CHANGELOG.txt - santuario-java - Git at Google

 Changelog for "Apache xml-security" <http://santuario.apache.org/>
 New in v1.4.4-SNAPSHOT
     Fixed Bug 49483: KeyResolver.registerAtStart() leads to ClassCastException. Thanks to Clement Pellerin.
     Fixed Bug 49458: StorageResolver always exhausted after first use. Thanks to Clement Pellerin.
     Fixed Bug 49456: StorageResolver.next() gives ClassCastException. Thanks to Clement Pellerin.
     Fixed Bug 49450: KeyStoreResolver always exhausted after first use. Thanks to Clement Pellerin.
     Fixed Bug 49447: KeyStoreResolver iterator returns null for symmetric keys. Thanks to Clement Pellerin.
     Fixed Bug 48368: Digest Value of References inside Manifest - calculation order problem
     Fixed Bug 47779: ConcurrentModificationException in XMLUtils.
     Fixed Bug 47761: xmlns:xml namespace improperly emitted during excl c14n. Thanks to Scott Cantor.
     Fixed Bug 36526: Out of memory error when signing or verifying big files. Thanks to Agnes Juhasz.
     Fixed Bug 47784: ClassNotFoundException when init the xml security in OSGi plateform
     Fixed Bug 47762: contextChild parameter of Transform.getInstance may be null
 New in v1.4.3
     Fixed Bug 47526: XML signature HMAC truncation authentication bypass
     Fixed Bug 47525: Fix checkstyle problems with source and tests.
     Fixed Bug 42239: ECDSA signature value interopability patch.
     Fixed Bug 45744: XPath transform and xml-stylesheet.
     Fixed Bug 42986: The </#document> node inserted at the end of SOAPEnvelope.
     Fixed Bug 47029: Unnecessary namespace declarations on EncryptedData children.
     Fixed Bug 44335: Can't validate after invalid validation.
     Fixed Bug 47260: Improve Java unit testing.
     Fixed Bug 47265: Some website updates.
     Fixed Bug 45388: We need a POM file added to the Maven repository.
     Fixed Bug 47483: Remove JDK 1.5 API dependencies
     Fixed bug 47057: Downgrade signature verification logging from "info". Thanks to Colm O hEigeartaigh.
     Fixed bug 42061: Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. Thanks to Colm O hEigeartaigh.
     Fixed bug 47097: Reusing XMLSignature for signing and verifying fails on same thread. Thanks to Bruno Harbulot.
     Fixed bug 46732: Failed to add more than one child element to EncryptionMethod.
     Fixed bug 46101: org.apache.xml.security.utils.IdResolver is not thread safe
     Fixed bug 45961: verify with own canonicalization method. Thanks to Anton Kosyakov.
     Fixed bug 45475: XMLSignature::getKeyInfo method modifies document
     Fixed bug 45811: Fix XMLSec 1.4.2 problems reported by findbugs
     Fixed bug 45706: Transform.register class loading and recursive instantiation problems
     Fixed bug 45664: Some calls should be wrapped in AccessController.doPrivileged
     Fixed bug 45634: Restore XMLUtils.createDSctx method.
     Fixed bug 45095: log4j.properties in xmlsec sources and builds has side
 effects in production environment. Thanks to Joachim Rousseau.

 New in v1.4.2rc1
     Fixed bug 44999: DOMException is thrown at XMLSignature creation. Thanks to Giedrius Noreikis.
     Fixed bug 44863: Improved logging in signature handling. Thanks to Wally Dennis.
     Fixed bug 44956: Concurrent creation of a XMLSignature instance produces an ArrayIndexOutOfBoundsException. Thanks to Giedrius Noreikis
     Fixed bug 44991: Concurrent invocation of KeyInfo.getX509Certificate() occasionally fails. Thanks to Giedrius Noreikis

