Skip to content

Releases: XML-Security/signxml

v4.0.2

11 Sep 01:16
Compare
Choose a tag to compare
  • XAdES signing: remove duplicate timezone information from SigningTime (#266)

v4.0.1

30 Aug 15:41
Compare
Choose a tag to compare
  • Verifier: Accept PyOpenSSL cert input, add deprecation warning

v4.0.0: - Replace PyOpenSSL with Cryptography (#260)

22 Aug 05:16
Compare
Choose a tag to compare
  • Replace PyOpenSSL with Cryptography (#260)

    - This is a major infrastructure change that replaces core
      certificate parsing, key processing, signature validation, and
      certificate chain validation functions previously provided by
      PyOpenSSL with those provided by Cryptography. Care was taken to
      preserve the exisitng API, including exception types, but many
      error messages raised in various error conditions have changed. If
      you see unexpected behavior and you have reason to believe it is
      incorrect, please file an issue.
    
    - Breaking change: the ca_path parameter, previously used to specify
      CA certificate stores, is no longer supported. Use the ca_pem_file
      parameter instead.
    
    • Raise error when invalid certificate string is passed as input to signer

    • Fix public key matching for ECDSA (#245)

v3.2.2: - Update upper bound on lxml dependency to allow lxml 5

29 Jan 00:35
Compare
Choose a tag to compare
  • Update upper bound on lxml dependency to allow lxml 5

    • Bump minimum dependency versions to align with Ubuntu 20.04

    • Test and release infrastructure improvements

v3.2.1

06 Aug 18:22
Compare
Choose a tag to compare
  • Use dataclass.replace in SignatureReference construction. Fixes #231

v3.2.0

13 Apr 06:22
v3.2.0
c342260
Compare
Choose a tag to compare
  • Roundtrip referenced XML nodes before c14n to detach them from parent document when verifying (#225)

v3.1.1

08 Apr 17:05
Compare
Choose a tag to compare
  • Add type attribute to XAdES signed properties reference (#224)

v3.1.0

04 Jan 08:53
v3.1.0
115e9c1
Compare
Choose a tag to compare
  • Use distinct default for payload c14n. Fixes #217

  • Deprecate SHA1

  • Test and documentation improvements

v3.0.2

29 Nov 02:13
Compare
Choose a tag to compare
  • Remove incorrect deprecation of xml-c14n11 URI

v3.0.1

27 Nov 23:32
Compare
Choose a tag to compare
  • Mark SHA1 as deprecated

    • Aggregate verification settings in SignatureConfiguration dataclass

    • Mark all dataclasses in API as frozen

    • Add ability to assert expected signature location

    • Add ability to assert expected signature algorithms

    • Add ability to assert expected digest algorithms

    • Add MGF1 ("RSASSA-PSS without parameters") algorithm identifiers

    • Remove PSS ("RSASSA-PSS with parameters") and EdDSA algorithm
      identifiers (given low usage and no interop examples, we will not be
      implementing PSS parameters for now; EdDSA key info additionally has
      no standardized way to serialize it)

    • Add debug logging of canonicalization outputs

    • Documentation and formatting improvements