The Apache XML Security team is pleased to announce the release of
version 1.4.3 of the Java xml-security library [1, 2]. This release
provides many bug fixes and a fix for the recently announced HMAC
vulnerability in the XML Signature specification [3]. You should upgrade
to this release as soon as possible.
Please see the changelog [4] for more information on what has been fixed.
Thanks,
Sean
[1] http://santuario.apache.org/
[2] http://santuario.apache.org/dist/java-library/
[3] http://www.kb.cert.org/vuls/id/466161
[4] http://santuario.apache.org/changes.html