 New in v1.4.2beta2
     Fixed bug 44810: Add support for more XMLDSig algorithms listed in RFC 4051
     Fixed bug 44617: Regression when processing XPath transform (additional fix)
 New in v1.4.2beta1
     Fixed bug 44629: Switch order of XML Signature validation steps
     Fixed bug 44617: Regression when processing XPath transform
     Fixed bug 44586: XMLX509IssuerSerial.getIssuerName incorrectly escapes '#' in hex values
     Fixed rfe 42653: Add support for C14N 1.1 to Java implementation. Thanks
 	to Sean Mullan.
     Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in certificate parsing error. Thanks to Vishal Mahajan.
     Fixed Bug 44177: when using xslt transformation there is problem with xalan newline. Thanks to Matej Spiller.
     Small refactor for ElementProxy to get rid of the state, it was an old
         vestige that where taking space and obfuscating the code.
     Fixed bug 40897: String comparisons using '==' causes validation errors
         with some parsers. Thanks Vishal Mahajan
     Fixed bug 43056: Library does not allow specify provider for private key
 	operations. Thanks to Alon Bar-Lev.
     Fixed bug 44102: XMLCipher loadEncryptedKey error. Thanks to Butler.
     Fixed bug 43239: "No installed provider supports this key" when checking a
 	RSA signature against a DSA key before RSA key. Thanks to Matthias
 	Germann.
     Fixed bug 42597: Unnecessary namespace declarations on Signature children
 	Thanks to Brent Putnam.
     Fixed bug 42061: Method to disable XMLUtils.addReturnToElement. Thanks to
 	Michael McIntosh.
     Fixed bug 42865: Problem with empty BaseURI in ResolverLocalFilesystem.
 	Thanks to Frank Cornelis.
     Fixed bug 43230: Inclusive C14n doesn't always handle xml:space & xml:lang
 	attributes correctly
     Fixed bug 38668: Add XMLCipher.encryptData method that takes serialized
 	data as parameter. Thanks to Vladimir Ionescu.
     Fixed bug 42886: Error when removing encrypted content in 1.4.1. Thanks to
 	Julien Taupin and Daniele Gagliardi.
     Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException loading
 	Provider Implementation. Thanks to James Washington.
 New in 1.4.1
     Fixed bug 42239: ECDSA signature value interoperability patch. Thanks to Wolfgang Glas for fix.

 New in v1.4.1beta1
     Fixed bug 41892: XML Security 1.4.0 does not build with IBM's JDK
     Fixed bug 41927: Cannot canonicalize with XSLT transform. Thanks to
 Lijun Liao for fix.
     Fixed bug 41805: Resolution of SAML 1.x ID attributes, incorrect namespace. Thanks to
 	Brent Putman for fix.
     Fixed bug 41474: two text nodes with the value '\n' in succession within
         <ds:SignedInfo> and <ds:X509IssuerSerial>. Thanks to Lijun Liao for fix.
     Fixed bug 41510: org.apache.xml.security.keys.content.KeyValue.getPublicKey()
         returns null for DSA key. Thanks to Stepan Hrbacek for fix.
     Fixed bug 41569: Cannot specify dynamically a specific JCE Provider with
         the DSA Signature. Thanks to Julien Pasquier for fix.
     Fixed bug 41573: XMLCipher StackOverflowError. Thanks to Marek Jablonski
         for fix.
     Fixed bug 41462: Xml canonization - UTF-8 encoding issue in Xml security 1.4.0 Thanks to Karol Rewera.
     Fixed bug 41520: Cannot generate signatures with the same key but different algorithms in sucession. Thanks to Lijun Liao
 New in 1.4
 	Fixed bug 40896

 New in 1.4RC4
 	Fixed bug 40880

 New in 1.4RC3
 	Fixed bug 40796

 New in 1.4RC2a
     Fixed bug 40783

 New in 1.4RC2
 	Fixed bug 40512. Made TransformSPI backward compatible. Now it is possible
 		to use implementations for the >1.3 versions paying the performance hit
 		of the old implementation.
     Fix a small & unneeded java 1.4 dependecy.
     KeyResolver & ResourceResolver can work like <1.3 mode when used with old implementations.

 New in 1.4RC1
 	Fixed bug 40290.
 	Fixed bug 40298.
 	Fixed bug 40360. Changed a little  the way the IdResolver works when
 	    Document.getElementById fails.
 	Fixed bug 40404.

 New in v1.4beta2
     Optimization in c14n in node-sets.
 	Optimization for the xml:* inheritance in inclusive  c14n.
 	Added ECDSA signature thanks Markus Lindner
 	Optimization in RetrievelMethod handling. Don't reparse the bytes into a DOM tree if not needed thanks David Garcia.
 	Fixed bug 40215: Base64 is not working in EBCDIC platform. Thanks to
 	     acastro.dit@aeat.es for fix.
 	Big optimizations in XPath2 transformation.
 	Fixed bug 40245 in XPATH2 transformation(only in development version)
 	Fixed bug no resolver for X509Data with just a X509Certificate.
 	Optimization in Base64 to do simple transformation from String to  byte[]

 New in v1.4beta1
     Fixed bug 40032. Fixed BUG 40031 Fixed bug when the prefix digital signature uri is not null.
 	Changes in the NodeFilter API in order to let the transformations
          do some optimizations take into account the c14n order.
 	Optimization in signature transformation in node-sets(xpath, xpath2), 20-40% speed-up.

