Releases: lsh123/xmlsec
XMLSec 1.3.9
The XML Security Library 1.3.9 release includes the following changes:
- (xmlsec-openssl) Fixed memory leak in X509 certs verification code.
- (xmlsec-openssl) Added pub/priv key type check for EC and DH keys; improved non-memory EVP keys detection.
- (xmlsec-openssl) Added octet parser in X509 names.
- (xmlsec-msncg) Added support for non-persistent PKCS12 keys.
- (xmlsec-windows) Simplified windows build and removed 'with-dl' option for 'configure.js'.
- Several other small fixes (see more details).
Thanks everyone for submitting patches and bug reports!
XMLSec 1.3.9 (rc1)
The XML Security Library 1.3.9 release includes the following changes:
- (xmlsec-openssl) Fixed memory leak in X509 certs verification code.
- (xmlsec-openssl) Added pub/priv key type check for EC and DH keys; improved non-memory EVP keys detection.
- (xmlsec-openssl) Added octet parser in X509 names.
- (xmlsec-msncg) Added support for non-persistent PKCS12 keys.
- (xmlsec-windows) Simplified windows build and removed 'with-dl' option for 'configure.js'.
- Several other small fixes (see more details).
Thanks everyone for submitting patches and bug reports!
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.8
The XML Security Library 1.3.8 release includes the following changes:
- (xmlsec-openssl) Deprecated support for OpenSSL 1.1.1 (reached its End of Life in September, 2023)
- (xmlsec-openssl) Added AWS-LC support
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added support for longer than expected DSA and ECDSA sigantures to support broken Java implementations.
- (xmlsec command line tool) Added option "--add-id-attr" to add ID attributes by name to all nodes in the document.
- (xmlsec-core) Added RSA MGF1 and digest template API
- (xmlsec-core) Added example of signing / verifying signature by ID attribute.
- Several other small fixes (see more details).
Thanks everyone for submitting patches and bug reports!
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.8 (rc1)
The XML Security Library 1.3.8 release includes the following changes:
- (xmlsec-openssl) Deprecated support for OpenSSL 1.1.1 (reached its End of Life in September, 2023)
- (xmlsec-openssl) Added AWS-LC support
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added support for longer than expected DSA and ECDSA sigantures to support broken Java implementations.
- (xmlsec command line tool) Added option "--add-id-attr" to add ID attributes by name to all nodes in the document.
- (xmlsec-core) Added RSA MGF1 and digest template API
- (xmlsec-core) Added example of signing / verifying signature by ID attribute.
- Several other small fixes (see more details).
Thanks everyone for submitting patches and bug reports!
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.2.42 (legacy)
XMLSec 1.2.x is in MAINTENANCE MODE ; PLEASE UPGRADE TO THE LATEST XMLSec 1.3.x
The legacy XML Security Library 1.2.42 release includes the following changes:
- (xmlsec-openssl) Ensured that only certificates from XML file are returned after verification.
- (xmlsec-core) Fixed includes to support latest LibXML2 / LibXSLT.
- Several other small fixes (more details).
Thanks for bug reports!
Aleksey
XMLSec 1.3.7
The XML Security Library 1.3.7 release includes the following changes:
- (xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
- (xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
- (xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).
- (xmlsec-openssl) Fixed excess padding in ECDSA signature generation.
- (xmlsec-openssl) Fixed build warnings for BoringSSL / AWS-LC.
- (xmlsec-nss) Fixed certificates search in NSS DB.
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.
- (xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".
- Several other small fixes (see more details).
Thanks for bug reports!
Aleksey
XMLSec 1.3.7 (rc1)
The XML Security Library 1.3.7 release includes the following changes:
- (xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
- (xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
- (xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).
- (xmlsec-openssl) Fixed excess padding in ECDSA signature generation.
- (xmlsec-nss) Fixed certificates search in NSS DB.
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.
- (xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".
- Several other small fixes (see more details).
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.6
The XML Security Library 1.3.6 release includes the following changes:
- (xmlsec-openssl) Fixed build if OpenSSL 3.0 doesn't have engines support enabled.
- (xmlsec-mscng, xmlsec-mscrypto) Added support for multiple trusted certs with the same subject.
- (windows) Disabled iconv support by default (use 'iconv=yes' option for 'configure.js' to re-enable it).
- Several other small fixes (see more details).
Thanks for bug reports!
Aleksey
XMLSec 1.3.6 (rc1)
The XML Security Library 1.3.6 release includes the following changes:
- (xmlsec-openssl) Fixed build if OpenSSL 3.0 doesn't have engines support enabled.
- (xmlsec-mscng, xmlsec-mscrypto) Added support for multiple trusted certs with the same subject.
- (windows) Disabled iconv support by default (use 'iconv=yes' option for 'configure.js' to re-enable it).
- Several other small fixes (see more details).
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.5
The XML Security Library 1.3.5 release includes the following changes:
- (xmlsec-mscng, xmlsec-mscrypto) Improved certificates verification.
- (xmlsec-gnutls) Added support for self-signed certificates.
- (xmlsec-core) Fix deprecated functions in LibXML2 2.13.1 including disabling HTTP support by default (use ''--enable-http' option to re-enable it).
- Several other small fixes (see more details).
All users of xmlsec-mscng and xmlsec-mscrypto are urged to upgrade to this version.
Thanks for bug reports and PRs!
Aleksey