Page tree

This software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

These release notes describe the V1.x series of releases. The V2.x series of releases are described here; the corresponding release notes are here.

Release 1.2.0 (end of life)

Release date: 2013-04-17

For a complete list of issues addressed in this release, see https://issues.shibboleth.net/jira/issues/?filter=10273.

  • XSTJ-38: blacklist MD5 algorithm during signature verification
  • XSTJ-33: release process for XmlSecTool 1.2.0
  • XSTJ-31: add ECDSA elliptic curve signature support
  • XSTJ-28: provide blacklist ability for SHA-1 during signature verification
  • XSTJ-27: compatibility with Apache Santuario 1.5.x
  • XSTJ-24: should not use xmlsec IdResolver class
  • XSTJ-23: stabilise xmlsectool build, update dependencies
  • XSTJ-22: non-zero exit codes from shell script
  • XSTJ-20: pass JVMOPTS environment variable through xmlsectool.sh
  • XSTJ-19: pkcs11Config option fails to use indicated keystore provider
  • XSTJ-17: multiple errors in --help documentation
  • XSTJ-16: misleading error message on failed schema validation
  • XSTJ-15: XmlSecTool fails with String index out of range -1
  • XSTJ-14: allow specification of Digest and Signature algorithms when signing
  • XSTJ-5: ship RPM packaging files with xmlsectool

Release 1.1.5

Release date: 2011-07-25

  • XSTJ-13: failure to fetch via http if web server doesn't present a content-encoding header field
  • Security issue: additional validation of signatures to protect against signature wrapping attacks similar to CVE-2011-1411

Release 1.1.4

  • XTSJ-10: Correct class and command name
  • XSTJ-9: Add support for reading/writting base64, deflate, gzip encoded files
  • XTSJ-8: xmlsectool generates spurious xmlns:xml definitions in output
  • XTSJ-7: verify xmlsectool dependencies

Release 1.1.3

  • XSTJ-6: program fails with a NullPointerException when using a signing key from the filesystem without a password

Release 1.1.2

  • XSTJ-1: Update dependency libraries for version 1.1.2
  • XSTJ-2: non-zero status code not returned when a signature is invalid


  • No labels