Add changelog to haproxy autobump PRs

[mtekel]

Include version diff (changelog) into automatically created PRs for haproxy bumps.

[peanball]

Some suggestions for even more info and legibility.

[mtekel]

Automatic bump from version 2.8.11 to version 2.8.15, downloaded from https://www.haproxy.org/download/2.8/src/haproxy-2.8.15.tar.gz.

After merge, consider releasing a new version of haproxy-boshrelease.

Changelog for HAProxy 2.8.15.

Please also check list of known open bugs for HAProxy 2.8.15.

The developer's summary for this release can be found in the Announcement post for the HAProxy 2.8.15 release.

HAPROXY CHANGELOG between 2.8.15 and 2.8.11

2025/04/22 : 2.8.15
    - BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3
    - BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY
    - BUG/MINOR: spoe: Check the shared waiting queue to shut applets during stopping
    - BUG/MINOR: spoe: Allow applet creation when closing the last one during stopping
    - BUG/MEDIUM: spoe: Don't wakeup idle applets in loop during stopping
    - BUG/MEDIUM: mux-quic: do not attach on already closed stream
    - MINOR: mux-quic: change return value of qcs_attach_sc()
    - BUG/MINOR: mux-quic: handle closure of uni-stream
    - DOC: config: reorder "tune.lua.*" keywords by alphabetical order
    - DOC: config: add "tune.lua.burst-timeout" to the list of global parameters
    - BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED
    - REGTESTS: Fix truncated.vtc to send 0-CRLF
    - BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks()
    - DOC: htx: clarify <mark> parameter for htx_xfer_blks()
    - DOC: option redispatch should mention persist options
    - TESTS: ist: fix wrong array size
    - BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity
    - DOC: management: rename some last occurences from domain "dns" to "resolvers"
    - BUG/MINOR: server: fix the "server-template" prefix memory leak
    - BUG/MEDIUM: debug: close a possible race between thread dump and panic()
    - BUG/MINOR: quic: reserve length field for long header encoding
    - BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding
    - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals
    - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals
    - BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker
    - BUG/MEDIUM: filters: Handle filters registered on data with no payload callback
    - BUG/MINOR: fcgi: Don't set the status to 302 if it is already set
    - BUG/MINOR: quic: prevent crash on conn access after MUX init failure
    - BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval
    - BUG/MINOR: cli: Fix memory leak on error for _getsocks command
    - BUG/MINOR: cli: Fix a possible infinite loop in _getsocks()
    - BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive
    - BUG/MINOR: auth: Fix a leak on error path when parsing user's groups
    - BUG/MINOR: flt-trace: Support only one name option
    - BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer
    - BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers
    - BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers
    - MINOR: clock: always use atomic ops for global_now_ms
    - BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info()
    - MINOR: tinfo: add a new thread flag to indicate a call from a sig handler
    - BUG/MINOR: h2: always trim leading and trailing LWS in header values
    - CLEANUP: h3: fix documentation of h3_rcv_buf()
    - BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer
    - BUG/MEIDUM: startup: return to initial cwd only after check_config_validity()
    - BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server
    - BUG/MINOR: cfgparse/peers: properly handle ignored local peer case
    - BUG/MINOR: server: dont return immediately from parse_server() when skipping checks
    - MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or "server" lines
    - BUG/MINOR: namespace: handle a possible strdup() failure
    - BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup()
    - MINOR: compiler: add a simple macro to concatenate resolved strings
    - BUILD: compiler: undefine the CONCAT() macro if already defined
    - MINOR: compiler: add a new __decl_thread_var() macro to declare local variables
    - MINOR: tools: resolve main() only once in resolve_sym_name()
    - MINOR: tools: use only opportunistic symbols resolution
    - BUILD: tools: silence a build warning when USE_THREAD=0
    - MINOR: cli: export cli_io_handler() to ease symbol resolution
    - MINOR: tools: improve symbol resolution without dl_addr
    - MINOR: tools: ease the declaration of known symbols in resolve_sym_name()
    - MINOR: tools: teach resolve_sym_name() a few more common symbols
    - BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name()
    - BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks
    - BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node
    - BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local
    - BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream()
    - BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays
    - DOC: config: fix two missing "content" in "tcp-request" examples
    - BUG/MINOR: backend: do not overwrite srv dst address on reuse
    - BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
    - TESTS: Fix build for filltab25.c
    - MINOR: task: add thread safe notification_new and notification_wake variants
    - BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait()
    - BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs
    - BUG/MINOR: backend: do not use the source port when hashing clientip
    - BUG/MINOR: hlua: fix invalid errmsg use in hlua_init()
    - DOC: config: add the missing "profiling.memory" to the global kw index
    - BUG/MINOR: http-ana: Properly detect client abort when forwarding the response
    - BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding
    - BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut
    - BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers (2)
    - BUG/MINOR: backend: fix reuse with set-dst/set-dst-port (2)
    - BUG/MEDIUM: backend: do not overwrite srv dst address on reuse (2)
    - BUG/MEDIUM: h3: trim whitespaces when parsing headers value
    - BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding
    - BUG/MINOR: h3: filter upgrade connection header
    - BUG/MINOR: h3: reject invalid :path in request
    - BUG/MINOR: h3: reject request URI with invalid characters
    - BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data)
    - BUG/MINOR: mux-quic: fix BUG_ON() crash on init failure after app-ops
    - BUG/MINOR: quic: do not crash on CRYPTO ncbuf alloc failure
    - BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill()
    - BUG/MINOR: mux-h2: prevent past scheduling with idle connections
    - MINOR: tools: also protect the library name resolution against concurrent accesses

