Changes since version 3.3-dev7 :

Alexander Stephan (6):
      BUG/MINOR: halog: Add OOM checks for calloc() in filter_count_srv_status() and filter_count_url()
      BUG/MINOR: log: Add OOM checks for calloc() and malloc() in logformat parser and dup_logger()
      BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
      BUG/MINOR: cfgparse: Add OOM check for calloc() in cfg_parse_listen()
      BUG/MINOR: compression: Add OOM check for calloc() in parse_compression_options()
      BUG/MINOR: tools: Add OOM check for malloc() in indent_msg()

Amaury Denoyelle (35):
      BUG/MEDIUM: mux-h2: fix crash on idle-ping due to unwanted ABORT_NOW
      BUG/MEDIUM: quic: reset padding when building GSO datagrams
      BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
      BUG/MAJOR: quic: fix INITIAL padding with probing packet only
      BUG/MINOR: quic: don't coalesce probing and ACK packet of same type
      MINOR: quic: centralize padding for HP sampling on packet building
      BUG/MINOR: connection: rearrange union list members
      BUG/MINOR: connection: remove extra session_unown_conn() on reverse
      MINOR: cli: display failure reason on wait command
      BUG/MINOR: server: decrement session idle_conns on del server
      BUG/MINOR: mux-quic: do not access conn after idle list insert
      MINOR: session: document explicitely that session_add_conn() is safe
      MINOR: session: uninline functions related to BE conns management
      MINOR: session: refactor alloc/lookup of sess_conns elements
      MEDIUM: session: protect sess conns list by idle_conns_lock
      MINOR: server: shard by thread sess_conns member
      MEDIUM: server: close new idle conns if server in maintenance
      MEDIUM: session: close new idle conns if server in maintenance
      MINOR: server: cleanup idle conns for server in maint already stopped
      MINOR: muxes: enforce thread-safety for private idle conns
      MEDIUM: conn/muxes/ssl: reinsert BE priv conn into sess on IO completion
      MEDIUM: conn/muxes/ssl: remove BE priv idle conn from sess on IO
      MEDIUM: mux-quic: enforce thread-safety of backend idle conns
      MAJOR: server: implement purging of private idle connections
      MEDIUM: session: account on server idle conns attached to session
      MAJOR: server: do not remove idle conns in del server
      MINOR: muxes: adjust takeover with buf_wait interaction
      OPTIM: backend: set release on takeover for strict maxconn
      MINOR: doc: add missing statistics column
      MINOR: doc: add missing statistics column
      MINOR: stats: display new curr_sess_idle_conns server counter
      MINOR: proxy: extend "show servers conn" output
      BUG/BUILD: stats: fix build due to missing stat enum definition
      BUG/MAJOR: mux-quic: fix crash on reload during emission
      MINOR: conn/muxes/ssl: add ASSUME_NONNULL() prior to _srv_add_idle

Aurelien DARRAGON (5):
      MINOR: http_ana: fix typo in http_res_get_intercept_rule
      BUG/MEDIUM: http_ana: handle yield for "stats http-request" evaluation
      MINOR: haproxy: abort config parsing on fatal errors for post parsing hooks
      MEDIUM: server: split srv_init() in srv_preinit() + srv_postinit()
      MINOR: proxy: handle shared listener counters preparation from proxy_postcheck()

Christopher Faulet (15):
      BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
      MINOR: applet: Rely on applet flag to detect the new api
      MINOR: applet: Add function to test applet flags from the appctx
      MINOR: applet: Add a flag to know an applet is using HTX buffers
      MINOR: applet: Make some applet functions HTX aware
      MEDIUM: applet: Set .rcv_buf and .snd_buf functions on default ones if not set
      BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend
      BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort
      MEDIUM: proxy: Reject some header names for 'http-send-name-header' directive
      REG-TESTS: map_redirect: Don't use hdr_dom in ACLs with "-m end" matching method
      MINOR: acl: Only allow one '-m' matching method
      MINOR: acl; Warn when matching method based on a suffix is overwritten
      BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
      BUG/MINOR: server: Duplicate healthcheck's sni inherited from default server
      BUG/MINOR: acl: Properly detect overwritten matching method

Collison, Steven (1):
      DOC: proxy-protocol: Make example for PP2_SUBTYPE_SSL_SIG_ALG accurate

Frederic Lecaille (9):
      BUG/MINOR: quic-be: missing Initial packet number space discarding
      BUG/MEDIUM: quic-be: crash after backend CID allocation failures
      BUG/MEDIUM: quic-be: avoid crashes when releasing Initial pktns
      BUG/MINOR: quic: reorder fragmented RX CRYPTO frames by their offsets
      MINOR: quic: remove ->offset qf_crypto struct field
      BUG/MINOR: mux-quic: trace with non initialized qcc
      CLEANUP: quic: remove a useless CRYPTO frame variable assignment
      BUG/MEDIUM: quic: CRYPTO frame freeing without eb_delete()
      BUG/MINOR: quic: ignore AGAIN ncbuf err when parsing CRYPTO frames

Valentine Krasnobaeva (2):
      MINOR: dns: dns_connect_nameserver: fix fd leak at error path
      BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found

William Lallemand (10):
      BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind
      REGTESTS: jwt: create dynamically "cert.ecdsa.pem"
      DOC: configuration: reword 'generate-certificates'
      MINOR: ssl: diagnostic warning when both 'default-crt' and 'strict-sni' are used
      MEDIUM: ssl: convert diag to warning for strict-sni + default-crt
      DOC: configuration: clarify 'default-crt' and implicit default certificates
      BUG/MEDIUM: mworker: fix startup and reload on macOS
      BUILD: mworker: fix ignoring return value of ‘read’
      DOC: unreliable sockpair@ on macOS
      DOC: configuration: confuse "strict-mode" with "zero-warning"