Apache WSS4J™ - Web Services Security for Java

The Project

The Apache WSS4J™ project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC. WSS4J provides an implementation of the following WS-Security standards:

News

  • February 2022 - The Apache WSS4J team are pleased to announce the release of version 2.4.1. It fixes an issue with the timestamp in the WSS4J jars being invalid.

  • November 2021 - The Apache WSS4J team are pleased to announce the release of version 2.4.0. This release contains relatively few changes, but picks up a new major version of Apache Santuario - XML Security for Java (2.3.0)

  • September 2021 - The Apache WSS4J team are pleased to announce the release of versions 2.3.3 and 2.2.7. The main changes for these releases are updates to fix CVE issues in a few dependencies.

  • December 2020 - The Apache WSS4J team are pleased to announce the release of versions 2.3.1 and 2.2.6. Please see the 2.3.1 release notes and 2.2.6 release notes for more information.

  • June 2020 - The Apache WSS4J team are pleased to announce the release of version 2.3.0. This is a major new release of WSS4J. Significant changes:

    • Private key caching enabled which greatly speeds up private key retrieval for PKCS12 keys
    • OpenSAML 3.4.x upgrade
    • Santuario 2.2.x upgrade
    • EhCache 3.x upgrade
    • JDK 14 officially supported

    Please see the 2.3.0 release notes for more information.