-
Sub-task
-
Resolution: Delivered
-
P3
-
8u411, 11.0.23-oracle, 17
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8326431 | 11.0.23-oracle | Marc Palmerjohnson | P3 | Resolved | Delivered | |
JDK-8326432 | 8u411 | Marc Palmerjohnson | P3 | Resolved | Delivered |
The XML Signature secure validation mode has been enabled by default (previously it was not enabled by default unless running with a security manager). When enabled, validation of XML signatures are subject to stricter checking of algorithms and other constraints as specified by the `jdk.xml.dsig.secureValidationPolicy` security property.
If necessary, and at their own risk, applications can disable the mode by setting the `org.jcp.xml.dsig.secureValidation` property to `Boolean.FALSE` with the `DOMValidateContext.setProperty()` API.
If necessary, and at their own risk, applications can disable the mode by setting the `org.jcp.xml.dsig.secureValidation` property to `Boolean.FALSE` with the `DOMValidateContext.setProperty()` API.
- backported by
-
JDK-8326431 Release Note: Enable XML Signature Secure Validation Mode by Default
-
- Resolved
-
-
JDK-8326432 Release Note: Enable XML Signature Secure Validation Mode by Default
-
- Resolved
-