diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5f071b0b5..35b2ab376 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -84,7 +84,7 @@ jobs:
     - name: Prepare vcpkg
       uses: lukka/run-vcpkg@v11
       with:
-        vcpkgGitCommitId: e4644bd15436d406bba71928d086c809e5c9ca45
+        vcpkgGitCommitId: 5ee5eee0d3e9c6098b24d263e9099edcdcef6631
         vcpkgJsonGlob: ./vcpkg.json
         runVcpkgInstall: true
       env:
@@ -186,7 +186,7 @@ jobs:
     - name: Prepare vcpkg
       uses: lukka/run-vcpkg@v11
       with:
-        vcpkgGitCommitId: e4644bd15436d406bba71928d086c809e5c9ca45
+        vcpkgGitCommitId: 5ee5eee0d3e9c6098b24d263e9099edcdcef6631
         vcpkgJsonGlob: ./vcpkg.json
         runVcpkgInstall: true
         runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh
index a89d278f3..b2bf7ee58 100755
--- a/prepare_osx_build_environment.sh
+++ b/prepare_osx_build_environment.sh
@@ -1,8 +1,8 @@
 #!/bin/sh
 set -e
 
-OPENSSL_DIR=openssl-3.0.15
-XMLSEC_DIR=xmlsec1-1.3.6
+OPENSSL_DIR=openssl-3.0.16
+XMLSEC_DIR=xmlsec1-1.3.7
 ARGS="$@"
 
 case "$@" in
diff --git a/vcpkg-ports/openssl/portfile.cmake b/vcpkg-ports/openssl/portfile.cmake
index a0ae89361..812fb9f19 100644
--- a/vcpkg-ports/openssl/portfile.cmake
+++ b/vcpkg-ports/openssl/portfile.cmake
@@ -11,7 +11,7 @@ vcpkg_from_github(
     OUT_SOURCE_PATH SOURCE_PATH
     REPO openssl/openssl
     REF "openssl-${VERSION}"
-    SHA512 d6f10f0f07dfa29d6d3f8a82d32c316a9c1ae3f54ecccfd11be0a5e01402779061c9389207968b3da4a67efd8d19b1695f6a1c45fde0d0f4e7b267a316ddb59c
+    SHA512 db5a6ac8b0bfe51076de1449f5b8502d5810c000cbc7a6f4e8e6866cfa756b1840b318038c3dee368cdd1763568984627daa48ec8f7dbccd65ea60f450b7d141
     PATCHES
         disable-apps.patch
         command-line-length.patch
diff --git a/vcpkg-ports/openssl/unix/portfile.cmake b/vcpkg-ports/openssl/unix/portfile.cmake
index 72b04e16a..98c5dcb54 100644
--- a/vcpkg-ports/openssl/unix/portfile.cmake
+++ b/vcpkg-ports/openssl/unix/portfile.cmake
@@ -45,8 +45,7 @@ vcpkg_list(SET MAKEFILE_OPTIONS)
 if(VCPKG_TARGET_IS_ANDROID)
     set(ENV{ANDROID_NDK_ROOT} "${VCPKG_DETECTED_CMAKE_ANDROID_NDK}")
     set(OPENSSL_ARCH "android-${VCPKG_DETECTED_CMAKE_ANDROID_ARCH}")
-    # asm on arm32 NEON is broken, https://github.com/openssl/openssl/pull/21583#issuecomment-1727057735
-    if(VCPKG_DETECTED_CMAKE_ANDROID_ARCH STREQUAL "arm" #[[AND NOT VCPKG_DETECTED_CMAKE_ANDROID_ARM_NEON]])
+    if(VCPKG_DETECTED_CMAKE_ANDROID_ARCH STREQUAL "arm" AND NOT VCPKG_DETECTED_CMAKE_ANDROID_ARM_NEON)
         vcpkg_list(APPEND CONFIGURE_OPTIONS no-asm)
     endif()
 elseif(VCPKG_TARGET_IS_LINUX)
diff --git a/vcpkg-ports/openssl/vcpkg.json b/vcpkg-ports/openssl/vcpkg.json
index fe26de18b..04d34a374 100644
--- a/vcpkg-ports/openssl/vcpkg.json
+++ b/vcpkg-ports/openssl/vcpkg.json
@@ -1,6 +1,6 @@
 {
   "name": "openssl",
-  "version": "3.0.15",
+  "version": "3.0.16",
   "description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.",
   "homepage": "https://www.openssl.org",
   "license": "Apache-2.0",
diff --git a/vcpkg-ports/xmlsec/CMakeLists.txt b/vcpkg-ports/xmlsec/CMakeLists.txt
index bbd9ea9d2..29ad983d6 100644
--- a/vcpkg-ports/xmlsec/CMakeLists.txt
+++ b/vcpkg-ports/xmlsec/CMakeLists.txt
@@ -68,34 +68,36 @@ target_include_directories(xmlsec1 PUBLIC
 target_link_libraries(xmlsec1 PUBLIC LibXml2::LibXml2)
 target_link_libraries(xmlsec1-openssl PUBLIC xmlsec1 OpenSSL::Crypto)
 
