diff --git a/CMakeLists.txt b/CMakeLists.txt
index 72e6550b5c..d0904181d3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.7.4 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -49,11 +49,11 @@ endif()
 
 # shared library versioning
 # increment if interfaces have been removed or changed
-set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
+set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-set(WOLFSSL_LIBRARY_VERSION_SECOND 3)
+set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
diff --git a/ChangeLog.md b/ChangeLog.md
index a0585b3c26..0b32346c62 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,129 @@
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
+
+Release 5.7.6 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
+## Vulnerabilities
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
+
+
+## New Feature Additions
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
+
+
+## Enhancements and Optimizations
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
+
+
+## Fixes
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
+
+
 # wolfSSL Release 5.7.4 (Oct 24, 2024)
 
 Release 5.7.4 has been developed according to wolfSSL's development and QA
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
index b85f44bb9a..5af27ac69b 100644
--- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,7,4,0
- PRODUCTVERSION 5,7,4,0
+ FILEVERSION 5,7,6,0
+ PRODUCTVERSION 5,7,6,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.7.4.0"
+            VALUE "FileVersion", "5.7.6.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2023"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.7.4.0"
+            VALUE "ProductVersion", "5.7.6.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc
index 86fe62d976..b6df7d1f39 100644
--- a/IDE/WIN10/wolfssl-fips.rc
+++ b/IDE/WIN10/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,7,4,0
- PRODUCTVERSION 5,7,4,0
+ FILEVERSION 5,7,6,0
+ PRODUCTVERSION 5,7,6,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.7.4.0"
+            VALUE "FileVersion", "5.7.6.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2024"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.7.4.0"
+            VALUE "ProductVersion", "5.7.6.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/README b/README
index 2b462bc517..47579ee3d4 100644
--- a/README
+++ b/README
@@ -70,198 +70,130 @@ should be used for the enum name.
 
 *** end Notes ***
 
-# wolfSSL Release 5.7.4 (Oct 24, 2024)
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
 
-Release 5.7.4 has been developed according to wolfSSL's development and QA
+Release 5.7.6 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
 
 PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
  number where the code change was added.
 
 
 ## Vulnerabilities
-* [Low] When the OpenSSL compatibility layer is enabled, certificate
- verification behaved differently in wolfSSL than OpenSSL, in the
- X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
- Previously, in cases where an application explicitly loaded an intermediate
- certificate, wolfSSL was verifying only up to that intermediate certificate,
- rather than verifying up to the root CA. This only affects use cases where the
- API is called directly, and does not affect TLS connections. Users that call
- the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
- applications are recommended to update the version of wolfSSL used or to have
- additional sanity checks on certificates loaded into the X509_STORE when
- verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
-
-
-## PQC TLS Experimental Build Fix
-* When using TLS with post quantum algorithms enabled, the connection uses a
- smaller EC curve than agreed on. Users building with --enable-experimental and
- enabling PQC cipher suites with TLS connections are recommended to update the
- version of wolfSSL used. Thanks to Daniel Correa for the report.
- (https://github.com/wolfSSL/wolfssl/pull/8084)
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
 
 
 ## New Feature Additions
-* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
- Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
-* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
-* Add support for (DevkitPro)libnds (PR 7990)
-* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
-* Add port for init sssd (PR 7781)
-* Add port for eXosip2 (PR 7648)
-* Add support for STM32G4 (PR 7997)
-* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
- Support (PR 7777)
-* Add support for building wolfSSL to be used in libspdm (PR 7869)
-* Add port for use with Nucleus Plus 2.3 (PR 7732)
-* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
- --enable-acert (PR 7926)
-* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
- (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
- (PR 7750)
-* Added “new” and “delete” style functions for heap/pool allocation and freeing
- of low level crypto structures (PR 3166 and 8089)
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
 
