Releases: apache/santuario-xml-security-java
Releases · apache/santuario-xml-security-java
xmlsec-4.0.4
xmlsec-4.0.4
This tag was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
bec6484
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
What's Changed
- Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #405
- Bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #404
- Bump actions/cache from 4.1.1 to 4.1.2 by @dependabot in #403
- Bump actions/setup-java from 4.4.0 to 4.5.0 by @dependabot in #402
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.0 to 3.5.1 by @dependabot in #401
- Bump junit.version from 5.11.1 to 5.11.3 by @dependabot in #400
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.10.1 by @dependabot in #399
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.2 by @dependabot in #410
- Bump org.bouncycastle:bcprov-jdk18on from 1.78.1 to 1.79 by @dependabot in #409
- Bump com.google.errorprone:error_prone_core from 2.34.0 to 2.35.1 by @dependabot in #407
- Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #413
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.1 to 3.5.2 by @dependabot in #412
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.11.1 by @dependabot in #411
- Update Jetty to 11.0.24 by @coheigea in #414
- Bump github/codeql-action from 3.27.1 to 3.27.5 by @dependabot in #417
- Bump com.google.errorprone:error_prone_core from 2.35.1 to 2.36.0 by @dependabot in #416
- Run builds on PRs on 3.0.x-fixes by @coheigea in #419
- Bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #426
- Bump actions/cache from 4.1.2 to 4.2.0 by @dependabot in #425
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2 by @dependabot in #424
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.9.0 to 2.9.1 by @dependabot in #423
- Bump junit.version from 5.11.3 to 5.11.4 by @dependabot in #428
- Bump github/codeql-action from 3.27.6 to 3.27.9 by @dependabot in #427
- Bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #429
- Bump actions/setup-java from 4.5.0 to 4.6.0 by @dependabot in #430
- Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #431
- Bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot in #433
- Bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #435
- Bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot in #434
- Bump org.bouncycastle:bcprov-jdk18on from 1.79 to 1.80 by @dependabot in #436
- Modernization: Replacing Paths.get with Path.of by @coheigea in #438
- Bump github/codeql-action from 3.28.1 to 3.28.5 by @dependabot in #439
- Bump com.fasterxml.woodstox:woodstox-core from 6.6.2 to 7.1.0 by @dependabot in #397
- Bump commons-codec:commons-codec from 1.17.2 to 1.18.0 by @dependabot in #440
- Bump org.glassfish.jaxb:jaxb-runtime from 4.0.3 to 4.0.5 by @dependabot in #441
- Bump actions/setup-java from 4.6.0 to 4.7.0 by @dependabot in #443
- Bump github/codeql-action from 3.28.5 to 3.28.8 by @dependabot in #442
- Fixed SANTUARIO-624: Remove org/apache/xml/security/resource/xmlsecur… by @seanjmullan in #444
- Bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in #445
- Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @dependabot in #447
- Bump github/codeql-action from 3.28.9 to 3.28.10 by @dependabot in #448
- Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot in #449
- Bump actions/cache from 4.2.0 to 4.2.1 by @dependabot in #450
- Bump junit.version from 5.11.4 to 5.12.0 by @dependabot in #451
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0 by @dependabot in #452
- Bump org.slf4j:slf4j-jdk14 from 2.0.16 to 2.0.17 by @dependabot in #454
- Bump actions/cache from 4.2.1 to 4.2.2 by @dependabot in #455
- OID attributes get a wrong name when normalized due to first dot not being removed by @baconjander in #446
- Bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot in #457
- Bump junit.version from 5.12.0 to 5.12.1 by @dependabot in #458
- Bump com.google.errorprone:error_prone_core from 2.36.0 to 2.37.0 by @dependabot in #460
- [SANTUARIO-576] Fix saml validation with saaj 1.4+ by @RivalAUT in #453
- Bump org.apache:apache from 33 to 34 by @dependabot in #459
- Bump github/codeql-action from 3.28.11 to 3.28.12 by @dependabot in #463
- Bump actions/cache from 4.2.2 to 4.2.3 by @dependabot in #462
- Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot in #461
- Bump github/codeql-action from 3.28.12 to 3.28.13 by @dependabot in #464
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3 by @dependabot in #465
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3 by @dependabot in #466
- Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 by @dependabot in #467
- Bump advanced-security/maven-dependency-submission-action from 4.1.1 to 4.1.2 by @dependabot in #468
New Contributors
- @baconjander made their first contribution in #446
- @RivalAUT made their first contribution in #453
Full Changelog: xmlsec-4.0.3...xmlsec-4.0.4
Contributors
coheigea, baconjander, and 3 other contributors
Assets 2
xmlsec-3.0.6
xmlsec-3.0.6
This tag was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
c0758f5
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
What's Changed
- [SANTUARIO-622] XMLSignatureInput close input stream by @jrihtarsic in #406
- Removing unused log statement from XMLSignatureInput by @coheigea in #418
- Updating Jetty to 9.4.56.v20240826 - take II by @coheigea in #421
- [SANTUARIO-625] Security warning is always logged when using ECDH with AES-KW by @beth-soptim in #456
New Contributors
- @beth-soptim made their first contribution in #456
Full Changelog: xmlsec-3.0.5...xmlsec-3.0.6
