The Apache XML Security for Java library supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002 and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002.
As of version 1.4, the Apache XML Security for Java library supports the standard Java API JSR-105: XML Digital Signature APIs for creating and validating XML Signatures. A standard Java API for XML Encryption JSR-106: XML Digital Encryption APIs is in progress and is not final, so this API is not yet supported. You can continue to use the existing non-standard APIs in the Apache XML Security for Java Library (there are no plans to discontinue or deprecate them), but you should consider moving to the standard APIs.
Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.
Version 1.5.4 of the Apache XML Security for Java library has been released.
Please see the release notes for more information.
The Apache Santuario team are pleased to announce the release of version 1.4.7 of the Apache XML Security for Java library. This release fixes a problem with a missing KeyInfo Element when multiple elements are encrypted, as well as a number of other issues.
Please see the release notes for more information.
See here for older news.