-add_compile_definitions(inline=__inline)
-add_compile_definitions(PACKAGE="xmlsec1")
-add_compile_definitions(HAVE_STDIO_H)
-add_compile_definitions(HAVE_STDLIB_H)
-add_compile_definitions(HAVE_STRING_H)
-add_compile_definitions(HAVE_CTYPE_H)
-add_compile_definitions(HAVE_MALLOC_H)
-add_compile_definitions(HAVE_MEMORY_H)
-add_compile_definitions(XMLSEC_DEFAULT_CRYPTO="openssl")
-add_compile_definitions(UNICODE)
-add_compile_definitions(_UNICODE)
-add_compile_definitions(_MBCS)
-add_compile_definitions(_REENTRANT)
+add_compile_definitions(
+	inline=__inline
+	PACKAGE="xmlsec1"
+	HAVE_STDIO_H
+	HAVE_STDLIB_H
+	HAVE_STRING_H
+	HAVE_CTYPE_H
+	HAVE_MALLOC_H
+	HAVE_MEMORY_H
+	XMLSEC_DEFAULT_CRYPTO="openssl"
+	UNICODE
+	_UNICODE
+	_MBCS
+	_REENTRANT
+	WIN32_LEAN_AND_MEAN
+)
 
 set_target_properties(xmlsec1 xmlsec1-openssl PROPERTIES VERSION ${XMLSEC_VERSION_MAJOR}.${XMLSEC_VERSION_MINOR})
 
-set(XMLSEC_CORE_CFLAGS "")
+set(XMLSEC_CORE_CFLAGS XMLSEC_NO_XSLT XMLSEC_CRYPTO_OPENSSL XMLSEC_NO_FTP XMLSEC_NO_HTTP)
 if(NOT BUILD_SHARED_LIBS)
-    set(XMLSEC_CORE_CFLAGS "-DLIBXML_STATIC -DXMLSEC_STATIC -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING")
-    target_compile_definitions(xmlsec1 PUBLIC XMLSEC_STATIC XMLSEC_NO_CRYPTO_DYNAMIC_LOADING)
+    list(APPEND XMLSEC_CORE_CFLAGS XMLSEC_STATIC XMLSEC_NO_CRYPTO_DYNAMIC_LOADING)
 endif()
-set(XMLSEC_OPENSSL_CFLAGS ${XMLSEC_CORE_CFLAGS})
+set(XMLSEC_OPENSSL_CFLAGS XMLSEC_NO_MD5 XMLSEC_NO_RIPEMD160 XMLSEC_NO_GOST XMLSEC_NO_GOST2012)
 
 target_compile_definitions(xmlsec1
     PRIVATE $<$<PLATFORM_ID:Windows>:XMLSEC_DL_WIN32>
-    PUBLIC XMLSEC_NO_XSLT XMLSEC_CRYPTO_OPENSSL
+    PUBLIC ${XMLSEC_CORE_CFLAGS} 
 )
-target_compile_definitions(xmlsec1-openssl PUBLIC XMLSEC_NO_GOST XMLSEC_NO_GOST2012)
+target_compile_definitions(xmlsec1-openssl PUBLIC ${XMLSEC_OPENSSL_CFLAGS})
 
