| 2.0.0 |
| ===================================== |
| This is a major upgrade of the library that includes both a small |
| number of enumerated changes, and a large number of fairly minimal API |
| changes across the entire library. For this release, and all future |
| releases, please refer to the web site and/or issue tracker for a |
| summary of changes. |
| |
| Below are older change logs maintained from earlier releases. |
| |
| Changes since 1.7.0 |
| ===================================== |
| * Fixes for CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156 |
| * Reduced entity expansion limits when parsing |
| |
| Changes since 1.6.1 |
| ===================================== |
| * [SANTUARIO-314] - AES-GCM support |
| * [SANTUARIO-315] - XML Encryption 1.1 OAEP enhancements |
| |
| Changes since 1.6.0 |
| ===================================== |
| * [SANTUARIO-268] - TXFMXPathFilter->evaluateExpr crashes on Windows |
| * [SANTUARIO-270] - DSIGObject::load method crashes for ds:Object without Id attribute |
| * [SANTUARIO-271] - Bug when signing files with big RSA keys |
| * [SANTUARIO-272] - Memory bug inside XENCCipherImpl::deSerialise |
| * [SANTUARIO-274] - Function cleanURIEscapes always throws XSECException, when any escape sequence occurs |
| * [SANTUARIO-275] - Function isHexDigit doesn't recognize invalid escape sequences. |
| * [SANTUARIO-276] - Percent-encoded multibyte (UTF-8) sequences unrecognized |
| * [SANTUARIO-280] - RSA-OAEP handler only allows SHA-1 digests |
| |
| Changes since 1.5.1 |
| ===================================== |
| * Fix for bug#43964, wrong namespace in encryption DigestMethod (SC) |
| * Fix for bug#48676, RetrievalMethod handler (SC) |
| * Fix for bug#45867, support for >1 CRL per KeyInfo (SC) |
| * Fix for bug#49148, buffer initialization issue (SC) |
| * Fix for bug#49255, vector index bug (SC) |
| * Fix for bug#49257, stylesheet append bug (SC) |
| * Fix for bug#49260, header guard in XPath transform header (SC) |
| * Fix for bug#49264, string release crash (SC) |
| * Fix for bug#44983, improper c14n of XSLT (SC) |
| * Fix for bug#49289, setters for Reference Type/Id (SC) |
| * Fix for bug#49371, skip comments in X509Certificate elements (SC) |
| * Fix for bug#49459, more header guards (SC) |
| * Fix for bug#49660, NSS verification of RSA broken (SC) |
| * Expose algorithm URI on Signature and Reference objects (SC) |
| * White/blacklisting of otherwise registered algorithms (SC) |
| * Add selected XML Signature 1.1 KeyInfo extensions (SC) |
| * Add elliptic curve keys and signatures via ECDSA (SC) |
| * Support debugging of Reference/SignedInfo data (SC) |
| * Clean up tests for SHA2 algorithms in OpenSSL (SC) |
| * Updated autoconf script, added NSS support, removed pre-automake material (SC) |
| * Add methods for Reference removal to DSIGSignature/DSIGSignedInfo classes (SC) |
| |
| Changes between 1.5 and 1.5.1 |
| ===================================== |
| * Fix for bug#47353 in c14n of default namespaces (SC) |
| * Fix Sparc compilation bug (SC) |
| * Fix for CVE-2009-0217 (SC) |
| |
| Changes between version 1.4 and 1.5 |
| ===================================== |
| * Make SHA-1 the implicit default DigestMethod for RSA-OAEP |
| key transport, allowing for interop until broken impls are fixed (SC) |
| * Fix memory leak in OpenSSL RSA/DSA key cloning (SC) |
| * Expose KeyInfo extensions via DOM (SC) |
| * Fix c14n to omit standard xmlns:xml declarations (SC) |
| * Add partial support for Inclusive C14N 1.1 with regard to xml:id but not xml:base (SC) |
| * Finish port to Xerces 3.0 (SC) |
| * 64-bit API changes (SC) |
| * Add VC9 build files (SC) |
| |
| Changes between version 1.3.1 and 1.4 |
| ===================================== |
| * Fix exclusive c14n namespace bug (rev. 526939) (BL) |
| * Add const specifiers and methods to various classes (SC) |
| * Add better extraction of openssl build settings using pkg-config (SC) |
| * Fix XSECnew macro to stop catching arbitrary errors and report |
| crypto exceptions instead of turning them into allocation errors (SC) |
| * Add various missing files to dist target (SC) |
| |
| Changes between version 1.3 and 1.3.1 |
| ===================================== |
| |
| * Refactor NIX build to use automake and libtool |
| * Initial support for API changes in Xerces 3.0 |
| * Fix bug in autconf that would stop proper detection of Xerces |
| ability to set Id attributes |
| * Fix bug 40085 - incorrect OIDs on non SHA1 based RSA signatures. |
| * Update support for non SHA1 based RSA signatures |
| * Remove redundant code from SignedInfo that was preventing the |
| library from loading signatures it did not have an algorithm hard |
| wired for |
| * Fix bug in envelope transform when input nodeset is a document |
| fragment rather than the entire document and the canonicalisation |
| uses a namespace that was not defined directly in the fragment |
| * Fix bug in DSIGXPathFilterExpr where m_loaded was not initialised |
| potentially causing an exception when an XPath expression was loaded |
