XML signature HMAC truncation authentication bypass. See Issue 47526.
checkstyle problems with source and tests. See Issue 47525.
ECDSA signature value interopability patch. See Issue 42239.
XPath transform and xml-stylesheet. See Issue 45744.
The #document node> inserted at the end of SOAPEnvelope. See Issue 42986.
Unnecessary namespace declarations on EncryptedData children. See Issue 47029.
Can't validate after invalid validation. See Issue 44335.
Improve Java unit testing. See Issue 47260.
Some website updates. See Issue 47265.
We need a POM file added to the Maven repository. See Issue 45388.
Remove JDK 1.5 API dependencies. See Issue 47483.
Downgrade signature verification logging from "info". See Issue 47057.
Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. See Issue 42061.
Reusing XMLSignature for signing and verifying fails on same thread. See Issue 47097.
Failed to add more than one child element to EncryptionMethod. See Issue 46732.
org.apache.xml.security.utils.IdResolver is not thread safe. See Issue 46101.
verify with own canonicalization method. See Issue 45961.
XMLSignature::getKeyInfo method modifies document. See Issue 45475.
Fix XMLSec 1.4.2 problems reported by findbugs. See Issue 45811.
Transform.register class loading and recursive instantiation problems. See Issue 45706.
Some calls should be wrapped in AccessController.doPrivileged. See Issue 45664.
Restore XMLUtils.createDSctx method. See Issue 45634.
log4j.properties in xmlsec sources and builds has side effects in production environment. See Issue 45095.