Release Note: Disable SHA-1 XML Signatures

XMLWordPrintable

    • Type: Sub-task
    • Resolution: Delivered
    • Priority: P3
    • 17
    • Affects Version/s: 17
    • Component/s: security-libs

      XML signatures that use SHA-1 based digest or signature algorithms have been disabled by default. SHA-1 is no longer a recommended algorithm for digital signatures. If necessary, and at their own risk, applications can workaround this policy by modifying the `jdk.xml.dsig.secureValidationPolicy` security property and re-enabling the SHA-1 algorithms.

            Assignee:
            Sean Mullan
            Reporter:
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: