You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bu...@apache.org on 2022/09/19 08:42:25 UTC
svn commit: r1080855 [2/2] - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html oldnews.html

Modified: websites/production/santuario/content/oldnews.html
==============================================================================
--- websites/production/santuario/content/oldnews.html (original)
+++ websites/production/santuario/content/oldnews.html Mon Sep 19 08:42:25 2022
@@ -45,7 +45,7 @@ Apache Santuario -- old_news
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
       <!-- Banner -->
-<div class="banner" id="banner"><div class="table-wrap"><table class="wrapped confluenceTable" style="width: 100.0%;" border="0" cellpadding="0" cellspacing="0"><colgroup span="1"><col span="1"><col span="1"></colgroup><tbody><tr><td align="left" colspan="1" rowspan="1" class="confluenceTd" style="border: none;"><a shape="rect" class="external-link" title="Apache Santuario" href="http://santuario.apache.org/"> <span style="font-weight: bold;font-size: 170.0%;color: white;">Apache Santuario</span> </a></td><td align="right" colspan="1" rowspan="1" class="confluenceTd" style="border: none;"><div class="content-wrapper"><a shape="rect" class="external-link" href="http://www.apache.org/" title="The Apache Software Foundation"> <span class="confluence-embedded-file-wrapper image-right-wrapper confluence-embedded-manual-size"><img class="confluence-embedded-image confluence-external-resource image-right" alt="The Apache Software Foundation" width="214" src="https://apache.org/img/asf_logo
 .png" data-image-src="https://apache.org/img/asf_logo.png"></span> </a></div></td></tr></tbody></table></div></div>
+<div class="banner" id="banner"><div class="table-wrap"><table class="wrapped confluenceTable" style="width: 100.0%;" border="0" cellpadding="0" cellspacing="0"><colgroup span="1"><col span="1"><col span="1"></colgroup><tbody><tr><td align="left" colspan="1" rowspan="1" class="confluenceTd" style="border: none;"><a shape="rect" class="external-link" title="Apache Santuario" href="http://santuario.apache.org/"> <span style="font-weight: bold;font-size: 170.0%;color: white;">Apache Santuario</span> </a></td><td align="right" colspan="1" rowspan="1" class="confluenceTd" style="border: none;"><div class="content-wrapper"><a shape="rect" class="external-link" href="http://www.apache.org/" title="The Apache Software Foundation"> <span class="confluence-embedded-file-wrapper image-right-wrapper confluence-embedded-manual-size"><img class="confluence-embedded-image confluence-external-resource image-right" draggable="false" alt="The Apache Software Foundation" width="214" src="https://apach
 e.org/img/asf_logo.png" data-image-src="https://apache.org/img/asf_logo.png"></span> </a></div></td></tr></tbody></table></div></div>
       <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
@@ -82,7 +82,7 @@ Apache Santuario -- old_news
                 <div id="wrapper-menu-page-bottom">
                   <div id="menu-page">
                     <!-- NavigationBar -->
-<div id="navigation"><h3 id="Navigation-ApacheSantuario">Apache Santuario</h3><ul><li><a shape="rect" href="index.html">Home</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="secadv.html">Security Advisories</a></li><li><a shape="rect" href="faq.html">FAQ</a></li><li><a shape="rect" href="team.html">Team</a></li><li><a shape="rect" href="contributing.html">Contributing</a></li><li><a shape="rect" href="mailing.html">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="https://svn.apache.org/viewvc/santuario/">SVN</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO">Issue Tracking</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="history.html">History</a></li><li><a shape="rect" href="oldnews.html">Old News</a></li></ul><h3 id="Navigation-Java">Java</h3><ul><li><a shape="rect" href="javaindex.h
 tml">Index</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="javareleasenotes.html">Release Notes</a></li><li><a shape="rect" href="java-source-repository.html">Source repository</a></li><li><a shape="rect" href="javafaq.html">FAQ</a></li><li><a shape="rect" href="javaapi.html">API</a></li><li><a shape="rect" href="streaming-xml-security.html">Streaming API</a></li><li><a shape="rect" href="javainterop.html">Interoperability</a></li></ul><h3 id="Navigation-C++">C++</h3><ul><li><a shape="rect" href="cindex.html">Index</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="creleasenotes.html">Release Notes</a></li><li><a shape="rect" href="c-source-repository.html">Source repository</a></li><li><a shape="rect" href="cinstallation.html">Installation</a></li><li><a shape="rect" href="cfaq.html">FAQ</a></li><li><a shape="rect" href="ctools.html">Tools</a></li><li><a shape="rect" href="cprogramming.html">Progra
 mming</a></li><li><a shape="rect" href="ccredits.html">Credits</a></li></ul><h3 id="Navigation-ASF">ASF</h3><ul><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li></ul><p><a shape="rect" class="external-link" href="https://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"><img class="confluence-embedded-image confluence-external-resource" height="125" src="https://www.apache.org/events/current-event-125x125.png" data-image-src="https://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
+<div id="navigation"><h3 id="Navigation-ApacheSantuario">Apache Santuario</h3><ul><li><a shape="rect" href="index.html">Home</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="secadv.html">Security Advisories</a></li><li><a shape="rect" href="faq.html">FAQ</a></li><li><a shape="rect" href="team.html">Team</a></li><li><a shape="rect" href="contributing.html">Contributing</a></li><li><a shape="rect" href="mailing.html">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="https://svn.apache.org/viewvc/santuario/">SVN</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO">Issue Tracking</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="history.html">History</a></li><li><a shape="rect" href="oldnews.html">Old News</a></li></ul><h3 id="Navigation-Java">Java</h3><ul><li><a shape="rect" href="javaindex.h
 tml">Index</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="javareleasenotes.html">Release Notes</a></li><li><a shape="rect" href="java-source-repository.html">Source repository</a></li><li><a shape="rect" href="javafaq.html">FAQ</a></li><li><a shape="rect" href="javaapi.html">API</a></li><li><a shape="rect" href="streaming-xml-security.html">Streaming API</a></li><li><a shape="rect" href="javainterop.html">Interoperability</a></li></ul><h3 id="Navigation-C++">C++</h3><ul><li><a shape="rect" href="cindex.html">Index</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="creleasenotes.html">Release Notes</a></li><li><a shape="rect" href="c-source-repository.html">Source repository</a></li><li><a shape="rect" href="cinstallation.html">Installation</a></li><li><a shape="rect" href="cfaq.html">FAQ</a></li><li><a shape="rect" href="ctools.html">Tools</a></li><li><a shape="rect" href="cprogramming.html">Progra
 mming</a></li><li><a shape="rect" href="ccredits.html">Credits</a></li></ul><h3 id="Navigation-ASF">ASF</h3><ul><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li></ul><p><a shape="rect" class="external-link" href="https://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper confluence-embedded-manual-size"><img class="confluence-embedded-image confluence-external-resource" draggable="false" height="125" src="https://www.apache.org/events/current-event-125x125.png" data-image-src="https://www.apache.org/events/current-event-125x125.png"></span><
 /a></p></div>
                     <!-- NavigationBar -->
                   </div>
               </div>
@@ -92,7 +92,7 @@ Apache Santuario -- old_news
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="old_news-OldNews">Old News</h1><h3 id="old_news-May2022" style="">May 2022</h3><p style="">Versions 3.0.0, 2.3.1, 2.2.4 and 2.1.8 of the Apache XML Security for Java library have been released. 3.0.0 is a new major release of the library that contains a change to the jakarta JAXB namespace for the streaming library. 2.1.8 is the last planned release of 2.1.x.</p><h3 id="old_news-November2021">November 2021</h3><p>Version 2.3.0 of the Apache XML Security for Java library has been released. This is a major new release of the library. Some of the significant changes include:</p><ul><li>A rewrite for the StAX output processor chain to make it<br clear="none">deterministic - <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-555">https://issues.apache.org/jira/browse/SANTUARIO-555</a></li><li>Secure Validation is now enabled by default -<br clear="none"><a shape="rect" class="external-link" href="https://issues.
 apache.org/jira/browse/SANTUARIO-574">https://issues.apache.org/jira/browse/SANTUARIO-574</a></li><li>Local + HTTP ResourceResolvers are disabled by default -<br clear="none"><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-573">https://issues.apache.org/jira/browse/SANTUARIO-573</a></li></ul><h3 id="old_news-October2021">October 2021</h3><p>Version 2.0.3 of the Apache XML Security for C++ library has been released. This release adds support for OpenSSL 3.0.0, though using a number of now-deprecated function calls.</p><h3 id="old_news-September2021">September 2021</h3><p>Version 2.2.3 and 2.1.7 of the Apache XML Security for Java library has been released. Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><p>These releases contain a fix for a new CVE:</p><ul><li>CVE-2021-40690 - Bypass of the secureValidation property</li></ul><p>Please refer to the <a
  shape="rect" href="secadv.html">security advisories</a> page for further information.</p><h3 id="old_news-May2021">May 2021</h3><p>Version 2.2.2 of the Apache XML Security for Java library has been released to fix a few bugs.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-November2020">November 2020</h3><p>Version 2.2.1 and 2.1.6 of the Apache XML Security for Java library have been released to fix a few bugs.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-June2020">June 2020</h3><p>Version 2.2.0 of the Apache XML Security for Java library has been released. This is a new major release with the following features:</p><ul><li>Added support for RSASSA-PSS 
 with Parameters</li><li>Extensive refactoring and code simplification</li><li>JDK14 officially supported</li><li>Ability to set a security provider when using org.apache.xml.security.signature.XMLSignature</li><li>Added support for customizing how to parse a Inputstream into a DOM Document</li></ul><p>This release includes a fix for <a shape="rect" class="external-link" rel="nofollow" href="https://www.oracle.com/security-alerts/cpuapr2020.html"><span class="il">CVE</span>-2020-2773</a> which also affects our code base. However we will not be issuing a separate CVE, as we do not consider it a security vulnerability.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-March2020">March 2020</h3><p>Version 2.1.5 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a
  shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-August2019">August 2019</h3><p>Version 2.1.4 of the Apache XML Security for Java library has been released.</p><p>This release contains a fix for a security advisory - CVE-2019-12400: Apache Santuario potentially loads XML parsing code from an untrusted source. Please see the <a shape="rect" href="secadv.html">security advisories</a> page for more information.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-March2019">March 2019</h3><p>Version 2.1.3 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-November2018">November 2018</h3><p>Versio
