[RELEASE] Released version 2.8-dev5

Released version 2.8-dev5 with the following main changes :
    - MINOR: ssl: rename confusing ssl_bind_kws
    - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords
    - BUG/MEDIUM: http-ana: Detect closed SC on opposite side during body forwarding
    - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached
    - MINOR: global: Add an option to disable the data fast-forward
    - MINOR: haproxy: Add an command option to disable data fast-forward
    - REGTESTS: Remove unsupported feature command in http_splicing.vtc
    - BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping
    - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue
    - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed
    - MINOR: threads: add flags to know if a thread is started and/or running
    - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set
    - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame
    - BUG/MINOR: mworker: prevent incorrect values in uptime
    - MINOR: h3: add traces on decode_qcs callback
    - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors
    - MINOR: quic: Add new traces about by connection RX buffer handling
    - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock
    - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer()
    - MINOR: quic: Simplication for qc_set_timer()
    - MINOR: quic: Kill the connections on ICMP (port unreachable) packet receipt
    - MINOR: quic: Add traces to qc_kill_conn()
    - MINOR: quic: Make qc_dgrams_retransmit() return a status.
    - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm()
    - MINOR: quic: Add a trace to identify connections which sent Initial packet.
    - MINOR: quic: Add <pto_count> to the traces
    - BUG/MINOR: quic: Do not probe with too little Initial packets
    - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean
    - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets
    - BUG/MINOR: quic: Missing padding for short packets
    - MINOR: quic: adjust request reject when MUX is already freed
    - BUG/MINOR: quic: also send RESET_STREAM if MUX released
    - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released
    - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow
    - MEDIUM: h3: enforce GOAWAY by resetting higher unhandled stream
    - MINOR: mux-quic: define qc_shutdown()
    - MINOR: mux-quic: define qc_process()
    - MINOR: mux-quic: implement client-fin timeout
    - MEDIUM: mux-quic: properly implement soft-stop
    - MINOR: quic: mark quic-conn as jobs on socket allocation
    - MEDIUM: quic: trigger fast connection closing on process stopping
    - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams
    - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers()
    - BUG/MEDIUM: quic: Missing TX buffer draining from qc_send_ppkts()
    - DEBUG: stream: Add a BUG_ON to never exit process_stream with an expired task
    - DOC: config: Fix description of options about HTTP connection modes
    - MINOR: proxy: Only consider backend httpclose option for server connections
    - BUG/MINOR: haproxy: Fix option to disable the fast-forward
    - DOC: config: Add the missing tune.fail-alloc option from global listing
    - MINOR: cfgcond: Implement strstr condition expression
    - MINOR: cfgcond: Implement enabled condition expression
    - REGTESTS: Skip http_splicing.vtc script if fast-forward is disabled
    - REGTESTS: Fix ssl_errors.vtc script to wait for connections close
    - BUG/MINOR: mworker: stop doing strtok directly from the env
    - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions
    - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong
    - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start
    - BUG/MINOR: cache: Cache response even if request has "no-cache" directive
    - BUG/MINOR: cache: Check cache entry is complete in case of Vary
    - MINOR: compiler: add a TOSTR() macro to turn a value into a string
    - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send()
    - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy
    - MEDIUM: channel: Remove CF_READ_NOEXP flag
    - MAJOR: channel: Remove flags to report READ or WRITE errors
    - DEBUG: stream/trace: Add sedesc flags in trace messages
    - MINOR: channel/stconn: Move rto/wto from the channel to the stconn
    - MEDIUM: channel/stconn: Move rex/wex timer from the channel to the sedesc
    - MEDIUM: stconn: Don't requeue the stream's task after I/O
    - MEDIUM: stconn: Replace read and write timeouts by a unique I/O timeout
    - MEDIUM: stconn: Add two date to track successful reads and blocked sends
    - MINOR: applet/stconn: Add a SE flag to specify an endpoint does not expect data
    - MAJOR: stream: Use SE descriptor date to detect read/write timeouts
    - MINOR: stream: Dump the task expiration date in trace messages
    - MINOR: stream: Report rex/wex value using the sedesc date in trace messages
