backport of commit 49d265b

.changelog/14348.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+drain: Fixed a bug where drains would complete based on the server status and not the client status of an allocation
+```

.changelog/15897.txt → .changelog/15769.txt

@@ -1,3 +1,3 @@
 ```release-note:improvement
-acl: New auth-method type: JWT
+build: Update to go1.19.5
 ```

.changelog/16071.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+build: Linux packages now have vendor label and set the default label to HashiCorp. This fix is implemented for any future releases, but will not be updated for historical releases
+```

.changelog/16151.txt → .changelog/16126.txt

@@ -1,3 +1,3 @@
-```release-note:improvement
+```release-note:security
 artifact: Provide mitigations against unbounded artifact decompression
 ```

.changelog/16723.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+client: Fix address for ports in IPv6 networks
+```

.changelog/16776.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+client: Fix CNI plugin version fingerprint when output includes protocol version
+```

.changelog/16788.txt

@@ -0,0 +1,3 @@
+```release-note:security
+build: update to Go 1.20.3 to prevent denial of service attack via malicious HTTP headers [CVE-2023-24534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534)
+```

.changelog/16792.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+core: the deployment's list endpoint now supports look up by prefix using the wildcard for namespace
+```

.changelog/16809.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+csi: gracefully recover tasks that use csi node plugins
+```