The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
Revision history for XML-Sig

0.65 -- Tue Nov 21 18:35:23 AST 2023

  [Notable Changes since 0.64]
  Mostly minor fixes to the test suite.
  Change to how a Signature is added to the signed document to improve compatibility

  - 58b41bb Remove eol spaces
  - 57d1835 Skip xmlsec1 tests for sha1 digests or signature algorithms if sha1 is disabled
  - 496d413 Add test for fix_namespace
  - e03af99 Change how the Signature is added to a signed document
              The namespace xmlns:dsig=""
              should be kept at the Signature level not moved to the Signed tag
  - 3442140 Remove unused code
  - 3243b61 Remove useless signing test
  - 23a688d Fix developer test for t/008-sign_saml.t
  - 5084ea4 Remove namespace::autoclean
  - 6ff436d Run CI with Net::SAML2 install
  - ee583a2 Add Coveralls to XML::Sig
  - c70914b Update testsuite
  - f1b8710 v0.64

0.64 -- Mon Jun 26 19:02:28 ADT 2023

  [Notable Changes since 0.64]

  - Implement a form of xmlsec1's "--id-attr" to allow verifying a
    specific node. (WATERKIP)
  - 2c28c5b Increment version and Copyright for release
  - 288addc Simplify getting the ID's from the nodes with ID attributes
  - b3efb73 Allow verification on one node:
  - 8cd5c37 v0.63

0.63 -- Sun Mar 19 09:58:59 ADT 2023

  [Notable Changes since 0.59]

  - Minor fixes for ecdsa, DSA
  - Improve test to handle xmlsec1 and openssl version differences

  - a0e6384 Increment version for official release
  - 2c366f1 v0.62

0.62 -- Sat Mar 18 20:20:38 ADT 2023

  - b968e0e Increment version for another TRIAL release
  - 7c035b2 v0.61
  - 3dab98e Increment version and update Changes file (missed 0.60)

0.61 -- Sun Mar 12 21:43:45 ADT 2023

  [Notable Changes since 0.59]

  - Forgot to update the Change for 0.60
  - Minor fixes for ecdsa, DSA
  - Improve test to handle xmlsec1 and openssl version differences

  - 02a57cb v0.60
  - 44e3f47 Fix tests for changes to xmlsec output
  - 5d790dd Update repo version
  - 66b6886 Auto install dependencies in github action
  - 3f5e789 use Test::Sig::XML for hmac tests
  - 6699eed Improve tests for xmlsec and openssl version differences
  - 0b57351 Add support for key name to hmac to satisfy xmlsec tests
  - 86fb23f Fix missing SKIP in t/008_sign_saml.t
  - 983f1e0 Fix DSA implementation regarding keysize to signature hashing alg
  - 1186d53 Fix workflows with updated images
  - 45c7e13 Really fix hard-coded ecdsa key name
  - 97c01bb disabled ripemd160 between 3.0.0 and 3.0.6
  - 203e875 fix hard coded file name for loading ecdsa key
  - 4bdf307 v0.59

0.60 -- Sun Mar 12 21:27:52 ADT 2023

0.59 -- Thu Nov 24 22:24:32 AST 2022

  - 62f9dda Quiet PerlCritic don't return explicit undef
  - cca8cbe Fixes #43 Do we need to override {INT} in this module?
  - ebff177 Merge pull request #42 from waterkip/dist-init
  - 654bb81 Cleanup dist.ini: AutoPrereq catches most of the deps
  - f96c3be v0.58

0.58 -- Mon Jul 18 21:45:06 ADT 2022

  [Notable Changes since 0.57]

  Thanks to Wesley Schwengle (waterkip) XML::Sig can now sign arbitrary
  XML nodes with the id_attr.  This allows an application to specify
  the xpath of the node to sign. Ex: /md:EntityDescriptor[@ID].  In addition
  the ns attribute can be used to support additional namespaces that
  may be in your XML.

