...
The Windows package contains refreshed libraries, including precautionary security updates for OpenSSL and libcurl.
TLS Renegotiation Change on Windows
Because of the update to OpenSSL on Windows, there is an inadvertent change to the default behavior of the software when interacting with sources of metadata of IdP SOAP endpoints that do not support secure TLS renegotiation. This was permitted by default before and now is not. Should this be a requirement, it is possible to leverage the <TransportOption> element (either globally or in a specific <MetadataProvider> to re-enable the option for this (see OpenSSLTransportOptions).
3.3.0 (November 30, 2021)
...
Thus, it is a relatively simple matter to "upgrade" one's configuration:
With the original configuration, verify a working system, and check the log(s) for any DEPRECATED warnings.
Fix any settings causing those warnings until they're gone.
Update the namespace at the top of the file.
Restart, test, and fix any straggling errors.
Most of the changed defaults noted above will not apply to such a migrated system since they depend on actual changes to the configuration, and the vast majority of deployments can simply do a bit of testing, make the bump, and be good to go.
...