History of Changes
Version C++ 1.3.1 (January 2007)
-
Initial support for API changes in Xerces 3.0 (BL)
-
Refactor NIX build to use automake and libtool (BL)
-
Fix bug in autoconf that would prevent proper detection of Xerces ability to set Id attributes (BL)
-
Fix bug 40085 - incorrect OIDs on non SHA1 based RSA sigs (BL)
-
Remove redundant code in SignedInfo that was preventing the loading of signatures with algorithms not hard coded (BL)
-
Fix bug in Envelope transform (BL)
-
Fix bug in DSIGXPathFilterExpr with non-initalised vars. Reported by Ralf "Sabo" Saborowski. (BL)
Version Java 1.4 (January 2007)
-
JSR 105 implementation. (SM)
-
Add XMLCipher.encryptData method that takes serialized data as parameter (SM) Fixes 38668.
-
Major optimizations for signatures that use node-set transformations(xpath,xpath2,etc), 20-40% speed-up. (RB)
-
Major optimizations for signatures that use xpath2 transformation. (RB)
-
Major optimizations in inclusive c14n when using xml:* attributtes. (RB)
-
Memory footprint reduction: Less object creation. Reuse of "expensive" objects between operations in the same thread. (RB)
-
Minor Optimizations. Reuse the same Signature object if the key are identical. (RB)
-
NPE in ResolverDirectHTTP.engineCanResolve. (SM) Thanks to Frank Cornelis. Fixes 40783.
-
AxisSigner.java doesn't work out of the box (RB) Thanks to Jean-Luc Cooke. Fixes 40360.
-
Impossible to add X509 subelements for signing (RB) Thanks to Jean-Luc Cooke. Fixes 40404.
-
Base64 does not work in EBCDIC machines. (RB) Thanks to ACastro. Fixes 40215.
-
Subtree canonicalization produce incorrect results in certain cases. (RB) Thanks to Bob Shanahan . Fixes 40032.
-
Internal. Cannot sign-verify twice in the same thread with different XMLSignature instances. (RB) Thanks to Ruchith Fernando. Fixes 40896.
-
Internal. KeyResolverSpi derived classes require default constructor. (RB) Thanks to Frank Cornelis. Fixes 40796.
-
Different behaviour with NodeSet and RootNode with InclusiveNamespaces (SM) Thanks to Pete Hendry. Fixes 37708.
-
Signing throws an exception if custom resource resolver is registered (SM) Thanks to Vishal Mahajan. Fixes 37456.
-
Canonicalizer gets exception in many namespaces. (RB) Thanks to katoy. Fixes 38655.
-
Transform TRANSFORM_XPATH2FILTER subtract filter does not work correctly. (RB) Thanks to Stefano Del Sal. Fixes 38444.
-
X509CertificateResolver does not work in multithread environment (RB) Thanks to Peter Bacik. Fixes 38605.
-
XMLCipher-loadEncryptedKey() doesn't set the correct CarriedKeyName element. (RB) Thanks to Yvan Hess. Fixes 39200.
-
Findbugs reporting fixed. (SM) Thanks to Sean Mullan. Fixes 39685.
Version C++ 1.3 (September 2006)
-
Implemented algorithm handlers for the digital signature classes, to provide algorithm extensibility (BL)
-
Initial import of beta NSS crypto support (MT)
-
Complete implementation of XKMS message set (BL)
-
Methods to allow loading of encrypted data without doing decrypt and to process a decrypt/encrypt operation without replacing the original nodes (BL)
-
Provide MS VC++ 2005 project files (BL)
-
Update signature classes to pass in requested algorithms as URIs rather than enums. Enum based methods are now deprecated. (BL)
-
Provide ability for calling application to define whether references are interlocking. (BL)
-
Implement checks for broken OpenSSL support under Solaris 10 (BL)
-
Add --with-xalan, --with-openssl, --with-xerces and --enable-warnerror flags in configure (BL)
-
Configure now detects if Xalan is installed rather than having XALANCROOT being a pointer to the compile directory (BL)
-
Performance improvements in canonicalisation (BL)
-
Fix memory leaks in OpenSSL wrapping code (BL)
-
Provide some stability if the Apache keystore is corrupted under Windows. (BL)
-
Fix bug when encrypting small input docs (BL)
Version Java 1.3 (October 2005)
-
Add new msg id named decoding.divisible.four and fix bug in Base64 Transform to throw Base64DecodingExc with this msg id instead of "It should be dived by four". (SM)
-
Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation. (RB)
-
Remove of PRNG, HexDump, X509CertificateValidator classes. (RB)
-
Out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no xpath transformation is needed) (RB)
-
Performance improvement in C14n, due to changes in internal structure, and a non recursive algorithm. (RB)
-
Reduce memory consumption in c14n. (RB)
-
General small optimizations(b64 speed-ups, list instead of vector, etc...). (RB)
-
Canonicalizing an empty node-set throws an ArrayIndexOutOfBoundsException. Also added new unit test for generating signatures. (SM) Fixes 36044.
-
Fixed NullPointerException bugs in engineCanonicalize. (SM)
-
Fix bug when parsing reference lists during decryption; properly handle relative URIs and lists of more than one element. (SM) Thanks to Clive Brettingham-Moore.
-
Make XMLCipher.encryptData(Document, Element, boolean) public so it can be used by applications. (SM)
-
Error in CarriedKeyNameDefinition EncryptedKeyImpl. (SM) Thanks to Julien Taupin. Fixes 35917.
-
Change logging message in XMLCipher.decryptKey from info to debug level (too noisy for info level). (SM)
-
Fix file descriptor leak in XMLSignatureInput. (SM) Thanks to Rune Friis-Jensen. Fixes 35580.
-
Fix NullPointerException in TransformXPathFilter2.engineTransform if XMLSignatureInput is a node-set (instead of an element subtree). (SM)
-
Fix condition in ElementProxy.guaranteeThatElementInCorrectSpace(). (SM) Thanks to bodiguillaume-dev@yahoo.fr.
-
Fix NullPointerException in log message emitted by ResolverDirectHTTP.engineCanResolve. (SM)
-
Fix NullPointerException bug in ResolverXPointer.engineResolve; check if BaseURI is null before setting source URI. (SM)
-
Fix NPE when an unknown transform algorithm is used. (RB) Thanks to Lee Coomber. Fixes 34743.
-
Removed system.err.println to a real log. (RB) Thanks to Raymond Wong. Fixes 33936.
-
Fix a bug in Xpath and Base64 transform is used together. (RB) Thanks to Luda. Fixes 35919.
-
Canonicalization of a DocumentFragment node always throws a c14n exception (VM) Fixes 36638.
-
KeyValue.getPublicKey does not work (VM) Fixes 36639.
-
Signature verification ignores the inclusive namespaces parameter of a excl c14n ds:CanonicalizationMethod (VM) Fixes 36640.
Version C++ 1.2.1 (July 2005)
-
Add xklient "No Xalan" builds in VC 6.0 project files (BL)
-
Fix version suffixes on DLL files in VC 6.0 "No Xalan" build. (BL)
-
Add "No Xalan" support into VC 7.0 project files. (BL)
Version C++ 1.2.0 (June 2005)
-
Implemented XKMS Message generation and processing (BL)
-
Implemented command line XKMS tool for generating and dumping XKMS messages (BL)
-
Add support for SHA224/256/384/512 (requires OpenSSL 0.9.8 Beta) (BL)
-
Patch for Mac OS X compile - provided by Scott Cantor - See Bugzilla #34920 (BL) Fixes 34920.
-
Added complete KeyInfo handling for XENCEncryptedType (MT)
-
Remove dynamic_casts and RTTI requirement (BL)
-
Updates to compile against Xalan 1.9 (BL)
-
Backport to compile with Xerces 2.1 (BL)
-
Provided support for nominating namespace based Id attributes (BL)
-
Remove MFC dependency and clean up memory debugging (BL)
-
Support for DESTDIR as provided by Ville Skytta in Bugzilla 28520 (BL) Fixes 28520.
