Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library have been released. A security advisory has been fixed in these releases:
- CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output
Please see the Security Advisories page for more information.
Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
- Java 11 requirement
- Removing SLF4J and using System.Logger
- AutoCloseable for several types
Version 2.2.5 of the Apache XML Security for Java library has been released. It contains some dependency updates to fix CVE reports.