/ 
XML-Sig-0.47
⭐ Starred 1
Security Advisories (1)
CVE-2025-40934 (2025-11-26)

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.

Changes for version 0.47 - 2021-03-28

  • Significant features implemented since 0.45
    • Fixed issue with InclusiveNamespaces that have a namespace
    • Allow Signatures without returning XML Declaration (Net::SAML2 support)
    • CPAN Release is now signed with gpg
    • TBD Update Changes and Increment version

Changes for version 0.46-TRIAL - 2021-03-27 (TRIAL RELEASE)

  • Bug fix and allow XML::Sig to be used in Net::SAML2 (#32)
  • Full Change Log
    • 1bbefe5 Update Changes and Increment version
    • 703ada0 Fixes #32 Allow Signatures without returning XML Declaration
    • 43b5ae1 Support Signing Release
    • fc03e7f Fixes #31 Issue verifying xml with namespace on InclusiveNamespaces

Modules

XML::Sig

Other files