...
- Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API, a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
- Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.
News
October 2023
Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library have been released. A security advisory has been fixed in these releases:
- CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output
Please see the Security Advisories page for more information.
September 2023
Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
...