2009-07-14: The XML Security Working Group has published a proposed correction to the XML Signature specification. The correction addresses a specification-level security issue that can lead to an authentication bypass (CVE-2009-0217). It will be incorporated into an upcoming Working Draft for the XML Signature 1.1 specification. For information about affected implementations, see CERT Vulnerability Note 466161. For more information about the issue, see the W3C Q&A blog. Learn more about W3C's Security Activity. (Permalink)

More...