2, 3.3 - MEDIUM : dict: hold lock while decrementing
refcount in dict_entry_unref
- 3.2, 3.3 - MEDIUM : h1: drop headers whose names contain
invalid chars
- 3.0, 3.2, 3.3 - MEDIUM : applet: Properly handle receives of
size 0
- 3.0, 3.2, 3.3 - MEDIUM : mux-h1: Dup connection/upgrade value
to parse it when making headers
- 3.0, 3.2, 3.3 - MEDIUM : applet: Fix transfer of HTX data to
the applet
- 3.0, 3.2 - MEDIUM : mux_quic: adjust qcc_is_dead() to
account detached streams
- 3.3 - MEDIUM : http-client: Only consume input buffer
when hc one is empty
- 3.2, 3.3 - MEDIUM : tcpcheck/spoe: bound the SPOP error
code to valid values
- 3.0, 3.2, 3.3 - MEDIUM : ssl-gencert: Unlock LRU cache if
failing to generate certificate
- 3.3 - MEDIUM : limits: properly account for
global.maxpipes in compute_ideal_maxconn()
- 3.0, 3.2, 3.3 - MEDIUM : resolvers: Fix test on dn label size
in resolv_dn_label_to_str()
- 3.0, 3.2, 3.3 - MEDIUM : h1: Skip all h2c values from Upgrade
headers during parsing
- 3.0, 3.2, 3.3 - MEDIUM : resolvers: fix name compression
pointer validation in resolv_read_name()
- 3.0, 3.2, 3.3 - MEDIUM : dns: fix long loops in additional
records parse on name failure
- 3.0, 3.2, 3.3 - MEDIUM : cache: always verify the primary hash
in get_secondary_entry()
- 3.3 - MEDIUM : regex: allocate a large enough pcre2
match for all matches
- 3.0, 3.2, 3.3 - MEDIUM : server/cli: unlock server lock on
failure in cli_parse_set_server
- 3.0, 3.2, 3.3 - MEDIUM : resolvers: Wait a bit before calling
the xprt prepare_srv
- 3.2, 3.3 - MEDIUM : quic: reset consecutive_losses on exit
from recovery period (cubic)
- 3.0, 3.2, 3.3 - MINOR : base64: return empty string for empty
input in base64dec()
- 3.0, 3.2, 3.3 - MINOR : quic: reject packet too short for HP
decryption
- 3.0, 3.2, 3.3 - MINOR : quic: fix ack range node pool_free
call passing wrong pointer type
- 3.0, 3.2, 3.3 - MINOR : log: look for the end of priority
before the end of the buffer
- 3.0, 3.2, 3.3 - MINOR : resolvers: fix leaked dgram and
dns_ring struct in parse_resolve_conf()
- 3.0, 3.2, 3.3 - MINOR : h1: Don't mask websocket protocol if
multiple protocols used
- 3.0, 3.2, 3.3 - MINOR : config/dns: properly fail on duplicate
nameserver name detection
- 3.0, 3.2, 3.3 - MINOR : addons/51d: NUL-terminate headers
before passing them to Trie API
- 3.0, 3.2, 3.3 - MINOR : tcpcheck: Check LDAP response to not
read more data than available
- 3.0, 3.2, 3.3 - MINOR : resolvers: switch to a better PRNG for
query IDs
- 3.2, 3.3 - MINOR : jws: fix OpenSSL 3.0 version check
from > to >=
- 3.0, 3.2, 3.3 - MINOR : jwt: fix possible memory leak in
convert_ecdsa_sig() error path
- 3.0, 3.2, 3.3 - MINOR : mux-fcgi: Use relative offset to
compute contig data in demux buf
- 3.2, 3.3 - MINOR : session/trace: use distinct flags for
SESS_EV_END and _ERR
- 3.2, 3.3 - MINOR : jws: Add missing return value check
(EVP_PKEY_get_bn_param)
- 3.0, 3.2, 3.3 - MINOR : ssl-gencert: validate SNI characters
to prevent SAN certificate injection
- 3.3 - MINOR : mux_quic: open an idle QCS on reset on
BE side
- 3.0, 3.2, 3.3 - MINOR : hlua: prevent Lua from passing
CR/LF/NUL in HTTP headers
- 3.0, 3.2, 3.3 - MINOR : qpack: fix sign bit mask in
qpack_decode_fs_pfx()
- 3.3 - MINOR : h3: add missing break on rcv_buf()
- 3.0, 3.2, 3.3 - MINOR : resolvers: fix risk of appending
garbage past the domain name
