[JDK-8259801] Enable XML Signature secure validation mode by default - Java Bug System

XML

Word

Printable

Details

Type: Enhancement
Status: Resolved
Priority: P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 17
Component/s: security-libs
Labels:
- release-note=yes
- security-disabled-algs-rfe

Subcomponent:
javax.xml.crypto
Resolved In Build:
b08

Description

The XML Signature secure validation mode is enabled by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.

Attachments

Issue Links

csr for

JDK-8260154 Enable XML Signature secure validation mode by default

Closed

relates to

JDK-8223916 Add API to set XML DSig secure validation mode

Open

JDK-8259709 Disable SHA-1 XML Signatures

Resolved

JDK-8301260 Add system property to toggle XML Signature secure validation mode

Resolved

links to

Commit openjdk/jdk/baf46bac

Review openjdk/jdk/2197

(1 links to)

Sub-Tasks

1.	Release Note: Enable XML Signature Secure Validation Mode by Default		Closed	Sean Mullan
2.	Update Security Guide for Enable XML Signature secure validation mode by default		Resolved	Raymond Gallardo

Activity

People

Assignee:: Sean Mullan

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021-01-14 12:08

Updated:: 2023-07-26 13:34

Resolved:: 2021-01-28 06:29