 n 2.0.2 of the Apache XML Security for C++ has been released.</p><p>This patch corrects a <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-496">bug</a> that can cause crashes in upstream applications. It is similar to, but not the same as, the one that was patched in V2.0.1, and resulted from further review of the code by the project that contributes all of the current manpower to the project. Appreciation is extended to the <a shape="rect" class="external-link" rel="nofollow" href="https://www.shibboleth.net/">Shibboleth</a> Project team for this review.</p><h3 id="old_news-August2018">August 2018</h3><p>Version 2.0.1 of the Apache XML Security for C++ has been released.</p><p>This patch corrects a <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-491">bug</a> that can cause crashes in upstream applications.</p><h3 id="old_news-June2018">June 2018</h3><p>Version 2.1.2 of the Apache XML Security for
  Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><p>Version 2.0.0 of the Apache XML Security for C++ has been released.</p><p>Please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311231&amp;version=12341551">release notes</a> for basic information on bugs addressed. As a major upgrade, this release includes a range of relative minor, but visible, changes to the API that are not explicitly noted there. There are no features of significance added in this version, merely some refactoring and removal of deprecated APIs.</p><h3 id="old_news-January2018">January 2018</h3><p>Versions 2.1.1 and 2.0.10 of the Apache XML Security for Java library have been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https
 ://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.1.0/2.0.9">Apache XML Security for Java 2.1.0/2.0.9</h3><p>Versions 2.1.0 and 2.0.9 of the Apache XML Security for Java library have been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.5">Apache XML Security for Java 2.0.5</h3><p>Version 2.0.5 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.4">Apache XML Security for Java 2.0.4</h3><p>Versions 2.0.4 of the Apache XML Sec
 urity for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.3/1.5.8">Apache XML Security for Java 2.0.3/1.5.8</h3><p>Versions 2.0.3 and 1.5.8 of the Apache XML Security for Java library have been released. Security advisory <a shape="rect" href="secadv.html">CVE-2014-8152</a> has been issued for versions 2.0.0, 2.0.1 and 2.0.2 of the library.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.7.1">Apache XML Security for C++ 1.7.1</h3><p>Security advisory <a shape="rect" href="secadv.html">CVE-2013-2210</a> has been issued, affecting Apache XML-Security for C++ version 1.7.1. Version 1.7.2 of the Apache XML Security for C++ library has been released, addressing this issue.</p><p
 >Security advisory <a shape="rect" href="secadv.html">CVE-2013-2172</a> has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.</p><p>Security advisories <a shape="rect" href="secadv.html">CVE-2013-2153</a>, <a shape="rect" href="secadv.html">CVE-2013-2154</a>, <a shape="rect" href="secadv.html">CVE-2013-2155</a>, and <a shape="rect" href="secadv.html">CVE-2013-2156</a>, affecting Apache XML-Security for C++ versions prior to 1.7.1, have been issued.</p><p>Version 1.7.1 of the Apache XML Security for C++ library has been released, addressing these issues.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.2">Apache XML Security for Java 2.0.2</h3><p>Versions 2.0.2 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.1an
 d1.5.7">Apache XML Security for Java 2.0.1 and 1.5.7</h3><p>Versions 2.0.1 and 1.5.7 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.0">Apache XML Security for Java 2.0.0</h3><p>Version 2.0.0 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="java200releasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.6">Apache XML Security for Java 1.5.6</h3><p>Version 1.5.6 of the Apache XML Security for Java library has been released.</p><p>Please see the <a shape="rect" href="java156releasenotes.html">release notes</a> for more information.</p><p>This release fixes a new security advisory <a shape="rect" href="secadv.html">CVE-2013-4517</a>.</p><h3 i
 d="old_news-ApacheXMLSecurityforJava1.5.5and1.4.8">Apache XML Security for Java 1.5.5 and 1.4.8</h3><p>Security advisory <a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/secadv">CVE-2013-2172</a> has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.7">Apache XML Security for Java 1.4.7</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.7 of the Apache XML Security for Java library. This release fixes a problem with a missing KeyInfo Element when multiple elements are encrypted, as well as a number of other issues.</p><p>Please see the <a shape="rect" href="java147releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.4">Apache XML Security for Java 1.5.4</h3><p>Version 1.5.4 of the Apache XML Security for Java library has been released.</p><p>Please see 
 the <a shape="rect" href="java154releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.7.0">Apache XML Security for C++ 1.7.0</h3><p>The Apache Santuario team are pleased to announce the release of version 1.7.0 of the Apache XML Security for C++ library. This release provides a few bug fixes and a partial implementation of XML Encryption 1.1 features, including AES-GCM encryption and some support for newer RSA-OAEP variants.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.3">Apache XML Security for Java 1.5.3</h3><p>Version 1.5.3 of the Apache XML Security for Java library has been released. This release features support for new XML Signature 1.1 KeyInfo extensions. It also fixes a number of bugs including a problem when message sizes are greater than 512 MB.</p><p>Please see the <a shape="rect" href="java153releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.2">Apache XML Secur
 ity for Java 1.5.2</h3><p>Version 1.5.2 of the Apache XML Security for Java library has been released. The main feature of this release is that the default canonicalization algorithm for encryption has changed from inclusive with comments to a new canonicalization algorithm that preserves the physical representation of the element being encrypted. This change fixes a problem where an element might be decrypted to the wrong namespace.</p><p>Please see the <a shape="rect" href="java152releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.6.1">Apache XML Security for C++ 1.6.1</h3><p>The Apache Santuario team are pleased to announce the release of version 1.6.1 of the Apache XML Security for C++ library. This release provides bug fixes and addresses <a shape="rect" href="secadv.html">CVE-2011-2516</a>.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.1">Apache XML Security for Java 1.5.1</h3><p>Version 1.5.1 of the Apache XML Security fo
