This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Apache XML Security for Java

Overview

The Apache XML Security for Java library supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002 and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002.

As of version 1.4, the XML Security Java library supports the standard Java API JSR-105: XML Digital Signature APIs for creating and validating XML Signatures. A standard Java API for XML Encryption JSR-106: XML Digital Encryption APIs is in progress and is not final, so this API is not yet supported. You can continue to use the existing non-standard APIs in the XML Security Java Library (there are no plans to discontinue or deprecate them), but you should consider moving to the standard APIs.

News

Version 1.4.4 of the There are a number of different options open to the developer using the library. For XML Signature, three different approaches are available:

  • The JSR-105 API: The standard Java XML Digital Signature API. This uses a DOM (in-memory) implementation under-the-hood.
  • The Apache Santuario Java DOM API: The older DOM API which pre-dates JSR-105.
  • The Apache Santuario Java StAX API: The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.

For XML Encryption, two different approaches are available:

  • The Apache Santuario Java DOM API: A DOM API for XML Encryption.
  • The Apache Santuario Java StAX API: The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.

The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the Streaming XML Security page for more information about how to use this approach.

News

August 2019

Version 2.1.4 of the Apache XML Security for Java library has been released.

This release contains some enhancements to the resolver API's. It also fixes some longstanding issues with interned Strings, as well as a number of bug fixesa fix for a security advisory - CVE-2019-12400: Apache Santuario potentially loads XML parsing code from an untrusted source. Please see the security advisories page for more information.

Please see the release notes for more information.

March 2019

Version 2.1.3 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

June 2018

Version 2.1.2 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

Old News

See here for older news.