This affects all users who use the RSA encryption, decryption, sign and verify APIs.
The RSA module no longer supports private-key operations with the public key or vice versa. As a consequence, RSA operation functions no longer have a mode parameter. If you were calling RSA operations with the normal mode (public key for verification or encryption, private key for signature or decryption), remove the MBEDTLS_MODE_PUBLIC or MBEDTLS_MODE_PRIVATE argument. If you were calling RSA operations with the wrong mode, which rarely makes sense from a security perspective, this is no longer supported.
RSA verification functions also no longer take random generator arguments (this was only needed when using a private key). This affects all applications using the RSA verify functions.
The random generator is now mandatory for blinding in all RSA private-key operations (mbedtls_rsa_private, mbedtls_rsa_xxx_sign, mbedtls_rsa_xxx_decrypt) as well as for encryption (mbedtls_rsa_xxx_encrypt). This means that passing a null f_rng is no longer supported.