-
Sub-task
-
Resolution: Fixed
-
P3
-
17
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8324335 | 11.0.23-oracle | Raymond Gallardo | P3 | Resolved | Delivered | |
| JDK-8325346 | 8u421 | Raymond Gallardo | P3 | Resolved | Fixed | b01 |
The XML Digital Signature API Overview and Tutorial should be updated for this change. Proposed text below, do a diff against current to see what changed:
=======
XML Signature Secure Validation Mode
The XML Signature secure validation mode can protect you from XML Signatures that may contain potentially hostile constructs that can cause denial-of-service or other types of security issues. The constraints are specified in the `jdk.xml.dsig.secureValidationPolicy` security property in the `java.security` configuration file.
The XML Signature secure validation mode is enabled by default.
If necessary, and at your own risk, you can disable the XML Signature secure validation mode by setting the "org.jcp.xml.dsig.secureValidation" property to Boolean.FALSE with the `DOMValidateContext.setProperty()` API.
=======
XML Signature Secure Validation Mode
The XML Signature secure validation mode can protect you from XML Signatures that may contain potentially hostile constructs that can cause denial-of-service or other types of security issues. The constraints are specified in the `jdk.xml.dsig.secureValidationPolicy` security property in the `java.security` configuration file.
The XML Signature secure validation mode is enabled by default.
If necessary, and at your own risk, you can disable the XML Signature secure validation mode by setting the "org.jcp.xml.dsig.secureValidation" property to Boolean.FALSE with the `DOMValidateContext.setProperty()` API.
- backported by
-
-
- Resolved
-
-
-
- Resolved
-