This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Apache Santuario

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 44 Next »

Welcome to Apache Santuario

The Project

The Apache Santuario project is aimed at providing implementation of the primary security standards for XML:

  • XML-Signature Syntax and Processing
  • XML Encryption Syntax and Processing.

Two libraries are currently available.

  • Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
  • Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.

Apache Santuario, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.


March 2015

Version 1.7.3 of the Apache XML Security for C++ library has been released, fixing a number of bugs, including a major issue involving ECDSA signature generation.

January 2015

Versions 2.0.3 and 1.5.8 of the Apache XML Security for Java library have been released. Security advisory CVE-2014-8152 has been issued for versions 2.0.0, 2.0.1 and 2.0.2 of the library.

Please see the release notes for more information.

June 2013

Security advisory CVE-2013-2210 has been issued, affecting Apache XML-Security for C++ version 1.7.1. Version 1.7.2 of the Apache XML Security for C++ library has been released, addressing this issue.

Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.

Security advisories CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, and CVE-2013-2156, affecting Apache XML-Security for C++ versions prior to 1.7.1, have been issued.

Version 1.7.1 of the Apache XML Security for C++ library has been released, addressing these issues.

Older News

See here for old news.

  • No labels