The Apache WSS4J™ project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. WSS4J provides an implementation of the following WS-Security standards:
February 2023 - The Apache WSS4J team are pleased to announce the release of version 3.0.3. It contains an update to use XML Security for Java 3.0.4 and functionality to support key agreement using ECDH-ES.
November 2023 - The Apache WSS4J team are pleased to announce the release of versions 3.0.2 and 2.4.3. These releases contain an upgrade to XML Security to pick up a recent CVE fix.
July 2023 - The Apache WSS4J team are pleased to announce the release of versions 3.0.1, 2.4.2 and 2.3.4. These releases contain a fix for a bug with STR Transform and contain dependency updates.
October 2022 - The Apache WSS4J team are pleased to announce the release of version 3.0.0. This is a major new release of WSS4J. Significant changes:
Please see the 3.0.0 release notes for more information.
February 2022 - The Apache WSS4J team are pleased to announce the release of version 2.4.1. It fixes an issue with the timestamp in the WSS4J jars being invalid.
November 2021 - The Apache WSS4J team are pleased to announce the release of version 2.4.0. This release contains relatively few changes, but picks up a new major version of Apache Santuario - XML Security for Java (2.3.0)
September 2021 - The Apache WSS4J team are pleased to announce the release of versions 2.3.3 and 2.2.7. The main changes for these releases are updates to fix CVE issues in a few dependencies.
December 2020 - The Apache WSS4J team are pleased to announce the release of versions 2.3.1 and 2.2.6. Please see the 2.3.1 release notes and 2.2.6 release notes for more information.
June 2020 - The Apache WSS4J team are pleased to announce the release of version 2.3.0. This is a major new release of WSS4J. Significant changes:
Please see the 2.3.0 release notes for more information.