 
 ## Enhancements and Optimizations
-* Increase default max alt. names from 128 to 1024 (PR 7762)
-* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
-* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
-* Add option to disable cryptocb test software test using
- --disable-cryptocb-sw-test (PR 7862)
-* Add a call to certificate verify callback before checking certificate dates
- (PR 7895)
-* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
- support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
- Hashing (PR 3166)
-* Expand MMCAU support for use with DES ECB (PR 7960)
-* Update AES SIV to handle multiple associated data inputs (PR 7911)
-* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
-* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
-* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
-* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
- (PR 7731)
-* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
-* Renesas RX TSIP ECDSA support (PR 7685)
-* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
-* Server-side checks OCSP even if it uses v2 multi (PR 7828)
-* Add handling of absent hash params in PKCS7 bundle parsing and creation
- (PR 7845)
-* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
- environments that do not have a word64 type (PR 7759)
-* Update to the maxq10xx support (PR 7824)
-* Add support for parsing over optional PKCS8 attributes (PR 7944)
-* Add support for either side method with DTLS 1.3 (PR 8012)
-* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
-* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
-* Add left-most wildcard matching support to X509_check_host() (PR 7966)
-* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
-* Building wolfSSL as a library with Ada and corrections to Alire manifest
- (PR 7303,7940)
-* Renesas RX72N support updated (PR 7849)
-* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
- (PR 8005)
-* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
- SSL object (PR 7867)
-* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
- Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
-* Memory usage improvements in wc_PRF, sha256 (for small code when many
- registers are available) and sp_int objects (PR 7901)
-* Change in the configure script to work around ">>" with no command. In older
- /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
-* Don't attempt to include system headers when not required (PR 7813)
-* Certificates: DER encoding of ECC signature algorithm parameter is now
- allowed to be NULL with a define (PR 7903)
-* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
-* Update rx64n support on gr-rose (PR 7889)
-* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
-* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
-* Add a new crypto callback for RSA with padding (PR 7907)
-* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
- (PR 7924)
-* Modernized memory fence support for C11 and clang (PR 7938)
-* Add a CRL error override callback (PR 7986)
-* Extend the X509 unknown extension callback for use with a user context
- (PR 7730)
-* Additional debug error tracing added with TLS (PR 7917)
-* Added runtime support for library call stack traces with
- –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
-* Expanded C89 conformance (PR 8077)
-* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
-* Added support for cross-compilation of Linux kernel module (PR 7746)
-* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
-* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
- serial number of 0 (PR 7893)
-* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
-
-### Espressif / Arduino Updates
-* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
-* Update Espressif sha, util, mem, time helpers (PR 7955)
-* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
-* Improve benchmark for Espressif devices (PR 8037)
-* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
-* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
- (PR 7936)
-* Update wolfssl Release for Arduino (PR 7775)
-
-### Post Quantum Crypto Updates
-* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
-* Dilithium: add option to use precalc with small sign (PR 7744)
-* Allow Kyber to be built with FIPS (PR 7788)
-* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
-* Dilithium, Kyber: Update to final specification (PR 7877)
-* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
-
-### ARM Assembly Optimizations
-* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
-* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
-* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
-* Adding ARM ASM build option to STM32CubePack (PR 7747)
-* Add ARM64 to Visual Studio Project (PR 8010)
-* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
-* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
 
 
 ## Fixes
-* ECC key load: fixes for certificates with parameters that are not default for
- size (PR 7751)
-* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
-* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
- (PR 7812)
-* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
-* Fix for detecting older versions of Mac OS when trying to link with
- libdispatch (PR 7932)
-* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
- packets combined into a single transmission. (PR 7840)
-* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
- (PR 7779)
-* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
-* Fix for staticmemory and singlethreaded build (PR 7737)
-* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
-* Fix to support PKCS11 without RSA key generation (PR 7738)
-* Fix not calling the signing callback when using PK callbacks + TLS 1.3
- (PR 7761)
-* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
-* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
-* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
-* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
- (PR 7742)
-* Use max key length for PSK encrypt buffer size (PR 7707)
-* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
-* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
-* Fix CMake build error for curl builds (PR 8021)
-* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
-* SSL loading of keys/certs: testing and fixes (PR 7789)
-* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
-* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
-* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
-* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
-* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
- (PR 8099)
-
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
 
 
 For additional vulnerability information visit the vulnerability page at:
diff --git a/README.md b/README.md
index 11f82fb357..2b6fdae5f0 100644
--- a/README.md
+++ b/README.md
@@ -75,197 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.7.4 (Oct 24, 2024)
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
 
-Release 5.7.4 has been developed according to wolfSSL's development and QA
+Release 5.7.6 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
 
 PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
  number where the code change was added.
 