 r Java library has been released. This release fixes two important bugs - a bug in XMLSignatureInput when using a BufferedInputStream, as well as a bug which caused 1.5.0 to continue to require Xalan. It also contains some performance improvements for encryption and decryption.</p><p>Please see the <a shape="rect" href="java151releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.0">Apache XML Security for Java 1.5.0</h3><p>Version 1.5.0 of the Apache XML Security for Java library has been released. This is a major new release and is not binary compatible with the 1.4.x releases.</p><p>Please see the <a shape="rect" href="java150releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.6">Apache XML Security for Java 1.4.6</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.6 of the Apache XML Security for Java library. This release fixes a thread saf
 ety issue with XML Signature, a bug fix for the Canonical XML 1.1 algorithm, as well as a number of other bug fixes.</p><p>Please see the <a shape="rect" href="java146releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.5">Apache XML Security for Java 1.4.5</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.5 of the Apache XML Security for Java library. This release fixes a thread safety issue in the ResourceResolver, and a regression in signature generation for the Canonical XML 1.1 algorithm, as well as a number of other bug fixes.</p><p>Please see the <a shape="rect" href="java145releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.6.0">Apache XML Security for C++ 1.6.0</h3><p>The Apache Santuario team are pleased to announce the release of version 1.6.0 of the Apache XML Security for C++ library. This release provides many bug fixes and a part
 ial implementation of XML Signature 1.1 features, including ECDSA signatures.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.4">Apache XML Security for Java 1.4.4</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.4 of the Apache XML Security for Java library. This release contains some enhancements to the resolver API's. It also fixes some longstanding issues with interned Strings, as well as a number of bug fixes.</p><p>Please see the <a shape="rect" href="java144releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.3">Apache XML Security for Java 1.4.3</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.3 of the XML Security Java library. This release provides many bug fixes and a fix for the recently announced HMAC vulnerability in the XML Signature specification. You should upgrade to this release as soon as possible.</p><p>Please see the <a shape="rect" href="
 java143releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.5.1">Apache XML Security for C++ 1.5.1</h3><p>The Apache Santuario team are pleased to announce the release of version 1.5.1 of the XML Security C++ library. This release provides some bug fixes and a fix for the recently announced HMAC vulnerability in the XML Signature specification.</p><p>Please see the <a shape="rect" href="c151releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.5.0">Apache XML Security for C++ 1.5.0</h3><p>Version 1.5.0 of the XML Security C++ library has been released. This release provides more bug fixes, partial support for Inclusive Canonicalization 1.1, and support for the Xerces 3.x official release and 32/64-bit portability APIs.</p><p>Please see the <a shape="rect" href="c150releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.2">Apache XML Security fo
 r Java 1.4.2</h3><p>Version 1.4.2 of the XML Security Java library has been released. This is mainly a bugfix release but also contains a few new enhancements including support for XML Canonicalization 1.1.</p><p>Please see the <a shape="rect" href="java142releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.1">Apache XML Security for Java 1.4.1</h3><p>Version 1.4.1 of the XML Security Java library has been released. This is a bugfix release that contains a major bugfix to the canonicalization engine introduced in the 1.4 release. It is recommended that 1.4 users upgrade to the new version as signatures containing non ascii characters created by this library are not according to the standard, and will be only validated by 1.4 library.</p><p>Please see the <a shape="rect" href="java141releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.4.0">Apache XML Security for C++ 1.4.0</h3><p>The Ap
 ache Santuario team are proud to announce the release of version 1.4.0 of the XML Security C++ library. This release provides more bug fixes, improved automake and RPM packaging, and better error reporting.</p><p>This version also provides initial support for Xerces 3.0. If you are building for the 3.0 library under Windows, you will need to change the Xerces library (in link includes) to xerces_3?.lib.</p><p>Please see the <a shape="rect" href="c140releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.3.1">Apache XML Security for C++ 1.3.1</h3><p>Version 1.3.1 of the XML Security C++ library has been released. This release contains some minor bug fixes and initial updates for Xerces 3.0. It also provides a new automake based build on *NIX. See the <a shape="rect" href="c131releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.0">Apache XML Security for Java 1.4.0</h3><p>Version 1.4 of the
