Apache XML Security for Java

Overview

The Apache XML Security for Java library supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002 and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002.

As of version 1.4, the Apache XML Security for Java library supports the standard Java API JSR-105: XML Digital Signature APIs for creating and validating XML Signatures. A standard Java API for XML Encryption JSR-106: XML Digital Encryption APIs is in progress and is not final, so this API is not yet supported. You can continue to use the existing non-standard APIs in the Apache XML Security for Java Library (there are no plans to discontinue or deprecate them), but you should consider moving to the standard APIs.

News

November 2013

Version 1.5.6 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

This release fixes a new security advisory CVE-2013-4517.

June 2013

Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 have been released, fixing this issue.

March 2013

Version 1.5.4 of the Apache XML Security for Java library has been released.

Please see the release notes for more information.

May 2012

The Apache Santuario team are pleased to announce the release of version 1.4.7 of the Apache XML Security for Java library. This release fixes a problem with a missing KeyInfo Element when multiple elements are encrypted, as well as a number of other issues.

Please see the release notes for more information.

Old News

See here for older news.