• boring-sys: Support static MSVC runtime by @jrose-signal in https://github.com/cloudflare/boring/pull/475
• Sync methods with rust-openssl by @kornelski in https://github.com/cloudflare/boring/pull/477
• Don't add build/ to non-FIPS pre-built path + v4 compat alias by @kornelski in https://github.com/cloudflare/boring/pull/474

For major changes in v5 see: https://github.com/cloudflare/boring/releases/tag/v5.0.0

Full Changelog: https://github.com/cloudflare/boring/compare/v5.0.1...v5.0.2

• Improved building with older versions of upstream BoringSSL C headers https://github.com/cloudflare/boring/pull/469
• Added mlkem and credential Cargo features for new BoringSSL APIs.

See v5.0.0 for major changes.

Upgrade to 4.21.1 first and fix any deprecation warnings.

• FIPS only needs the fips Cargo feature, and the rest is customized via env vars (like BORING_BSSL_FIPS_PATH): https://github.com/cloudflare/boring/pull/383
• Removed the "kx-*" features https://github.com/cloudflare/boring/pull/393
• Post-quantum is enabled by default (X25519MLKEM768 and P256Kyber768Draft00) and the "pq-experimental" Cargo feature flag is not used any more.

• Updated BoringSSL to a newer version with updated patches by @nox in https://github.com/cloudflare/boring/pull/419
• Removed SslCurve API. Identifying curves by name is more reliable across different builds of BoringSSL. Use SslRef::curve_name() instead https://github.com/cloudflare/boring/pull/390 https://github.com/cloudflare/boring/pull/396
• Removed deprecated X509CheckFlags https://github.com/cloudflare/boring/pull/425
• X509Store is now cheaply cloneable, but immutable. SslContextBuilder.cert_store_mut() can't be used after .set_cert_store(). If you need .cert_store_mut(), either don't overwrite the default store, or use .set_cert_store_builder() https://github.com/cloudflare/boring/pull/426
• X509StoreBuilder::add_cert takes a reference.
• Hyper version upgraded from v0 to v1
• set_ex_data() will always Drop previous values https://github.com/cloudflare/boring/pull/424
• Removed blanket Eq from FFI types
• BIO_set_retry_write on WouldBlock @ihciah in https://github.com/cloudflare/boring/pull/118

• Added ML-KEM-768 and ML-KEM-1024 support https://github.com/cloudflare/boring/pull/455 https://github.com/cloudflare/boring/pull/456 https://github.com/cloudflare/boring/pull/462
• Added init-update-finalize API for HMAC https://github.com/cloudflare/boring/pull/459
• set_strict_cipher_list by @abernardeau-wallix in https://github.com/cloudflare/boring/pull/416
• Added set_ticket_key_callback by @toidiu in https://github.com/cloudflare/boring/pull/330
• SslCipherRef::protocol_id by @nox in https://github.com/cloudflare/boring/pull/409

Full Changelog: https://github.com/cloudflare/boring/compare/v4.20.0...v5.0.0

• Added ML-KEM-768 and ML-KEM-1024 support https://github.com/cloudflare/boring/pull/455 https://github.com/cloudflare/boring/pull/456 https://github.com/cloudflare/boring/pull/462
• Added init-update-finalize API for HMAC https://github.com/cloudflare/boring/pull/459
• Re-added pq-experimental (no-op) Cargo feature flag to allow crates support both boring v4 and v5 https://github.com/cloudflare/boring/pull/461
• OpenBSD build fix https://github.com/cloudflare/boring/pull/454
• See previous release notes for major v5 changes: https://github.com/cloudflare/boring/releases/tag/v5.0.0-alpha.1

Full Changelog: https://github.com/cloudflare/boring/compare/v5.0.0-alpha.1...v5.0.0-alpha.3

• Deprecated APIs that were removed in v5.
• Fixed docs.rs build

Deprecated APIs that were removed in v5.

Upgrade to 4.21.0 first and fix any deprecation warnings.