    - MINOR: stream: Use relative expiration date in trace messages
    - MINOR: stconn: Always report READ/WRITE event on shutr/shutw
    - CLEANUP: stconn: Remove old read and write expiration dates
    - MINOR: stconn: Set half-close timeout using proxy settings
    - MINOR: stconn: Remove half-closed timeout
    - REGTESTS: cache: Use rxresphdrs to only get headers for 304 responses
    - MINOR: stconn: Add functions to set/clear SE_FL_EXP_NO_DATA flag from endpoint
    - BUG/MINOR: proto_ux: report correct error when bind_listener fails
    - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all()
    - MINOR: proto_uxst: add resume method
    - MINOR: listener/api: add lli hint to listener functions
    - MINOR: listener: add relax_listener() function
    - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping
    - MINOR: listener: make sure we don't pause/resume bypassed listeners
    - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling
    - BUG/MINOR: listener: fix resume_listener() resume return value handling
    - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener()
    - MINOR: listener: pause_listener() becomes suspend_listener()
    - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume
    - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp()
    - MEDIUM: proto_ux: properly suspend named UNIX listeners
    - MINOR: proto_ux: ability to dump ABNS names in error messages
    - MINOR: haproxy: always protocol unbind on startup error path
    - BUILD: quic: 32-bits compilation issue with %zu in quic_rx_pkts_del()
    - BUG/MINOR: ring: do not realign ring contents on resize
    - MEDIUM: ring: make the offset relative to the head/tail instead of absolute
    - CLEANUP: ring: remove the now unused ring's offset
    - MINOR: config: add HAPROXY_BRANCH environment variable
    - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables
    - BUG/MEDIUM: fd: avoid infinite loops in fd_add_to_fd_list and fd_rm_from_fd_list
    - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing
    - BUG/MINOR: stream: Remove BUG_ON about the task expiration in process_stream()
    - MINOR: stream: Handle stream's timeouts in a dedicated function
    - MEDIUM: stream: Eventually handle stream timeouts when exiting process_stream()
    - MINOR: stconn: Report a send activity when endpoint is willing to consume data
    - BUG/MEDIUM: stconn: Report a blocked send if some output data are not consumed
    - MEDIUM: mux-h1: Don't expect data from server as long as request is unfinished
    - MEDIUM: mux-h2: Don't expect data from server as long as request is unfinished
    - MEDIUM: mux-quic: Don't expect data from server as long as request is unfinished
    - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section
    - DOC: config: Replace TABs by spaces
    - BUG/MINOR: fd: used the update list from the fd's group instead of tgid
    - BUG/MEDIUM: fd: make fd_delete() support being called from a different group
    - CLEANUP: listener: only store conn counts for local threads
    - MINOR: tinfo: make thread_set functions return nth group/mask instead of first
    - MEDIUM: quic: improve fatal error handling on send
    - MINOR: quic: consider EBADF as critical on send()
    - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list
    - BUG/MINOR: mux-h1: Don't report an error on an early response close
    - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body
    - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory
    - BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip()
    - REGTEST: added tests covering smp_fetch_hdr_ip()
    - MINOR: quic: simplify return path in send functions
    - MINOR: quic: implement qc_notify_send()
    - MINOR: quic: purge txbuf before preparing new packets
    - MEDIUM: quic: implement poller subscribe on sendto error
    - MINOR: quic: notify on send ready
    - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry
    - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response
    - BUG/MEDIUM: http-ana: Don't close request side when waiting for response
    - BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data
    - MINOR: ssl: Destroy ocsp update http_client during cleanup
    - MINOR: ssl: Reinsert ocsp update entries later in case of unknown error
    - MINOR: ssl: Add ocsp update success/failure counters
    - MINOR: ssl: Store specific ocsp update errors in response and update ctx
    - MINOR: ssl: Add certificate's path to certificate_ocsp structure
    - MINOR: ssl: Add 'show ssl ocsp-updates' CLI command
    - MINOR: ssl: Add sample fetches related to OCSP update
    - MINOR: ssl: Use dedicated proxy and log-format for OCSP update
    - MINOR: ssl: Reorder struct certificate_ocsp members
    - MINOR: ssl: Increment OCSP update replay delay in case of failure
    - MINOR: ssl: Add way to dump ocsp response in base64
    - MINOR: ssl: Add global options to modify ocsp update min/max delay
