Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151893 Add security property to configure XML Signature secure validation mode
  3. JDK-8164117

Release Note: Add security property to configure XML Signature secure validation mode

    XMLWordPrintable

Details

    Backports

      Description

        A new security property named `jdk.xml.dsig.secureValidationPolicy` has been added that allows you to configure the individual restrictions that are enforced when the secure validation mode of XML Signature is enabled. The default value for this property in the `java.security` configuration file is:
        ```
        jdk.xml.dsig.secureValidationPolicy=\
            disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
            disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
            disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
            disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
            maxTransforms 5,\
            maxReferences 30,\
            disallowReferenceUriSchemes file http https,\
            noDuplicateIds,\
            noRetrievalMethodLoops
        ```
        Please refer to the definition of the property in the `java.security` file for more information.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8174979 Release Note: Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8174980 Release Note: Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8174982 Release Note: Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: