XML-Sig-0.58

Security Advisories (1)

CVE-2025-40934 (2025-11-26)

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.

Changes for version 0.58 - 2022-07-18

Notable Changes since 0.57
- Thanks to Wesley Schwengle (waterkip) XML::Sig can now sign arbitrary XML nodes with the id_attr. This allows an application to specify the xpath of the node to sign. Ex: /md:EntityDescriptor[@ID]. In addition the ns attribute can be used to support additional namespaces that may be in your XML.
- b26f8ba Ensure xml signed via id_attr can be verified
- 028c851 Merge pull request #41 from waterkip/bug-61
- 915c100 Sign SAML metadata correctly
- daf2654 Add custom slurp command for files
- cfc7e9e v0.57

Modules

XML::Sig

XML::Sig - A toolkit to help sign and verify XML Digital Signatures

Other files

To install XML::Sig, copy and paste the appropriate command in to your terminal.

cpanm

cpanm XML::Sig

CPAN shell

perl -MCPAN -e shell
install XML::Sig

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.58 - 2022-07-18

Modules

Other files

Module Install Instructions

Keyboard Shortcuts