History of Changes

Initial support for API changes in Xerces 3.0 (BL)
Refactor NIX build to use automake and libtool (BL)
Fix bug in autoconf that would prevent proper detection of Xerces ability to set Id attributes (BL)
Fix bug 40085 - incorrect OIDs on non SHA1 based RSA sigs (BL)
Remove redundant code in SignedInfo that was preventing the loading of signatures with algorithms not hard coded (BL)
Fix bug in Envelope transform (BL)
Fix bug in DSIGXPathFilterExpr with non-initalised vars. Reported by Ralf "Sabo" Saborowski. (BL)

JSR 105 implementation. (SM)
Add XMLCipher.encryptData method that takes serialized data as parameter (SM) Fixes 38668.
Major optimizations for signatures that use node-set transformations(xpath,xpath2,etc), 20-40% speed-up. (RB)
Major optimizations for signatures that use xpath2 transformation. (RB)
Major optimizations in inclusive c14n when using xml:* attributtes. (RB)
Memory footprint reduction: Less object creation. Reuse of "expensive" objects between operations in the same thread. (RB)
Minor Optimizations. Reuse the same Signature object if the key are identical. (RB)
NPE in ResolverDirectHTTP.engineCanResolve. (SM) Thanks to Frank Cornelis. Fixes 40783.
AxisSigner.java doesn't work out of the box (RB) Thanks to Jean-Luc Cooke. Fixes 40360.
Impossible to add X509 subelements for signing (RB) Thanks to Jean-Luc Cooke. Fixes 40404.
Base64 does not work in EBCDIC machines. (RB) Thanks to ACastro. Fixes 40215.
Subtree canonicalization produce incorrect results in certain cases. (RB) Thanks to Bob Shanahan . Fixes 40032.
Internal. Cannot sign-verify twice in the same thread with different XMLSignature instances. (RB) Thanks to Ruchith Fernando. Fixes 40896.
Internal. KeyResolverSpi derived classes require default constructor. (RB) Thanks to Frank Cornelis. Fixes 40796.
Different behaviour with NodeSet and RootNode with InclusiveNamespaces (SM) Thanks to Pete Hendry. Fixes 37708.
Signing throws an exception if custom resource resolver is registered (SM) Thanks to Vishal Mahajan. Fixes 37456.
Canonicalizer gets exception in many namespaces. (RB) Thanks to katoy. Fixes 38655.
Transform TRANSFORM_XPATH2FILTER subtract filter does not work correctly. (RB) Thanks to Stefano Del Sal. Fixes 38444.
X509CertificateResolver does not work in multithread environment (RB) Thanks to Peter Bacik. Fixes 38605.
XMLCipher-loadEncryptedKey() doesn't set the correct CarriedKeyName element. (RB) Thanks to Yvan Hess. Fixes 39200.
Findbugs reporting fixed. (SM) Thanks to Sean Mullan. Fixes 39685.

Implemented algorithm handlers for the digital signature classes, to provide algorithm extensibility (BL)
Initial import of beta NSS crypto support (MT)
Complete implementation of XKMS message set (BL)
Methods to allow loading of encrypted data without doing decrypt and to process a decrypt/encrypt operation without replacing the original nodes (BL)
Provide MS VC++ 2005 project files (BL)
Update signature classes to pass in requested algorithms as URIs rather than enums. Enum based methods are now deprecated. (BL)
Provide ability for calling application to define whether references are interlocking. (BL)
Implement checks for broken OpenSSL support under Solaris 10 (BL)
Add --with-xalan, --with-openssl, --with-xerces and --enable-warnerror flags in configure (BL)
Configure now detects if Xalan is installed rather than having XALANCROOT being a pointer to the compile directory (BL)
Performance improvements in canonicalisation (BL)
Fix memory leaks in OpenSSL wrapping code (BL)
Provide some stability if the Apache keystore is corrupted under Windows. (BL)
Fix bug when encrypting small input docs (BL)

