Apache XML Security team has released Apache Java XMLSec 1.4.2, this is mainly a bug fix release with some enhancements like support for XML Canonicalization 1.1. A potentially serious XML Encryption bug [1] in 1.4.1 was addressed, so it is recommended to upgrade to this release.

A full release change release is available at http://santuario.apache.org/changes.html [2] and its packages  are available for download at http://xml.apache.org/security/dist/java-library [3]

Congratulation for this release.