We have released LibreSSL 2.4.4, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. It includes the following changes: * Avoid continual processing of an unlimited number of TLS records, which can cause a denial-of-service condition. * In X509_cmp_time(), pass asn1_time_parse() the tag of the field being parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. * Improve ticket validity checking when tlsext_ticket_key_cb() callback chooses a different HMAC algorithm. * Check for packets with a truncated DTLS cookie. * Detect zero-length encrypted session data early, instead of when malloc(0) fails or the HMAC check fails. * Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.