final updates

Author: dghgit

CONTRIBUTORS.html

@@ -558,9 +558,12 @@
 <li>Marcono1234 &lt;https://github.com/Marcono1234&gt; - Updates to OpenBSDBCrypt JavaDoc.</li>
 <li>DawidM &lt;https://github.com/dawmit&gt; - Implementation of EC J-PAKE.</li>
 <li>Syed Quasim &lt;https://github.com/HawkItzme&gt; - lint checker fix for EST getTrustAllTrustManager().</li>
-<li>winfriedgerlach &lt;https://github.com/winfriedgerlach&gt; - patch to SecretKeyUtil class.</li>
+<li>winfriedgerlach &lt;https://github.com/winfriedgerlach&gt; - patch to SecretKeyUtil class, patch to DigestFactory cloner for SHA-1.</li>
 <li>feuxfollets1013 &lt;https://github.com/feuxfollets1013&gt; - Initial add JDK21 KEM API implementation for HQC algorithm.</li>
+<li>cragkhit &lt;https://github.com/cragkhit&gt; - addition of null check in some test utility methods to avoid needless exceptions.</li>
 <li>zhsnew &lt;https://github.com/zhsnew&gt; - correct AsconCXof128 implementation and add test vectors</li>
+<li>mt-johan &lt;https://github.com/mt-johan&gt; - patch to preserve PRF on initializing from protectionAlgorithm with PBMAC1.</li>
+<li>oscerd &lt;https://github.com/oscerd&gt; - comment corrections in GMSSRootSig.java.</li>
 </ul>
 </body>
 </html>

docs/releasenotes.html

@@ -27,12 +27,15 @@ <h3>2.1.2 Defects Fixed</h3>
 <li>Overlapping input/output buffers in doFinal could result in data corruption. This has been fixed.</li>
 <li>Fixed Grain-128AEAD decryption incorrectly handle MAC verification.</li>
 <li>Add configurable header validation to prevent malicious header injection in PGP cleartext signed messages; Fix signature packet encoding issues in PGPSignature.join() and embedded signatures while phasing out legacy format.</li>
-<li>Fixed ParallelHash initialization stall when using block size B=0</li>
+<li>Fixed ParallelHash initialization stall when using block size B=0.</li>
+<li>The PRF from the PBKDF2 function was been lost when PBMAC1 was initialized from protectionAlgorithm. This has been fixed.</li>
+<li>The lowlevel DigestFactory was cloning MD5 when being asked to clone SHA1. This has been fixed.</li>
 </ul>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>
 <li>XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/</li>
 <li>Further support has been added for generation and use of PGP V6 keys</li>
+<li>Additional validation has been added for armored headers in Cleartext Signed Messages.<li>
 <li>The PQC signature algorithm proposal Mayo has been added to the low-level API and the BCPQC provider.</li>
 <li>The PQC signature algorithm proposal Snova has been added to the low-level API and the BCPQC provider.</li>
 <li>Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs.</li>
@@ -43,7 +46,7 @@ <h3>2.1.3 Additional Features and Functionality</h3>
 <li>Support for ML-DSA's external-mu calculation and signing has been added to the BC provider.</li>
 <li>CMS now supports ML-DSA for SignedData generation.</li>
 <li>Introduce high-level OpenPGP API for message creation/consumption and certificate evaluation.</li>
-<li>Add JDK21 KEM API implementation for HQC algorithm.</li>
+<li>Added JDK21 KEM API implementation for HQC algorithm.</li>
 <li>BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks.</li>
 <li>BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05).</li>
 <li>BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00).</li>