The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the Streaming XML Security page for more information about how to use this approach.
Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
- Java 11 requirement
- Removing SLF4J and using System.Logger
- AutoCloseable for several types
Version 2.2.5 of the Apache XML Security for Java library has been released. It contains some dependency updates to fix CVE reports.