Changes since version 3.3-dev2 :

Aurelien DARRAGON (9):
      MEDIUM: sink: change the sink mode type to PR_MODE_SYSLOG
      MEDIUM: server: move _srv_check_proxy_mode() checks from server init to finalize
      MINOR: server: move send-proxy* incompatibility check in _srv_check_proxy_mode()
      MINOR: mailers: warn if mailers are configured but not actually used
      BUG/MEDIUM: counters/server: fix server and proxy last_change mixup
      MEDIUM: server: add and use a separate last_change variable for internal use
      MEDIUM: proxy: add and use a separate last_change variable for internal use
      MINOR: counters: rename last_change counter to last_state_change
      MEDIUM: stats: add persistent state to typed output format

Christopher Faulet (6):
      BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
      BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
      MINOR: proto-tcp: Add support for TCP MD5 signature for listeners and servers
      BUILD: cfgparse-tcp: Add _GNU_SOURCE for TCP_MD5SIG_MAXKEYLEN
      BUG/MINOR: proto-tcp: Take care to initialized tcp_md5sig structure
      BUG/MINOR: http-act: Fix parsing of the expression argument for pause action

David Carlier (2):
      BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
      DOC: deviceatlas build clarifications

Frederic Lecaille (1):
      BUG/MINOR: quic-be: Wrong retry_source_connection_id check

Ilia Shipitsin (2):
      CI: set DEBUG_STRICT=2 for coverity scan
      CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0

Mariam John (1):
      MINOR: ssl: Introduce new smp_client_hello_parse() function

Remi Tricot-Le Breton (11):
      BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
      DOC: Fix 'jwt_verify' converter doc
      MINOR: jwt: Rename pkey to pubkey in jwt_cert_tree_entry struct
      MINOR: jwt: Remove unused parameter in convert_ecdsa_sig
      MAJOR: jwt: Allow certificate instead of public key in jwt_verify converter
      MINOR: ssl: Allow 'commit ssl cert' with no privkey
      MINOR: ssl: Prevent delete on certificate used by jwt_verify
      REGTESTS: jwt: Add test with actual certificate passed to jwt_verify
      REGTESTS: jwt: Test update of certificate used in jwt_verify
      DOC: 'jwt_verify' converter now supports certificates
      CLEANUP: ssl: Rename ssl_trace-t.h to ssl_trace.h

William Lallemand (11):
      MINOR: ssl: check TLS1.3 ciphersuites again in clienthello with recent AWS-LC
      BUG/MINOR: httpclient: wrongly named httpproxy flag
      MINOR: ssl/ocsp: stop using the flags from the httpclient CLI
      MEDIUM: httpclient: split the CLI from the actual httpclient API
      MEDIUM: httpclient: implement a way to use directly htx data
      MINOR: httpclient/cli: add --htx option
      BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections
      BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
      MEDIUM: httpclient: add a Content-Length when the payload is known
      CI: github: add an OpenSSL 3.5.0 job
      CI: github: update the stable CI to ubuntu-24.04

Willy Tarreau (3):
      REGTESTS: restrict execution to a single thread group
      BUILD: dev/phash: remove the accidentally committed a.out file
      MINOR: pattern: add a counter of added/freed patterns