Note: This is the last release of ndn-cxx to support the C++14 standard.
Future versions will require C++17 to build.

Important changes and new features

- The minimum build requirements have been increased as follows:
  - Either GCC >= 7.4.0 or Clang >= 6.0 is required on Linux
  - On macOS, Xcode 11.3 or later is recommended; older versions may
    still work but are not officially supported
  - Boost >= 1.65.1 and OpenSSL >= 1.1.1 are required on all platforms
  - Sphinx 4.0 or later is required to build the documentation
- CentOS Stream 9 is now officially supported; CentOS 8 has been dropped
  (5181)
- macOS 12 (Monterey) and 13 (Ventura) running on arm64 are now
  officially supported (5135)
- Add the initial version of a Segmenter API that applications can use
  to simplify the process of chunking a large object into multiple
  signed Data packets (5247)
- Add KeyChain::makeCertificate() to simplify the creation of
  certificates
- Put the full certificate name in the KeyLocator field, instead of just
  the key name (5112)
- NFD management commands sent by nfd::Controller now use the new signed
  Interest format (4804)

Improvements and bug fixes

- Several enhancements and cleanups in Name and Component to make the
  API more consistent and simpler to use (5186)
- Various improvements in the validation framework and policies
  - Avoid redundant TLV decoding during Interest validation
  - Fix validation of signed Interests with malformed
    InterestSignatureInfo
  - More accurate validation error codes are returned in several cases
  - Rename ValidationError::NO_SIGNATURE to MALFORMED_SIGNATURE
- Optimize parsing of PIB and TPM locators in KeyChain
- Major cleanup and modernization of PIB implementation
- Gracefully handle invalid or unsupported public keys stored in the PIB
- Fix OpenSSL 3.0 deprecation warnings in private key generation
  routines (5154)
- Change Certificate::getPublicKey() to return a span
- Make Block convertible to span<const uint8_t>
- Avoid assertion failure in OBufferStream under certain conditions
  (5240)
- Allow customizing the FaceId in DummyClientFace (5011)
- Improve pretty-printing of certificates, e.g., in ndnsec list and
  ndnsec cert-dump
- Relax restrictions on KeyId component type in ndnsec key-gen
- Fix handling of --without-osx-keychain configure option (3338)
- Stop using the gold linker on Linux; prefer instead linking with lld
  if installed
- Update waf build system to version 2.0.24
- Various documentation improvements

Deprecations

- Name::append() overloads and Component constructors that take a
  const uint8_t*. Use the span-based overloads instead.
- Component::fromImplicitSha256Digest() and
  Component::fromParametersSha256Digest(). Use one of the constructors
  directly instead.

Removals

- Obsolete TLV-TYPE definitions
- Many previously deprecated functions that take raw byte buffers as
  uint8_t* + size_t, replaced by equivalent functions that take a span.
  These include Data::setContent(),
  Interest::setApplicationParameters(), Block::fromBuffer(),
  verifySignature(), PublicKey::loadPkcs8(), transform::bufferSource(),
  random::generateSecureBytes(), printHex(), toHex(), and so on.
- Previously deprecated Name::append(Block) overload
- Previously deprecated Interest::setDefaultCanBePrefix()
- ndn::any and related functionality