From this webpage screenshot, the following key vulnerability and feature information can be extracted: 1. Critical Vulnerabilities: - CVE-2024-0901: Potential denial-of-service and out-of-bounds read. Affects TLS 1.3 when a server accepts a connection from a malicious TLS 1.3 client. Servers using TLS 1.3 should update their wolfSSL version. Fixed via GitHub pull request #7099. 2. Medium Vulnerabilities: - CVE-2024-1545: Injection vulnerability in RSAPrivateDecryption function, allowing attackers to perform Rowhammer injection when executing with the same system as the victim process. Fixed via GitHub pull request #7167. - CVE-2024-1546: Injection attack in EdDSA signature operations. Affects ed25519 signature operations; systems may be sensitive to Rowhammer attacks. Fixed via GitHub pull request #7212. 3. New Features Added: - Added configuration flag to disable currently experimental features. Now, liboqs, kyber, lms, xmss, and dual-alg-certs require the flag. 4. Post-Quantum Cryptography (PQC) Support Added: - Experimental framework for XMSS implementation using wolfSSL (PR 7161). - Experimental framework for LMS implementation using wolfSSL (PR 7283). - Experimental wolfSSL Kyber implementation with assembly optimizations, enabled via (PR 7318). - Experimental support for post-quantum dual-key/signature certificates. Some known issues and sanitizer checks are ongoing. Enabled via (PR 7112). - CryptoCb support for PQC algorithms (PR 7110). 5. Other Features Added: - Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB via the new option, enabling wolfCrypt implementation to be used with dm-crypt/luks and ESP subsystems. Notably, wolfCrypt AES-XTS is faster than native kernel implementation when is enabled. - CryptoCb hook to one-time CMAC function (PR 7059). - PKCS7_VerifySignedData and BER content stream support for signing/encryption operations (PR 6961 & 7184). - IoT-Safe SHA-384 and SHA-512 support (PR 7176). - I/O callbacks for content and output with PKCS7 bundled signing/encryption to reduce peak memory usage (PR 7272). - Microchip PIC24 support and example projects (PR 7151). - AutoSAR shim layer for RNG, SHA256, and AES (PR 7296). - API to clear intermediate certificates added to the certificate store (PR 7245). - Implementation of and (PR 7236). 6. Enhancements and Optimizations: - Removal of deprecated user crypto features and Intel IPP support (PR 7097). - Support for RSA-PSS signatures with CRL usage (PR 7119). - AES-GCM enhancement using Xilsecure on Microblaze (PR 7051). - Support for crypto cb built only with ECC and NXP CAAM (PR 7269). - Improved liboqs integration with added locking and initialization/cleanup functions (PR 7026). - Prevent memory access before and are sanitized (PR 7096). - Improved reproducible builds (PR 7267). - Updated Arduino TLS client/server examples and improved ESP32 support (PR 7304 & 7177). - XC32 compiler version 4.x compatibility (PR 7128). - Build support for PlayStation 3 and 4 (PR 7072). - SHA HW/SW selection and usage on ESP32-C2/ESP8684, type, component clobber list fix, and TLS client example fix for ESP8266 (PR 7081, 7173, 7077, 7148, 7240). - Allow crypto callbacks with SHA-1 HW (PR 7087). - Updated OpenSSH port to version 9.6p1 (PR 7203). - ARM Thumb2 enhancements: AES-GCM supports GCM_SMALL, key alignment fix, ASM clobber list fix (PR 7291, 7301, 7221). - Extended heap hint support for static memory builds with more x509 functions (PR 7136). - Improved ARMv8 ChaCha20 ASM (alignment) (PR 7182). - Added for unknown extension callbacks to CertManager (PR 7194). - Implemented for crypto callbacks using devID's (PR 7271). - Allow reading 0.5-RTT data after writing 0-RTT data (PR 7102). - Send invalid PSK binding error alert (PR 7235). - Enhancements to CMake build files for cross-compilation (PR 7188). 7. Fixes: - Fixed issue with MAC verification result check when using AES-GCM without AAD and Xilinx Xilsecure (PR 7051). - Fixed Aria signature usage issue (PR 7082). - Fixed invalid dh_ffdhe_test test case when using Intel QuickAssist (PR 7085). - Fixed TI AES and SHA usage with TM4C and HW accelerator, and added full AES GCM and CCM support with TLS (PR 7018). - Fixed STM32 PKA usage with ECC (PR 7098). - Fixed TLS 1.3 KDF/HMAC operations with crypto callbacks (PR 7070). - Fixed path inclusion issue for FSP 3.5 on Renesas RA6M4 (PR 7101). - Fixed x64 asm fix for use with older compilers (PR 7299). - Fixed SGX build with SP (PR 7308). - Fixed mandatory requirement that cookie must be sent in new ClientHello when seen in HelloRetryRequest (PR 7190). - Fixed wrapping behavior with BIO pairs (PR 7169). - Fixed OCSP parsing: correctly parse response with revocation reason, return correct error value, and perform date checks (PR 7241 & 7255). - Fixed build issue with and improved checks (PR 7150). - Fixed DTLS sequence number and cookie writing when downgrading DTLS version (PR 7214). - Fixed usage with ChaCha-Poly ciphe