Add new msg id named decoding.divisible.four and fix bug in Base64 Transform to throw Base64DecodingExc with this msg id instead of "It should be dived by four". (SM)
Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation. (RB)
Remove of PRNG, HexDump, X509CertificateValidator classes. (RB)
Out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no xpath transformation is needed) (RB)
Performance improvement in C14n, due to changes in internal structure, and a non recursive algorithm. (RB)
Reduce memory consumption in c14n. (RB)
General small optimizations(b64 speed-ups, list instead of vector, etc...). (RB)
Canonicalizing an empty node-set throws an ArrayIndexOutOfBoundsException. Also added new unit test for generating signatures. (SM) Fixes 36044.
Fixed NullPointerException bugs in engineCanonicalize. (SM)
Fix bug when parsing reference lists during decryption; properly handle relative URIs and lists of more than one element. (SM) Thanks to Clive Brettingham-Moore.
Make XMLCipher.encryptData(Document, Element, boolean) public so it can be used by applications. (SM)
Error in CarriedKeyNameDefinition EncryptedKeyImpl. (SM) Thanks to Julien Taupin. Fixes 35917.
Change logging message in XMLCipher.decryptKey from info to debug level (too noisy for info level). (SM)
Fix file descriptor leak in XMLSignatureInput. (SM) Thanks to Rune Friis-Jensen. Fixes 35580.
Fix NullPointerException in TransformXPathFilter2.engineTransform if XMLSignatureInput is a node-set (instead of an element subtree). (SM)
Fix condition in ElementProxy.guaranteeThatElementInCorrectSpace(). (SM) Thanks to bodiguillaume-dev@yahoo.fr.
Fix NullPointerException in log message emitted by ResolverDirectHTTP.engineCanResolve. (SM)
Fix NullPointerException bug in ResolverXPointer.engineResolve; check if BaseURI is null before setting source URI. (SM)
Fix NPE when an unknown transform algorithm is used. (RB) Thanks to Lee Coomber. Fixes 34743.
Removed system.err.println to a real log. (RB) Thanks to Raymond Wong. Fixes 33936.
Fix a bug in Xpath and Base64 transform is used together. (RB) Thanks to Luda. Fixes 35919.
Canonicalization of a DocumentFragment node always throws a c14n exception (VM) Fixes 36638.
KeyValue.getPublicKey does not work (VM) Fixes 36639.
Signature verification ignores the inclusive namespaces parameter of a excl c14n ds:CanonicalizationMethod (VM) Fixes 36640.

Add xklient "No Xalan" builds in VC 6.0 project files (BL)
Fix version suffixes on DLL files in VC 6.0 "No Xalan" build. (BL)
Add "No Xalan" support into VC 7.0 project files. (BL)

Implemented XKMS Message generation and processing (BL)
Implemented command line XKMS tool for generating and dumping XKMS messages (BL)
Add support for SHA224/256/384/512 (requires OpenSSL 0.9.8 Beta) (BL)
Patch for Mac OS X compile - provided by Scott Cantor - See Bugzilla #34920 (BL) Fixes 34920.
Added complete KeyInfo handling for XENCEncryptedType (MT)
Remove dynamic_casts and RTTI requirement (BL)
Updates to compile against Xalan 1.9 (BL)
Backport to compile with Xerces 2.1 (BL)
Provided support for nominating namespace based Id attributes (BL)
Remove MFC dependency and clean up memory debugging (BL)
Support for DESTDIR as provided by Ville Skytta in Bugzilla 28520 (BL) Fixes 28520.
Update to Apache licence 2.0. (MT)
Fix bug with NULL pointer when validating or signing empty reference lists - fix as suggested by Jesse Pelton on 23 March 2005 on security-dev (BL)
Change to allow apps to calculate and obtain signed info hash - from Eckehard Hermann - see email of 2 March 2005 on security-dev (BL)
Patch for long RSA keys provided by Michael Braunoeder to security-dev on 16 Nov 2005 (BL)
Memory leak in OpenSSLCryptoBase64 reported by Jesse Pelton fixed. (BL)
Move to internal Base64 decoder in a number of methods to handle non-wrapping data (BL)
Resize buffer in OpenSSLCryptoKeyRSA for larger RSA keys - as submitted by Vadim Ismailov 3 December 2005 (BL)
Remove redundant m_keyType class variable from OpenSSLCryptoKeyRSA as reported by Jesse Pelton on security-dev (BL)
Don't throw an exception when an RSA decrypt fails during sig validation - this is a failed validate, not an error (BL)
Shutdown OpenSSL properly - as suggested by Jesse Pelton in e-mail to security-dev on 9 March 2005 (BL)
Changed scope of WinCapiCryptoKey::importKey() from private to public. It returns key now, instead of void. (BL)
Fix problem in Windows CAPI where XSEC doesn't work if user doesn't have admin rights. (BL)
Bug fix in Windows CAPI code for some W2K machines - reported by Andrzej Matejko 4/5/2004 (BL)
Fix build on non WINCAPI systems, as reported by Milan Tomic on 22/4/2004 (MT)
New constructor added to WinCapiX509 (MT)
Fixed Bug in encode() XSCryptCryptoBase64. (BL)
Fix bug in XPathFilter transform when checking if an attribute is in the input node set. (BL)
Fix bug in in UTF transcoder for counting of transcoded characters (count characters not bytes) reported by Milan Tomic (BL)
Move function definitions in the Windows BinInput stream class to static to avoid conflicts with Xerces. As suggested by Jesse Pelton on 2 Feb 2005 in security-dev (BL)
Fix to stop re-use of derived key encrypting key when decrypting multiple elements in a document (BL)
Fix to ignore encryption exceptions during a private key decrypt (BL)

Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions. (RB)
Clean unused build*.xml files. (RB)
Generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar) (RB)
Fix a memory leak when using xpath or using ResourceResolver and not hitting getElementByIdUsingDOM() (RB) Thanks to Sylvain Dusart. Fixes 32836.
Fix erroneous creation/verification when using XPath2Filter and inclusive c14n.(RB)
Library now throws an exception when asked to sign/verify an inexistent fragment.(RB) Thanks to Raymond Wong. Fixes 23554.
Restore reset behaviour as default when reusing Canonicalizers(but an append one can still be used).(RB)
Fix a bug when using base64transformation and external resources.(RB) Thanks to Sean Mullan. Fixes 33393.
Fix a bug when passing XMLsignatureInput(InputStream) streams that don't acknowledge reset() as expected. (RB)
Added i14n Base64 error message. (RB) Thanks to Sean Mullan. Fixes 32996.

Rework the canonicalization for speed-up common cases (RB)
General memory footprint improvements (RB)
General speed optimizations (RB)
Update the JCE algorith mechanism (VM)

- Bug fixes for signature code
- Beta implementation of XML Encryption
- Initial implementation of pluggable algorithm handlers
(BL)

- First stable release
- Support for FreeBSD, NetBSD and Cygwin builds
- All KeyInfo elements now available
- Various bug fixes
(BL)

- Windows Crypto API interface
- Basic functions to extract information from signature objects
- Various bug fixes
(BL)

Ported the docs to Forrest
(KW)

First release of a Beta for the C++ library.
(BL)

Java - People who did not install Xalan properly under JDK 1.4.0 now get a more specific error message.
(CGP)
Java - We use the most recent version of the BouncyCastle JCE now.
(CGP)

Java - Added support Exclusive XML Canonicalization Version 1.0, W3C Recommendation 18 July 2002 . (There is no interop to test vector Y4 because of a problem in Xalan)

Canonicalization is written completely new: it's about 5-80 times faster than the implementation in version 1.0.2. It's highly recommended to upgrade to the new version.
(CGP)
Java - Added support for XML-Signature XPath Filter 2.0, W3C Candidate Recommendation 18 July 2002
(CGP)

History of Changes

Version C++ 1.3.1 (January 2007)

Version Java 1.4 (January 2007)

Version C++ 1.3 (September 2006)

Version Java 1.3 (October 2005)

Version C++ 1.2.1 (July 2005)

Version C++ 1.2.0 (June 2005)

Version Java 1.2.1 (February 2005)

Version Java 1.2 (December 2004)

Version C++ 1.10 (March 2004)

Version C++ 1.00 (July 2003)

Version C++ 0.20 (May 2003)

Version Java 1.0.5 (unreleased)

Version C++ 0.10 (unreleased)

Version Java 1.0.4 (15 July 2002)

Version Java 1.0.3 (unknown)