The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the Streaming XML Security page for more information about how to use this approach.
Version 2.0.0 of the Apache XML Security for Java library has been released.
Please see the for more information.
Version 1.5.6 of the Apache XML Security for Java library has been released.
This release fixes a new security advisory CVE-2013-4517.
Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.
See here for older news.