Contributors
coheigea, jrihtarsic, and beth-soptim
Assets 2
xmlsec-4.0.3
3e8b4f1
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
What's Changed
- Bump advanced-security/maven-dependency-submission-action from 4.0.0 to 4.0.1 by @dependabot in #281
- Bump com.google.errorprone:error_prone_core from 2.24.1 to 2.25.0 by @dependabot in #280
- Bump com.fasterxml.woodstox:woodstox-core from 6.6.0 to 6.6.1 by @dependabot in #283
- Bump jakarta.activation:jakarta.activation-api from 2.1.2 to 2.1.3 by @dependabot in #284
- Bump actions/setup-java from 4.0.0 to 4.1.0 by @dependabot in #285
- Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #286
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.1 to 4.0.2 by @dependabot in #287
- SANTUARIO-610: Fix NullPointerException in XMLCipher with BC AES GCM by @krah034 in #288
- Bump advanced-security/maven-dependency-submission-action from 4.0.1 to 4.0.2 by @dependabot in #289
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #296
- Bump com.google.errorprone:error_prone_core from 2.25.0 to 2.26.1 by @dependabot in #291
- Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #295
- Bump actions/setup-java from 4.1.0 to 4.2.1 by @dependabot in #294
- [SANTUARIO-613] Remove DH KeyType from the KeyUtils.KeyType enumeration by @jrihtarsic in #297
- Add brainpool curves for EC key generation/cypher (main branch) by @yklymenko in #293
- Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #300
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #301
- Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #304
- Bump com.fasterxml.woodstox:woodstox-core from 6.6.1 to 6.6.2 by @dependabot in #303
- [SANTUARIO-611] Add support of ECDSA with SHA3 algorithms by @jrihtarsic in #302
- Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 by @dependabot in #307
- [SANTUARIO-617] remove mgf element in case of rsa-oaep-mgf1p by @jrihtarsic in #306
- Bump org.slf4j:slf4j-jdk14 from 2.0.12 to 2.0.13 by @dependabot in #308
- Bump org.apache:apache from 31 to 32 by @dependabot in #309
- Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #312
- Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #311
- Bump org.bouncycastle:bcprov-jdk18on from 1.78 to 1.78.1 by @dependabot in #310
- Bump xmlunit.version from 2.9.1 to 2.10.0 by @dependabot in #317
- Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 by @dependabot in #316
- Bump com.google.errorprone:error_prone_core from 2.26.1 to 2.27.0 by @dependabot in #315
- Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #314
- Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #313
- [SANTUARIO-616] enable manual decryption of the EncryptedKey with KeyAgreement by @jrihtarsic in #305
- Bump com.google.errorprone:error_prone_core from 2.27.0 to 2.27.1 by @dependabot in #318
- Bump advanced-security/maven-dependency-submission-action from 4.0.2 to 4.0.3 by @dependabot in #319
- [SANTUARIO-614] Tests for the EC Brainpool key types by @jrihtarsic in #298
- Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #321
- Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #320
- Implementation of the HKDF derivation function by @jrihtarsic in #271
- Bump github/codeql-action from 2.13.4 to 3.25.6 by @dependabot in #325
- Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #322
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 by @dependabot in #333
- Bump github/codeql-action from 3.25.6 to 3.25.10 by @dependabot in #332
- Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #331
- Bump com.google.errorprone:error_prone_core from 2.27.1 to 2.28.0 by @dependabot in #329
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 by @dependabot in #328
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 by @dependabot in #326
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 by @dependabot in #335
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.2.5 to 3.3.0 by @dependabot in #336
- Fixed KeyValue construction for EC keys by @Gamuci in #334
- Bump junit.version from 5.10.2 to 5.10.3 by @dependabot in #338
- Bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #339
- Bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #340
- Bump advanced-security/maven-dependency-submission-action from 4.0.3 to 4.1.0 by @dependabot in #341
- Bump org.apache:apache from 32 to 33 by @dependabot in #342
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.0 to 3.3.1 by @dependabot in #343
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.0 to 3.3.1 by @dependabot in #344
- Bump org.apache.maven.plugins:maven-release-plugin from 3.1.0 to 3.1.1 by @dependabot in #345
- Bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #346
- Bump commons-codec:commons-codec from 1.17.0 to 1.17.1 by @dependabot in #347
- Bump com.google.errorprone:error_prone_core from 2.28.0 to 2.29.1 by @dependabot in #349
- Bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #352
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 by @dependabot in #351
- Bump com.google.errorprone:error_prone_core from 2.29.1 to 2.29.2 by @dependabot in #350
- Bump org.slf4j:slf4j-jdk14 from 2.0.13 to 2.0.14 by @dependabot in #358
- Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #357
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 by @dependabot in #356
- Bump org.hamcrest:hamcrest-library from 2.2 to 3.0 by @dependabot in #355
- Bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in #354
- Bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #353
- Bump org.slf4j:slf4j-jdk14 from 2.0.14 to 2.0.16 by @dependabot in https://github.com/apache/santua...