  - b26f8ba Ensure xml signed via id_attr can be verified
  - 028c851 Merge pull request #41 from waterkip/bug-61
  - 915c100 Sign SAML metadata correctly
  - daf2654 Add custom slurp command for files
  - cfc7e9e v0.57

0.57 -- Fri Apr 15 19:56:05 ADT 2022

  [Notable Changes since 0.56]
  Detect openssl v3+ as ripemd160 xmlsec tests likely will not work

  - db82c5b Bump version to 0.57 for release
  - bf28389 Specify explicit required modules in dist.ini
  - 14f47c7 Update tests as OpenSSL v3 dropped support for ripemd160
  - 6ab23c9 Move to OurPkgVersion to remove version from repo
  - 50dc1ed v0.56

0.56 -- Tue Mar 15 21:04:47 ADT 2022

  - f8a7779 Update release VERSION
  - c9dc5cb Ignore Release notes files
  - d987af2 Update cert expiry dates
  - b42d113 v0.55

0.55 -- Tue Dec 07 18:12:45 AST 2021

  - 9da4192 Updates version and small packaging change
  - d0ab34b v0.54

0.54 -- Sun Dec 05 13:14:38 AST 2021

  [A few minor changes preparing for it becoming a Net::SAML2 dependency]

  [Change Log]
  - bef4535 Increment version
  - 5e0bdcf Add additional test for inclusive prefixes
  - f18c60e Merge pull request #39 from perl-net-saml2/exporter-cleanup
  - 4a27044 Exporter not actually needed

0.53 -- Sun Nov 28 11:06:46 AST 2021

  - Official Release

  - 17eefc7 Updates for Release 0.53
  - c2ad0c2 v0.53

0.52 -- Sat Nov 27 15:46:27 AST 2021

  - 2de15f5 (tag: 0.53) v0.52
  - ed2296b Prepare for new release
  - 7c157e6 Make sha256 the default signature and digest hash
  - dbac9d7 Fix issue verifying ecdsa with multiple signatures and ECDSAKeyValue
  - 1c39e8d test for signing wide characters
  - da1e45b Fixed #38 - Issue verifying XML that includes wide characters
  - 092269f Dist::Zilla and packaging improvements
  - 57f049a Fixes #37 - Inconsistent Canonicalization method

0.51 - 2021-07-03

  [Change Log]

  - e852d07 Update Changes and Increment version
  - 3ad26aa Renew RSA certificate for 10 years

0.50 - 2021-04-18

  [Significant features implemented since 0.47]

  - Add ripemd160 support for signature and digests
  - Improved tests

  [Change Log]

  - a625d48 Update Changes and Increment version
  - a57965c Add generated README to repo
  - c690862 Merge pull request #30 from perl-net-saml2/matrix
  - b812222 Merge pull request #34 from perl-net-saml2/sig_sub
  - 73cc529 Add HMAC and RIPEMD160 dependencies
  - 92fa091 Test dsa with nox509
  - eb3f912 Move signature calculation to subroutines
  - 04c8def hmac-ripemd160 support
  - 8b6053a ripemd160 signature support
  - 7fdd133 ripemd160 digest support

0.49 - 2021-04-10

  [Significant features implemented since 0.47]
  - HMAC support for signatures

  [Change Log]
  - bd19f48 Update Changes and Increment version

0.48-TRIAL - 2021-04-09

  [Significant features]
  - HMAC support for signatures

  - 4b1ed90 Missed Makefile
  - 1d434d7 Merge pull request #33 from perl-net-saml2/hmac
  - 22e8dab Update Changes and Increment version
  - a77b0fa HMAC support - initial version
  - 4bb14e5 Update dist.ini to use Pod2Readme

0.47 - 2021-03-28

  [Significant features implemented since 0.45]
  - Fixed issue with InclusiveNamespaces that have a namespace
  - Allow Signatures without returning XML Declaration (Net::SAML2 support)
  - CPAN Release is now signed with gpg

  - 1bbefe5 Update Changes and Increment version

0.46-TRIAL - 2021-03-27

  - Bug fix and allow XML::Sig to be used in Net::SAML2 (#32)

  [Full Change Log]

  - 1bbefe5 Update Changes and Increment version
  - 703ada0 Fixes #32 Allow Signatures without returning XML Declaration
  - 43b5ae1 Support Signing Release
  - fc03e7f Fixes #31 Issue verifying xml with namespace on InclusiveNamespaces

0.45 - 2021-03-20
  [Significant features implemented since 0.43]