 New in v1.4beta0
 	Fixed bug 38668: Add XMLCipher.encryptData method that takes
 			 serialized data as parameter (mullan)
 	Fixed bug 39273: JSR 105 DOMCryptoContext.setIdAttributeNS not working
 			 when validating signatures (mullan)
 	Fixed bug 38405: ElementProxy.length() is not working (Java) (mullan)
 	Fixed bug 37708: Different behaviour with NodeSet and RootNode with
 			 InclusiveNamespaces (mullan)
 	Fixed bug 37456: Signing throws an exception if custom resource
 			 resolver is registered (mullan)
         Fixed bug 38655
 	Fixed bug 38444.
 	Fixed bug 38605.
 	Fixed bug 39200(API CHANGE)
 		Refactored the way keyresolver works instead of calling canResolve/resolveX only resolveX is used
 		and if it returns null it means it cannot resolve.
 	Minor Optimizations.
 		Lazy fields initialization, initialize with null and create the object only when needed
 		Registered Class reorder, in several parts the library contains a list of workers
 			that are asked if it can solve a problem. Now the one that said yes is move to the front
 			wishing that the next time it also hits.
 	API Change: Make Transform & TransformSpi reusable between threads.
 		remove setTransform(Transform t) method in TransformSpi and pass
 		the Transform object in enginePerformTransfor methods.
 	Fixed bug 39685: bugs reported by findbugs (mullan)
 	Added support for SHA256 & SHA512 DigestMethods to JSR 105. (mullan)
 	Fix JSR 105 unmarshaling bug: now recognizes PGPData. (mullan)
 	Optimization to not create instances of Signature or MessageDigest objects, but mantain one for thread.
 		Also don't change the key if it was already used. (raul)

 New in v1.3
 	Init-Don't fail if a transformation don't have all of its dependecies.
 		Remove XPath initialization from Init and do only when xpath is needed.
     Resolv-Removed the use of xpath expressions to search the elements to sign/verify, now use only plain DOM searching.
 	Resolvers-Remove wantsOctectStream wantsNodeSet and his returns pair they are not used, right now and some are incorrect.
 	Remove the Use of xalan or xerces class URI
 	Removed the expandSystemId
 	Changed from Vector<String> to List<Class>, so we don't need to use classForName everytime and used it just the first time.
 	Removed PRNG,HexDump,Version, X509CertificateValidator
 	Added an unsync buffer outputstream.
 	Changed Symbol table to a more efficient and simple structure
 	Fixed bug 34743 , Submitted by: Lee Coomber <lee.at.lshift.net>
 	Minor speedups in b64, Halved the table lookups.
 	Reduce Object creation during c14n, from one to level to one per c14n.
 	Change all Vector to List(ArrayList), we don't need synchronization safety.
 	*Refactor the way we handle c14n of nodesets:
 	    Before this patch every transformation creates a set with the nodes that should
 	    be outputed. Every set is obtaining visiting the whole dom tree every time,
 	    and then do it other time at c14n time. So it does <number of transformations>+1
 	    visitings, very slow and memory costly.
 	    Now every transformation just return a NodeFilter that tells if the node is included or not.
 	    So only one visiting is done.
 	Unified http://www.w3.org/2002/06/xmldsig-filter2 and http://www.w3.org/2002/04/xmldsig-filter2 transformation implementations.
 	Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation
 	Canonicalization tree travesing is not recursive. it gives better memory handling and performance.
 	Fixed bug 33936, Submited by: Raymond Wong <rwong.at.ariba.com>
 	Fixed bug 35919, Submited by: Luda <ludab.at.lanl.gov>
 	out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no
 	   xpath transformation is needed)


 New in v1.2.1
  * Fix the memory leak when using xpath or using ResourceResolver and not hitting
   	  getElementByIdUsingDOM() [http://issues.apache.org/bugzilla/show_bug.cgi?id=32836]
  * Fix the bug with using XPath2Filter and inclusive c14n
  * Fix the bug arrouse in reusing Canonicalizers
  * Fix base64transformation bug [http://issues.apache.org/bugzilla/show_bug.cgi?id=33393 ]
  * Fix the XMLsignatureInput reset() bug.
  * Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions.
  * generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar)
  * Clean unused build*.xml files.