Contributors
yklymenko, Gamuci, and 3 other contributors
Assets 2
xmlsec-3.0.5
9232b98
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
Full Changelog: xmlsec-3.0.4...xmlsec-3.0.5
xmlsec-3.0.4
070a98e
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
Full Changelog: xmlsec-3.0.3...xmlsec-3.0.4
xmlsec-4.0.2
3c77501
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
What's Changed
- Bump actions/setup-java from 3.13.0 to 4.0.0 by @dependabot in #249
- workaround source RB issue by @hboutemy in #248
- SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange for EC and XEC keys by @jrihtarsic in #234
- Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #256
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.3 by @dependabot in #255
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.1.0 to 3.2.3 by @dependabot in #254
- Bump commons-codec:commons-codec from 1.15 to 1.16.0 by @dependabot in #251
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.3 by @dependabot in #250
- Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.0 by @dependabot in #260
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.12.1 by @dependabot in #261
- Bump org.apache.felix:maven-bundle-plugin from 5.1.8 to 5.1.9 by @dependabot in #259
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.0 to 3.0.1 by @dependabot in #258
- Bump org.slf4j:slf4j-jdk14 from 2.0.9 to 2.0.11 by @dependabot in #266
- Bump com.google.errorprone:error_prone_core from 2.23.0 to 2.24.1 by @dependabot in #267
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.2.3 to 3.2.5 by @dependabot in #265
- Bump actions/cache from 3.3.2 to 3.3.3 by @dependabot in #263
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.3 to 3.2.5 by @dependabot in #264
- Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in #262
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.1 by @dependabot in #268
- Bump com.fasterxml.woodstox:woodstox-core from 6.5.1 to 6.6.0 by @dependabot in #269
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #270
- Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in #273
- Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in #274
- Bump actions/cache from 3.3.3 to 4.0.0 by @dependabot in #272
- Bump advanced-security/maven-dependency-submission-action from 3.0.3 to 4.0.0 by @dependabot in #275
- Bump junit.version from 5.10.1 to 5.10.2 by @dependabot in #276
- Bump org.slf4j:slf4j-jdk14 from 2.0.11 to 2.0.12 by @dependabot in #277
- Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 by @dependabot in #278
- Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #279
Full Changelog: xmlsec-4.0.1...xmlsec-4.0.2
Contributors
hboutemy, jrihtarsic, and dependabot
Assets 2
4.0.1
c948752
This commit was signed with the committer’s verified signature.
coheigea
Colm O hEigeartaigh
What's Changed
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #224
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #225
- Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 by @dependabot in #222
- Bump com.google.errorprone:error_prone_core from 2.22.0 to 2.23.0 by @dependabot in #228
- Make all tests pass with Java 21 by @coheigea in #237
- Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 by @dependabot in #238
- Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in #239
- Bump advanced-security/maven-dependency-submission-action from 3.0.2 to 3.0.3 by @dependabot in #232
- Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #233
- Removing protected branches by @coheigea in #241
- Nulling out protected branches by @coheigea in #242
- Remove call to Signature.getProvider() in debug log by @narras-oss in #240
- Bump junit.version from 5.10.0 to 5.10.1 by @dependabot in #243
- Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.77 by @dependabot in #245
- Updating Parent Pom by @coheigea in #247
New Contributors
- @narras-oss made their first contribution in #240
Full Changelog: xmlsec-4.0.0...xmlsec-4.0.1
Contributors
coheigea, dependabot, and 2 other contributors