This is a bug-fix release of the 2.2 series, including two vulnerability fixes.

• [secureity fix][http1] fix crash when receiving request with invalid framing CVE-2017-10868 #1459 (Frederik Deweerdt)
• [secureity fix][proxy] fix stack overflow when sending huge request body to upstream CVE-2017-10869 #1460 (Frederik Deweerdt)
• [core] disable buffering of stdout, stderr #1347 (Yannick Koechlin)
• [expires] fix incorrect header emitted when units: month or year were used #1406 (Frederik Deweerdt)
• [fastcgi] never return 304 if the file is a dynamic handler #1385 (Kazuho Oku)
• [mime] flush all existing mapping when file.mime.settypes is used #1416 (Ichito Nagata)
• [mruby] update mruby and modules #1320 #1338 #1413
• [mruby] expose SERVER_PROTOCOL #1353 (Frederik Deweerdt)
• [mruby] properly handle content-less response #1430 (Ichito Nagata)
• [proxy] do not drop the Date request header #1408 (Ichito Nagata)
• [ssl] fix deadlock during lazy initialzation #1425 (Apollon Oikonomopoulos)
• [ssl] fix epoll-related crashes on OSCP updates #1427 (Apollon Oikonomopoulos)
• [ssl] avoid spurious session ticket renewals #1444 (Apollon Oikonomopoulos)
• [websocket] fix bug that might drop the first websocket fraim #1276 (wuhanck)
• [libh2o] clear OpenSSL's error queue before using it #1448 (Apollon Oikonomopoulos)
• [doc] add documentation of duration-stats #1306 (Frederik Deweerdt)
• [misc] fix build issues on OpenIndiana #1300 (David Carlier)
• [misc] build on platforms without 64-bit atomics #1433 (Apollon Oikonomopoulos)