 ##############################################################################
 # New in v1.0.3                                                   24. May 2002
 ##############################################################################

 IMPORTANT:

  - The different classes do not call Init.init() any longer. This must be done
    by YOU in your application. If you miss that, you'll get many
    AlgorithmNotRegistered exceptions...

 --------------------------------

 Summary:

  - The software is faster. Especially canonicalization is between
    factor 5--80 faster than the old one.

  - Some deprecated methods in the Canonicalizer are deleted.

  - We support Exclusive Canonicalization

  - We support the XPath Filter version 2.0 Draft.

 --------------------------------

 Optimizations and speed-up

  - canonicalization
    - inclusive c14n is now faster (factor between 5 and 80)
  - transforms
    - enveloped-signature is now faster (no XPath ops any more)
    - base64 is now faster (no XPath ops any more)
    - c14n is now faster (due to faster c14n algo)

 --------------------------------

 Signature package:

  - The XMLSignatureInput which is used for passing node sets and octet
    streams into transforms and which is also the result of transforms
    uses a java.util.Set now instead of a NodeList for the internal
    representation of xpath node sets. This allows easier queries in the
    form: Is node N part of the node set.

    The implication is that you can also pass a Set which contains the nodes
    to be canonicalized to the Canonicalizers using
    public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)

 --------------------------------

 Canonicalizer:

  - A bug (well, my understanding of c14n) is corrected regarding the
    canonicalization of node sets. That bug related to the xml:*
    attributes. See xmldsig mailing list archive @ w3.org for details.

  - removed are the methods

    - public byte[] canonicalize(Node node)
    - public byte[] canonicalizeDocument(Document doc)
    - public byte[] canonicalizeSingleNode(Node rootNode)

      replaced by public byte[] canonicalizeSubtree(Node node)

    - public byte[] canonicalize(NodeList xpathNodeSet)

      replaced by public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)

    - public void setXPath(Object xpath)
    - public Object getXPath()
    - public String getXPathString()
    - public void setXPathNodeSet(NodeList nodeList)

      These are no longer in use. If you want to c14nize an xpath
      node set, select it using CachedXPathAPI and then apply
      canonicalizeXPathNodeSet to the node set.

    - public void setRemoveNSAttrs(boolean remove)
    - public boolean getRemoveNSAttrs()

      The c14nizers do not add any attributes (namespaces or xml:*)
      to the document, so these method make no sense.

  - The Canonicalizer now supports "Exclusive XML Canonicalization
    Version 1.0" <http://www.w3.org/Signature/Drafts/xml-exc-c14n>, Rev 1.58.

    For that reason, the c14n methods allow an additional String parameter
    for passing the inclusive namespaces.

    public byte[] canonicalizeSubtree(Node node,
                                      String inclusiveNamespaces)
    public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet,
                                           String inclusiveNamespaces)

    Such a string looks e.g. like this

      String inclusiveNamespaces = "ds xenc ex #default";

    For more on exclusive c14n, see the spec. If you pass this parameter to the
    regular (inclusive) c14nizer, you'll get a
    CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation")

 --------------------------------

 Transforms:

  - The exclusive c14n is also supported by the transform framework.
    The parameter for the inclusive namespaces is the class
    org.apache.xml.security.transforms.params.InclusiveNamespaces

    If you want to make a Transform like this, do that:

    Document doc = ...;
    Transforms transforms = new Transforms(doc);
    InclusiveNamespaces incNS = new InclusiveNamespaces(doc, "ns2");
    transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS,
                            incNS.getElement());

  - The XPathContainer for the XPath transform is now moved from the
    org.apache.xml.security.c14n.helper package to
    org.apache.xml.security.transforms.params.XPathContainer

  - The enveloped-signature transform is faster now. We don't do costly
    XPath operations but 'simple' DOM ops.

  - Base64 is faster (no XPath ops).

