/ 
XML-Sig-0.45
⭐ Starred 1
Security Advisories (1)
CVE-2025-40934 (2025-11-26)

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.

Changes for version 0.45 - 2021-03-20

  • Significant features implemented since 0.43
    • Re-enable Perl 5.8 support
    • Support for DSA 2048-bit and 3072-bit keys and signatures
    • Allow verification of DSA signed XML using X509Certificate
  • Full Change Log
    • TBD Update Changes and Increment version

Changes for version 0.44-TRIAL - 2021-03-20 (TRIAL RELEASE)

  • Significant features implemented
    • Added suport for DSA 2048-bit and 3072-bit keys and signatures
    • Allow verification of DSA signed XML using X509Certificate
  • Full Change Log
    • a1cbb96 Update Changes and Increment version
    • 48a9f63 Missed dist.ini in Crypt::OpenSSL::DSA 0.20 commit
    • ba5dd7c Fix author in dist.ini to match spec
    • 7979049 Merge pull request #29 from perl-net-saml2/dsa2048
    • d020cad Requires Crypt:OpenSSL::DSA 0.20
    • fb6ebc9 Re-enable Perl 5.8 support
    • 4d18776 Initial kick at 2048 and 3072 bit DSA signatures
    • cb67138 Merge pull request #27 from perl-net-saml2/dsa2048
    • 55c406e Allow verification of DSA signed XML using X509Certificate

Modules

XML::Sig

Other files