/ 
XML-Sig-0.61-TRIAL
⭐ Starred 1
Security Advisories (1)
CVE-2025-40934 (2025-11-26)

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.

Changes for version 0.61 - 2023-03-12

  • Notable Changes since 0.59
    • Forgot to update the Change for 0.60
    • Minor fixes for ecdsa, DSA
    • Improve test to handle xmlsec1 and openssl version differences
    • 02a57cb v0.60
    • 44e3f47 Fix tests for changes to xmlsec output
    • 5d790dd Update repo version
    • 66b6886 Auto install dependencies in github action
    • 3f5e789 use Test::Sig::XML for hmac tests
    • 6699eed Improve tests for xmlsec and openssl version differences
    • 0b57351 Add support for key name to hmac to satisfy xmlsec tests
    • 86fb23f Fix missing SKIP in t/008_sign_saml.t
    • 983f1e0 Fix DSA implementation regarding keysize to signature hashing alg
    • 1186d53 Fix workflows with updated images
    • 45c7e13 Really fix hard-coded ecdsa key name
    • 97c01bb disabled ripemd160 between 3.0.0 and 3.0.6
    • 203e875 fix hard coded file name for loading ecdsa key
    • 4bdf307 v0.59

Modules

XML::Sig
XML::Sig - A toolkit to help sign and verify XML Digital Signatures

Other files