Welcome to Apache
...
Santuario™
The Project
The Apache Santuario Santuario™ project is aimed at providing implementation of the primary security standards for XML:
...
Two libraries are currently available.
- A Java library, which includes a mature Digital Signature and Encryption implementation. It also Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API. Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures.
- A C++ library is also now available. Functionality is currently more basic than that provided by the Java library.
News
December 2010
The Apache Santuario team are pleased to announce the release of version 1.6.0 of the xml-security-c library. This release provides many bug fixes and a partial implementation of XML Signature 1.1 features, including ECDSA signatures.
November 2010
The Apache Santuario team are pleased to announce the release of version 1.4.4 of the Java library. This release contains some enhancements to the resolver API's. It also fixes some longstanding issues with interned Strings, as well as a number of bug fixes.
Please see the changelog for more information.
Old News
- , a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
- Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.
News
November 2023
Version 4.0.1 of the Apache XML Security for Java library has been released, containing a bug fix (SANTUARIO-609 - Remove call to Signature.getProvider() in debug log)
October 2023
Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library have been released. A security advisory has been fixed in these releases:
- CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output
Please see the Security Advisories page for more information.
September 2023
Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
- Java 11 requirement
- Removing SLF4J and using System.Logger
- AutoCloseable for several types
August 2023
Version 2.2.5 of the Apache XML Security for Java library has been released. It contains some dependency updates to fix CVE reports.
March 2023
Versions 3.0.2 and 2.3.3 of the Apache XML Security for Java library have been released. Support for the EdDSA has been added as part of these releases.
November 2021
Version 2.0.4 of the Apache XML Security for C++ library has been released. This release fixes a regression in 2.0.3 allowing the code to build on pre-1.1 OpenSSL versions.
Older News
See here for old See here for older news.