Versions Compared

Old Version 13

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 34

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Apache XML Security for Java library supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002 and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002.

As of version 1.4, the Apache XML Security for Java library supports the standard Java API JSR-105: XML Digital Signature APIs for creating and validating XML Signatures. A standard Java API for XML Encryption JSR-106: XML Digital Encryption APIs is in progress and is not final, so this API is not yet supported. You can continue to use the existing non-standard APIs in the Apache XML Security for Java Library (there are no plans to discontinue or deprecate them), but you should consider moving to the standard APIs.

News

October 2012

There are a number of different options open to the developer using the library. For XML Signature, three different approaches are available:

  • The JSR-105 API: The standard Java XML Digital Signature API. This uses a DOM (in-memory) implementation under-the-hood.
  • The Apache Santuario Java DOM API: The older DOM API which pre-dates JSR-105.
  • The Apache Santuario Java StAX API: The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.

For XML Encryption, two different approaches are available:

  • The Apache Santuario Java DOM API: A DOM API for XML Encryption.
  • The Apache Santuario Java StAX API: The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.

The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the Streaming XML Security page for more information about how to use this approach.

News

August 2019

Version 2.1.4 Version 1.5.3 of the Apache XML Security for Java library has been released.

This release contains a fix for a security advisory - CVE-2019-12400: Apache Santuario potentially loads XML parsing code from an untrusted source. Please see the security advisories page for more information.

Please see the release notes for more information.

March 2019

Version 2.1.3 of the Apache XML Security for Java library has been released features support for new XML Signature 1.1 KeyInfo extensions. It also fixes a number of bugs including a problem when message sizes are greater than 512 MB.

Please see the release notes for more information.

May 2012
June 2018

Version 2.1.2 The Apache Santuario team are pleased to announce the release of version 1.4.7 of the Apache XML Security for Java library . This release fixes a problem with a missing KeyInfo Element when multiple elements are encrypted, as well as a number of other issueshas been released.

Please see the release notes for more information.

Old News

...