Log message:
nghttp2: updated to 1.28.0

nghttp2 v1.28.0
lib: Add nghttp2_error_callback2
build: Add deprecation warning when spdylay support is enabled
Switch to clang-format-5.0
examples: Make client and server work with libevent-2.1.8
third-party: Update neverbleed
integration: Fix issues reported by the go vet tool.
nghttpx: Fix affinity retry
nghttpx: Fix stalled backend connection on retry
nghttpx: Cookie based session affinity
nghttpx: Expose additional TLS related variables to mruby and accesslog

Log message:
nghttp2: updated to 1.27.0

nghttp2 v1.27.0
build: Fixed accidental compiler flags concatenation for MSVC
build: Reduce libxml2 version requirement to 2.6.26
asio: Support for Windows / MinGW
h2load: Print out h2 header fields with --verbose option
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only

Log message:
nghttp2: update to 1.26.0

nghttp2 v1.26.0
* docs: Fix some typos in the nghttpx how-to
* build: Update Dockerfile.android
* build: Refactoring include directories for build as CMake subdirectory \ 
(add_subdirectory(nghttp2))
* nghttpx: Fix OCSP related error when building with BoringSSL
* h2load: Fix bug that timing script stalls with -m1
* h2load: Reservoir sampling
* h2load: Add timing-based load-testing in h2load

Log message:
Revbump for boost update

Log message:
nghttp2 v1.25.0
lib: add nghttp2_rcbuf_is_static()
nghttpx: Fix bug that forwarded for is not affected by proxy protocol
nghttpx: Update mruby to 1.3.0

Log message:
nghttp2 v1.24.0:

Documentation
We have received several patches to fix grammer and typos.
The broken out-of-tree build has been also fixed.

nghttp
We fixed the bug that HTTP Upgrade fails if HTTP response does not have \ 
reason-phrase.

nghttpx
The default minimum TLS version is now TLSv1.2. This is because the default \ 
cipher list only contains cipher suites which are compatible with it.

Log message:
Changes 1.23.1:
This release fixes the bug which makes nghttpx crash in OCSP response \ 
verification with certain kind of OCSP response.

Log message:
Changes 1.23.0:

libnghttp2

Previously, if libnghttp2 received an invalid header field, it is just ignored, \ 
and is treated like it was never happened. This release changes this behaviour, \ 
and now libnghttp2 treats an incoming invalid header field as error, and resets \ 
the stream with PROTOCOL_ERROR.

nghttp2_on_invalid_frame_callback is now called if validation of altsvc header \ 
field fails.

nghttpx

nghttpx now verifies that OCSP response received from a program specified by \ 
--fetch-ocsp-response-file. The validation can be turned off by using \ 
--no-verify-ocsp option. In this validation, it makes sure that the OCSP \ 
response is targeted to the expected certificate. This is important because we \ 
pass the file path to the external program (see --fetch-ocsp-response-file), and \ 
if the file is replaced because of renewal, and nghttpx has not reloaded its \ 
configuration, the certificate nghttpx has loaded and the one included in the \ 
file differ. Verifying the OCSP response detects this, and avoids to send wrong \ 
OCSP response.

Log message:
Recursive revbump from boost update

Log message:
Changes 1.22.0:
lib: Add missing free call on error in inflight_settings_new()
asio: Support specifying stream priority via session::submit()
nghttpx: Clarify --conf option behaviour
nghttpx: Add $tls_sni access log variable
nghttpx: Rename ssl_* log variables as tls_*
nghttpx: Fix path matching bug
nghttpx: SNI based backend server selection
nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3
nghttpx: Add options for X-Forwarded-Proto header field
nghttpx: Add --single-process option
nghttpx: Use 502 as server error code
nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
nghttp: Verify server certificate and show warning if it fails
integration: Use nip.io instead of xip.io