- 3.0, 3.2, 3.3 - MINOR : ssl-hello: make use of the
null-terminated servername
- 3.0, 3.2, 3.3 - MINOR : qpack: fix potential null-pointer
dereference in qpack_dht_insert()
- 3.3 - MINOR : mux_quic: do not exceed
stream.max-concurrent on backend side
- 3.0, 3.2, 3.3 - MINOR : http-ext: always check remaining data
when reading rfc7239 nodeport
- 3.0, 3.2, 3.3 - MINOR : sample: limit the be2hex converter's
chunk size
- 3.2, 3.3 - MINOR : mux-spop: Use relative offset to
compute contig data in demux buf
- 3.2, 3.3 - MINOR : resolvers: fix dangling list pointer
in resolvers_new() error paths
- 3.0, 3.2, 3.3 - MINOR : check: properly report errno in
chk_report_conn_err()
- 3.0, 3.2, 3.3 - MINOR : dict: fix refcount race on insert
collision
- 3.0, 3.2, 3.3 - MINOR : backend: correct parameter value
validation in get_server_ph_post()
- 3.0, 3.2, 3.3 - MINOR : resolvers: report the expression error
in the do-resolve() action parser
- 3.0, 3.2, 3.3 - MINOR : httpclient-cli: Destroy http-client
context if failing to start it
- 3.3 - MINOR : httpclient-cli: fix uninit variable in
error label
- 3.2, 3.3 - MINOR : cache: also recognize directives in
the form "token="
- 3.0, 3.2, 3.3 - MINOR : ocsp: Manage date too far away in the
future
- 3.2, 3.3 - MINOR : quic: update drs->lost before calling
on_ack_recv
- 3.0, 3.2, 3.3 - MINOR : mux-h2: validate HEADERS frame length
before reading stream dep
- 3.2, 3.3 - MINOR : server: Properly handle init-state
value during haproxy startup
- 3.2, 3.3 - MINOR : threads: set at least grp_max when
mtpg is too small
- 3.0, 3.2, 3.3 - MINOR : cache: fix cache tree iteration
- 3.0, 3.2, 3.3 - MINOR : resolvers: fix room for trailing zero
in resolv_dn_label_to_str()
- 3.3 - MINOR : server: accept server IDs above 2^31
and clarify error message
- 3.0, 3.2, 3.3 - MINOR : init: use more than ha_random64() for
the cluster secret
- 3.3 - MINOR : h3: reject server MAX_PUSH_ID frame
- 3.0, 3.2, 3.3 - MINOR : backend: fix balance hash calculation
when using hash-type none
- 3.3 - MINOR : h3: reject server push stream
- 3.0, 3.2, 3.3 - MINOR : tcpchecks: Limit parsing of
agent-check reply to the buffer
- 3.3 - MINOR : h3: adjust error on PUSH_PROMISE frame
reception
- 3.2, 3.3 - MINOR : servers: use proper source of
pool_conn_name in srv_settings_cpy()
- 3.0, 3.2, 3.3 - MINOR : resolvers: relax size checks in
authority record parsing
- 3.0, 3.2, 3.3 - MINOR : qpack: fix huff_dec() error handling
in qpack_decode_fs()
- 3.0, 3.2, 3.3 - MINOR : dns: fix dangling dgram pointer on
dns_dgram_init() failure path
- 3.0, 3.2, 3.3 - MINOR : payload: fix the handshake length
bounds check smp_client_hello_parse()
- 3.0, 3.2, 3.3 - MINOR : cache: Fix copy of value when parsing
maxage
- 3.0, 3.2, 3.3 - MINOR : quic: fix ODCID lookup from derived
value
- 3.0, 3.2, 3.3 - MINOR : mux-h2: Count padding for connection
flow control on error path
- 3.0, 3.2, 3.3 - MINOR : h3: reject client CANCEL_PUSH frame
- 3.0, 3.2, 3.3 - MINOR : http-fetch: check against the whole
token in get_http_auth()
- 3.0, 3.2, 3.3 - MINOR : qpack: Fix index calculation in debug
functions
--
The haproxy stable-bot is freely provided by HAProxy Technologies to help
improve the quality of each HAProxy release. If you have any issue with these
emails or if you want to suggest some improvements, please post them on the
list so that the solutions suiting the most users can be found.