  XML Security Java library has been released. The main changes for this version are:</p><ul><li>Implementation of the standard API JSR105</li><li>Rewritten c14n that increase performance for signature with node-set transformations.</li><li>Memory footprint reduction and several bugfixes</li></ul><p>Refer to the <a shape="rect" href="java140releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.3.0">Apache XML Security for C++ 1.3.0</h3><p>Version 1.3 of the XML Security C++ library has been released. This release features performance improvements and a complete message set for XKMS. See the <a shape="rect" href="c130releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.3.0">Apache XML Security for Java 1.3.0</h3><p>Version 1.3 of the XML Security Java library has been released. This version provides :</p><ul><li>Better speed &amp; memory utilization.</li><li>Bug fixes.</li></ul><p>See the <a 
 shape="rect" href="java130releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.2.1">Apache XML Security for C++ 1.2.1</h3><p>Version 1.2.1 of the XML Security C++ library has been released. This minor release fixes versioning problems in the Windows project files. See the <a shape="rect" href="c121releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.2.0">Apache XML Security for C++ 1.2.0</h3><p>Version 1.2 of the XML Security C++ library has been released. This version includes a number of bug fixes, together with a beta release of code to process and generate XKMS messages. See the <a shape="rect" href="c120releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.2.1">Apache XML Security for Java 1.2.1</h3><p>Version 1.2.1 of the XML Security Java library has been released. This is a bugfix version, for more detail information see the <a shape="r
 ect" href="java121releasenotes.html">changelog</a>.</p><h3 id="old_news-ApacheXMLSecurityforJava1.2.0">Apache XML Security for Java 1.2.0</h3><p>Version 1.2 of the XML Security Java library has been released. This version provides :</p><ul><li>Better speed &amp; memory utilization.</li><li>Easier JCE integration.</li></ul><h3 id="old_news-ApacheXMLSecurityforJava1.1">Apache XML Security for Java 1.1</h3><p>Version 1.1 of the XML Security Java library has been released. This version provides :</p><ul><li>Beta implementation of XML Encryption</li><li>Bug fixes to Signature implementation</li></ul><h3 id="old_news-ApacheXMLSecurityforC++1.1">Apache XML Security for C++ 1.1</h3><p>Version 1.1 of the XML Security C++ library has been released. Supporting Xerces 2.5, 2.4 and 2.3 together with Xalan 1.6 and 1.7, this version provides :</p><ul><li>Beta implementation of XML Encryption</li><li>Improved support for Windows Crypto API</li><li>Bug fixes to Signature implementation</li></ul><h3 
 id="old_news-ApacheXMLSecurityforC++1.0">Apache XML Security for C++ 1.0</h3><p>Version 1.00 of the XML Security C++ library is now released. This is the first stable release of the library. Functionality is still fairly basic, but all mandatory parts of the the DSIG standard are implemented.</p><p>This version supports Xerces 2.2 and 2.3 and Xalan 1.6.</p><h3 id="old_news-ApacheXMLSecurityforC++Beta0.2">Apache XML Security for C++ Beta 0.2</h3><p>The Beta 0.20 of the XML Security C++ library has now been released. Features:</p><ul><li>Ability to use the Windows Crypto API as a crypto provider</li><li>Several minor bug fixes in transforms and UNIX build process</li></ul><h3 id="old_news-ApacheXMLSecurityforJava2.0.1and1.5.7.1">Apache XML Security for Java 2.0.1 and 1.5.7</h3></div>
+<div id="ConfluenceContent"><h1 id="old_news-OldNews">Old News</h1><h3 id="old_news-September2022">September 2022</h3><p>Versions 3.0.1 and 2.3.2 of the Apache XML Security for Java library have been released. <span style="color: rgb(34,34,51);">The main change is to remove Xalan as a provided (optional) dependency. This means that support for the XML Signature here() function is removed by default, but can be configured if needed (see <a shape="rect" class="external-link" href="https://github.com/apache/santuario-xml-security-java/blob/main/src/test/java/org/apache/xml/security/test/dom/interop/BaltimoreXalanTest.java" rel="nofollow">this test</a> for an example which plugs in this <a shape="rect" class="external-link" href="https://github.com/apache/santuario-xml-security-java/tree/main/src/test/java/org/apache/xml/security/test/dom/xalan" rel="nofollow">custom XPath implementation</a>).</span></p><h3 id="old_news-May2022">May 2022</h3><p>Versions 3.0.0, 2.3.1, 2.2.4 and 2.1.8 of 
 the Apache XML Security for Java library have been released. 3.0.0 is a new major release of the library that contains a change to the jakarta JAXB namespace for the streaming library. 2.1.8 is the last planned release of 2.1.x.</p><h3 id="old_news-November2021">November 2021</h3><p>Version 2.3.0 of the Apache XML Security for Java library has been released. This is a major new release of the library. Some of the significant changes include:</p><ul><li>A rewrite for the StAX output processor chain to make it<br clear="none">deterministic - <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-555">https://issues.apache.org/jira/browse/SANTUARIO-555</a></li><li>Secure Validation is now enabled by default -<br clear="none"><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-574">https://issues.apache.org/jira/browse/SANTUARIO-574</a></li><li>Local + HTTP ResourceResolvers are disabled by default -<br clear="
 none"><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-573">https://issues.apache.org/jira/browse/SANTUARIO-573</a></li></ul><h3 id="old_news-October2021">October 2021</h3><p>Version 2.0.3 of the Apache XML Security for C++ library has been released. This release adds support for OpenSSL 3.0.0, though using a number of now-deprecated function calls.</p><h3 id="old_news-September2021">September 2021</h3><p>Version 2.2.3 and 2.1.7 of the Apache XML Security for Java library has been released. Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><p>These releases contain a fix for a new CVE:</p><ul><li>CVE-2021-40690 - Bypass of the secureValidation property</li></ul><p>Please refer to the <a shape="rect" href="secadv.html">security advisories</a> page for further information.</p><h3 id="old_news-May2021">May 2021</h3><p>Version 2.2.2 of the Apache XML Secur
