Apache Santuario

Apache XML Security for C++

After discussion with the Santuario PMC, it has been decided to address the long term lack of support for the C++ library by formally retiring the code here at Apache. The Java code of course remains well supported and will continue to be developed.

As of now, the C++ code is frozen here. The current sole maintainer will be transferring the source code to the Shibboleth Project and it will be maintained by that team for some period of time because it is a dependency of that software, but it will not be supported for any third-party use. It is estimated that the code will be fully retired some time before 2030. The code will be publically hosted and accessible after the transition, and the license is not changing.

Once the code transition occurs, which may not be for some time yet, we will update more of the site as is appropriate to reflect the transition. In the event a significant issue arises with the library prior to the transition, we will endeavor to address it here.


The Apache XML Security for C++ library is an implementation of the XML Digital Signature and Encryption specifications, along with some additional XKMS code. It is designed to be easily ported to new platforms, and is generally tested on Windows, Linux, OS X, and Solaris. Other platforms with autoconf support may also work.

The library makes use of the Apache Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms. The use of Xalan-C is optional, but without it, XPath and XSLT transformations cannot be performed.

In addition, the library currently uses OpenSSL to provide cryptographic functionality. The cryptographic interface is implemented via a thin wrapper layer, and development versions of implementations for the Windows Cryptographic API and NSS have also been implemented, but are poorly supported, may be removed in the future, and are not in practice recommended for use.

The XML Signature and Encryption specifications are complex and difficult (some would say virtually impossible) to implement securely. Moreover, this library is extremely generic in nature and was designed to support a wide array of use cases with different characteristics and threat models, and out of the box it does not (and cannot) provide the safeguards needed to ensure that any given use case is implemented safely. Applications or libraries using this library have to be carefully designed with their own needs in mind and generally would need to include a large amount of additional code to limit the kinds of signature or encryption syntaxes permitted.

This library in particular is not modular in nature to the extent that specific features can easily be turned on and off, and so the potential for vulnerabilities is very large and very hard to avoid, especially for developers not extremely well versed in the specifications. Notably, the support for XPath and XSLT, while extensive when Xalan is included, is an extremely large source of risk and should be avoided in virtually all cases.

Thus, we strongly urge that developers consider whether they are prepared to take on such a responsibility and in most cases should seek better options that may already exist to address their needs rather than attempting (and likely failing) to produce a secure solution on their own.

Furthermore, this library has very limited support in the form of active maintainers and should be viewed as a poor option for new applications in general.


Version 2.0.4 of the Apache XML Security for C++ has been released, correcting support for OpenSSL earlier than 1.1.

Version 2.0.3 of the Apache XML Security for C++ has been released, adding support for OpenSSL 3.0.0.

Version 2.0.2 of the Apache XML Security for C++ has been released.

This patch corrects a bug that can cause crashes in upstream applications. It is similar to, but not the same as, the one that was patched in V2.0.1, and resulted from further review of the code by the project that contributes all of the current manpower to the project. Appreciation is extended to the Shibboleth Project team for this review.

Version 2.0.1 of the Apache XML Security for C++ has been released.

This patch corrects a bug that can cause crashes in upstream applications.

Version 2.0.0 of the Apache XML Security for C++ has been released.

Please see the release notes for basic information on bugs addressed. As a major upgrade, this release includes a range of relative minor, but visible, changes to the API that are not explicitly noted there. There are no features of significance added in this version, merely some refactoring and removal of deprecated APIs.

Old News

See here for old news.

  • No labels