    - REGTESTS: ssl: Fix ocsp update crt-lists
    - REGTESTS: ssl: Add test for new ocsp update cli commands
    - MINOR: ssl: Add ocsp-update information to "show ssl crt-list"
    - BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list"
    - MINOR: ssl: Replace now.tv_sec with date.tv_sec in ocsp update task
    - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
    - BUG/MEDIUM: quic: properly handle duplicated STREAM frames
    - BUG/MINOR: cli: fix CLI handler "set anon global-key" call
    - MINOR: http_ext: adding some documentation, forgot to inline function
    - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets)
    - MINOR: quic: Add a BUG_ON_HOT() call for too small datagrams
    - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted
    - BUG/MINOR: quic: v2 Initial packets decryption failed
    - MINOR: quic: Add traces about QUIC TLS key update
    - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets
    - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames
    - BUG/MINOR: quic: Do not resend already acked frames
    - BUG/MINOR: quic: Missing detections of amplification limit reached
    - MINOR: quic: Send PING frames when probing Initial packet number space
    - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX
    - BUG/MAJOR: fd/thread: fix race between updates and closing FD
    - BUG/MEDIUM: dns: ensure ring offset is properly reajusted to head
    - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated
    - MINOR: quic: Do not accept wrong active_connection_id_limit values
    - MINOR: quic: Store the next connection IDs sequence number in the connection
    - MINOR: quic: Typo fix for ACK_ECN frame
    - MINOR: quic: RETIRE_CONNECTION_ID frame handling (RX)
    - MINOR: quic: Useless TLS context allocations in qc_do_rm_hp()
    - MINOR: quic: Add spin bit support
    - MINOR: quic: Add transport parameters to "show quic"
    - BUG/MEDIUM: sink/forwarder: ensure ring offset is properly readjusted to head
    - BUG/MINOR: dns: fix ring offset calculation on first read
    - BUG/MINOR: dns: fix ring offset calculation in dns_resolve_send()
    - MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm)
    - MINOR: h3: add traces on h3_init_uni_stream() error paths
    - MINOR: quic: create a global list dedicated for closing QUIC conns
    - MINOR: quic: handle new closing list in show quic
    - MEDIUM: quic: release closing connections on stopping
    - BUG/MINOR: quic: Wrong RETIRE_CONNECTION_ID sequence number check
    - MINOR: fd/cli: report the polling mask in "show fd"
    - CLEANUP: sock: always perform last connection updates before wakeup
    - MINOR: quic: Do not stress the peer during retransmissions of lost packets
    - BUG/MINOR: init: properly detect NUMA bindings on large systems
    - BUG/MINOR: thread: report thread and group counts in the correct order
    - BUG/MAJOR: fd/threads: close a race on closing connections after takeover
    - MINOR: debug: add random delay injection with "debug dev delay-inj"
    - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value
    - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups
    - MINOR: quic_sock: un-statify quic_conn_sock_fd_iocb()
    - DOC: config: fix typo "dependeing" in bind thread description
    - DOC/CLEANUP: fix typos
diff --git a/CHANGELOG b/CHANGELOG
index 34073e7..89838ef 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,207 @@
 ChangeLog :
 ===========
 
+2023/03/10 : 2.8-dev5
+    - MINOR: ssl: rename confusing ssl_bind_kws
+    - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords
+    - BUG/MEDIUM: http-ana: Detect closed SC on opposite side during body forwarding
+    - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached
+    - MINOR: global: Add an option to disable the data fast-forward
+    - MINOR: haproxy: Add an command option to disable data fast-forward
+    - REGTESTS: Remove unsupported feature command in http_splicing.vtc
+    - BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping
+    - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue
+    - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed
+    - MINOR: threads: add flags to know if a thread is started and/or running
+    - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set
+    - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame
+    - BUG/MINOR: mworker: prevent incorrect values in uptime
+    - MINOR: h3: add traces on decode_qcs callback
+    - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors
+    - MINOR: quic: Add new traces about by connection RX buffer handling
+    - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock
+    - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer()
+    - MINOR: quic: Simplication for qc_set_timer()
+    - MINOR: quic: Kill the connections on ICMP (port unreachable) packet receipt
+    - MINOR: quic: Add traces to qc_kill_conn()
+    - MINOR: quic: Make qc_dgrams_retransmit() return a status.