  - The TransformXPath2Filter is now supported by the package. It can be used by
    using the identifier Transforms.TRANSFORM_XPATH2FILTER in conjuction with the
    XPath2FilterContainer for passing parameters. To know what xfilter2 is, see
    http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/ :

    Document doc = ...;
    Transforms transforms = new Transforms(doc);
    XPath2FilterContainer x2c =
          // intersect
          XPath2FilterContainer.newInstanceIntersect(doc, "//a");
          // subtract
          XPath2FilterContainer.newInstanceSubtract(doc, "//a");
          // union
          XPath2FilterContainer.newInstanceUnion(doc, "//a");

    transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
                            x2c.getElement());

 --------------------------------
	Changelog for "Apache xml-security" <http://santuario.apache.org/>
	New in v1.4.4-SNAPSHOT
	Fixed Bug 49483: KeyResolver.registerAtStart() leads to ClassCastException. Thanks to Clement Pellerin.
	Fixed Bug 49458: StorageResolver always exhausted after first use. Thanks to Clement Pellerin.
	Fixed Bug 49456: StorageResolver.next() gives ClassCastException. Thanks to Clement Pellerin.
	Fixed Bug 49450: KeyStoreResolver always exhausted after first use. Thanks to Clement Pellerin.
	Fixed Bug 49447: KeyStoreResolver iterator returns null for symmetric keys. Thanks to Clement Pellerin.
	Fixed Bug 48368: Digest Value of References inside Manifest - calculation order problem
	Fixed Bug 47779: ConcurrentModificationException in XMLUtils.
	Fixed Bug 47761: xmlns:xml namespace improperly emitted during excl c14n. Thanks to Scott Cantor.
	Fixed Bug 36526: Out of memory error when signing or verifying big files. Thanks to Agnes Juhasz.
	Fixed Bug 47784: ClassNotFoundException when init the xml security in OSGi plateform
	Fixed Bug 47762: contextChild parameter of Transform.getInstance may be null
	New in v1.4.3
	Fixed Bug 47526: XML signature HMAC truncation authentication bypass
	Fixed Bug 47525: Fix checkstyle problems with source and tests.
	Fixed Bug 42239: ECDSA signature value interopability patch.
	Fixed Bug 45744: XPath transform and xml-stylesheet.
	Fixed Bug 42986: The </#document> node inserted at the end of SOAPEnvelope.
	Fixed Bug 47029: Unnecessary namespace declarations on EncryptedData children.
	Fixed Bug 44335: Can't validate after invalid validation.
	Fixed Bug 47260: Improve Java unit testing.
	Fixed Bug 47265: Some website updates.
	Fixed Bug 45388: We need a POM file added to the Maven repository.
	Fixed Bug 47483: Remove JDK 1.5 API dependencies
	Fixed bug 47057: Downgrade signature verification logging from "info". Thanks to Colm O hEigeartaigh.
	Fixed bug 42061: Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. Thanks to Colm O hEigeartaigh.
	Fixed bug 47097: Reusing XMLSignature for signing and verifying fails on same thread. Thanks to Bruno Harbulot.
	Fixed bug 46732: Failed to add more than one child element to EncryptionMethod.
	Fixed bug 46101: org.apache.xml.security.utils.IdResolver is not thread safe
	Fixed bug 45961: verify with own canonicalization method. Thanks to Anton Kosyakov.
	Fixed bug 45475: XMLSignature::getKeyInfo method modifies document
	Fixed bug 45811: Fix XMLSec 1.4.2 problems reported by findbugs
	Fixed bug 45706: Transform.register class loading and recursive instantiation problems
	Fixed bug 45664: Some calls should be wrapped in AccessController.doPrivileged
	Fixed bug 45634: Restore XMLUtils.createDSctx method.
	Fixed bug 45095: log4j.properties in xmlsec sources and builds has side
	effects in production environment. Thanks to Joachim Rousseau.

	New in v1.4.2rc1
	Fixed bug 44999: DOMException is thrown at XMLSignature creation. Thanks to Giedrius Noreikis.
	Fixed bug 44863: Improved logging in signature handling. Thanks to Wally Dennis.
	Fixed bug 44956: Concurrent creation of a XMLSignature instance produces an ArrayIndexOutOfBoundsException. Thanks to Giedrius Noreikis
	Fixed bug 44991: Concurrent invocation of KeyInfo.getX509Certificate() occasionally fails. Thanks to Giedrius Noreikis