 
 ## Vulnerabilities
-* [Low] When the OpenSSL compatibility layer is enabled, certificate
- verification behaved differently in wolfSSL than OpenSSL, in the
- X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
- Previously, in cases where an application explicitly loaded an intermediate
- certificate, wolfSSL was verifying only up to that intermediate certificate,
- rather than verifying up to the root CA. This only affects use cases where the
- API is called directly, and does not affect TLS connections. Users that call
- the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
- applications are recommended to update the version of wolfSSL used or to have
- additional sanity checks on certificates loaded into the X509_STORE when
- verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
-
-
-## PQC TLS Experimental Build Fix
-* When using TLS with post quantum algorithms enabled, the connection uses a
- smaller EC curve than agreed on. Users building with --enable-experimental and
- enabling PQC cipher suites with TLS connections are recommended to update the
- version of wolfSSL used. Thanks to Daniel Correa for the report.
- (https://github.com/wolfSSL/wolfssl/pull/8084)
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
 
 
 ## New Feature Additions
-* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
- Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
-* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
-* Add support for (DevkitPro)libnds (PR 7990)
-* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
-* Add port for init sssd (PR 7781)
-* Add port for eXosip2 (PR 7648)
-* Add support for STM32G4 (PR 7997)
-* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
- Support (PR 7777)
-* Add support for building wolfSSL to be used in libspdm (PR 7869)
-* Add port for use with Nucleus Plus 2.3 (PR 7732)
-* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
- --enable-acert (PR 7926)
-* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
- (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
- (PR 7750)
-* Added “new” and “delete” style functions for heap/pool allocation and freeing
- of low level crypto structures (PR 3166 and 8089)
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
 
 
 ## Enhancements and Optimizations
-* Increase default max alt. names from 128 to 1024 (PR 7762)
-* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
-* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
-* Add option to disable cryptocb test software test using
- --disable-cryptocb-sw-test (PR 7862)
-* Add a call to certificate verify callback before checking certificate dates
- (PR 7895)
-* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
- support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
- Hashing (PR 3166)
-* Expand MMCAU support for use with DES ECB (PR 7960)
-* Update AES SIV to handle multiple associated data inputs (PR 7911)
-* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
-* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
-* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
-* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
- (PR 7731)
-* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
-* Renesas RX TSIP ECDSA support (PR 7685)
-* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
-* Server-side checks OCSP even if it uses v2 multi (PR 7828)
-* Add handling of absent hash params in PKCS7 bundle parsing and creation
- (PR 7845)
-* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
- environments that do not have a word64 type (PR 7759)
-* Update to the maxq10xx support (PR 7824)
-* Add support for parsing over optional PKCS8 attributes (PR 7944)
-* Add support for either side method with DTLS 1.3 (PR 8012)
-* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
-* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
-* Add left-most wildcard matching support to X509_check_host() (PR 7966)
-* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
-* Building wolfSSL as a library with Ada and corrections to Alire manifest
- (PR 7303,7940)
-* Renesas RX72N support updated (PR 7849)
-* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
- (PR 8005)
-* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
- SSL object (PR 7867)
-* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
- Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
-* Memory usage improvements in wc_PRF, sha256 (for small code when many
- registers are available) and sp_int objects (PR 7901)
-* Change in the configure script to work around ">>" with no command. In older
- /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
-* Don't attempt to include system headers when not required (PR 7813)
-* Certificates: DER encoding of ECC signature algorithm parameter is now
- allowed to be NULL with a define (PR 7903)
-* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
-* Update rx64n support on gr-rose (PR 7889)
-* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
-* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
-* Add a new crypto callback for RSA with padding (PR 7907)
-* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
- (PR 7924)
-* Modernized memory fence support for C11 and clang (PR 7938)
-* Add a CRL error override callback (PR 7986)
-* Extend the X509 unknown extension callback for use with a user context
- (PR 7730)
-* Additional debug error tracing added with TLS (PR 7917)
-* Added runtime support for library call stack traces with
- –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
-* Expanded C89 conformance (PR 8077)
-* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
-* Added support for cross-compilation of Linux kernel module (PR 7746)
-* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
-* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
- serial number of 0 (PR 7893)
-* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
-
-### Espressif / Arduino Updates
-* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
-* Update Espressif sha, util, mem, time helpers (PR 7955)
-* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
-* Improve benchmark for Espressif devices (PR 8037)
-* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
-* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
- (PR 7936)
-* Update wolfssl Release for Arduino (PR 7775)
-
-### Post Quantum Crypto Updates
-* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
-* Dilithium: add option to use precalc with small sign (PR 7744)
-* Allow Kyber to be built with FIPS (PR 7788)
-* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
-* Dilithium, Kyber: Update to final specification (PR 7877)
-* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
-
-### ARM Assembly Optimizations
-* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
-* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
-* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
-* Adding ARM ASM build option to STM32CubePack (PR 7747)
-* Add ARM64 to Visual Studio Project (PR 8010)
-* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
-* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
 
