Prepare 0.15.2 release

CHANGELOG.md

@@ -1,5 +1,30 @@
 # Changelog
 
+## 0.15.2 (2026-04-15)
+
+This is a minor release with two security fixes. It also updates `rustls` to
+[0.23.38](https://github.com/rustls/rustls/releases/tag/v%2F0.23.38).
+
+### Security
+
+This update addresses
+[RUSTSEC-2026-0098](https://rustsec.org/advisories/RUSTSEC-2026-0098.html) and 
+[RUSTSEC-2026-0099](https://rustsec.org/advisories/RUSTSEC-2026-0099.html);
+two security issues affecting name constraint checking with the webpki
+certificate verifiers. Both issues are reachable only after signature
+verification and require misissuance to exploit.
+
+These low-impact vulnerabilities only affect users of the
+`rustls_web_pki_[server|client]_cert_verifier_builder` APIs.
+
+### Added
+
+* `rustls_client_config_builder_set_check_selected_alpn()`
+  * Allows configuring a to-be-built client config to allow skipping a check
+    that the server's selected ALPN was in the list offered by the client. This
+    defaults to true, matching the behavior before the option to skip the check
+    was available.
+
 ## 0.15.1 (2026-03-13)
 
 This is a minor release with one security fix. It updates `rustls` to

librustls/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "rustls-ffi"
 # Keep in sync with defines in cbindgen.toml
-version = "0.15.1"
+version = "0.15.2"
 license = "Apache-2.0 OR ISC OR MIT"
 readme = "../README-crates.io.md"
 description = "Rustls bindings for non-Rust languages"

librustls/cbindgen.toml

@@ -5,7 +5,7 @@ after_includes = """
 
 #define RUSTLS_VERSION_MAJOR 0
 #define RUSTLS_VERSION_MINOR 15
-#define RUSTLS_VERSION_PATCH 1
+#define RUSTLS_VERSION_PATCH 2
 
 /**
  * This gives each version part 8 bits, and leaves the 8 least significant bits

librustls/src/rustls.h

@@ -9,7 +9,7 @@
 
 #define RUSTLS_VERSION_MAJOR 0
 #define RUSTLS_VERSION_MINOR 15
-#define RUSTLS_VERSION_PATCH 1
+#define RUSTLS_VERSION_PATCH 2
 
 /**
  * This gives each version part 8 bits, and leaves the 8 least significant bits