	New in v1.4.2beta2
	Fixed bug 44810: Add support for more XMLDSig algorithms listed in RFC 4051
	Fixed bug 44617: Regression when processing XPath transform (additional fix)
	New in v1.4.2beta1
	Fixed bug 44629: Switch order of XML Signature validation steps
	Fixed bug 44617: Regression when processing XPath transform
	Fixed bug 44586: XMLX509IssuerSerial.getIssuerName incorrectly escapes '#' in hex values
	Fixed rfe 42653: Add support for C14N 1.1 to Java implementation. Thanks
	to Sean Mullan.
	Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in certificate parsing error. Thanks to Vishal Mahajan.
	Fixed Bug 44177: when using xslt transformation there is problem with xalan newline. Thanks to Matej Spiller.
	Small refactor for ElementProxy to get rid of the state, it was an old
	vestige that where taking space and obfuscating the code.
	Fixed bug 40897: String comparisons using '==' causes validation errors
	with some parsers. Thanks Vishal Mahajan
	Fixed bug 43056: Library does not allow specify provider for private key
	operations. Thanks to Alon Bar-Lev.
	Fixed bug 44102: XMLCipher loadEncryptedKey error. Thanks to Butler.
	Fixed bug 43239: "No installed provider supports this key" when checking a
	RSA signature against a DSA key before RSA key. Thanks to Matthias
	Germann.
	Fixed bug 42597: Unnecessary namespace declarations on Signature children
	Thanks to Brent Putnam.
	Fixed bug 42061: Method to disable XMLUtils.addReturnToElement. Thanks to
	Michael McIntosh.
	Fixed bug 42865: Problem with empty BaseURI in ResolverLocalFilesystem.
	Thanks to Frank Cornelis.
	Fixed bug 43230: Inclusive C14n doesn't always handle xml:space & xml:lang
	attributes correctly
	Fixed bug 38668: Add XMLCipher.encryptData method that takes serialized
	data as parameter. Thanks to Vladimir Ionescu.
	Fixed bug 42886: Error when removing encrypted content in 1.4.1. Thanks to
	Julien Taupin and Daniele Gagliardi.
	Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException loading
	Provider Implementation. Thanks to James Washington.
	New in 1.4.1
	Fixed bug 42239: ECDSA signature value interoperability patch. Thanks to Wolfgang Glas for fix.

	New in v1.4.1beta1
	Fixed bug 41892: XML Security 1.4.0 does not build with IBM's JDK
	Fixed bug 41927: Cannot canonicalize with XSLT transform. Thanks to
	Lijun Liao for fix.
	Fixed bug 41805: Resolution of SAML 1.x ID attributes, incorrect namespace. Thanks to
	Brent Putman for fix.
	Fixed bug 41474: two text nodes with the value '\n' in succession within
	<ds:SignedInfo> and <ds:X509IssuerSerial>. Thanks to Lijun Liao for fix.
	Fixed bug 41510: org.apache.xml.security.keys.content.KeyValue.getPublicKey()
	returns null for DSA key. Thanks to Stepan Hrbacek for fix.
	Fixed bug 41569: Cannot specify dynamically a specific JCE Provider with
	the DSA Signature. Thanks to Julien Pasquier for fix.
	Fixed bug 41573: XMLCipher StackOverflowError. Thanks to Marek Jablonski
	for fix.
	Fixed bug 41462: Xml canonization - UTF-8 encoding issue in Xml security 1.4.0 Thanks to Karol Rewera.
	Fixed bug 41520: Cannot generate signatures with the same key but different algorithms in sucession. Thanks to Lijun Liao
	New in 1.4
	Fixed bug 40896

	New in 1.4RC4
	Fixed bug 40880

	New in 1.4RC3
	Fixed bug 40796

	New in 1.4RC2a
	Fixed bug 40783

	New in 1.4RC2
	Fixed bug 40512. Made TransformSPI backward compatible. Now it is possible
	to use implementations for the >1.3 versions paying the performance hit
	of the old implementation.
	Fix a small & unneeded java 1.4 dependecy.
	KeyResolver & ResourceResolver can work like <1.3 mode when used with old implementations.

	New in 1.4RC1
	Fixed bug 40290.
	Fixed bug 40298.
	Fixed bug 40360. Changed a little the way the IdResolver works when
	Document.getElementById fails.
	Fixed bug 40404.

	New in v1.4beta2
	Optimization in c14n in node-sets.
	Optimization for the xml:* inheritance in inclusive c14n.
	Added ECDSA signature thanks Markus Lindner
	Optimization in RetrievelMethod handling. Don't reparse the bytes into a DOM tree if not needed thanks David Garcia.
	Fixed bug 40215: Base64 is not working in EBCDIC platform. Thanks to
	acastro.dit@aeat.es for fix.
	Big optimizations in XPath2 transformation.
	Fixed bug 40245 in XPATH2 transformation(only in development version)
	Fixed bug no resolver for X509Data with just a X509Certificate.
	Optimization in Base64 to do simple transformation from String to byte[]

	New in v1.4beta1
	Fixed bug 40032. Fixed BUG 40031 Fixed bug when the prefix digital signature uri is not null.
	Changes in the NodeFilter API in order to let the transformations
	do some optimizations take into account the c14n order.
	Optimization in signature transformation in node-sets(xpath, xpath2), 20-40% speed-up.

