This release fixes one security issue, and adds support for versioned CryptoKey files as well as the new versioned wire format required to support post-quantum cryptography. Specific changes:
1. Add key exchange versioning. This changes the on-the-wire format, and is presently done in a backwards-compatible way through the legacy tunable.
2. Fix a security issue where a malicious, active, MITM with a valid signing key could replace a key request random value with their own. It is not obviously exploitable beyond making denial of service easier. Controllers (if used) must be updated first.
As a consequence of the security fix, controllers must be updated first so that they no longer replace the random value with their own.