RELEASE-NOTES: synced
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 512bc54..af81fff 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -4,7 +4,7 @@
  Command line options:         273
  curl_easy_setopt() options:   308
  Public functions in libcurl:  100
- Contributors:                 3554
+ Contributors:                 3556
 
 This release includes the following changes:
 
@@ -50,11 +50,13 @@
  o conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64 [17]
  o conncontrol: reuse handling [170]
  o connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition' [100]
+ o connection: attached transfer count [228]
  o cookie: propagate errors better, cleanup the internal API [118]
  o cookie: return error on OOM [131]
  o cshutdn: acknowledge FD_SETSIZE for shutdown descriptors [25]
  o curl: fix progress meter in parallel mode [15]
  o curl_fopen: do not pass invalid mode flags to `open()` on Windows [84]
+ o curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer [257]
  o curl_sasl: make Curl_sasl_decode_mech compare case insensitively [160]
  o curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS` [124]
  o curl_setup.h: drop stray `#undef stat` (Windows) [103]
@@ -62,21 +64,28 @@
  o CURLINFO: remove 'get' and 'get the' from each short desc [50]
  o CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer" [48]
  o CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text [49]
+ o CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use [206]
  o CURLOPT_READFUNCTION.md: clarify the size of the buffer [47]
  o CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example
  o curlx/fopen: replace open CRT functions their with `_s` counterparts (Windows) [204]
  o curlx/multibyte: stop setting macros for non-Windows [226]
  o curlx/strerr: use `strerror_s()` on Windows [75]
+ o curlx: limit use of system allocators to the minimum possible [169]
  o curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows) [143]
  o curlx: replace `sprintf` with `snprintf` [194]
  o curlx: use curlx allocators in non-memdebug builds (Windows) [155]
  o digest_sspi: fix a memory leak on error path [149]
  o digest_sspi: properly free sspi identity [12]
  o DISTROS.md: add OpenBSD [126]
+ o DISTROS: remove broken URLs for buildroot
  o doc: some returned in-memory data may not be altered [196]
+ o docs/libcurl: fix C formatting nits [207]
+ o docs: clarify how to do unix domain sockets with SOCKS proxy [240]
  o docs: fix checksrc `EQUALSPACE` warnings [21]
  o docs: mention umask need when curl creates files [56]
+ o docs: remove dead URLs
  o docs: spell it Rustls with a capital R [181]
+ o docs: use .example URLs for proxies
  o example: fix formatting nits [232]
  o examples/crawler: fix variable [92]
  o examples/multi-uv: fix invalid req->data access [177]
@@ -84,6 +93,7 @@
  o examples: fix minor typo [203]
  o examples: make functions/data static where missing [139]
  o examples: tidy-up headers and includes [138]
+ o FAQ: fix hackerone URL
  o file: do not pass invalid mode flags to `open()` on upload (Windows) [83]
  o ftp: refactor a piece of code by merging the repeated part [40]
  o ftp: remove #ifdef for define that is always defined [76]
@@ -103,16 +113,22 @@
  o http: handle oom error from Curl_input_digest() [192]
  o http: replace atoi use in Curl_http_follow with curlx_str_number [65]
  o http: the :authority header should never contain user+password [147]
+ o idn: avoid allocations and wcslen on Windows [247]
  o idn: fix memory leak in `win32_ascii_to_idn()` [173]
  o idn: use curlx allocators on Windows [165]
  o imap: make sure Curl_pgrsSetDownloadSize() does not overflow [200]
  o INSTALL-CMAKE.md: document static option defaults more [37]
  o krb5: fix detecting channel binding feature [187]
  o krb5_sspi: unify a part of error handling [80]
+ o ldap: call ldap_init() before setting the options [236]
+ o ldap: improve detection of Apple LDAP [174]
+ o ldap: provide version for "legacy" ldap as well [254]
  o lib/sendf.h: forward declare two structs [221]
  o lib: cleanup for some typos about spaces and code style [3]
  o lib: eliminate size_t casts [112]
  o lib: error for OOM when extracting URL query [127]
+ o lib: fix formatting nits (part 2) [253]