	New in v1.4beta0
	Fixed bug 38668: Add XMLCipher.encryptData method that takes
	serialized data as parameter (mullan)
	Fixed bug 39273: JSR 105 DOMCryptoContext.setIdAttributeNS not working
	when validating signatures (mullan)
	Fixed bug 38405: ElementProxy.length() is not working (Java) (mullan)
	Fixed bug 37708: Different behaviour with NodeSet and RootNode with
	InclusiveNamespaces (mullan)
	Fixed bug 37456: Signing throws an exception if custom resource
	resolver is registered (mullan)
	Fixed bug 38655
	Fixed bug 38444.
	Fixed bug 38605.
	Fixed bug 39200(API CHANGE)
	Refactored the way keyresolver works instead of calling canResolve/resolveX only resolveX is used
	and if it returns null it means it cannot resolve.
	Minor Optimizations.
	Lazy fields initialization, initialize with null and create the object only when needed
	Registered Class reorder, in several parts the library contains a list of workers
	that are asked if it can solve a problem. Now the one that said yes is move to the front
	wishing that the next time it also hits.
	API Change: Make Transform & TransformSpi reusable between threads.
	remove setTransform(Transform t) method in TransformSpi and pass
	the Transform object in enginePerformTransfor methods.
	Fixed bug 39685: bugs reported by findbugs (mullan)
	Added support for SHA256 & SHA512 DigestMethods to JSR 105. (mullan)
	Fix JSR 105 unmarshaling bug: now recognizes PGPData. (mullan)
	Optimization to not create instances of Signature or MessageDigest objects, but mantain one for thread.
	Also don't change the key if it was already used. (raul)

	New in v1.3
	Init-Don't fail if a transformation don't have all of its dependecies.
	Remove XPath initialization from Init and do only when xpath is needed.
	Resolv-Removed the use of xpath expressions to search the elements to sign/verify, now use only plain DOM searching.
	Resolvers-Remove wantsOctectStream wantsNodeSet and his returns pair they are not used, right now and some are incorrect.
	Remove the Use of xalan or xerces class URI
	Removed the expandSystemId
	Changed from Vector<String> to List<Class>, so we don't need to use classForName everytime and used it just the first time.
	Removed PRNG,HexDump,Version, X509CertificateValidator
	Added an unsync buffer outputstream.
	Changed Symbol table to a more efficient and simple structure
	Fixed bug 34743 , Submitted by: Lee Coomber <lee.at.lshift.net>
	Minor speedups in b64, Halved the table lookups.
	Reduce Object creation during c14n, from one to level to one per c14n.
	Change all Vector to List(ArrayList), we don't need synchronization safety.
	*Refactor the way we handle c14n of nodesets:
	Before this patch every transformation creates a set with the nodes that should
	be outputed. Every set is obtaining visiting the whole dom tree every time,
	and then do it other time at c14n time. So it does <number of transformations>+1
	visitings, very slow and memory costly.
	Now every transformation just return a NodeFilter that tells if the node is included or not.
	So only one visiting is done.
	Unified http://www.w3.org/2002/06/xmldsig-filter2 and http://www.w3.org/2002/04/xmldsig-filter2 transformation implementations.
	Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation
	Canonicalization tree travesing is not recursive. it gives better memory handling and performance.
	Fixed bug 33936, Submited by: Raymond Wong <rwong.at.ariba.com>
	Fixed bug 35919, Submited by: Luda <ludab.at.lanl.gov>
	out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no
	xpath transformation is needed)


	New in v1.2.1
	* Fix the memory leak when using xpath or using ResourceResolver and not hitting
	getElementByIdUsingDOM() [http://issues.apache.org/bugzilla/show_bug.cgi?id=32836]
	* Fix the bug with using XPath2Filter and inclusive c14n
	* Fix the bug arrouse in reusing Canonicalizers
	* Fix base64transformation bug [http://issues.apache.org/bugzilla/show_bug.cgi?id=33393 ]
	* Fix the XMLsignatureInput reset() bug.
	* Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions.
	* generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar)
	* Clean unused build*.xml files.


