- gpg: Change the default key algorithm to rsa3072.
- gpg: Add regular expression support for Trust Signatures on all platforms. [T4843]
- gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat option. [T4991]
- gpg: Ignore --personal-digest-prefs for ECDSA keys. [T5021]
- gpgsm: Make rsaPSS a de-vs compliant scheme.
- gpgsm: Show also the SHA256 fingerprint in key listings.
- gpgsm: Do not require a default keyring for --gpgconf-list. [T4867]
- gpg-agent: Default to extended key format and record the creation time of keys. Add new option --disable-extended-key-format.
- gpg-agent: Support the WAYLAND_DISPLAY envvar. [T5016]
- gpg-agent: Allow using --gpgconf-list even if HOME does not exist. [T4866]
- gpg-agent: Make the Pinentry work even if the envvar TERM is set to the empty string. [T4137]
- scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly incremented the error counter when using the "verify" command of "gpg --edit-key" with only the signature key being present.
- dirmngr: Better handle systems with disabled IPv6. [T4977]
- gpgpslit: Install tool. It was not installed in the past to avoid conflicts with the version installed by GnuPG 1.4. [T5023]
- gpgtar: Handle Unicode file names on Windows correctly (requires libgpg-error 1.39). [T4083]
- gpgtar: Make --files-from and --null work as documented. [T5027]
- Build the Windows installer with the new Ntbtls 0.2.0 so that TLS connections succeed for servers demanding GCM.