 install(TARGETS xmlsec1 xmlsec1-openssl
     EXPORT unofficial-xmlsec-targets
@@ -153,11 +155,12 @@ set(libdir ${prefix}/${CMAKE_INSTALL_LIBDIR})
 set(includedir ${prefix}/${CMAKE_INSTALL_INCLUDEDIR})
 set(VERSION ${XMLSEC_VERSION})
 set(LIBXML_MIN_VERSION ${LIBXML2_VERSION_STRING})
-set(OPENSSL_LIBS "-lcrypto")
-set(XMLSEC_CORE_CFLAGS "${XMLSEC_CORE_CFLAGS} -DXMLSEC_DL_LIBLTDL=1 -I\${includedir}/xmlsec1 -DXMLSEC_CRYPTO_OPENSSL=1")
+list(JOIN XMLSEC_CORE_CFLAGS " -D" XMLSEC_CORE_CFLAGS)
+set(XMLSEC_CORE_CFLAGS "-D${XMLSEC_CORE_CFLAGS} -I\${includedir}/xmlsec1")
 set(XMLSEC_CORE_LIBS "-lxmlsec1 -lltdl")
-set(XMLSEC_OPENSSL_CFLAGS "${XMLSEC_OPENSSL_CFLAGS} -I\${includedir}/xmlsec1")
-set(XMLSEC_OPENSSL_LIBS "-L\${libdir} -lxmlsec1-openssl ${XMLSEC_CORE_LIBS} ${OPENSSL_LIBS}")
+list(JOIN XMLSEC_OPENSSL_CFLAGS " -D" XMLSEC_OPENSSL_CFLAGS)
+set(XMLSEC_OPENSSL_CFLAGS "${XMLSEC_CORE_CFLAGS} -D${XMLSEC_OPENSSL_CFLAGS}")
+set(XMLSEC_OPENSSL_LIBS "-L\${libdir} -lxmlsec1-openssl ${XMLSEC_CORE_LIBS} -lcrypto")
 
 configure_file(${PROJECT_SOURCE_DIR}/xmlsec.pc.in ${PROJECT_BINARY_DIR}/xmlsec1.pc @ONLY)
 configure_file(${PROJECT_SOURCE_DIR}/xmlsec-openssl.pc.in ${PROJECT_BINARY_DIR}/xmlsec1-openssl.pc @ONLY)
diff --git a/vcpkg-ports/xmlsec/openssl.patch b/vcpkg-ports/xmlsec/openssl.patch
deleted file mode 100644
index fafbd6041..000000000
--- a/vcpkg-ports/xmlsec/openssl.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -U3 -r xmlsec1-1.3.4.orig/src/openssl/x509.c xmlsec1-1.3.4/src/openssl/x509.c
---- xmlsec1-1.3.4.orig/src/openssl/x509.c	2024-04-09 17:46:44
-+++ xmlsec1-1.3.4/src/openssl/x509.c	2024-07-05 10:09:02
-@@ -44,6 +44,7 @@
- #include <xmlsec/openssl/x509.h>
- 
- /* Windows overwrites X509_NAME and other things that break openssl */
-+#undef X509_NAME
- #include <openssl/evp.h>
- #include <openssl/x509.h>
- #include <openssl/x509_vfy.h>
diff --git a/vcpkg-ports/xmlsec/portfile.cmake b/vcpkg-ports/xmlsec/portfile.cmake
index 47b0d6577..45f8a1edf 100644
--- a/vcpkg-ports/xmlsec/portfile.cmake
+++ b/vcpkg-ports/xmlsec/portfile.cmake
@@ -5,11 +5,10 @@ vcpkg_from_github(
     OUT_SOURCE_PATH SOURCE_PATH
     REPO lsh123/xmlsec
     REF "${release_tag}"
-    SHA512 6e41c35042e5a74e135cfb7468aa5c09b3c9ba684ab2431ecedce950f7c99c92fc8765c1c8c2ddfd87718bd00f4a287028227da1e987f2ef17ce2594356e81af
+    SHA512 28130c10d79f652e3533e6ede5fdaab0f6db5a4bbaaca4713b62df9af2ae2d5314acf82d01f344f87faf95c12099fd77e0858cbe5232a96de1d531e6284ede1b
     HEAD_REF master
     PATCHES 
         pkgconfig_fixes.patch
-        openssl.patch
         xmlsec1-1.3.5.legacy.patch
 )
 
