MGASA-2026-0019

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8.

Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send

Fixed medium bugs list: - dns: bind the nameserver sockets to the initiating thread - h1: prevent a crash on HTTP/2 upgrade - h3: do not overwrite interim with final response - h3: handle interim response properly on FE side - h3: properly encode response after interim one in same buf - http-ana: Don't close server connection on read0 in TUNNEL mode - mux-quic: adjust wakeup behavior - mux-quic: ensure Early-data header is set - quic: CRYPTO frame freeing without ebdelete() - resolvers: make the processresolvers() task single-threaded - ssl: Crash because of dangling ckchstore reference in a ckch instance - ssl: take care of second client hello - stick-tables: Always return the good stksess from stktableset_entry - stick-tables: Don't forget to dec count on failure.