...
Versions 3.0.0, 2.3.1, 2.2.4 and 2.1.8 of the Apache XML Security for Java library have been released. 3.0.0 is a new major release of the library that contains a change to the jakarta JAXB namespace for the streaming library. 2.1.8 is the last planned release of 2.1.x.
Version 2.3.0 of the Apache XML Security for Java library has been released. This is a major new release of the library. Some of the significant changes include:
...
Version 2.0.4 of the Apache XML Security for C++ library has been released. This release fixes a regression in 2.0.3 allowing the code to build on pre-1.1 OpenSSL versions.
Version 2.0.3 of the Apache XML Security for C++ library has been released. This release adds support for OpenSSL 3.0.0, though using a number of now-deprecated function calls.
Version 2.2.3 and 2.1.7 of the Apache XML Security for Java library has been released. Please see the release notes for more information.
These releases contain a fix for a new CVE:
Please refer to the security advisories page for further information.
Version 2.0.2 of the Apache XML Security for C++ library has been released.
This patch corrects a bug that can cause crashes in upstream applications. It is similar to, but not the same as, the one that was patched in V2.0.1, and resulted from further review of the code by the project that contributes all of the current manpower to the project. Appreciation is extended to the Shibboleth Project team for this review.
See here for old news.
...
