Versions Compared

Old Version 37

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Welcome to Apache

...

Santuario™

The Project

The Apache SantuarioSantuario™ project is aimed at providing implementation of the primary security standards for XML:

  • XML-Signature Syntax and Processing
  • XML Encryption Syntax and Processing.

...

  • Apache XML Security for Java: This library includes a mature Digital Signature and Encryption implementation. It also includes the standard JSR-105 (Java XML Digital Signature) API. Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
  • Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.

Apache Santuario, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.

News

November

...

2023

Version 14.50.6 1 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

This release fixes a new security advisory CVE-2013-4517.

June 2013

, containing a bug fix (SANTUARIO-609 - Remove call to Signature.getProvider() in debug log)


October 2023

Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 Security advisory CVE-2013-2210 has been issued, affecting Apache XML-Security for C++ version 1.7.1. Version 1.7.2 of the Apache XML Security for C++ Java library has have been released, addressing this issue.

Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.

Security advisories CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, and CVE-2013-2156, affecting Apache XML-Security for C++ versions prior to 1.7.1, have been issued.

. A security advisory has been fixed in these releases:

  • CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output

Please see the Security Advisories page for more information. 

September 2023

Version 4.0.0-M1 Version 1.7.1 of the Apache XML Security for C++ Java library has been released, addressing these issues.

March 2013

. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:

  • Java 11 requirement
  • Removing SLF4J and using System.Logger
  • AutoCloseable for several types
August 2023

Version 2.2.5 Version 1.5.4 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

July 2012

It contains some dependency updates to fix CVE reports.

March 2023

Versions 3.0.2 and 2.3.3 The Apache Santuario team are pleased to announce the release of version 1.7.0 of the Apache XML Security for C++ library. This release provides a few bug fixes and a partial implementation of XML Encryption 1.1 features, including AES-GCM encryption and some support for newer RSA-OAEP variants.

July 2011

A security advisory, CVE-2011-2516, affecting Apache XML-Security for C++ versions prior to 1.6.1, has been issued.

Java library have been released. Support for the EdDSA has been added as part of these releases.

November 2021

Version 2.0.4 The Apache Santuario team are pleased to announce the release of version 1.6.1 of the Apache XML Security for C++ library has been released. This release provides bug fixes and addresses CVE-2011-2516fixes a regression in 2.0.3 allowing the code to build on pre-1.1 OpenSSL versions.


Older News

See here for old news.

...