 
 ## Fixes
-* ECC key load: fixes for certificates with parameters that are not default for
- size (PR 7751)
-* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
-* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
- (PR 7812)
-* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
-* Fix for detecting older versions of Mac OS when trying to link with
- libdispatch (PR 7932)
-* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
- packets combined into a single transmission. (PR 7840)
-* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
- (PR 7779)
-* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
-* Fix for staticmemory and singlethreaded build (PR 7737)
-* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
-* Fix to support PKCS11 without RSA key generation (PR 7738)
-* Fix not calling the signing callback when using PK callbacks + TLS 1.3
- (PR 7761)
-* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
-* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
-* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
-* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
- (PR 7742)
-* Use max key length for PSK encrypt buffer size (PR 7707)
-* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
-* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
-* Fix CMake build error for curl builds (PR 8021)
-* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
-* SSL loading of keys/certs: testing and fixes (PR 7789)
-* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
-* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
-* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
-* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
-* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
- (PR 8099)
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
+
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/configure.ac b/configure.ac
index 492e2ba353..ce36e38ebd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.7.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
 # Inhibit unwanted regeneration of autotools artifacts by Makefile.
@@ -50,11 +50,11 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
 
 # increment if interfaces have been removed or changed
-WOLFSSL_LIBRARY_VERSION_FIRST=42
+WOLFSSL_LIBRARY_VERSION_FIRST=43
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-WOLFSSL_LIBRARY_VERSION_SECOND=3
+WOLFSSL_LIBRARY_VERSION_SECOND=0
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
diff --git a/wolfssl.rc b/wolfssl.rc
index fde2703ded..b9d1537e26 100644
Binary files a/wolfssl.rc and b/wolfssl.rc differ
diff --git a/wolfssl/version.h b/wolfssl/version.h
index b4942384fe..d7a1985bcd 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.7.4"
-#define LIBWOLFSSL_VERSION_HEX 0x05007004
+#define LIBWOLFSSL_VERSION_STRING "5.7.6"
+#define LIBWOLFSSL_VERSION_HEX 0x05007006
 
 #ifdef __cplusplus
 }
diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml
index b08ccb7e85..0334e4a119 100644
--- a/wrapper/Ada/alire.toml
+++ b/wrapper/Ada/alire.toml
@@ -1,6 +1,6 @@
 name = "wolfssl"
 description = "WolfSSL encryption library and its Ada bindings"
-version = "5.7.4"
+version = "5.7.6"
 
 authors = ["WolfSSL Team <support@wolfssl.com>"]
 maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"]