XML Security Library

LibXML2
LibXSLT
OpenSSL

XML Security Library

XML Security Library is a C library based on LibXML2. The library supports major XML security standards:

XML Security Library is released under the MIT Licence see the Copyright file in the distribution for details.

News

  • October 15, 2025
    The XML Security Library 1.3.8 release includes the following changes:
    • (xmlsec-openssl) Deprecated support for OpenSSL 1.1.1 (reached its End of Life in September, 2023)
    • (xmlsec-openssl) Added AWS-LC support
    • (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added support for longer than expected DSA and ECDSA sigantures to support broken Java implementations.
    • (xmlsec command line tool) Added option "--add-id-attr" to add ID attributes by name to all nodes in the document.
    • (xmlsec-core) Added RSA MGF1 and digest template API
    • (xmlsec-core) Added example of signing / verifying signature by ID attribute.
    • Several other small fixes (see more details).

  • June 16, 2025
    The legacy XML Security Library 1.2.42 release includes the following changes:
    • (xmlsec-openssl) Ensured that only certificates from XML file are returned after verification.
    • (xmlsec-core) Fixed includes to support latest LibXML2 / LibXSLT.
    • Several other small fixes (see more details).

  • February 11, 2025
    The XML Security Library 1.3.7 release includes the following changes:
    • (xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
    • (xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
    • (xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).
    • (xmlsec-openssl) Fixed excess padding in ECDSA signature generation.
    • (xmlsec-openssl) Fixed build warnings for BoringSSL / AWS-LC.
    • (xmlsec-nss) Fixed certificates search in NSS DB.
    • (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.
    • (xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".
    • Several other small fixes (see more details).

  • October 22, 2024
    The XML Security Library 1.3.6 release includes the following changes:
    • (xmlsec-openssl) Fixed build if OpenSSL 3.0 doesn't have engines support enabled.
    • (xmlsec-mscng, xmlsec-mscrypto) Added support for multiple trusted certs with the same subject.
    • (windows) Disabled iconv support by default (use 'iconv=yes' option for 'configure.js' to re-enable it).
    • Several other small fixes (see more details).

  • July 19, 2024
    The XML Security Library 1.3.5 and legacy 1.2.41 releases include the following changes:
    • (xmlsec-mscng,xmlsec-mscrypto) Improved certificates verification.
    • (xmlsec-gnutls) Added support for self-signed certificates.
    • (xmlsec-core) Fix deprecated functions in LibXML2 2.13.1 including disabling HTTP support by default (use ''--enable-http' option to re-enable it).
    • Several other small fixes (see more details).

  • July 11, 2024
    The legacy XML Security Library 1.2.40 release includes the following changes:
    • (xmlsec-core) Fixed functions deprecated in LibXML2 2.13.1 (including disabling HTTP support by default).
    • (xmlsec-nss) Increased keys size in all tests to support NSS 3.101.
    • (windows) Added "ftp" and "http" flags in 'configure.js' (both are disabled by default).
    • Several other small fixes (more details).

  • April 9, 2024
    The XML Security Library 1.3.4 release includes the following changes:

    • (xmlsec-openssl) Support cert dates before unix epoch start.
    • (xmlsec-openssl) Fix build for LibreSSL or BoringSSL.
    • (xmlsec-nss) Ensure NSS algorithms are initialized.
    • Several other small fixes (see more details).

  • January 4, 2024
    The XML Security Library 1.3.3 release includes the following changes:

    • (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx.enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).
    • (xmlsec-core) Removed '--enable-size-t' ('size_t' for MSVC builds) option and made 'xmlSecSize' to always be the same as 'size_t'.
    • (xmlsec-core) Removed previously deprecated functions, defines, etc.
    • (xmlsec-core) Fixed build for libxml2 v2.12.0.
    • (xmlsec-openssl) Removed support for OpenSSL 1.1.0 (end of life in Aug 2016). The minimum OpenSSL supported version is 1.1.1; the version 3.0.0 or greater is recommended.
    • (xmlsec-nss) Added runtime check for the enabled algorithms in NSS.
    • (xmlsec-mscrypto) Removed NT4 support.
    • Several other small fixes (see more details).

  • December 12, 2023
    The legacy XML Security Library 1.2.39 release includes the following changes:
    • Added options to enable/disable local files, HTTP, and FTP support. FTP is disabled by default.
    • Several other small fixes (more details).

  • October 31, 2023
    The XML Security Library 1.3.2 release includes the following changes:

    • (xmlsec-openssl) Fixed padding for GOST 2001 and 2012 signatures.
    • (xmlsec-nss) Added support for reading PEM certificates.
    • (xmlsec-nss) Added a check to ensure that the key certificate matches the key.
    • (xmlsec-nss) Added support for xmlsec command line tool '--verify-keys' option.
    • (xmlsec-gnutls) Added support for GOST R 34.11-94, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit digest algorithms.
    • (xmlsec-gnutls) Added support for GOST R 34.10-2001, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit signature algorithms.
    • (xmlsec-gnutls) Added support for xmlsec command line tool '--verify-keys' option.
    • (xmlsec-gnutls) Added check to ensure that the key certificat matches the key.
    • (xmlsec-mscng) Added support for xmlsec command line tool '--verify-keys' option.
    • (xmlsec-mscng) Replaced windows.h includes with wincrypt.h includes where possible.
    • (xmlsec-mscrypto) Replaced windows.h includes with wincrypt.h includes where possible.
    • (xmlsec command line tool) Added '--base64-line-size' option to control the base64 encoding line size.
    • (MSVC build) Added 'ftp' and 'http' options to control FTP and HTTP support. FTP support is disabled by default.
    • (MinGW build) The xmlsec-mscrypto is moved down in the default crypto library selection list as it is now in maintanance mode (use '--with-default-crypto' option to force the selection).
    • (MinGW build) Fixed the static libraries build with "--enable-static-linking" option.
    • Several other small fixes (see more details).

  • July 5, 2023
    The legacy XML Security Library 1.2.38 release includes the following changes:

    • Fixed static linking with MinGW.
    • (xmlsec-mscng) Fixed block ciphers key size.
    • Several other small fixes (more details).

  • June 6, 2023
    The XML Security Library 1.3.1 release includes the following changes:

    • Added "--with-libltdl" option for ./configure to allow custom libltdl installations and deprecated "--enable-crypto-dl" option.
    • Added support for cclang compiler on non-MacOSX platforms.
    • (xmlsec-openssl) Restored support for LibreSSL and bumped minimum required version to 3.5.0.
    • (xmlsec-nss) Restored minimum supported NSS version to 3.35.
    • Several other small fixes (more details).



News page