XMLSec has dependencies on the Xalan jar.
The instance we've run into is:
XMLCipher depends on org.apache.xml.utils.URI.
The release notes for 1.3 said it wasn't necessary to put xalan on the classpath and the pom file indicates it's a "provided" dependency, which I take to mean the XSLT implementation provided by Java 5+ is good enough.
|Field||Original Value||New Value|
|Component/s||Java [ 12314103 ]|
|Component/s||Encryption [ 12314099 ]|
|Workflow||jira [ 12539431 ]||Default workflow, editable Closed status [ 12565634 ]|
|Workflow||Default workflow, editable Closed status [ 12565634 ]||jira [ 12586430 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Resolution||Fixed [ 1 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|