Changes since version 2.8.15 :

Amaury Denoyelle (17):
      MINOR: quic: extend return value during TP parsing
      BUG/MINOR: quic: use proper error code on missing CID in TPs
      BUG/MINOR: quic: use proper error code on invalid server TP
      BUG/MINOR: quic: reject retry_source_cid TP on server side
      BUG/MINOR: quic: use proper error code on invalid received TP value
      BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
      BUG/MINOR: quic: reject invalid max_udp_payload size
      BUG/MINOR: mux-quic: do not decode if conn in error
      BUG/MINOR: config/server: reject QUIC addresses
      DOC: list missing global QUIC settings
      BUG/MINOR: mux-h1: fix wrong lock label
      BUG/MINOR: quic: do not emit probe data if CONNECTION_CLOSE requested
      MINOR: doc: add missing statistics column
      MINOR: doc: add missing statistics column
      BUG/MINOR: quic: fix room check if padding requested
      OPTIM: check: do not delay MUX for ALPN if SSL not active
      BUG/MEDIUM: checks: fix ALPN inheritance from server

Aurelien DARRAGON (10):
      MINOR: applet: add appctx_schedule() macro
      BUG/MINOR: dns: add tempo between 2 connection attempts for dns servers
      CLEANUP: dns: remove unused dns_stream_server struct member
      BUG/MINOR: dns: prevent ds accumulation within dss
      BUG/MINOR: proxy: only use proxy_inc_fe_cum_sess_ver_ctr() with frontends
      BUG/MINOR: cli: fix too many args detection for commands
      BUG/MINOR: threads: fix soft-stop without multithreading support
      BUG/MINOR: sink: detect and warn when using "send-proxy" options with ring servers
      DOC: config: restore default values for resolvers hold directive
      BUG/MINOR: hlua: take default-path into account with lua-load-per-thread

Christopher Faulet (35):
      BUG/MINOR: cli: Issue an error when too many args are passed for a command
      BUG/MINOR: mux-h1: Don't pretend connection was released for TCP>H1>H2 upgrade
      BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection
      BUG/MINOR: hlua: Fix Channel:data() and Channel:line() to respect documentation
      MEDIUM: hlua: Add function to change the body length of an HTTP Message
      BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
      BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request
      REGTESTS: Make the script testing conditional set-var compatible with Vtest2
      CI: vtest: Rely on VTest2 to run regression tests
      REGTESTS: Explicitly allow failing shell commands in some scripts
      BUG/MEDIUM: httpclient: Throw an error if an lua httpclient instance is reused
      DOC: hlua: Add a note to warn user about httpclient object reuse
      BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
      BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
      BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
      BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
      BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
      BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
      BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
      BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
      BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
      BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established
      BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred
      BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred
      BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred
      BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
      BUG/MINOR: http-client: Reject any 101-switching-protocols response
      BUG/MEDIUM: http-client: Drain the request if an early response is received
      BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM
      BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
      BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer
      BUG/MEDIUM: server: Duplicate healthcheck's alpn inherited from default server
      BUG/MINOR: server: Update healthcheck when server settings are changed via CLI
      BUG/MINOR: h3: Fix errors introduced because of failed backport
      Revert "BUG/MINOR: config/server: reject QUIC addresses"

Frederic Lecaille (3):
      CLEANUP: quic: Useless BIO_METHOD initialization
      MINOR: quic: Add useful error traces about qc_ssl_sess_init() failures
      BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding

Lukas Tribus (3):
      DOC: ring: refer to newer RFC5424
      DOC: management: fix typo in commit f4f93c56
      DOC: config: recommend single quoting passwords

Olivier Houchard (6):
      BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
      BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
      BUG/MEDIUM: ssl: Fix 0rtt to the server
      BUG/MEDIUM: ssl: fix build with AWS-LC
      BUG/MEDIUM: h1: Allow reception if we have early data
      BUG/MEDIUM: ssl: create the mux immediately on early data

Remi Tricot-Le Breton (4):
      BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
      DOC: Fix 'jwt_verify' converter doc
      BUG/MINOR: init: Initialize random seed earlier in the init process
      BUG/MINOR: ocsp: Crash when updating CA during ocsp updates

Valentine Krasnobaeva (8):
      BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
      BUG/MINOR: init: relax LSTCHK_NETADM checks for non root
      MINOR: compiler: add __nonstring macro
      DOC: config: prefer-last-server: add notes for non-deterministic algorithms
      BUG/MINOR: halog: exit with error when some output filters are set simultaneosly
      BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
      BUG/MINOR: acl: set arg_list->kw to aclkw->kw string literal if aclkw is found
      BUG/MINOR: resolvers: always normalize FQDN from response

William Lallemand (6):
      BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
      DOC: configuration: add details on prefer-client-ciphers
      DOC: management: clarify usage of -V with -c
      DOC: unreliable sockpair@ on macOS
      DOC: configuration: confuse "strict-mode" with "zero-warning"
      BUG/MEDIUM: ssl: ca-file directory mode must read every certificates of a file

Willy Tarreau (14):
      BUG/MAJOR: listeners: transfer connection accounting when switching listeners
      DOC: config: recommend disabling libc-based resolution with resolvers
      BUG/MINOR: h3: don't insert more than one Host header
      BUILD: makefile: enable backtrace by default on musl
      DOC: hlua: fix a few typos in HTTPMessage.set_body_len() documentation
      MINOR: http: add a function to validate characters of :authority
      BUG/MEDIUM: h2/h3: reject some forbidden chars in :authority before reassembly
      BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field
      SCRIPTS: drop the HTML generation from announce-release
      BUG/MINOR: listener: really assign distinct IDs to shards
      BUILD: compat: always set _POSIX_VERSION to ease comparisons
      BUG/MINOR: haproxy: be sure not to quit too early on soft stop
      BUILD: acl: silence a possible null deref warning in parse_acl_expr()
      BUG/MINOR: activity: fix reporting of task latency