mod_s2s: Don't pass unknown hostnames as stats label Labels are supposed to be fixed sets of things, so defined hosts are okay, but not unknown hosts.

net.server_epoll: Process all queued events from epoll before timers Should call timers less frequently when many sockets are waiting for processing. May help under heavy load. Requested by Ge0rG

mod_http_file_share: Allow 'Authorization' header via CORS (thanks kawaii) Can't find anything saying anything on whether this is needed or not. kawaii reported that both Chrome and Firefox complained unless the header was added to the list of allowed headers.

mod_pubsub,mod_pep: Advertise maximum number of items via XEP-0122 Clients would generally be using the "max" symbol instead of discovering this, but this also gets us validation and earlier rejection of out of bounds values.

mod_pubsub: Prevent max_items from being set to zero Disable persistence instead if no items should be persisted. XEP-0060 is not entirely clear on what either of those option really mean.

mod_pubsub,mod_pep: Implement 'send_last_published_item' option #1436 Default left as 'never' in mod_pubsub to preserve the previous behavior. Unclear if this is desirable, but can always be changed later. In mod_pep this allows turning off the automatic resending of most recent item.

mod_http_file_share: return 401 instead of 403 if authentication failed This is as per the HTTP standards [1]. Thankfully, the REQUIRED www-authenticate header is already generated by the code. [1]: https://datatracker.ietf.org/doc/html/rfc7235#section-3.1

mod_auth_cyrus: Remove (move to community modules) mod_auth_ldap provides LDAP support without being tied to Cyrus

doap: Update XEP-0280 version, it's now Stable

mod_admin_shell: Show HTTP base-URLs in module:info() Because it's nice, not having to find it in http:list(), which could have a lot of items.