 ity for Java library has been released to fix a few bugs.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-November2020">November 2020</h3><p>Version 2.2.1 and 2.1.6 of the Apache XML Security for Java library have been released to fix a few bugs.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-June2020">June 2020</h3><p>Version 2.2.0 of the Apache XML Security for Java library has been released. This is a new major release with the following features:</p><ul><li>Added support for RSASSA-PSS with Parameters</li><li>Extensive refactoring and code simplification</li><li>JDK14 officially supported</li><li>Ability to set a security provider when using org.apache
 .xml.security.signature.XMLSignature</li><li>Added support for customizing how to parse a Inputstream into a DOM Document</li></ul><p>This release includes a fix for <a shape="rect" class="external-link" href="https://www.oracle.com/security-alerts/cpuapr2020.html" rel="nofollow"><span class="il">CVE</span>-2020-2773</a> which also affects our code base. However we will not be issuing a separate CVE, as we do not consider it a security vulnerability.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-March2020">March 2020</h3><p>Version 2.1.5 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-August20
 19">August 2019</h3><p>Version 2.1.4 of the Apache XML Security for Java library has been released.</p><p>This release contains a fix for a security advisory - CVE-2019-12400: Apache Santuario potentially loads XML parsing code from an untrusted source. Please see the <a shape="rect" href="secadv.html">security advisories</a> page for more information.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-March2019">March 2019</h3><p>Version 2.1.3 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-November2018">November 2018</h3><p>Version 2.0.2 of the Apache XML Security for C++ has been released.</p><p>This patch corrects a <a shape="rect" class="external-link" href="https://issues.apache.org/jira/brow
 se/SANTUARIO-496">bug</a> that can cause crashes in upstream applications. It is similar to, but not the same as, the one that was patched in V2.0.1, and resulted from further review of the code by the project that contributes all of the current manpower to the project. Appreciation is extended to the <a shape="rect" class="external-link" href="https://www.shibboleth.net/" rel="nofollow">Shibboleth</a> Project team for this review.</p><h3 id="old_news-August2018">August 2018</h3><p>Version 2.0.1 of the Apache XML Security for C++ has been released.</p><p>This patch corrects a <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO-491">bug</a> that can cause crashes in upstream applications.</p><h3 id="old_news-June2018">June 2018</h3><p>Version 2.1.2 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_rele
 ase_notes">release notes</a></span> for more information.</p><p>Version 2.0.0 of the Apache XML Security for C++ has been released.</p><p>Please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311231&amp;version=12341551">release notes</a> for basic information on bugs addressed. As a major upgrade, this release includes a range of relative minor, but visible, changes to the API that are not explicitly noted there. There are no features of significance added in this version, merely some refactoring and removal of deprecated APIs.</p><h3 id="old_news-January2018">January 2018</h3><p>Versions 2.1.1 and 2.0.10 of the Apache XML Security for Java library have been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.1.0/2.0
 .9">Apache XML Security for Java 2.1.0/2.0.9</h3><p>Versions 2.1.0 and 2.0.9 of the Apache XML Security for Java library have been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.5">Apache XML Security for Java 2.0.5</h3><p>Version 2.0.5 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.4">Apache XML Security for Java 2.0.4</h3><p>Versions 2.0.4 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for mo
 re information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.3/1.5.8">Apache XML Security for Java 2.0.3/1.5.8</h3><p>Versions 2.0.3 and 1.5.8 of the Apache XML Security for Java library have been released. Security advisory <a shape="rect" href="secadv.html">CVE-2014-8152</a> has been issued for versions 2.0.0, 2.0.1 and 2.0.2 of the library.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.7.1">Apache XML Security for C++ 1.7.1</h3><p>Security advisory <a shape="rect" href="secadv.html">CVE-2013-2210</a> has been issued, affecting Apache XML-Security for C++ version 1.7.1. Version 1.7.2 of the Apache XML Security for C++ library has been released, addressing this issue.</p><p>Security advisory <a shape="rect" href="secadv.html">CVE-2013-2172</a> has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been 
 released, fixing this issue.</p><p>Security advisories <a shape="rect" href="secadv.html">CVE-2013-2153</a>, <a shape="rect" href="secadv.html">CVE-2013-2154</a>, <a shape="rect" href="secadv.html">CVE-2013-2155</a>, and <a shape="rect" href="secadv.html">CVE-2013-2156</a>, affecting Apache XML-Security for C++ versions prior to 1.7.1, have been issued.</p><p>Version 1.7.1 of the Apache XML Security for C++ library has been released, addressing these issues.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.2">Apache XML Security for Java 2.0.2</h3><p>Versions 2.0.2 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.1and1.5.7">Apache XML Security for Java 2.0.1 and 1.5.7</h3><p>Versions 2.0.1 and 1.5.7 of the Apache XML Security for Java library has been released.</p><p>Please see the 
