Skip to content

Releases: node-saml/xml-crypto

v6.1.2

Choose a tag to compare

@cjbarth cjbarth released this 24 Apr 18:06
  • Remove all reference XML data if any are corrupted (#502) (cac1c8d)

v6.1.1

Choose a tag to compare

@cjbarth cjbarth released this 21 Apr 15:47
  • Adjust deprecation to better reflect real-world usage (#499) (ab1c69e)

v6.1.0

Choose a tag to compare

@cjbarth cjbarth released this 09 Apr 12:40
  • Introduce new .getSignedReferences() function of signature to help prevent signature wrapping attacks (#489) (badaf20)

v6.0.1

Choose a tag to compare

@cjbarth cjbarth released this 14 Mar 16:07

This addresses two critical CVE:

v3.2.1

Choose a tag to compare

@cjbarth cjbarth released this 14 Mar 15:58

Full Changelog: v3.2.0...v3.2.1

This addresses two critical CVE:

Please note that this version of xml-crypto is an older version of this library and you are encouraged to update to the latest release. This fix was provided because of the severity of the issue and doesn't include other enhancements, security or otherwise, that have been otherwise made to the latest releases.

v2.1.6

Choose a tag to compare

@cjbarth cjbarth released this 14 Mar 15:47

Full Changelog: v2.1.5...v2.1.6

This addresses two critical CVE:

Please note that this version of xml-crypto is an older version of this library and you are encouraged to update to the latest release. This fix was provided because of the severity of the issue and doesn't include other enhancements, security or otherwise, that have been otherwise made to the latest releases.

v6.0.0

Choose a tag to compare

@cjbarth cjbarth released this 26 Jan 19:18

v5.1.1

Choose a tag to compare

@cjbarth cjbarth released this 17 Jan 04:24

v5.1.0

Choose a tag to compare

@cjbarth cjbarth released this 09 Jan 03:23
  • Bump @typescript-eslint/parser from 6.13.0 to 6.18.1 (#442) (ecbedd9)
  • Bump @typescript-eslint/eslint-plugin from 6.13.0 to 6.18.1 (#441) (9eb9002)
  • Bump follow-redirects from 1.15.3 to 1.15.4 (#440) (6f363ab)
  • Bump eslint from 8.54.0 to 8.56.0 (#436) (bf163dd)
  • Bump @types/node from 16.18.65 to 16.18.69 (#435) (4f98697)
  • Bump release-it from 16.2.1 to 16.3.0 (#428) (4d3711a)
  • Enhance derToPem to support XML pretty-print (#439) (6e95c60)

v5.0.0

Choose a tag to compare

@cjbarth cjbarth released this 27 Nov 22:52
  • Bump @typescript-eslint/eslint-plugin from 5.62.0 to 6.13.0 (#422) (66d887b)
  • Bump @prettier/plugin-xml from 3.2.1 to 3.2.2 (#423) (7410d2e)
  • Bump @types/mocha from 10.0.2 to 10.0.6 (#421) (36bcf0e)
  • Bump @types/chai from 4.3.6 to 4.3.11 (#419) (ef513da)
  • Bump prettier from 3.0.3 to 3.1.0 (#418) (09176a5)
  • Bump typescript from 5.2.2 to 5.3.2 (#415) (f3da589)
  • Bump eslint from 8.51.0 to 8.54.0 (#414) (b7c90f5)
  • Bump actions/setup-node from 3 to 4 (#413) (9602607)
  • Bump @babel/traverse from 7.22.4 to 7.23.2 (#407) (552a6d6)
  • Bump actions/checkout from 3 to 4 (#392) (7ad9a5f)
  • Bump eslint-plugin-deprecation from 1.4.1 to 2.0.0 (#390) (0f11269)
  • Bump typescript from 5.1.6 to 5.2.2 (#383) (8cf4966)
  • Bump eslint-config-prettier from 8.8.0 to 9.0.0 (#381) (9584e48)
  • Mark getKeyInfo() private as it has no public consumers (#412) (1099f59)
  • Remove the default for getKeyInfoContent forcing a consumer to choose (#411) (468d674)
  • Remove default for transformation algorithm (#410) (741240f)
  • Remove default for signature algorithm (#408) (b0541b3)
  • Remove default for digest algorithm (#406) (b6cc9c0)
  • Remove default canonicalization algorithm (#405) (5629be4)
  • Update dependencies; move to @xmldom-scoped is-dom-node package (#402) (e044d7a)
  • Clarify use of in signature validation (#401) (6f95f2e)
  • Ensure the X509Certificate tag is properly prefixed (#377) (073d4a6)
  • Add support for directly querying a node to see if it has passed validation (#389) (2aa2d13)
  • Improve code clarity; remove unused functions (#397) (f0237e9)
  • Move validation messages to each reference (#396) (d98128a)
  • Make references accessible only via get/set (#395) (0d01641)
  • Reduce public interface by making some methods private (#394) (c2b8cd6)
  • Use is-dom-node for DOM node checking and narrowing (#388) (c5d741f)
  • Update build to support Node@16 (#385) (b0f00d0)
  • Fix transform processing regression (#379) (110dd7c)
  • Enforce consistent transform processing (#380) (fa2922f)
  • Improve and simplify validation logic (#373) (2e32d50)
  • Add method for checking if element is signed (#368) (aded3e2)
  • Add additional type checking (#369) (226e0b2)