| reported by Ralf "Sabo" Saborowski. |
| |
| Changes between version 1.2.1 and 1.3 |
| ===================================== |
| |
| * Performance improvements in canonicalisation |
| * Implemented algorithm handlers for the digital signature classes, |
| to provide algorithm extensibility |
| * Update signature classes to pass in requested algorithms as URIs |
| rather than enums. Enum based methods are now deprecated. |
| * Fix memory leaks in OpenSSL wrapping code |
| * Provide ability for calling application to define whether |
| references are interlocking. |
| * Provide some stability if the Apache keystore is corrupted under Windows. |
| * Initial import of beta NSS crypto support |
| * Complete implementation of XKMS message set |
| * Methods to allow loading of encrypted data without doing decrypt |
| and to process a decrypt/encrypt operation without replacing the |
| original nodes |
| * Provide MS VC++ 2005 project files |
| * Fix bug when encrypting small input docs |
| * Implement checks for broken OpenSSL support under Solaris 10 |
| * Add --with-xalan, --with-openssl, --with-xerces and |
| --enable-warnerror flags in configure |
| * Configure now detects if Xalan is installed rather than having |
| XALANCROOT being a pointer to the compile directory |
| - Reorder hashing in DSIGReference.cpp as per suggestion by Peter Gubis |
| - Update microsoft project files to reflect new version as per Scott Cantor |
| - Replace setAttribute with setAttributeNS calls |
| - Add methods to OpenSSL classes to extract OpenSSL objects |
| - Fix handling of libcrypto on Solaris platform |
| - Fix bug in Canoncicalisation courtesy of Scott Cantor |
| |
| Changes between version 1.2 and 1.2.1 |
| ===================================== |
| |
| * Fixed library versions in Windows builds (were being generated as 1.1) |
| * Added "No Xalan" builds for xklient under Windows VC6.0 |
| * Added "No Xalan" builds for all projects in VC 7.0 |
| |
| |
| Changes between version 1.1 and 1.2 |
| =================================== |
| |
| * Started a changelog :> |
| * Remove MFC dependency and clean up memory debugging |
| * Remove dynamic_casts and RTTI requirement |
| * Implemented XKMS Message generation and processing |
| * Implemented command line XKMS tool for generating and dumping XKMS messages |
| * Support for DESTDIR as provided by ville.skytta@iki.fi in Bugzilla 28520 |
| * Update to Apache licence 2.0. |
| * Add support for SHA224/256/384/512 (requires OpenSSL 0.9.8 Beta) |
| * Patch for Mac OS X compile - provided by Scott Cantor - cantor.2@osu.edu - See Bugzilla #34920 |
| * Updates to compile against Xalan 1.9 |
| * Backport to compile with Xerces 2.1 |
| * Fix bug with NULL pointer when validating or signing empty reference lists - fix as suggested by Jesse Pelton <jsp@PKC.com> on 23 March 2005 on security-dev@xml |
| * Provided support for nominating namespace based Id attributes |
| * Change to allow apps to calculate and obtain signed info hash - from Eckehard.Hermann@softwareag.com - see email of 2 March 2005 on security-dev@xml |
| * Patch for long RSA keys provided by Michael Braunoeder - michael@mib.priv.at to security-dev@xml on 16 Nov 2005 |
| * Memory leak in OpenSSLCryptoBase64 reported by Jesse Pelton fixed. |
| * Move to internal Base64 decoder in a number of methods to handle non-wrapping data |
| * Resize buffer in OpenSSLCryptoKeyRSA for larger RSA keys - as submitted by Vadim Ismailov <worndown@gmail.com> 3 December 2005 |
| * Remove redundant m_keyType class variable from OpenSSLCryptoKeyRSA as reported by Jesse Pelton (jsp@pkc.com) on security-dev@xml |
| * Don't throw an exception when an RSA decrypt fails during sig validation - this is a failed validate, not an error |
| * Shutdown OpenSSL properly - as suggested by Jesse Pelton <jsp@PKC.com> in e-mail to security-dev@xml on 9 March 2005 |
| * Changed scope of WinCapiCryptoKey::importKey() from private to public. It returns key now, instead of void. |
| * Fix problem in Windows CAPI where XSEC doesn't work if user doesn't have admin rights. |
| * Bug fix in Windows CAPI code for some W2K machines - reported by Andrzej Matejko 4/5/2004 |
| * Fix build on non WINCAPI systems, as reported by Milan Tomic on 22/4/2004 |
| * New constructor added to WinCapiX509 |
| * Fixed Bug in encode() XSCryptCryptoBase64. |
| * Fix bug in XPathFilter transform when checking if an attribute is in the input node set. |
| * Fix bug in in UTF transcoder for counting of transcoded characters (count characters not bytes) reported by Milan Tomic |
| * Move function definitions in the Windows BinInput stream class to static to avoid conflicts with Xerces. As suggested by Jesse Pelton <jsp@PKC.com> on 2 Feb 2005 in security-dev@xml |
| * Added complete KeyInfo handling for XENCEncryptedType |
| * Fix to stop re-use of derived key encrypting key when decrypting multiple elements in a document |
| * Fix to ignore encryption exceptions during a private key decrypt |
| * Add code to detect ASN.1 encoded DSA signatures and validate accordingly |