1xmlseclibs.php 2 306, Nov 2019, 3.0.4 4Security Improvements: 5- Insure only a single SignedInfo element exists within a signature during 6 verification. Refs CVE-2019-3465. 7Bug Fixes: 8- Fix variable casing. 9 1015, Nov 2018, 3.0.3 11Bug Fixes: 12- Fix casing of class name. (Willem Stuursma-Ruwen) 13- Fix Xpath casing. (Tim van Dijen) 14 15Improvements: 16- Make PCRE2 compliant. (Stefan Winter) 17- Add PHP 7.3 support. (Stefan Winter) 18 1927, Sep 2018, 3.0.2 20Security Improvements: 21- OpenSSL is now a requirement rather than suggestion. (Slaven Bacelic) 22- Filter input to avoid XPath injection. (Jaime Pérez) 23 24Bug Fixes: 25- Fix missing parentheses (Tim van Dijen) 26 27Improvements: 28- Use strict comparison operator to compare digest values. (Jaime Pérez) 29- Remove call to file_get_contents that doesn't even work. (Jaime Pérez) 30- Document potentially dangerous return value behaviour. (Thijs Kinkhorst) 31 3231, Aug 2017, 3.0.1 33Bug Fixes: 34- Fixed missing () in function call. (Dennis Væversted) 35 36Improvements: 37- Add OneLogin to supported software. 38- Add .gitattributes to remove unneeded files. (Filippo Tessarotto) 39- Fix bug in example code. (Dan Church) 40- Travis: add PHP 7.1, move hhvm to allowed failures. (Thijs Kinkhorst) 41- Drop failing extract-win-cert test (Thijs Kinkhorst). (Thijs Kinkhorst) 42- Add comments to warn about return values of verify(). (Thijs Kinkhorst) 43- Fix tests to properly check return code of verify(). (Thijs Kinkhorst) 44- Restore support for PHP >= 5.4. (Jaime Pérez) 45 4625, May 2017, 3.0.0 47Improvements: 48- Remove use of mcrypt (skymeyer) 49 5008, Sep 2016, 2.0.1 51Bug Fixes: 52- Strip whitespace characters when parsing X509Certificate. fixes #84 53 (klemen.bratec) 54- Certificate 'subject' values can be arrays. fixes #80 (Andreas Stangl) 55- HHVM signing node with ID attribute w/out namespace regenerates ID value. 56 fixes #88 (Milos Tomic) 57 58Improvements: 59- Fix typos and add some PHPDoc Blocks. (gfaust-qb) 60- Update lightSAML link. (Milos Tomic) 61- Update copyright dates. 62 6323, Jun 2015, 1.4.0 64Features: 65- Support for PSR-0 standard. 66- Support for X509SubjectName. (Milos Tomic) 67- Add HMAC-SHA1 support. 68 69Improvements: 70- Add how to install to README. (Bernardo Vieira da Silva) 71- Code cleanup. (Jaime Pérez) 72- Normalilze tests. (Hidde Wieringa) 73- Add basic usage to README. (Hidde Wieringa) 74 7521, May 2015, 1.3.2 76Bug Fixes: 77- Fix Undefined variable notice. (dpieper85) 78- Fix typo when setting MimeType attribute. (Eugene OZ) 79- Fix validateReference() with enveloping signatures 80 81Features: 82- canonicalizeData performance optimization. (Jaime Pérez) 83- Add composer support (Maks3w) 84 8519, Jun 2013, 1.3.1 86Features: 87- return encrypted node from XMLSecEnc::encryptNode() when replace is set to 88 false. (Olav) 89- Add support for RSA SHA384 and RSA_SHA512 and SHA384 digest. (Jaime Prez) 90- Add options parameter to the add cert methods. 91- Add optional issuerSerial creation with cert 92 93Bug Fixes: 94- Fix persisted Id when namespaced. (Koen Thomeer) 95 96Improvements: 97- Add LICENSE file 98- Convert CHANGELOG.txt to UTF-8 99 10026, Sep 2011, 1.3.0 101Features: 102- Add param to append sig to node when signing. Fixes a problem when using 103 inclusive canonicalization to append a signature within a namespaced subtree. 104 ex. $objDSig->sign($objKey, $appendToNode); 105- Add ability to encrypt by reference 106- Add support for refences within an encrypted key 107- Add thumbprint generation capability (XMLSecurityKey->getX509Thumbprint() and 108 XMLSecurityKey::getRawThumbprint($cert)) 109- Return signature element node from XMLSecurityDSig::insertSignature() and 110 XMLSecurityDSig::appendSignature() methods 111- Support for <ds:RetrievalMethod> with simple URI Id reference. 112- Add XMLSecurityKey::getSymmetricKeySize() method (Olav) 113- Add XMLSecEnc::getCipherValue() method (Olav) 114- Improve XMLSecurityKey:generateSessionKey() logic (Olav) 115 116Bug Fixes: 117- Change split() to explode() as split is now depreciated 118- ds:References using empty or simple URI Id reference should never include 119 comments in canonicalized data. 120- Make sure that the elements in EncryptedData are emitted in the correct 121 sequence. 122 12311 Jan 2010, 1.2.2 124Features: 125- Add support XPath support when creating signature. Provides support for 126 working with EBXML documents. 127- Add reference option to force creation of URI attribute. For use 128 when adding a DOM Document where by default no URI attribute is added. 129- Add support for RSA-SHA256 130 131Bug Fixes: 132- fix bug #5: createDOMDocumentFragment() in decryptNode when data is node 133 content (patch by Francois Wang) 134 135 13608 Jul 2008, 1.2.1 137Features: 138- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos). 139- Add fallback to built-in sha1 if both hash and mhash are not available and 140 throw error for other for other missing hashes. (patch by Olav Morken). 141- Add getX509Certificate method to retrieve the x509 cert used for Key. 142 (patch by Olav Morken). 143- Add getValidatedNodes method to retrieve the elements signed by the 144 signature. (patch by Olav Morken). 145- Add insertSignature method for precision signature insertion. Merge 146 functionality from appendSignature in the process. (Olav Morken, Rob). 147- Finally add some tests 148 149Bug Fixes: 150- Fix canonicalization for Document node when using PHP < 5.2. 151- Add padding for RSA_SHA1. (patch by Olav Morken). 152 153 15427 Nov 2007, 1.2.0 155Features: 156- New addReference/List option (overwrite). Boolean flag indicating if URI 157 value should be overwritten if already existing within document. 158 Default is TRUE to maintain BC. 159 16018 Nov 2007, 1.1.2 161Bug Fixes: 162- Remove closing PHP tag to fix extra whitespace characters from being output 163 16411 Nov 2007, 1.1.1 165Features: 166- Add getRefNodeID() and getRefIDs() methods missed in previous release. 167 Provide functionality to find URIs of existing reference nodes. 168 Required by simpleSAMLphp project 169 170Bug Fixes: 171- Remove erroneous whitespace causing issues under certain circumastances. 172 17318 Oct 2007, 1.1.0 174Features: 175- Enable creation of enveloping signature. This allows the creation of 176 managed information cards. 177- Add addObject method for enveloping signatures. 178- Add staticGet509XCerts method. Chained certificates within a PEM file can 179 now be added within the X509Data node. 180- Add xpath support within transformations 181- Add InclusiveNamespaces prefix list support within exclusive transformations. 182 183Bug Fixes: 184- Initialize random number generator for mcrypt_create_iv. (Joan Cornadó). 185- Fix an interoperability issue with .NET when encrypting data in CBC mode. 186 (Joan Cornadó). 187