-
Update to Apache licence 2.0. (MT)
-
Fix bug with NULL pointer when validating or signing empty reference lists - fix as suggested by Jesse Pelton on 23 March 2005 on security-dev (BL)
-
Change to allow apps to calculate and obtain signed info hash - from Eckehard Hermann - see email of 2 March 2005 on security-dev (BL)
-
Patch for long RSA keys provided by Michael Braunoeder to security-dev on 16 Nov 2005 (BL)
-
Memory leak in OpenSSLCryptoBase64 reported by Jesse Pelton fixed. (BL)
-
Move to internal Base64 decoder in a number of methods to handle non-wrapping data (BL)
-
Resize buffer in OpenSSLCryptoKeyRSA for larger RSA keys - as submitted by Vadim Ismailov 3 December 2005 (BL)
-
Remove redundant m_keyType class variable from OpenSSLCryptoKeyRSA as reported by Jesse Pelton on security-dev (BL)
-
Don't throw an exception when an RSA decrypt fails during sig validation - this is a failed validate, not an error (BL)
-
Shutdown OpenSSL properly - as suggested by Jesse Pelton in e-mail to security-dev on 9 March 2005 (BL)
-
Changed scope of WinCapiCryptoKey::importKey() from private to public. It returns key now, instead of void. (BL)
-
Fix problem in Windows CAPI where XSEC doesn't work if user doesn't have admin rights. (BL)
-
Bug fix in Windows CAPI code for some W2K machines - reported by Andrzej Matejko 4/5/2004 (BL)
-
Fix build on non WINCAPI systems, as reported by Milan Tomic on 22/4/2004 (MT)
-
New constructor added to WinCapiX509 (MT)
-
Fixed Bug in encode() XSCryptCryptoBase64. (BL)
-
Fix bug in XPathFilter transform when checking if an attribute is in the input node set. (BL)
-
Fix bug in in UTF transcoder for counting of transcoded characters (count characters not bytes) reported by Milan Tomic (BL)
-
Move function definitions in the Windows BinInput stream class to static to avoid conflicts with Xerces. As suggested by Jesse Pelton on 2 Feb 2005 in security-dev (BL)
-
Fix to stop re-use of derived key encrypting key when decrypting multiple elements in a document (BL)
-
Fix to ignore encryption exceptions during a private key decrypt (BL)
Version Java 1.2.1 (February 2005)
-
Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions. (RB)
-
Clean unused build*.xml files. (RB)
-
Generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar) (RB)
-
Fix a memory leak when using xpath or using ResourceResolver and not hitting getElementByIdUsingDOM() (RB) Thanks to Sylvain Dusart. Fixes 32836.
-
Fix erroneous creation/verification when using XPath2Filter and inclusive c14n.(RB)
-
Library now throws an exception when asked to sign/verify an inexistent fragment.(RB) Thanks to Raymond Wong. Fixes 23554.
-
Restore reset behaviour as default when reusing Canonicalizers(but an append one can still be used).(RB)
-
Fix a bug when using base64transformation and external resources.(RB) Thanks to Sean Mullan. Fixes 33393.
-
Fix a bug when passing XMLsignatureInput(InputStream) streams that don't acknowledge reset() as expected. (RB)
-
Added i14n Base64 error message. (RB) Thanks to Sean Mullan. Fixes 32996.
Version Java 1.2 (December 2004)
-
Rework the canonicalization for speed-up common cases (RB)
-
General memory footprint improvements (RB)
-
General speed optimizations (RB)
-
Update the JCE algorith mechanism (VM)
Version C++ 1.10 (March 2004)
-
- Bug fixes for signature code
- Beta implementation of XML Encryption
- Initial implementation of pluggable algorithm handlers
Version C++ 1.00 (July 2003)
-
- First stable release
- Support for FreeBSD, NetBSD and Cygwin builds
- All KeyInfo elements now available
- Various bug fixes
Version C++ 0.20 (May 2003)
-
- Windows Crypto API interface
- Basic functions to extract information from signature objects
- Various bug fixes
Version Java 1.0.5 (unreleased)
-
Ported the docs to Forrest
(KW)
Version C++ 0.10 (unreleased)
-
First release of a Beta for the C++ library.
(BL)
Version Java 1.0.4 (15 July 2002)
-
Java - People who did not install Xalan properly under JDK 1.4.0 now get a more specific error message.
(CGP) -
Java - We use the most recent version of the BouncyCastle JCE now.
(CGP)
Version Java 1.0.3 (unknown)
-
Java - Added support Exclusive XML Canonicalization Version 1.0, W3C Recommendation 18 July 2002 . (There is no interop to test vector Y4 because of a problem in Xalan)
Canonicalization is written completely new: it's about 5-80 times faster than the implementation in version 1.0.2. It's highly recommended to upgrade to the new version.
(CGP) -
Java - Added support for XML-Signature XPath Filter 2.0, W3C Candidate Recommendation 18 July 2002
(CGP)