Releases: lsh123/xmlsec
XMLSec 1.3.7
The XML Security Library 1.3.7 release includes the following changes:
- (xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
- (xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
- (xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).
- (xmlsec-openssl) Fixed excess padding in ECDSA signature generation.
- (xmlsec-openssl) Fixed build warnings for BoringSSL / AWS-LC.
- (xmlsec-nss) Fixed certificates search in NSS DB.
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.
- (xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".
- Several other small fixes (see more details).
Thanks for bug reports!
XMLSec 1.3.7 (rc1)
The XML Security Library 1.3.7 release includes the following changes:
- (xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
- (xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
- (xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).
- (xmlsec-openssl) Fixed excess padding in ECDSA signature generation.
- (xmlsec-nss) Fixed certificates search in NSS DB.
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.
- (xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".
- Several other small fixes (see more details).
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.6
The XML Security Library 1.3.6 release includes the following changes:
- (xmlsec-openssl) Fixed build if OpenSSL 3.0 doesn't have engines support enabled.
- (xmlsec-mscng, xmlsec-mscrypto) Added support for multiple trusted certs with the same subject.
- (windows) Disabled iconv support by default (use 'iconv=yes' option for 'configure.js' to re-enable it).
- Several other small fixes (see more details).
Thanks for bug reports!
XMLSec 1.3.6 (rc1)
The XML Security Library 1.3.6 release includes the following changes:
- (xmlsec-openssl) Fixed build if OpenSSL 3.0 doesn't have engines support enabled.
- (xmlsec-mscng, xmlsec-mscrypto) Added support for multiple trusted certs with the same subject.
- (windows) Disabled iconv support by default (use 'iconv=yes' option for 'configure.js' to re-enable it).
- Several other small fixes (see more details).
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.5
The XML Security Library 1.3.5 release includes the following changes:
- (xmlsec-mscng, xmlsec-mscrypto) Improved certificates verification.
- (xmlsec-gnutls) Added support for self-signed certificates.
- (xmlsec-core) Fix deprecated functions in LibXML2 2.13.1 including disabling HTTP support by default (use ''--enable-http' option to re-enable it).
- Several other small fixes (see more details).
All users of xmlsec-mscng and xmlsec-mscrypto are urged to upgrade to this version.
Thanks for bug reports and PRs!
XMLSec 1.2.41 (legacy)
The legacy XML Security Library 1.2.40 release includes the following changes:
- (xmlsec-mscng,xmlsec-mscrypto) Improved certificates verification.
- (xmlsec-gnutls) Added support for self-signed certificates.
- Several other small fixes (more details).
All users of legacy 1.2.x versions of xmlsec-mscng and xmlsec-mscrypto are urged to upgrade to this version.
Thanks for bug reports!
XMLSec 1.2.40 (legacy)
The legacy XML Security Library 1.2.40 release includes the following changes:
- (xmlsec-core) Fixed functions deprecated in LibXML2 2.13.1 (including disabling HTTP support by default).
- (xmlsec-nss) Increased keys size in all tests to support NSS 3.101.
- (windows) Added "ftp" and "http" flags in 'configure.js' (both are disabled by default).
- Several other small fixes (more details).
XMLSec 1.3.4
The XML Security Library 1.3.4 release includes the following changes:
- (xmlsec-openssl) Support cert dates before unix epoch start.
- (xmlsec-openssl) Fix build for LibreSSL or BoringSSL.
- (xmlsec-nss) Ensure NSS algorithms are initialized.
- Several other small fixes (see more details).
Thanks for bug reports and PRs!
XMLSec 1.3.4-rc1
The XML Security Library 1.3.4 release includes the following changes:
- (xmlsec-openssl) Support cert dates before unix epoch start.
- (xmlsec-openssl) Fix build for LibreSSL or BoringSSL.
- (xmlsec-nss) Ensure NSS algorithms are initialized.
- Several other small fixes (see more details).
Please test the release candidate (signature) and let me know if you see any issues!
XMLSec 1.3.3
The XML Security Library 1.3.3 release includes the following changes:
- (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).
- (xmlsec-core) Removed '--enable-size-t' ('size_t' for MSVC builds) option and made 'xmlSecSize' to always be the same as 'size_t'.
- (xmlsec-core) Removed previously deprecated functions, defines, etc.
- (xmlsec-core) Fixed build for libxml2 v2.12.0.
- (xmlsec-openssl) Removed support for OpenSSL 1.1.0 (end of life in Aug 2016). The minimum OpenSSL supported version is 1.1.1; the version 3.0.0 or greater is recommended.
- (xmlsec-nss) Added runtime check for the enabled algorithms in NSS.
- (xmlsec-mscrypto) Removed NT4 support.
- Several other small fixes (see more details).
Thanks for bug reports and PRs!