Apache Santuario -- Index

Apache Santuario -- Index
Apache Santuario
Index
Apache Santuario
Security Advisories
FAQ
Team
Contributing
Mailing Lists
SVN
Issue Tracking
License
History
Old News
Java
Index
Release Notes
Source repository
FAQ
API
Streaming API
Interoperability
C++
Index
Release Notes
Source repository
Installation
FAQ
Tools
Programming
Credits
ASF
How Apache Works
Foundation
Sponsor Apache
Thanks
Welcome to Apache Santuario™
The Project
The
Apache Santuario™
project is aimed at providing implementation of the primary security standards for XML:
XML-Signature Syntax and Processing
XML Encryption Syntax and Processing.
One library is currently available.
Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
The C++ version of this library has been officially retired as an Apache Project.
News
April 2025
Versions 4.0.4 and 3.0.6 of the Apache XML Security for Java library has been released.
December 2024
Version 2.3.5 of the Apache XML Security for Java library has been released.
November 2024
Version 4.0.3 and 3.0.5 of the Apache XML Security for Java library have been released, containing a mixture of bug fixes and new features.
July 2024
As announced early this year, the C++ library has been officially retired. A fork of this code base has been migrated to the Shibboleth Project, which has been the sole maintainer for a number of years now. See
the Shibboleth wiki
for notable caveats regarding usage of this code.
March 2024
After discussion with the Santuario PMC, it has been decided to address the long term lack of support for the C++ library by formally retiring the code here at Apache. The Java code of course remains well supported and will continue to be developed.
As of now, the C++ code is frozen here. The current sole maintainer will be transferring the source code to the Shibboleth Project and it will be maintained by that team for some period of time because it is a dependency of that software, but it will not be supported for any third-party use. It is estimated that the code will be fully retired some time before 2030. The code will be publically hosted and accessible after the transition, and the license is not changing.
Once the code transition occurs, which may not be for some time yet, we will update more of the site as is appropriate to reflect the transition. In the event a significant issue arises with the library prior to the transition, we will endeavor to address it here.
February 2024
Version 4.0.2 and 3.0.4 of the Apache XML Security for Java library have been released.
They contain a new feature to support Key Agreement using ECDH-ES.
November 2023
Version 4.0.1 of the Apache XML Security for Java library has been released, containing a bug fix (SANTUARIO-609 -
Remove call to Signature.getProvider() in debug log)
October 2023
Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library have been released. A security advisory has been fixed in these releases:
CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output
Please see the
Security Advisories
page for more information.
September 2023
Version 4.0.0-M1 of the Apache XML Security for Java library has been released. This is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
Java 11 requirement
Removing SLF4J and using System.Logger
AutoCloseable for several types
August 2023
Version 2.2.5 of the Apache XML Security for Java library has been released. It contains some dependency updates to fix CVE reports.
March 2023
Versions 3.0.2 and 2.3.3 of the Apache XML Security for Java library have been released. Support for the EdDSA has been added as part of these releases.
November 2021
Version 2.0.4 of the Apache XML Security for C++ library has been released. This release fixes a regression in 2.0.3 allowing the code to build on pre-1.1 OpenSSL versions.
Older News
See
here
for old news.
edit page
add comment
Apache Santuario, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.
All other marks mentioned may be trademarks or registered trademarks of their respective owners.