I have two C7 v5 running with 19.07.4 custom build, doing 80211s, and AP (5Ghz, Channel 36) and batman-adv, just fine. But I'm unable to encrypt the 80211s mesh.
My build includes wpad (2019-08-08-ca8c2bd2-4) and libopenssl1.1 (1.1.1g-1) as well as hostapd-common and hostapd-utils (2019-08-08-ca8c2bd2-4).
What I do not get or understand: if, when, and how a user needs hostapd (full) or wpad. As far as I can tell. wpad is "just" a reimplentation by nbd but I can not tell if wpad includes the hostapd stuff for providng AP or not. I would assume yes...
Many users and threads here in to forum only speak about using i.e. wpad-mesh-openssl or wolfssl. For me atm device flash space is no limitation so I can just put in the full packages.
What I also do not know/understand, if for any mesh participation the supplicant part is needed or involved. Please enlighten me 
As there were somehow some issues in the past, I like to ask for confirmation about the current state of support for 19.07.4 for qca988x with mesh+ap + any encrytion and some concrete statement what to set on encryption in config/wireless (and where to find uptodate information what is supported or has limitations), and if I have to use "key" or the "sea-whatsoever" option.
(The issues I read about were the kind of race conditions or crashed driver when mesh and ap were running on the radio and then encryption were enabled. What I cant tell if this applied only on 5 or also on 2.4 Ghz radio devices)
Thanks in advise if you do not just post me a link to an two year old thread here, because I think I read/tried them all 
Like I said, the mesh without encryption and "roaming" for clients between the APs with all the VLANs on batman-adv just work fine. The only missing part for me now is encryption on 80211s.
Best,
Bernd