Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8259801 Enable XML Signature secure validation mode by default
  3. JDK-8260551

Release Note: Enable XML Signature Secure Validation Mode by Default

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: P3
    • Resolution: Delivered
    • Affects Version/s: 17
    • Fix Version/s: 17
    • Component/s: security-libs
    • Labels:

      Description

      The XML Signature secure validation mode has been enabled by default (previously it was not enabled by default unless running with a security manager). When enabled, validation of XML signatures are subject to stricter checking of algorithms and other constraints as specified by the `jdk.xml.dsig.secureValidationPolicy` security property.

      If necessary, and at their own risk, applications can disable the mode by setting the `org.jcp.xml.dsig.secureValidation` property to `Boolean.FALSE` with the `DOMValidateContext.setProperty()` API.

        Attachments

          Activity

            People

            Assignee:
            mullan Sean Mullan
            Reporter:
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: