A patch release for XML-Security-C, 2.0.1, is now available to correct a bug [1] that can cause crashes in upstream applications, so users of the library should review their use of the code for the impact it may have and make sure to update.
I have no plans at present to backport the fix to 1.7 and do a legacy release but the patch applies to it fairly easily if others choose to do so. I expect more patches in this general area once more investigation is done, the code is likely pretty rife with missing NULL checks. -- Scott [1] https://issues.apache.org/jira/browse/SANTUARIO-491