Details
-
Type:
Sub-task
-
Status: Closed
-
Priority:
P3
-
Resolution: Delivered
-
Affects Version/s: 17
-
Fix Version/s: 17
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Verification:Verified
Description
The XML Signature secure validation mode has been enabled by default (previously it was not enabled by default unless running with a security manager). When enabled, validation of XML signatures are subject to stricter checking of algorithms and other constraints as specified by the `jdk.xml.dsig.secureValidationPolicy` security property.
If necessary, and at their own risk, applications can disable the mode by setting the `org.jcp.xml.dsig.secureValidation` property to `Boolean.FALSE` with the `DOMValidateContext.setProperty()` API.
If necessary, and at their own risk, applications can disable the mode by setting the `org.jcp.xml.dsig.secureValidation` property to `Boolean.FALSE` with the `DOMValidateContext.setProperty()` API.