This is a bug-fix release of the 2.2 series with following changes from 2.2.4, including one vulnerability fix.

• [security fix][access-log] fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
• [fastcgi] index file name must be part of SCRIPT_NAME #1650 (Ichito Nagata)
• [http2] do not compress cookies less than 20 bytes long #1389 (Julien Benoist)
• [http2] stop opening new push streams after receiving GOAWAY #1555 (Ichito Nagata)
• [http2] fix conformance issues #1579 #1582 #1599 (Kazuho Oku)
• [mruby] drop the link rel=preload header with a x-http2-push-only attribute #1310 (Frederik Deweerdt)
• [mruby] allow loading a file that shares the basename with one of the preloaded files #1662 (Ichito Nagata)
• [proxy] fix I/O error when receiving multiple informational responses #1716 (Frederik Deweerdt)
• [ssl] fix bug that prevents record size growing to maximum when latency optimization is disabled #1545 (Ichito Nagata)
• [ssl] fix compatibility issues with libressl 2.7 #1707 (AIZAWA Hina)
• [ssl] update picotls to support TLS 1.3 draft-26 #1718 (Kazuho Oku)