 <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava2.0.0">Apache XML Security for Java 2.0.0</h3><p>Version 2.0.0 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="java200releasenotes.html">release notes</a></span> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.6">Apache XML Security for Java 1.5.6</h3><p>Version 1.5.6 of the Apache XML Security for Java library has been released.</p><p>Please see the <a shape="rect" href="java156releasenotes.html">release notes</a> for more information.</p><p>This release fixes a new security advisory <a shape="rect" href="secadv.html">CVE-2013-4517</a>.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.5and1.4.8">Apache XML Security for Java 1.5.5 and 1.4.8</h3><p>Security advisory <a shape="rect" href="https://cwiki.apache.org/c
 onfluence/display/SANTUARIO/secadv">CVE-2013-2172</a> has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.7">Apache XML Security for Java 1.4.7</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.7 of the Apache XML Security for Java library. This release fixes a problem with a missing KeyInfo Element when multiple elements are encrypted, as well as a number of other issues.</p><p>Please see the <a shape="rect" href="java147releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.4">Apache XML Security for Java 1.5.4</h3><p>Version 1.5.4 of the Apache XML Security for Java library has been released.</p><p>Please see the <a shape="rect" href="java154releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.7.0">Apache XML Security for C++
  1.7.0</h3><p>The Apache Santuario team are pleased to announce the release of version 1.7.0 of the Apache XML Security for C++ library. This release provides a few bug fixes and a partial implementation of XML Encryption 1.1 features, including AES-GCM encryption and some support for newer RSA-OAEP variants.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.3">Apache XML Security for Java 1.5.3</h3><p>Version 1.5.3 of the Apache XML Security for Java library has been released. This release features support for new XML Signature 1.1 KeyInfo extensions. It also fixes a number of bugs including a problem when message sizes are greater than 512 MB.</p><p>Please see the <a shape="rect" href="java153releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.2">Apache XML Security for Java 1.5.2</h3><p>Version 1.5.2 of the Apache XML Security for Java library has been released. The main feature of this release is that the default canonicalizat
 ion algorithm for encryption has changed from inclusive with comments to a new canonicalization algorithm that preserves the physical representation of the element being encrypted. This change fixes a problem where an element might be decrypted to the wrong namespace.</p><p>Please see the <a shape="rect" href="java152releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.6.1">Apache XML Security for C++ 1.6.1</h3><p>The Apache Santuario team are pleased to announce the release of version 1.6.1 of the Apache XML Security for C++ library. This release provides bug fixes and addresses <a shape="rect" href="secadv.html">CVE-2011-2516</a>.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.1">Apache XML Security for Java 1.5.1</h3><p>Version 1.5.1 of the Apache XML Security for Java library has been released. This release fixes two important bugs - a bug in XMLSignatureInput when using a BufferedInputStream, as well as a bug which caused 1.5.
 0 to continue to require Xalan. It also contains some performance improvements for encryption and decryption.</p><p>Please see the <a shape="rect" href="java151releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.5.0">Apache XML Security for Java 1.5.0</h3><p>Version 1.5.0 of the Apache XML Security for Java library has been released. This is a major new release and is not binary compatible with the 1.4.x releases.</p><p>Please see the <a shape="rect" href="java150releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.6">Apache XML Security for Java 1.4.6</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.6 of the Apache XML Security for Java library. This release fixes a thread safety issue with XML Signature, a bug fix for the Canonical XML 1.1 algorithm, as well as a number of other bug fixes.</p><p>Please see the <a shape="rect" href="java146re
 leasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.5">Apache XML Security for Java 1.4.5</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.5 of the Apache XML Security for Java library. This release fixes a thread safety issue in the ResourceResolver, and a regression in signature generation for the Canonical XML 1.1 algorithm, as well as a number of other bug fixes.</p><p>Please see the <a shape="rect" href="java145releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.6.0">Apache XML Security for C++ 1.6.0</h3><p>The Apache Santuario team are pleased to announce the release of version 1.6.0 of the Apache XML Security for C++ library. This release provides many bug fixes and a partial implementation of XML Signature 1.1 features, including ECDSA signatures.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.4">Apache XML Security for Java 1.4.4</h3><
 p>The Apache Santuario team are pleased to announce the release of version 1.4.4 of the Apache XML Security for Java library. This release contains some enhancements to the resolver API's. It also fixes some longstanding issues with interned Strings, as well as a number of bug fixes.</p><p>Please see the <a shape="rect" href="java144releasenotes.html">release notes</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.3">Apache XML Security for Java 1.4.3</h3><p>The Apache Santuario team are pleased to announce the release of version 1.4.3 of the XML Security Java library. This release provides many bug fixes and a fix for the recently announced HMAC vulnerability in the XML Signature specification. You should upgrade to this release as soon as possible.</p><p>Please see the <a shape="rect" href="java143releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.5.1">Apache XML Security for C++ 1.5.1</h3><p>The Apache Santu
