Overview

File xml-security.changes of Package xml-security

-------------------------------------------------------------------
Tue Sep 19 11:30:52 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Do not require maven-javadoc-plugin that we don't use

-------------------------------------------------------------------
Mon Sep 11 10:50:10 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp

-------------------------------------------------------------------
Wed Mar 30 09:23:46 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Build against the standalone JavaEE modules inconditionally

-------------------------------------------------------------------
Fri Mar 18 14:15:10 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Build against a standalone jaxb-api artifact on systems where the
  JDK does not include the JavaEE modules

-------------------------------------------------------------------
Fri Dec 17 18:37:54 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 2.1.7 (bsc#1193879, CVE-2021-40690)
- Changes of 2.1.7
  * Improvement
    + [SANTUARIO-572] - Disallow a KeyInfoReference to refer to a
      RetrievalMethod
    + [SANTUARIO-577] - Introduce a system property to control if
      file/http references are allowed from an unsigned context
- Changes of 2.1.6
  * Bug
    + [SANTUARIO-542] - SignatureProperties incorrectly gets sibling
      nodes of the parent element, instead of the child elements
    + [SANTUARIO-553] - JCE provider being resolved without key
      causes wrong provider to be selected
    + [SANTUARIO-556] - WeakHashMap cache cause infinite loop
- Changes of 2.1.5
  * Bug
    + [SANTUARIO-508] - NPE in XMLSignatureInput
    + [SANTUARIO-512] - security-config.xml is out of date
    + [SANTUARIO-514] - XMLSignature processes KeyInfo elements
      twice
    + [SANTUARIO-515] - XMLSignature does not enforce structure of
      the ds:Signature element
    + [SANTUARIO-523] - XMLSecurityStreamReader ignores information
      in XML document declaration
    + [SANTUARIO-524] - Unable to pass Provider to HMAC
      SignatureMethod
    + [SANTUARIO-526] - XMLSecStartDocumentImpl returns null version
      instead of default "1.0"
- Changes of 2.1.4
  * Fixes CVE-2019-12400: Apache Santuario potentially loads XML
    parsing code from an untrusted source.
  * Improvement
    + [SANTUARIO-507] - Deprecate WeakObjectPool DocumentBuilder
      cache
  * Task
    + [SANTUARIO-505] - Remove Doctypes from the streaming schemas

-------------------------------------------------------------------
Fri Jul 10 07:39:18 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Initial packaging of xml-security 2.1.3
openSUSE Build Service is sponsored by
Places