	##############################################################################
	# New in v1.0.3 24. May 2002
	##############################################################################

	IMPORTANT:

	- The different classes do not call Init.init() any longer. This must be done
	by YOU in your application. If you miss that, you'll get many
	AlgorithmNotRegistered exceptions...

	--------------------------------

	Summary:

	- The software is faster. Especially canonicalization is between
	factor 5--80 faster than the old one.

	- Some deprecated methods in the Canonicalizer are deleted.

	- We support Exclusive Canonicalization

	- We support the XPath Filter version 2.0 Draft.

	--------------------------------

	Optimizations and speed-up

	- canonicalization
	- inclusive c14n is now faster (factor between 5 and 80)
	- transforms
	- enveloped-signature is now faster (no XPath ops any more)
	- base64 is now faster (no XPath ops any more)
	- c14n is now faster (due to faster c14n algo)

	--------------------------------

	Signature package:

	- The XMLSignatureInput which is used for passing node sets and octet
	streams into transforms and which is also the result of transforms
	uses a java.util.Set now instead of a NodeList for the internal
	representation of xpath node sets. This allows easier queries in the
	form: Is node N part of the node set.

	The implication is that you can also pass a Set which contains the nodes
	to be canonicalized to the Canonicalizers using
	public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)

	--------------------------------

	Canonicalizer:

	- A bug (well, my understanding of c14n) is corrected regarding the
	canonicalization of node sets. That bug related to the xml:*
	attributes. See xmldsig mailing list archive @ w3.org for details.

	- removed are the methods

	- public byte[] canonicalize(Node node)
	- public byte[] canonicalizeDocument(Document doc)
	- public byte[] canonicalizeSingleNode(Node rootNode)

	replaced by public byte[] canonicalizeSubtree(Node node)

	- public byte[] canonicalize(NodeList xpathNodeSet)

	replaced by public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)

	- public void setXPath(Object xpath)
	- public Object getXPath()
	- public String getXPathString()
	- public void setXPathNodeSet(NodeList nodeList)

	These are no longer in use. If you want to c14nize an xpath
	node set, select it using CachedXPathAPI and then apply
	canonicalizeXPathNodeSet to the node set.

	- public void setRemoveNSAttrs(boolean remove)
	- public boolean getRemoveNSAttrs()

	The c14nizers do not add any attributes (namespaces or xml:*)
	to the document, so these method make no sense.

	- The Canonicalizer now supports "Exclusive XML Canonicalization
	Version 1.0" <http://www.w3.org/Signature/Drafts/xml-exc-c14n>, Rev 1.58.

	For that reason, the c14n methods allow an additional String parameter
	for passing the inclusive namespaces.

	public byte[] canonicalizeSubtree(Node node,
	String inclusiveNamespaces)
	public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet,
	String inclusiveNamespaces)

	Such a string looks e.g. like this

	String inclusiveNamespaces = "ds xenc ex #default";

	For more on exclusive c14n, see the spec. If you pass this parameter to the
	regular (inclusive) c14nizer, you'll get a
	CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation")

	--------------------------------

	Transforms:

	- The exclusive c14n is also supported by the transform framework.
	The parameter for the inclusive namespaces is the class
	org.apache.xml.security.transforms.params.InclusiveNamespaces

	If you want to make a Transform like this, do that:

	Document doc = ...;
	Transforms transforms = new Transforms(doc);
	InclusiveNamespaces incNS = new InclusiveNamespaces(doc, "ns2");
	transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS,
	incNS.getElement());

	- The XPathContainer for the XPath transform is now moved from the
	org.apache.xml.security.c14n.helper package to
	org.apache.xml.security.transforms.params.XPathContainer

	- The enveloped-signature transform is faster now. We don't do costly
	XPath operations but 'simple' DOM ops.

	- Base64 is faster (no XPath ops).

	- The TransformXPath2Filter is now supported by the package. It can be used by
	using the identifier Transforms.TRANSFORM_XPATH2FILTER in conjuction with the
	XPath2FilterContainer for passing parameters. To know what xfilter2 is, see
	http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/ :

	Document doc = ...;
	Transforms transforms = new Transforms(doc);
	XPath2FilterContainer x2c =
	// intersect
	XPath2FilterContainer.newInstanceIntersect(doc, "//a");
	// subtract
	XPath2FilterContainer.newInstanceSubtract(doc, "//a");
	// union
	XPath2FilterContainer.newInstanceUnion(doc, "//a");

	transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
	x2c.getElement());

	--------------------------------