+    - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm()
+    - MINOR: quic: Add a trace to identify connections which sent Initial packet.
+    - MINOR: quic: Add <pto_count> to the traces
+    - BUG/MINOR: quic: Do not probe with too little Initial packets
+    - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean
+    - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets
+    - BUG/MINOR: quic: Missing padding for short packets
+    - MINOR: quic: adjust request reject when MUX is already freed
+    - BUG/MINOR: quic: also send RESET_STREAM if MUX released
+    - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released
+    - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow
+    - MEDIUM: h3: enforce GOAWAY by resetting higher unhandled stream
+    - MINOR: mux-quic: define qc_shutdown()
+    - MINOR: mux-quic: define qc_process()
+    - MINOR: mux-quic: implement client-fin timeout
+    - MEDIUM: mux-quic: properly implement soft-stop
+    - MINOR: quic: mark quic-conn as jobs on socket allocation
+    - MEDIUM: quic: trigger fast connection closing on process stopping
+    - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams
+    - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers()
+    - BUG/MEDIUM: quic: Missing TX buffer draining from qc_send_ppkts()
+    - DEBUG: stream: Add a BUG_ON to never exit process_stream with an expired task
+    - DOC: config: Fix description of options about HTTP connection modes
+    - MINOR: proxy: Only consider backend httpclose option for server connections
+    - BUG/MINOR: haproxy: Fix option to disable the fast-forward
+    - DOC: config: Add the missing tune.fail-alloc option from global listing
+    - MINOR: cfgcond: Implement strstr condition expression
+    - MINOR: cfgcond: Implement enabled condition expression
+    - REGTESTS: Skip http_splicing.vtc script if fast-forward is disabled
+    - REGTESTS: Fix ssl_errors.vtc script to wait for connections close
+    - BUG/MINOR: mworker: stop doing strtok directly from the env
+    - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions
+    - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong
+    - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start
+    - BUG/MINOR: cache: Cache response even if request has "no-cache" directive
+    - BUG/MINOR: cache: Check cache entry is complete in case of Vary
+    - MINOR: compiler: add a TOSTR() macro to turn a value into a string
+    - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send()
+    - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy
+    - MEDIUM: channel: Remove CF_READ_NOEXP flag
+    - MAJOR: channel: Remove flags to report READ or WRITE errors
+    - DEBUG: stream/trace: Add sedesc flags in trace messages
+    - MINOR: channel/stconn: Move rto/wto from the channel to the stconn
+    - MEDIUM: channel/stconn: Move rex/wex timer from the channel to the sedesc
+    - MEDIUM: stconn: Don't requeue the stream's task after I/O
+    - MEDIUM: stconn: Replace read and write timeouts by a unique I/O timeout
+    - MEDIUM: stconn: Add two date to track successful reads and blocked sends
+    - MINOR: applet/stconn: Add a SE flag to specify an endpoint does not expect data
+    - MAJOR: stream: Use SE descriptor date to detect read/write timeouts
+    - MINOR: stream: Dump the task expiration date in trace messages
+    - MINOR: stream: Report rex/wex value using the sedesc date in trace messages
+    - MINOR: stream: Use relative expiration date in trace messages
+    - MINOR: stconn: Always report READ/WRITE event on shutr/shutw
+    - CLEANUP: stconn: Remove old read and write expiration dates
+    - MINOR: stconn: Set half-close timeout using proxy settings
+    - MINOR: stconn: Remove half-closed timeout
+    - REGTESTS: cache: Use rxresphdrs to only get headers for 304 responses
+    - MINOR: stconn: Add functions to set/clear SE_FL_EXP_NO_DATA flag from endpoint
+    - BUG/MINOR: proto_ux: report correct error when bind_listener fails
