/ 
XML-Sig-0.41-TRIAL
⭐ Starred 1
Security Advisories (1)
CVE-2025-40934 (2025-11-26)

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.

Changes for version 0.41-TRIAL - 2021-03-13 (TRIAL RELEASE)

  • Change Log
    • TBD Update Changes and Increment version
    • 1bb81bf Fix failing test when xmlsec1 not installed
    • b38581c Minor fixes to build

Changes for version 0.40-TRIAL - 2021-03-12 (TRIAL RELEASE)

  • Significant features implemented
    • User can specify Digest and Signature hashing algorithm
    • Support ECDSA signatures
  • Change Log
    • ba17031 Update Changes and Increment version
    • 6443504 Merge pull request #25 from perl-net-saml2/ecdsa
    • dd9c915 Fixes #21 Implement ecdsa signature support
    • 32d7a5c Merge pull request #24 from perl-net-saml2/digest-config
    • 4b900c6 Improve support for configurable Digest Hashing Algorithms
    • e511b66 Improve support for configurable Signature Algorithms
    • e4a27f7 fix pod formatting

Modules

XML::Sig

Other files