 ario team are pleased to announce the release of version 1.5.1 of the XML Security C++ library. This release provides some bug fixes and a fix for the recently announced HMAC vulnerability in the XML Signature specification.</p><p>Please see the <a shape="rect" href="c151releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.5.0">Apache XML Security for C++ 1.5.0</h3><p>Version 1.5.0 of the XML Security C++ library has been released. This release provides more bug fixes, partial support for Inclusive Canonicalization 1.1, and support for the Xerces 3.x official release and 32/64-bit portability APIs.</p><p>Please see the <a shape="rect" href="c150releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.2">Apache XML Security for Java 1.4.2</h3><p>Version 1.4.2 of the XML Security Java library has been released. This is mainly a bugfix release but also contains a few new enhancements including 
 support for XML Canonicalization 1.1.</p><p>Please see the <a shape="rect" href="java142releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.1">Apache XML Security for Java 1.4.1</h3><p>Version 1.4.1 of the XML Security Java library has been released. This is a bugfix release that contains a major bugfix to the canonicalization engine introduced in the 1.4 release. It is recommended that 1.4 users upgrade to the new version as signatures containing non ascii characters created by this library are not according to the standard, and will be only validated by 1.4 library.</p><p>Please see the <a shape="rect" href="java141releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.4.0">Apache XML Security for C++ 1.4.0</h3><p>The Apache Santuario team are proud to announce the release of version 1.4.0 of the XML Security C++ library. This release provides more bug fixes, improved automake and RPM p
 ackaging, and better error reporting.</p><p>This version also provides initial support for Xerces 3.0. If you are building for the 3.0 library under Windows, you will need to change the Xerces library (in link includes) to xerces_3?.lib.</p><p>Please see the <a shape="rect" href="c140releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.3.1">Apache XML Security for C++ 1.3.1</h3><p>Version 1.3.1 of the XML Security C++ library has been released. This release contains some minor bug fixes and initial updates for Xerces 3.0. It also provides a new automake based build on *NIX. See the <a shape="rect" href="c131releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.4.0">Apache XML Security for Java 1.4.0</h3><p>Version 1.4 of the XML Security Java library has been released. The main changes for this version are:</p><ul><li>Implementation of the standard API JSR105</li><li>Rewritten c14n that inc
 rease performance for signature with node-set transformations.</li><li>Memory footprint reduction and several bugfixes</li></ul><p>Refer to the <a shape="rect" href="java140releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.3.0">Apache XML Security for C++ 1.3.0</h3><p>Version 1.3 of the XML Security C++ library has been released. This release features performance improvements and a complete message set for XKMS. See the <a shape="rect" href="c130releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.3.0">Apache XML Security for Java 1.3.0</h3><p>Version 1.3 of the XML Security Java library has been released. This version provides :</p><ul><li>Better speed &amp; memory utilization.</li><li>Bug fixes.</li></ul><p>See the <a shape="rect" href="java130releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.2.1">Apache XML Security for C++ 1.2.1</h3>
 <p>Version 1.2.1 of the XML Security C++ library has been released. This minor release fixes versioning problems in the Windows project files. See the <a shape="rect" href="c121releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforC++1.2.0">Apache XML Security for C++ 1.2.0</h3><p>Version 1.2 of the XML Security C++ library has been released. This version includes a number of bug fixes, together with a beta release of code to process and generate XKMS messages. See the <a shape="rect" href="c120releasenotes.html">changelog</a> for more information.</p><h3 id="old_news-ApacheXMLSecurityforJava1.2.1">Apache XML Security for Java 1.2.1</h3><p>Version 1.2.1 of the XML Security Java library has been released. This is a bugfix version, for more detail information see the <a shape="rect" href="java121releasenotes.html">changelog</a>.</p><h3 id="old_news-ApacheXMLSecurityforJava1.2.0">Apache XML Security for Java 1.2.0</h3><p>Version 1.2 of the XML S
 ecurity Java library has been released. This version provides :</p><ul><li>Better speed &amp; memory utilization.</li><li>Easier JCE integration.</li></ul><h3 id="old_news-ApacheXMLSecurityforJava1.1">Apache XML Security for Java 1.1</h3><p>Version 1.1 of the XML Security Java library has been released. This version provides :</p><ul><li>Beta implementation of XML Encryption</li><li>Bug fixes to Signature implementation</li></ul><h3 id="old_news-ApacheXMLSecurityforC++1.1">Apache XML Security for C++ 1.1</h3><p>Version 1.1 of the XML Security C++ library has been released. Supporting Xerces 2.5, 2.4 and 2.3 together with Xalan 1.6 and 1.7, this version provides :</p><ul><li>Beta implementation of XML Encryption</li><li>Improved support for Windows Crypto API</li><li>Bug fixes to Signature implementation</li></ul><h3 id="old_news-ApacheXMLSecurityforC++1.0">Apache XML Security for C++ 1.0</h3><p>Version 1.00 of the XML Security C++ library is now released. This is the first stable re
 lease of the library. Functionality is still fairly basic, but all mandatory parts of the the DSIG standard are implemented.</p><p>This version supports Xerces 2.2 and 2.3 and Xalan 1.6.</p><h3 id="old_news-ApacheXMLSecurityforC++Beta0.2">Apache XML Security for C++ Beta 0.2</h3><p>The Beta 0.20 of the XML Security C++ library has now been released. Features:</p><ul><li>Ability to use the Windows Crypto API as a crypto provider</li><li>Several minor bug fixes in transforms and UNIX build process</li></ul><h3 id="old_news-ApacheXMLSecurityforJava2.0.1and1.5.7.1">Apache XML Security for Java 2.0.1 and 1.5.7</h3></div>
            </div>
            <!-- Content -->
          </td>