diff --git a/vcpkg-ports/xmlsec/vcpkg.json b/vcpkg-ports/xmlsec/vcpkg.json
index c504e7733..719aea949 100644
--- a/vcpkg-ports/xmlsec/vcpkg.json
+++ b/vcpkg-ports/xmlsec/vcpkg.json
@@ -1,6 +1,6 @@
 {
   "name": "xmlsec",
-  "version": "1.3.6",
+  "version": "1.3.7",
   "description": "XML Security Library is a C library based on LibXML2. The library supports major XML security standards.",
   "homepage": "https://www.aleksey.com/xmlsec/",
   "license": "X11 AND MPL-1.1",
diff --git a/vcpkg-ports/xmlsec/xmlsec1-1.3.5.legacy.patch b/vcpkg-ports/xmlsec/xmlsec1-1.3.5.legacy.patch
index 7b13e583a..afcc0dee7 100644
--- a/vcpkg-ports/xmlsec/xmlsec1-1.3.5.legacy.patch
+++ b/vcpkg-ports/xmlsec/xmlsec1-1.3.5.legacy.patch
@@ -1,5 +1,5 @@
---- xmlsec1-1.3.5.orig/src/openssl/signatures.c	2024-07-18 22:53:55
-+++ xmlsec1-1.3.5/src/openssl/signatures.c	2024-07-24 00:04:16
+--- xmlsec1-1.3.7.orig/src/openssl/signatures.c	2025-02-11 16:33:03
++++ xmlsec1-1.3.7/src/openssl/signatures.c	2025-02-12 15:32:02
 @@ -35,6 +35,7 @@
  #ifdef XMLSEC_OPENSSL_API_300
  #include <openssl/core_names.h>
@@ -8,7 +8,7 @@
  
  #include "../cast_helpers.h"
  #include "openssl_compat.h"
-@@ -920,15 +921,22 @@
+@@ -921,15 +922,22 @@
                  "ret=%d", ret);
              goto error;
          }
@@ -33,15 +33,17 @@
      if(ret <= 0) {
          xmlSecOpenSSLError2("EVP_PKEY_CTX_set_signature_md", xmlSecTransformGetName(transform),
              "ret=%d", ret);
-@@ -981,11 +989,16 @@
+@@ -983,6 +991,9 @@
      xmlSecByte dgst[EVP_MAX_MD_SIZE];
      unsigned int dgstSize = sizeof(dgst);
      EVP_PKEY_CTX *pKeyCtx = NULL;
--    unsigned char * fixedData = NULL;
-+    unsigned char * fixedData = NULL, * recvData = NULL;
++    unsigned char * recvData = NULL;
++    size_t recvDataLen = 0;
 +    const unsigned char * recvDataPtr;
+ #if !defined(XMLSEC_NO_DSA) || !defined(XMLSEC_NO_EC)
+     unsigned char * fixedData = NULL;
      int fixedDataLen = 0;
-+    size_t recvDataLen = 0;
+@@ -990,6 +1001,9 @@
      unsigned int dataLen;
      int ret;
      int res = -1;
@@ -51,7 +53,7 @@
  
      xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
      xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
-@@ -1017,8 +1030,51 @@
+@@ -1021,8 +1035,51 @@
  
      switch(ctx->mode) {
      case xmlSecOpenSSLEvpSignatureMode_RsaPadding:
@@ -104,16 +106,18 @@
          XMLSEC_SAFE_CAST_SIZE_TO_UINT(dataSize, dataLen, goto done, xmlSecTransformGetName(transform));
          ret = EVP_PKEY_verify(pKeyCtx, (xmlSecByte*)data, dataLen, dgst, dgstSize);
          break;
-@@ -1073,9 +1129,15 @@
+@@ -1077,11 +1134,17 @@
      res = 0;
  
  done:
 +    if(sig != NULL) {
 +        X509_SIG_free(sig);
 +    }
+ #if !defined(XMLSEC_NO_DSA) || !defined(XMLSEC_NO_EC)
      if(fixedData != NULL) {
          OPENSSL_free(fixedData);
      }
+ #endif
 +    if(recvData != NULL) {
 +        OPENSSL_free(recvData);
 +    }
diff --git a/vcpkg.json b/vcpkg.json
index 4afb815ee..6b88a8e14 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -1,6 +1,5 @@
 {
     "name": "libdigidocpp",
-    "version": "4.2.0",
     "dependencies": [
       {
         "name": "libxml2",
@@ -12,7 +11,7 @@
     "features": {
       "tests": { "description": "Build tests", "dependencies": ["boost-test"] }
     },
-    "builtin-baseline": "e4644bd15436d406bba71928d086c809e5c9ca45",
+    "builtin-baseline": "5ee5eee0d3e9c6098b24d263e9099edcdcef6631",
     "vcpkg-configuration": {
         "overlay-triplets": ["./vcpkg-triplets"],
         "overlay-ports": [