Major changes in v3: fix: unsig integer underflow issue in verify* operators PR from private repo - @fumfel , @airween ; fixed CVE-2026-42268 fix: buffer overflow in hex_decode.cc PR from private repo - @EsadCetiner , @fumfel , @airween ; fixed CVE-2026-30923 fix: buffer overflow in multipart body proc PR #3546 - @fumfel , @airween fix: heap buffer overflow in acmp pm PR #3544 - @fumfel , @airween fix: nullptr dereference in seclang scanner PR #3543 - @fumfel , @airween fix: probably UB (left shift of neg. val) in ip_tree PR #3541 - @fumfel , @airween Add initial mbedTLS v4 support; bump mbedTLS to 4.1.0 PR #3532 - @Easton97-Jens Update SQLi/XSS operators for libinjection v4.0.0; bump libinjection to 4.0.0 PR #3528 - @Easton97-Jens Beside of these, there are many other changes in 3.0.15 - for more information please see CHANGES .