  - Re-enable Perl 5.8 support
  - Support for DSA 2048-bit and 3072-bit keys and signatures
  - Allow verification of DSA signed XML using X509Certificate

  [Full Change Log]

  - fb99312 Update Changes and Increment version

0.44-TRIAL - 2021-03-20

  [Significant features implemented]

  - Added suport for DSA 2048-bit and 3072-bit keys and signatures
  - Allow verification of DSA signed XML using X509Certificate

  [Full Change Log]
  - a1cbb96 Update Changes and Increment version
  - 48a9f63 Missed dist.ini in Crypt::OpenSSL::DSA 0.20 commit
  - ba5dd7c Fix author in dist.ini to match spec
  - 7979049 Merge pull request #29 from perl-net-saml2/dsa2048
  - d020cad Requires Crypt:OpenSSL::DSA 0.20
  - fb6ebc9 Re-enable Perl 5.8 support
  - 4d18776 Initial kick at 2048 and 3072 bit DSA signatures
  - cb67138 Merge pull request #27 from perl-net-saml2/dsa2048
  - 55c406e Allow verification of DSA signed XML using X509Certificate

0.43 - 2021-03-14

  [Significant features implemented since 0.39]

  - User can specify Digest and Signature hashing algorithm
  - Support ECDSA signatures

  [Change Log]
  - da1465f Update Changes and Increment version

0.42-TRIAL - 2021-03-14

  [Change Log]
  - 09bfd8f Update Changes and Increment version
  - ae2dafe Reformat Changes to standard format
  - 0ed7eda Crypt::PK::ECC needs CryptX gt 0.035
  - a26766c Merge pull request #26 from perl-net-saml2/rmdzil1
  - d836146 Remove Dizt::Zilla from GitHub action

0.41-TRIAL - 2021-03-13

  [Change Log]
  - 11272d6 Update Changes and Increment version
  - 1bb81bf Fix failing test when xmlsec1 not installed
  - b38581c Minor fixes to build

0.40-TRIAL - 2021-03-12

  [Significant features implemented]
  - User can specify Digest and Signature hashing algorithm
  - Support ECDSA signatures

  [Change Log]
  - ba17031 Update Changes and Increment version
  - 6443504 Merge pull request #25 from perl-net-saml2/ecdsa
  - dd9c915 Fixes #21 Implement ecdsa signature support
  - 32d7a5c Merge pull request #24 from perl-net-saml2/digest-config
  - 4b900c6 Improve support for configurable Digest Hashing Algorithms
  - e511b66 Improve support for configurable Signature Algorithms
  - e4a27f7 fix pod formatting

0.39 - 2021-01-12

  [Small release to fix a digest issue]

  - 01cf570 Update Changes and Increment version
  - 993ed2a Add test for verify issues with embedded newlines in digest
  - 8f0738f Fixes #20 Remove embedded newlines from reference digest

0.38 - 2021-01-10

  [Increment Version - Release Version same as 0.37-TRIAL]

  - de9b3d6 Fix issue with missing MANIFEST and META.yml
  - 7a9e524 Update Changes and Increment version

0.37-TRIAL - 2021-01-10
  - 3c18e4c Update Makefile Version
  - 4936d2d Update Changes and Increment version
  - 51f853d Add more patterns to .gitignore
  - adeb19c Allow you to build XML::Sig from git repo without dzil
  - 2619ba4 Fix issue and add test for InclusiveNamespace in XML
  - 3f06b78 Add extra debugging information
  - f8aef89 remove trailing # on TRANSFORM_C14N
  - 15939af InclusiveNamespaces support from
        1d2dac1c3eaa42359899e61323a446d0d0af3e54 accidentally removed

0.36 - 2021-01-08

  [Increment Version - Release Version same as 0.35 TRIAL]

  - 24c09df (tag: 0.36) Increment Version - Release Version same as 0.35 TRIAL

0.35-TRIAL - 2021-01-08

  [Major items in this version include]
  - Ability to sign all XML sections containing the ID attribute
  - Bug Fix DSA signatures would fail sometimes for XML::Sig signed xml
  - Documentation updates