• FIPS only needs the fips Cargo feature, and the rest is customized via env vars (like BORING_BSSL_FIPS_PATH): https://github.com/cloudflare/boring/pull/383
• Removed the "kx-*" features https://github.com/cloudflare/boring/pull/393
• Removed "pq-experimental". Post-quantum is enabled by default (X25519MLKEM768 and P256Kyber768Draft00).

• Updated BoringSSL to a newer version with updated patches by @nox in https://github.com/cloudflare/boring/pull/419
• Removed SslCurve API https://github.com/cloudflare/boring/pull/390
• Removed deprecated X509CheckFlags https://github.com/cloudflare/boring/pull/425
• X509Store is immutable, but cloneable https://github.com/cloudflare/boring/pull/426
• Minimum Hyper version upgraded from v0
• Added SslRef::curve_name() by @ghedo in https://github.com/cloudflare/boring/pull/396
• Added set_ticket_key_callback (SSL_CTX_set_tlsext_ticket_key_cb) by @toidiu in https://github.com/cloudflare/boring/pull/330
• SslCipherRef::protocol_id by @nox in https://github.com/cloudflare/boring/pull/409
• set_strict_cipher_list by @abernardeau-wallix in https://github.com/cloudflare/boring/pull/416
• set_ex_data() will always Drop previous values https://github.com/cloudflare/boring/pull/424
• Removed blanket Eq from FFI types
• BIO_set_retry_write on WouldBlock @ihciah in https://github.com/cloudflare/boring/pull/118

Full Changelog: https://github.com/cloudflare/boring/compare/v4.19.0...v5.0.0-alpha.1

• Add a more reliable Error::library_reason()
• Fix string data conversion in ErrorStack::put()
• CStr vs UTF-8 improvements in https://github.com/cloudflare/boring/pull/371
• Fix swapped host/target args and support TARGET_CC and CC_{target} in https://github.com/cloudflare/boring/pull/375

Full Changelog: https://github.com/cloudflare/boring/compare/v4.19.0...v4.20.0

• Error improvements by @kornelski in https://github.com/cloudflare/boring/pull/372
• Add binding for X509_check_ip_asc by @evanrittenhouse in https://github.com/cloudflare/boring/pull/381

Full Changelog: https://github.com/cloudflare/boring/compare/v4.18.0...v4.19.0

• Add set_verify_param by @semaj-cf in https://github.com/cloudflare/boring/pull/357
• Add support for X509_STORE_CTX_get0_untrusted by @semaj-cf in https://github.com/cloudflare/boring/pull/356
• Add X509VerifyParamRef::copy_from by @nox in https://github.com/cloudflare/boring/pull/361
• Fix X509VerifyContextRef::set_verify_param by @nox in https://github.com/cloudflare/boring/pull/358
• Ensure we call X509_STORE_CTX_cleanup on error path too by @nox in https://github.com/cloudflare/boring/pull/360
• Improve X509StoreContext initialization API by @nox in https://github.com/cloudflare/boring/pull/359
• Don't unwrap when Result can be returned instead by @kornelski in https://github.com/cloudflare/boring/pull/367
• Make X509Store shareable between contexts by @kornelski in https://github.com/cloudflare/boring/pull/366
• Sprinkle #[must_use] by @kornelski in https://github.com/cloudflare/boring/pull/368
• Expose SSL_set1_groups to Efficiently Set Curves on SSL Session by @Justin-Kwan in https://github.com/cloudflare/boring/pull/346
• Upgrade bindgen to v0.72.0 by @akonradi-signal in https://github.com/cloudflare/boring/pull/369
• Expose PKey::raw_{private,public}_key by @jrose-signal in https://github.com/cloudflare/boring/pull/364
• Don't compile binaries for docs.rs by @kornelski in https://github.com/cloudflare/boring/pull/370
• Remove some comments referring to OpenSSL by @hcstern in https://github.com/cloudflare/boring/pull/374

• @Justin-Kwan made their first contribution in https://github.com/cloudflare/boring/pull/346
• @akonradi-signal made their first contribution in https://github.com/cloudflare/boring/pull/369
• @hcstern made their first contribution in https://github.com/cloudflare/boring/pull/374

Full Changelog: https://github.com/cloudflare/boring/compare/v4.17.0...v4.18.0