+    - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all()
+    - MINOR: proto_uxst: add resume method
+    - MINOR: listener/api: add lli hint to listener functions
+    - MINOR: listener: add relax_listener() function
+    - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping
+    - MINOR: listener: make sure we don't pause/resume bypassed listeners
+    - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling
+    - BUG/MINOR: listener: fix resume_listener() resume return value handling
+    - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener()
+    - MINOR: listener: pause_listener() becomes suspend_listener()
+    - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume
+    - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp()
+    - MEDIUM: proto_ux: properly suspend named UNIX listeners
+    - MINOR: proto_ux: ability to dump ABNS names in error messages
+    - MINOR: haproxy: always protocol unbind on startup error path
+    - BUILD: quic: 32-bits compilation issue with %zu in quic_rx_pkts_del()
+    - BUG/MINOR: ring: do not realign ring contents on resize
+    - MEDIUM: ring: make the offset relative to the head/tail instead of absolute
+    - CLEANUP: ring: remove the now unused ring's offset
+    - MINOR: config: add HAPROXY_BRANCH environment variable
+    - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables
+    - BUG/MEDIUM: fd: avoid infinite loops in fd_add_to_fd_list and fd_rm_from_fd_list
+    - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing
+    - BUG/MINOR: stream: Remove BUG_ON about the task expiration in process_stream()
+    - MINOR: stream: Handle stream's timeouts in a dedicated function
+    - MEDIUM: stream: Eventually handle stream timeouts when exiting process_stream()
+    - MINOR: stconn: Report a send activity when endpoint is willing to consume data
+    - BUG/MEDIUM: stconn: Report a blocked send if some output data are not consumed
+    - MEDIUM: mux-h1: Don't expect data from server as long as request is unfinished
+    - MEDIUM: mux-h2: Don't expect data from server as long as request is unfinished
+    - MEDIUM: mux-quic: Don't expect data from server as long as request is unfinished
+    - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section
+    - DOC: config: Replace TABs by spaces
+    - BUG/MINOR: fd: used the update list from the fd's group instead of tgid
+    - BUG/MEDIUM: fd: make fd_delete() support being called from a different group
+    - CLEANUP: listener: only store conn counts for local threads
+    - MINOR: tinfo: make thread_set functions return nth group/mask instead of first
+    - MEDIUM: quic: improve fatal error handling on send
+    - MINOR: quic: consider EBADF as critical on send()
+    - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list
+    - BUG/MINOR: mux-h1: Don't report an error on an early response close
+    - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body
+    - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory
+    - BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip()
+    - REGTEST: added tests covering smp_fetch_hdr_ip()
+    - MINOR: quic: simplify return path in send functions
+    - MINOR: quic: implement qc_notify_send()
+    - MINOR: quic: purge txbuf before preparing new packets
+    - MEDIUM: quic: implement poller subscribe on sendto error
+    - MINOR: quic: notify on send ready
+    - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry
+    - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response
+    - BUG/MEDIUM: http-ana: Don't close request side when waiting for response
+    - BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data
+    - MINOR: ssl: Destroy ocsp update http_client during cleanup
+    - MINOR: ssl: Reinsert ocsp update entries later in case of unknown error
+    - MINOR: ssl: Add ocsp update success/failure counters
+    - MINOR: ssl: Store specific ocsp update errors in response and update ctx