  [Change Log]
  - a346d30 Update Changes and Increment Version 0.35-TRIAL
  - 6a97c24 Add additional Perl version checks
  - dfb855c Fixes #19 r and r variable sizes but need to be 20 bytes xero padded
  - f867720 Merge pull request #18 from perl-net-saml2/pod-updates
  - 56d605f Document xmlsec1 commands
  - 57f7ceb More code documentation
  - a06417c Initial POD and Documentation updates
  - 4f983b6 Fix space at EOL and missing letter
  - 3b4230e Merge pull request #16 from perl-net-saml2/sign-multiple-sections

0.34-TRIAL - 2020-12-06

  [This version allows for the signing of multiple IDs in an XML]

  - 96ddf3c Increment version for 0.34-TRIAL
  - 3119a7e Move xml files to unsigned
  - 45fadd1 Move xml files to signed and unsigned
  - bf37f9b Add and clarify comments and fix one context
  - dbbfd63 Add tests for signing and verifying multiple nodes
  - 3ebef38 Allows signing multiple ID sections

0.33 - 2020-12-07

[This release is mostly clean up but does inclued one important fix]

Commit 885ca9f65031dba617aac061370c8def6a3b70b8 introduced a bug related to verifying
signed XML that include a Signature that is unassociated with any nodes in the XML.
The XML::Sig will ignore that unassociated signature and verify all other signatures.
In the event that there are no other signatures the previous version would incorrectly
consider the XML Signatures valid.  This would only occur with a single unassociated

  - 3adc579 XML Containing Single Unassociated Signature should fail
  - 89f722f Merge pull request #17 from perl-net-saml2/test-cleanup
  - ff00501 008_sign_saml move xml to signed and unsigned
  - 95615b1 Move logout_response.xml to signed
  - 6fc5c67 Move saml_response.xml to signed
  - 46c97e1 Add signature back so it can be validated for ancestor node signatures
  - 1a3a8be Fixes Issue #15 - Remove dependency on Crypt::OpenSSL::DSA::Signature
  - cf7b734 Version 0.32 release

0.32 - 2020-12-02

  - Release Version of 0.31-TRIAL
  - Updates to Changes and verion number

0.31-TRIAL - 2020-12-02

This release fixes a number of issues.  The biggest changes are related to
signing and verifying with DSA key.  Previously DSA signing and verifying
worked previously only with XML::Sig signed xml and verfication only worked
with XML::Sig.  Now it is able to sign and verify xml interchangably with
xmlsec1 and others.

In addition, in signing xml XML::Sig now looks at the SignedInfo for the
CanonicalMethod to ensure that it matches.

  - 8d1ad9c Update Changes and Version
  - c317d09 Merge pull request #14 from perl-net-saml2/sign-dsa
  - 4393a05 Update some of the documentation
  - d833f54 Remove unused _set_key_info function
  - e2fe47a Remove unused _find_prefixlist function
  - 168beb5 Remove unused function
  - 2bf5a02 Update saml request tests for DSA and xmlsec1 signed files
  - 988888c Update linux.yml
  - b718a9f Merge pull request #13 from perl-net-saml2/sign-dsa
  - 6c0168a Fixes #10 - Can now sign and validate DSA signed XML
        that can be verified by xmlsec1 and other xmlsec verifiers
  - 4843b7c Merge pull request #12 from perl-net-saml2/issue11
  - e14aec3 Fixes #11 - use CanonicalMethod from SignedInfo to sign
  - 3df1cff Remove spaces on EOL

[Known Issues]
  - #6 - Cannot sign xml with multiple ID references

0.30-TRIAL - 2020-11-30

  - Fixes an issue with the calculation of the digest.  It should be
    based on the Transforms not the CanonicalMethod

0.29-TRIAL - 2020-11-29

  - Rewrite the sign and verify to fix issues validating some valid documents
  - Change to XML::LibXML
  - Add support for more modern Canonicalization Methods

0.28 - 2020-06-27

  - Release version bump version

0.27 - 2020-06-27

  [First release of XML::Sig since 2009]

  - Includes all changes from Net::SAML2::XML::Sig.
  - Please see for the details of how XML::Sig has evolved

  - RSA|DSAKeyValue have KeyValue element which prevented signatures from validating
  - Fix issue validating with xmlsec in the test suite