Package: src:xmlsec1 Version: 1.2.23-0.1 Severity: wishlist Dear Maintainer,
xmlsec 1.2.24 was released in April, April 20 to be precise. Please update. https://www.aleksey.com/xmlsec/: April 20 2017 The XML Security Library 1.2.24 release includes the following changes: Added ECDSA-SHA1, ECDSA-SHA256, ECDSA-SHA512 support for xmlsec-nss (vmiklos). Fixed XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS handling (vmiklos). Disabled external entities loading by xmlsec utility app by default to prevent XXE attacks (d-hat). Improved OpenSSL version and features detection. Cleaned up, simplified, and standardized internal error reporting. Fixed a few Coverity-discovered bugs (report). Marked as deprecated all the functions in xmlsec/soap.h file and a couple other functions no longer required by xmlsec. These functions will be removed in the future releases. Several other small fixes (more details). Please note that OpenSSL 0.9.8 support will be removed in the next release of XMLSec library. LibreOffice finally is able to use system-xmlsec and this should be done. But it *does* need >= 1.2.24.. Regards, Rene
