Details
-
Enhancement
-
Status: Resolved
-
P3
-
Resolution: Fixed
-
None
-
b08
Description
The XML Signature secure validation mode is enabled by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.
Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.
Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.
Attachments
Issue Links
- csr for
-
JDK-8260154 Enable XML Signature secure validation mode by default
-
- Closed
-
- relates to
-
JDK-8223916 Add API to set XML DSig secure validation mode
-
- Open
-
-
JDK-8259709 Disable SHA-1 XML Signatures
-
- Resolved
-
-
JDK-8301260 Add system property to toggle XML Signature secure validation mode
-
- Resolved
-
(1 links to)