Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library have been released. A security advisory has been fixed in these releases:
Please see the Security Advisories page for more information.
Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
Version 2.2.5 of the Apache XML Security for Java library has been released. It contains some dependency updates to fix CVE reports.
Versions 3.0.2 and 2.3.3 of the Apache XML Security for Java library have been released. Support for the EdDSA has been added as part of these releases.
Versions 3.0.1 and 2.3.2 of the Apache XML Security for Java library have been released. The main change is to remove Xalan as a provided (optional) dependency. This means that support for the XML Signature here() function is removed by default, but can be configured if needed (see this test for an example which plugs in this custom XPath implementation).
...
