Apache XML Security for Java 1.4.3 release notes
- XML signature HMAC truncation authentication bypass. See Issue 47526.
- checkstyle problems with source and tests. See Issue 47525.
- ECDSA signature value interopability patch. See Issue 42239.
- XPath transform and xml-stylesheet. See Issue 45744.
- The </#document node> inserted at the end of SOAPEnvelope. See Issue 42986.
- Unnecessary namespace declarations on EncryptedData children. See Issue 47029.
- Can't validate after invalid validation. See Issue 44335.
- Improve Java unit testing. See Issue 47260.
- Some website updates. See Issue 47265.
- We need a POM file added to the Maven repository. See Issue 45388.
- Remove JDK 1.5 API dependencies. See Issue 47483.
- Downgrade signature verification logging from "info". See Issue 47057.
- Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. See Issue 42061.
- Reusing XMLSignature for signing and verifying fails on same thread. See Issue 47097.
- Failed to add more than one child element to EncryptionMethod. See Issue 46732.
- org.apache.xml.security.utils.IdResolver is not thread safe. See Issue 46101.
- verify with own canonicalization method. See Issue 45961.
- XMLSignature::getKeyInfo method modifies document. See Issue 45475.
- Fix XMLSec 1.4.2 problems reported by findbugs. See Issue 45811.
- Transform.register class loading and recursive instantiation problems. See Issue 45706.
- Some calls should be wrapped in AccessController.doPrivileged. See Issue 45664.
- Restore XMLUtils.createDSctx method. See Issue 45634.
- log4j.properties in xmlsec sources and builds has side effects in production environment. See Issue 45095.