+ o lib: fix formatting nits (part 3) [248]
  o lib: fix formatting nits [215]
  o lib: fix gssapi.h include on IBMi [55]
  o lib: refactor the type of funcs which have useless return and checks [1]
@@ -129,6 +145,7 @@
  o m4/sectrust: fix test(1) operator [4]
  o manage: expand the 'libcurl support required' message [208]
  o mbedtls: fix potential use of uninitialized `nread` [8]
+ o mbedtls: sync format across log messages [213]
  o mbedtls_threadlock: avoid calloc, use array [244]
  o memdebug: add mutex for thread safety [184]
  o mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option [73]
@@ -139,6 +156,7 @@
  o multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds [135]
  o ngtcp2+openssl: fix leak of session [172]
  o ngtcp2: remove the unused Curl_conn_is_ngtcp2 function [85]
+ o noproxy: fix ipv6 handling [239]
  o noproxy: replace atoi with curlx_str_number [67]
  o openssl: exit properly on OOM when getting certchain [133]
  o openssl: fix a potential memory leak of bio_out [150]
@@ -146,6 +164,7 @@
  o openssl: no verify failf message unless strict [166]
  o openssl: release ssl_session if sess_reuse_cb fails [43]
  o openssl: remove code handling default version [28]
+ o openssl: simplify `HAVE_KEYLOG_CALLBACK` guard [212]
  o OS400/ccsidcurl: fix curl_easy_setopt_ccsid for non-converted blobs [94]
  o OS400/makefile.sh: fix shellcheck warning SC2038 [86]
  o osslq: code readability [5]
@@ -153,7 +172,10 @@
  o projects/README.md: Markdown fixes [148]
  o pytest fixes and improvements [159]
  o pytest: disable two H3 earlydata tests for all platforms (was: macOS) [116]
+ o pytest: fix and improve reliability [251]
+ o pytest: improve stragglers [252]
  o pytest: skip H2 tests if feature missing from curl [46]
+ o quiche: use client writer [255]
  o ratelimit: redesign [209]
  o rtmp: fix double-free on URL parse errors [27]
  o rtmp: precaution for a potential integer truncation [54]
@@ -161,6 +183,7 @@
  o runtests: detect bad libssh differently for test 1459 [11]
  o runtests: drop Python 2 support remains [45]
  o runtests: enable torture testing with threaded resolver [176]
+ o runtests: make memanalyzer a Perl module (for 1.1-2x speed-up per test run) [238]
  o rustls: fix a potential memory issue [81]
  o rustls: minor adjustment of sizeof() [38]
  o rustls: simplify init err path [219]
@@ -178,21 +201,29 @@
  o socks_sspi: use free() not FreeContextBuffer() [93]
  o speedcheck: do not trigger low speed cancel on transfers with CURL_READFUNC_PAUSE [113]
  o speedlimit: also reset on send unpausing [197]
+ o src: fix formatting nits [246]
  o ssh: tracing and better pollset handling [230]
+ o sws: fix binding to unix socket on Windows [214]
  o telnet: replace atoi for BINARY handling with curlx_str_number [66]
  o TEST-SUITE.md: correct the man page's path [136]
  o test07_22: fix flakiness [95]
+ o test1498: disable 'HTTP PUT from stdin' test on Windows [115]
  o test2045: replace HTML multi-line comment markup with `#` comments [36]
+ o test3207: enable memdebug for this test again [249]
  o test363: delete stray character (typo) from a section tag [52]
+ o test787: fix possible typo `&` -> `%` in curl option [241]
  o tests/data: replace hard-coded test numbers with `%TESTNUMBER` [33]
  o tests/data: support using native newlines on disk, drop `.gitattributes` [91]
  o tests/server: do not fall back to original data file in `test2fopen()` [32]
  o tests/server: replace `atoi()` and `atol()` with `curlx_str_number()` [110]
+ o tests: add `%AMP` macro, use it in two tests [245]
  o tests: allow 2500-2503 to use ~2MB malloc [31]
  o tests: fix formatting nits [225]
  o tftp: release filename if conn_get_remote_addr fails [42]
  o tftpd: fix/tidy up `open()` mode flags [57]
+ o tidy-up: avoid `(())`, clang-format fixes and more [141]
  o tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()` [121]
+ o TODO: remove a mandriva.com reference
  o tool: consider (some) curl_easy_setopt errors fatal [7]
  o tool: log when loading .curlrc in verbose mode [191]
  o tool_cfgable: free ssl-sessions at exit [123]
@@ -212,6 +243,7 @@
  o tool_urlglob: clean up used memory on errors better [44]
  o tool_writeout: bail out proper on OOM [104]
  o url: fix return code for OOM in parse_proxy() [193]
