DoS vulnerability in Java xmltooling via gzip bomb

Reduce number of instances

Base64 Data Missing Padding Does Not Throw Error

AbstractXMLObject prepareForAssignment(String, String) should have variant that doesn't normalize input

Update dependency of BouncyCastle to 1.53

KeyInfoHelper getCertificate method making incorrect assumption on X509Certificate element content

Symmetric key generation for Triple DES keys fails with invalid key size

Various ParserPool interface methods should never return null

ParserPool impls are not correctly resetting builder ErrorHandler and EntityResolver on second and subsequent checkout

Default config for X509Credential KeyInfo generation should emit cert chain in addition to entity cert

Add HostnameVerifier impl which processes cert subject DN by parsing the ASN.1 encoding

X509Util getCommonNames returns a list in the reverse order of what is expected

Update Bouncy Castle to latest version

IndexingObjectStore uses hashCode() in an unsafe manner

SecurityHelper derivePublicKey incorrectly derives public key for DSAPrivateKey

SimpleKeyInfoReferenceEncryptedKeyResolver constructor missing 'public' modifier

Encrypter setKeyResolverCriteria() typo, should be getKeyResolverCriteria()

X509Util.java should use newer bouncycastle API [patch]

Update Apache Santuario (xmlsec) to 1.5.6

ClasspathResolver doesn't set systemId on resolved InputSources failing subsequent resolutions

XMLTooling failed to pass veracode due Use of Wrong Operator in String Comparison (CWE ID 597)

DefaultBootstrap unexpectedly uses a parser StaticBasicParserPool with expandEntityReferences set to true

Decrypter should be defensive about Santuario and Java crypto classes throwing unchecked exceptions

wrong key algorithm used for elliptic curve keys

missing SignatureConstants values for SHA-256 and SHA-512 digests

Signature verification exception on Java 7

DigestMethod builder defaults to wrong namespace/prefix

Decrypter doesn't fall back to default unmarshaller

Changes to support classes for new XML Signature and Encryption algorithms

XML Signature 1.1 KeyInfo object providers

X509Util.determineEntityCertificate doesn't catch lower layer SecurityException

Add support for new XML Signature 1.1 KeyInfo extensions and features

Upgrade to xmlsec 1.5

NullPointerException in createClassInstance in org.opensaml.xml.XMLConfigurator

AbstractXMLObjectUnmarshaller should check isTraceEnabled in unmarshall(Element) before *creating* QNames and logging

AbstractXMLObject unnecessarily creates a new QName in getElementQName

Code in AbstractSignableXMLObject etc unnecessarily calls NodeList which is thread-unsafe

Clean up maven assembly description

Update 3rd party library

XSBoolean missing local name, QName and object providers

IndexedXMLObjectChildrenList ListView indexOf and lastIndexOf methods operate on the wrong data

ListView's clear empties the whole backingList instead of only the entries it's responsible for

InlineX509DataProvider should handle X.500 DN string parsing failures more gracefully

Add support for configuring PKIX policy checking in the PKIX trust engine

Update 3rd party runtime library dependencies

Disable RSA v1.5 key transport in favor of RSA-OAEP for all data encryption key types

XSBoolean does not extend XMLObject

Update POM for Shib.net Repo and attach generated Javadocs

Unable to Unmarshall the document object if the document namespace and prefix is empty

Wrong Logger used in SignatureValidator