Versions Compared

Old Version 6

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Welcome to Apache

...

Santuario™

...

The Project

December 2010

The Apache Santuario team are pleased to announce the release of version 1.6.0 of the xml-security-c library. This release provides many bug fixes and a partial implementation of XML Signature 1.1 features, including ECDSA signatures.

November 2010

The Apache Santuario team are pleased to announce the release of version 1.4.4 of the Java library. This release contains some enhancements to the resolver API's. It also fixes some longstanding issues with interned Strings, as well as a number of bug fixes.

Please see the changelog for more information.

Old News

July 2009

The Apache Santuario team are pleased to announce the release of version 1.4.3 of the Java library. This release provides many bug fixes and a fix for the recently announced HMAC vulnerability in the XML Signature specification. You should upgrade to this release as soon as possible.

Please see the changelog for more information.

June 2009

Version 1.5.0 of the C++ library has been released. This is mainly a bugfix release and a port to Xerces 3.x. Incomplete support for XML Canonicalization 1.1 is also added.

Please see changelog for more information.

June 2008

Version 1.4.2 of the Java library has been released. This is mainly a bugfix release but also contains a few new enhancements including support for XML Canonicalization 1.1.

Please see changelog for more information.

May 2007

Version 1.4.1 of the Java library has been released. This is a bugfix release that contains a major bugfix to the canonicalization engine introduced in the 1.4 release. It is recommended that 1.4 users upgrade to the new version as signatures containing non ascii characters created by this library are not according to the standard, and will be only validated by 1.4 library.

Please see changelog for more information.

January 2007

Version 1.3.1 of the C++ library has been released. This release contains some minor bug fixes and initial updates for Xerces 3.0. It also provides a new automake based build on *NIX. changelog for more information.

January 2007

Version 1.4 of the Java library has been released. The main changes for this version are:

  • Implementation of the standard API JSR105
  • Rewritten c14n that increase performance for signature with node-set transformations.
  • Memory footprint reduction and several bugfixes

Refer to the changelog for more information.

September 2006

Version 1.3 of the C++ library has been released. This release features performance improvements and a complete message set for XKMS. changelog for more information.

October 2005

Version 1.3 of the Java library has been released. This version provides :

  • Better speed & memory utilization.
  • Bug fixes.

See the changelog for more information.

July 2005

Version 1.2.1 of the C++ library has been released. This minor release fixes versioning problems in the Windows project files. See the changelog for more information.

June 2005

Version 1.2 of the C++ library has been released. This version includes a number of bug fixes, together with a beta release of code to process and generate XKMS messages. See the changelog for more information.

February 2005

Version 1.2.1 of the Java library has been released. This is a bugfix version, for more detail information see the changelog.

December 2004

Version 1.2 of the Java library has been released. This version provides :

  • Better speed & memory utilization.
  • Easier JCE integration.
April 2004

Version 1.1 of the Java library has been released. This version provides :

  • Beta implementation of XML Encryption
  • Bug fixes to Signature implementation
March 2004

Version 1.1 of the C++ library has been released. Supporting Xerces 2.5, 2.4 and 2.3 together with Xalan 1.6 and 1.7, this version provides :

  • Beta implementation of XML Encryption
  • Improved support for Windows Crypto API
  • Bug fixes to Signature implementation
August 2003

Version 1.00 of the C++ library is now released. This is the first stable release of the library. Functionality is still fairly basic, but all mandatory parts of the the DSIG standard are implemented.

This version supports Xerces 2.2 and 2.3 and Xalan 1.6.

May 2003

The Beta 0.20 of the C++ library has now been released. Features:

  • Ability to use the Windows Crypto API as a crypto provider
  • Several minor bug fixes in transforms and UNIX build process
February 2003

The site has now been re-built using the new xml.apache.org standard, using Forrest.

The Project

The Apache Santuario project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards :

  • XML-Signature Syntax and Processing; and
  • XML Encryption Syntax and Processing.

Once these are implemented, XML Key Management is likely to be the next focus for the project.

Two libraries are currently available.

The Apache Santuario™ project is aimed at providing implementation of the primary security standards for XML:

  • XML-Signature Syntax and Processing
  • XML Encryption Syntax and Processing.

Two libraries are currently available.

  • Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
  • Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.

News

November 2023

Version 4.0.1 of the Apache XML Security for Java library has been released, containing a bug fix (SANTUARIO-609 - Remove call to Signature.getProvider() in debug log)


October 2023

Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library have been released. A security advisory has been fixed in these releases:

  • CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output

Please see the Security Advisories page for more information. 

September 2023

Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:

  • Java 11 requirement
  • Removing SLF4J and using System.Logger
  • AutoCloseable for several types
August 2023

Version 2.2.5 of the Apache XML Security for Java library has been released. It contains some dependency updates to fix CVE reports.

March 2023

Versions 3.0.2 and 2.3.3 of the Apache XML Security for Java library have been released. Support for the EdDSA has been added as part of these releases.

November 2021

Version 2.0.4 of the Apache XML Security for C++ library has been released. This release fixes a regression in 2.0.3 allowing the code to build on pre-1.1 OpenSSL versions.


Older News

See here for old news

...

.