+ o url: if curl_url_get() fails due to OOM, error out properly [205]
  o url: if OOM in parse_proxy() return error [132]
  o urlapi: fix mem-leaks in curl_url_get error paths [22]
  o urlapi: handle OOM properly when setting URL [180]
@@ -253,14 +285,15 @@
   Aleksandr Sergeev, Aleksei Bavshin, Andrew Kirillov, BANADDA, boingball,
   Brad King, bttrfl on github, Christian Schmitz, Dan Fandrich,
   Daniel McCarney, Daniel Stenberg, Deniz Parlak, Fd929c2CE5fA on github,
-  ffath-vo on github, Gisle Vanem, Jiyong Yang, Juliusz Sosinowicz, Kai Pastor,
-  Leonardo Taccari, letshack9707 on hackerone, Marc Aldorasi, Marcel Raad,
-  Max Faxälv, nait-furry, ncaklovic on github, Nick Korepanov,
-  Omdahake on github, Patrick Monnerat, pelioro on hackerone, Ray Satiro,
-  renovate[bot], Samuel Henrique, st751228051 on github, Stanislav Fort,
-  Stefan Eissing, Sunny, Thomas Klausner, Viktor Szakats, Wesley Moore,
+  ffath-vo on github, Georg Schulz-Allgaier, Gisle Vanem, Greg Hudson,
+  Jiyong Yang, Juliusz Sosinowicz, Kai Pastor, Leonardo Taccari,
+  letshack9707 on hackerone, Marc Aldorasi, Marcel Raad, Max Faxälv,
+  nait-furry, ncaklovic on github, Nick Korepanov, Omdahake on github,
+  Patrick Monnerat, pelioro on hackerone, Ray Satiro, renovate[bot],
+  Samuel Henrique, st751228051 on github, Stanislav Fort, Stefan Eissing,
+  Sunny, Theo Buehler, Thomas Klausner, Viktor Szakats, Wesley Moore,
   Xiaoke Wang, Yedaya Katsman
-  (41 contributors)
+  (44 contributors)
 
 References to bug reports and discussions on issues:
 
@@ -377,6 +410,7 @@
  [112] = https://curl.se/bug/?i=19495
  [113] = https://curl.se/bug/?i=19653
  [114] = https://curl.se/bug/?i=19605
+ [115] = https://curl.se/bug/?i=19855
  [116] = https://curl.se/bug/?i=19724
  [117] = https://curl.se/bug/?i=19644
  [118] = https://curl.se/bug/?i=19493
@@ -402,6 +436,7 @@
  [138] = https://curl.se/bug/?i=19580
  [139] = https://curl.se/bug/?i=19579
  [140] = https://curl.se/bug/?i=19175
+ [141] = https://curl.se/bug/?i=19854
  [142] = https://curl.se/bug/?i=19572
  [143] = https://curl.se/bug/?i=19581
  [144] = https://curl.se/bug/?i=19571
@@ -429,10 +464,12 @@
  [166] = https://curl.se/bug/?i=19615
  [167] = https://curl.se/bug/?i=19609
  [168] = https://curl.se/bug/?i=19612
+ [169] = https://curl.se/bug/?i=19748
  [170] = https://curl.se/bug/?i=19333
  [171] = https://curl.se/bug/?i=19714
  [172] = https://curl.se/bug/?i=19717
  [173] = https://curl.se/bug/?i=19789
+ [174] = https://curl.se/bug/?i=19849
  [175] = https://curl.se/bug/?i=19784
  [176] = https://curl.se/bug/?i=19786
  [177] = https://curl.se/bug/?i=19462
@@ -461,10 +498,16 @@
  [202] = https://curl.se/bug/?i=19669
  [203] = https://curl.se/bug/?i=19683
  [204] = https://curl.se/bug/?i=19643
+ [205] = https://curl.se/bug/?i=19838
+ [206] = https://curl.se/bug/?i=19840
+ [207] = https://curl.se/bug/?i=19844
  [208] = https://curl.se/bug/?i=19665
  [209] = https://curl.se/bug/?i=19384
  [210] = https://curl.se/bug/?i=19769
  [211] = https://curl.se/bug/?i=19768
+ [212] = https://curl.se/bug/?i=19843
+ [213] = https://curl.se/bug/?i=19842
+ [214] = https://curl.se/bug/?i=19812
  [215] = https://curl.se/bug/?i=19764
  [217] = https://curl.se/bug/?i=19763
  [219] = https://curl.se/bug/?i=19759
@@ -474,8 +517,25 @@
  [223] = https://curl.se/bug/?i=16973
  [225] = https://curl.se/bug/?i=19754
  [226] = https://curl.se/bug/?i=19751
+ [228] = https://curl.se/bug/?i=19836
  [230] = https://curl.se/bug/?i=19745
  [232] = https://curl.se/bug/?i=19746
+ [236] = https://curl.se/bug/?i=19830
+ [238] = https://curl.se/bug/?i=19786
+ [239] = https://curl.se/bug/?i=19828
+ [240] = https://curl.se/bug/?i=19829
+ [241] = https://curl.se/bug/?i=19826
  [242] = https://curl.se/bug/?i=19734
  [243] = https://curl.se/bug/?i=19733
  [244] = https://curl.se/bug/?i=19732
+ [245] = https://curl.se/bug/?i=19824
+ [246] = https://curl.se/bug/?i=19823
+ [247] = https://curl.se/bug/?i=19798
+ [248] = https://curl.se/bug/?i=19811
+ [249] = https://curl.se/bug/?i=19813
+ [251] = https://curl.se/bug/?i=19970
+ [252] = https://curl.se/bug/?i=19809
+ [253] = https://curl.se/bug/?i=19800
+ [254] = https://curl.se/bug/?i=19808
+ [255] = https://curl.se/bug/?i=19803
+ [257] = https://curl.se/bug/?i=19802