XML-Sig-0.32

Security Advisories (1)

CVE-2025-40934 (2025-11-26)

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.

Changes for version 0.32

Release Version of 0.31-TRIAL Updates to Changes and verion number

Changes for version 0.31-TRIAL (TRIAL RELEASE)

This release fixes a number of issues. The biggest changes are related to signing and verifying with DSA key. Previously DSA signing and verifying worked previously only with XML::Sig signed xml and verfication only worked with XML::Sig. Now it is able to sign and verify xml interchangably with xmlsec1 and others.
In addition, in signing xml XML::Sig now looks at the SignedInfo for the CanonicalMethod to ensure that it matches.
- 8d1ad9c Update Changes and Version c317d09 Merge pull request #14 from perl-net-saml2/sign-dsa 4393a05 Update some of the documentation d833f54 Remove unused _set_key_info function e2fe47a Remove unused _find_prefixlist function 168beb5 Remove unused function 2bf5a02 Update saml request tests for DSA and xmlsec1 signed files 988888c Update linux.yml b718a9f Merge pull request #13 from perl-net-saml2/sign-dsa 6c0168a Fixes #10 - Can now sign and validate DSA signed XML that can be verified by xmlsec1 and other xmlsec verifiers 4843b7c Merge pull request #12 from perl-net-saml2/issue11 e14aec3 Fixes #11 - use CanonicalMethod from SignedInfo to sign 3df1cff Remove spaces on EOL
Known Issues: #6 - Cannot sign xml with multiple ID references

Changes for version 0.30-TRIAL (TRIAL RELEASE)

Fixes an issue with the calculation of the digest. It should be based on the Transforms not the CanonicalMethod

Changes for version 0.29-TRIAL (TRIAL RELEASE)

Rewrite the sign and verify to fix issues validating some valid documents Change to XML::LibXML Add support for more modern Canonicalization Methods

Modules

XML::Sig

Other files

To install XML::Sig, copy and paste the appropriate command in to your terminal.

cpanm

cpanm XML::Sig

CPAN shell

perl -MCPAN -e shell
install XML::Sig

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)