2025/01/29 : 2.8.14
    - BUG/MEDIUM: stconn: Really report blocked send if sends are blocked by an error
    - BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections
    - MINOR: debug: make mark_tainted() return the previous value
    - DEBUG: add a tainted flag when ha_panic() is called
    - MINOR: chunk: drop the global thread_dump_buffer
    - MINOR: debug: split ha_thread_dump() in two parts
    - MINOR: debug: slightly change the thread_dump_pointer signification
    - MINOR: debug: make ha_thread_dump_done() take the pointer to be used
    - MINOR: debug: replace ha_thread_dump() with its two components
    - MEDIUM: debug: on panic, make the target thread automatically allocate its buf
    - BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg}
    - MINOR: quic: notify connection layer on handshake completion
    - BUG/MINOR: stream: unblock stream on wait-for-handshake completion
    - BUG/MEDIUM: quic: support wait-for-handshake
    - MINOR: quic: simplify qc_parse_pkt_frms() return path
    - MINOR: quic: use dynamically allocated frame on parsing
    - MINOR: quic: extend return value of CRYPTO parsing
    - BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO
    - BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error
    - BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state
    - BUG/MEDIUM: stconn: Only consider I/O timers to update stream's expiration date
    - BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving
    - BUG/MEDIUM: queues: Do not use pendconn_grab_from_px().
    - DOC: config: add example for server "track" keyword
    - BUG/MEDIUM: queue: Make process_srv_queue return the number of streams
    - MINOR: config: Alert about extra arguments for errorfile and errorloc
    - BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey()
    - BUG/MINOR: quic: reject NEW_TOKEN frames from clients
    - BUG/MEDIUM: stktable: fix missing lock on some table converters
    - BUG/MAJOR: quic: reject too large CRYPTO frames
    - BUG/MINOR: init: set HAPROXY_STARTUP_VERSION from the variable, not the macro
    - BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours
    - MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount
    - BUILD: quic: Move an ASSUME_NONNULL() for variable which is not null
    - BUG/MEDIUM: mux-h1: Properly close H1C if an error is reported before sending data
    - BUG/MINOR: quic: do not increase congestion window if app limited
    - BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES
    - BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions"

2024/12/12 : 2.8.13
    - BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit
    - BUG/MINOR: h1: do not forward h2c upgrade header token
    - BUG/MINOR: h2: reject extended connect for h2c protocol
    - MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state
    - BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only
    - REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades
    - REGTESTS: shorten a bit the delay for the h1/h2 upgrade test
    - MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG
    - BUG/MEDIUM: stream: make stream_shutdown() async-safe
    - BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server
    - BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade
    - BUG/MEDIUM: queue: make sure never to queue when there's no more served conns
    - BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI
    - BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list
    - BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID
    - BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state
    - BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration
    - BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration
    - BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration
    - BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration
    - BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only
    - DOC: config: Slightly improve the %Tr documentation
    - DOC: config: Move wait_end in section about internal samples
    - DOC: lua: fix yield-dependent methods expected contexts
    - DOC: configuration: explain quotes and spaces in conditional blocks
    - DOC: configuration: wrap long line for "strstr()" conditional expression
    - BUG/MINOR: http-ana: Adjust the server status before the L7 retries
    - BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames
    - BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding
    - BUG/MEDIUM: h3: Properly limit the number of headers received
    - BUG/MEDIUM: h3: Increase max number of headers when sending headers
    - BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler()
    - MINOR: activity/memprofile: offer a function to unregister stale info
    - BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy()
    - MINOR: quic: convert qc_stream_desc release field to flags
    - MINOR: quic: implement function to check if STREAM is fully acked
    - BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM
    - BUG/MINOR: quic: prevent freeze after early QCS closure
    - BUG/MAJOR: quic: fix wrong packet building due to already acked frames
    - DEV: lags/show-sess-to-flags: Properly handle fd state on server side
    - BUG/MEDIUM: http-ana: Don't release too early the L7 buffer
    - BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set
    - BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided
    - BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry
    - BUG/MINOR: h1-htx: Use default reason if not set when formatting the response
    - BUG/MINOR: signal: register default handler for SIGINT in signal_init()
    - BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported
    - BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks

2024/11/08 : 2.8.12
    - BUG/MAJOR: ocsp: Separate refcount per instance and per store
    - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
    - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option
    - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options
    - BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown
    - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn
    - BUG/MINOR: server: make sure the HMAINT state is part of MAINT
    - BUG/MINOR: cfgparse-global: fix allowed args number for setenv
    - BUG/MEDIUM: server: server stuck in maintenance after FQDN change
    - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
    - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}()
    - BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests
    - BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new()
    - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid
    - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc
    - DOC: config: fix rfc7239 forwarded typo in desc
    - BUG/MINOR: mworker: fix mworker-max-reloads parser
    - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families
    - MINOR: activity/memprofile: always return "other" bin on NULL return address
    - BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent
    - BUG/MINOR: server: fix dynamic server leak with check on failed init
    - BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding
    - BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error
    - BUG/MEDIUM: server: fix race on servers_list during server deletion
    - MINOR: pools: export the pools variable
    - MINOR: cli: remove non-printable characters from 'debug dev fd'
    - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly
    - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval
    - MINOR: stream: Save last evaluated rule on invalid yield
    - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry

[mtekel]

Above is example of new automated PR message.

[peanball]

nice!