The Apache XML Security for Java library supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002 and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002.
There are a number of different options open to the developer using the library. For XML Signature, three different approaches are available:
For XML Encryption, two different approaches are available:
The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the Streaming XML Security page for more information about how to use this approach.
Version 1.5.6 of the Apache XML Security for Java library has been released.
Please see the release notes for more information.
This release fixes a new security advisory CVE-2013-4517.
Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.
See here for older news.