Apache XML Security for Java 1.4.3 release notes

• XML signature HMAC truncation authentication bypass. See Issue 47526.
• checkstyle problems with source and tests. See Issue 47525.
• ECDSA signature value interopability patch. See Issue 42239.
• XPath transform and xml-stylesheet. See Issue 45744.
• The </#document node> inserted at the end of SOAPEnvelope. See Issue 42986.
• Unnecessary namespace declarations on EncryptedData children. See Issue 47029.
• Can't validate after invalid validation. See Issue 44335.
• Improve Java unit testing. See Issue 47260.
• Some website updates. See Issue 47265.
• We need a POM file added to the Maven repository. See Issue 45388.
• Remove JDK 1.5 API dependencies. See Issue 47483.
• Downgrade signature verification logging from "info". See Issue 47057.
• Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. See Issue 42061.
• Reusing XMLSignature for signing and verifying fails on same thread. See Issue 47097.
• Failed to add more than one child element to EncryptionMethod. See Issue 46732.
• org.apache.xml.security.utils.IdResolver is not thread safe. See Issue 46101.
• verify with own canonicalization method. See Issue 45961.
• XMLSignature::getKeyInfo method modifies document. See Issue 45475.
• Fix XMLSec 1.4.2 problems reported by findbugs. See Issue 45811.
• Transform.register class loading and recursive instantiation problems. See Issue 45706.
• Some calls should be wrapped in AccessController.doPrivileged. See Issue 45664.
• Restore XMLUtils.createDSctx method. See Issue 45634.
• log4j.properties in xmlsec sources and builds has side effects in production environment. See Issue 45095.