v4.0.0

4.0.0 (2026-03-31)

Bug Fixes

• update async and moment dependencies to fix reported CVEs (663a73e)

Features

• update default encryption algorithm & block insecure algorithms by default (#113) (41d5738)

BREAKING CHANGES

• changing default encryption algorithm to http://www.w3.org/2009/xmlenc11#aes256-gcm, adding disallowEncryptionWithInsecureAlgorithm flag to use insecure algorithms for legacy compatibility

v3.0.1

Bug Fixes

• Update async and moment dependencies to fix sec vulnerabilities (b5e8e56)

v3.0.0

Bug Fixes

• Fixed regression which prevented previously allowed PEM files for signing and encryption when they were missing newlines

v2.0.1

Bug Fixes

• incorrect AuthenticationInstant when options.lifetimeInSeconds is provided

v2.0.0

BREAKING CHANGES

• Requires node >= 12

Bug Fixes

• update xml-encryption to address node-forge vulnerabilities (0106c61)

v1.0.1

Bug Fixes

• update xmldom and xml-crypto to fix security issues (6ad0243)

v1.0.0

⚠ BREAKING CHANGES

• update xml-crypto and xmldom dependencies to fix sec issues
• stop supporting node v4 and v8
• xml-encryption major version bump, fix typo in config property
  from keyEncryptionAlgorighm to keyEncryptionAlgorithm consumed by
  new xml-encryption library version.

Features

• fix sec issues with dependencies (06acc02)
• update xml-crypto and xmldom dependencies to fix sec issues (772c30e)
• remove node v4 and v8 in travis configuration (d8c62af)

v0.15.0

Features

• saml11: adds saml11.createUnsignedAssertion() (51170c9)
• saml20: adds Saml20.createUnsignedAssertion() (de0e766)
• xml/sign: unsigned assertions should have whitespace removed as well (968d0e7)

Bug Fixes

• saml20: parses saml20.template only once at start up (cb3bfcd)

Resolve vulnerable moment dependency

v0.14

0.14

v0.11.0

Merge pull request #24 from eugeniop/master

Fixed snyk report issues with dependencies