+    - MINOR: ssl: Add certificate's path to certificate_ocsp structure
+    - MINOR: ssl: Add 'show ssl ocsp-updates' CLI command
+    - MINOR: ssl: Add sample fetches related to OCSP update
+    - MINOR: ssl: Use dedicated proxy and log-format for OCSP update
+    - MINOR: ssl: Reorder struct certificate_ocsp members
+    - MINOR: ssl: Increment OCSP update replay delay in case of failure
+    - MINOR: ssl: Add way to dump ocsp response in base64
+    - MINOR: ssl: Add global options to modify ocsp update min/max delay
+    - REGTESTS: ssl: Fix ocsp update crt-lists
+    - REGTESTS: ssl: Add test for new ocsp update cli commands
+    - MINOR: ssl: Add ocsp-update information to "show ssl crt-list"
+    - BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list"
+    - MINOR: ssl: Replace now.tv_sec with date.tv_sec in ocsp update task
+    - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
+    - BUG/MEDIUM: quic: properly handle duplicated STREAM frames
+    - BUG/MINOR: cli: fix CLI handler "set anon global-key" call
+    - MINOR: http_ext: adding some documentation, forgot to inline function
+    - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets)
+    - MINOR: quic: Add a BUG_ON_HOT() call for too small datagrams
+    - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted
+    - BUG/MINOR: quic: v2 Initial packets decryption failed
+    - MINOR: quic: Add traces about QUIC TLS key update
+    - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets
+    - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames
+    - BUG/MINOR: quic: Do not resend already acked frames
+    - BUG/MINOR: quic: Missing detections of amplification limit reached
+    - MINOR: quic: Send PING frames when probing Initial packet number space
+    - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX
+    - BUG/MAJOR: fd/thread: fix race between updates and closing FD
+    - BUG/MEDIUM: dns: ensure ring offset is properly reajusted to head
+    - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated
+    - MINOR: quic: Do not accept wrong active_connection_id_limit values
+    - MINOR: quic: Store the next connection IDs sequence number in the connection
+    - MINOR: quic: Typo fix for ACK_ECN frame
+    - MINOR: quic: RETIRE_CONNECTION_ID frame handling (RX)
+    - MINOR: quic: Useless TLS context allocations in qc_do_rm_hp()
+    - MINOR: quic: Add spin bit support
+    - MINOR: quic: Add transport parameters to "show quic"
+    - BUG/MEDIUM: sink/forwarder: ensure ring offset is properly readjusted to head
+    - BUG/MINOR: dns: fix ring offset calculation on first read
+    - BUG/MINOR: dns: fix ring offset calculation in dns_resolve_send()
+    - MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm)
+    - MINOR: h3: add traces on h3_init_uni_stream() error paths
+    - MINOR: quic: create a global list dedicated for closing QUIC conns
+    - MINOR: quic: handle new closing list in show quic
+    - MEDIUM: quic: release closing connections on stopping
+    - BUG/MINOR: quic: Wrong RETIRE_CONNECTION_ID sequence number check
+    - MINOR: fd/cli: report the polling mask in "show fd"
+    - CLEANUP: sock: always perform last connection updates before wakeup
+    - MINOR: quic: Do not stress the peer during retransmissions of lost packets
+    - BUG/MINOR: init: properly detect NUMA bindings on large systems
+    - BUG/MINOR: thread: report thread and group counts in the correct order
+    - BUG/MAJOR: fd/threads: close a race on closing connections after takeover
+    - MINOR: debug: add random delay injection with "debug dev delay-inj"
+    - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value
+    - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups
+    - MINOR: quic_sock: un-statify quic_conn_sock_fd_iocb()
+    - DOC: config: fix typo "dependeing" in bind thread description
+    - DOC/CLEANUP: fix typos
+
 2023/02/14 : 2.8-dev4
     - BUG/MINOR: stats: fix source buffer size for http dump
     - BUG/MEDIUM: stats: fix resolvers dump