Heimdal 7.7.0 continues to address shortcomings and performance improvements that were identified in heimdal 7.6.0.
Heimdal 7.6.0 addresses various bug fixes including two CVE's, which both enable MITM while using PKINIT:
in addition, support for anonymous TGS-req and AS-req are fixed.
These vulnerabilities exist in heimdal from version 0.8 to 7.5.0 (FreeBSD's current implementation)
https://www.cvedetails.com/cve/CVE-2019-12098/ CVE score 5.8