Oracle JDK 7u321 upgrades the Apache Santuario libraries to v2.1.4. When performed upstream on 8u, it introduced an issue in which XML signatures using Base64 encoding appended `&#xd` or `&#13` to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045. The following text outlines how this fix is proactively addressed while upgrading in 7u.

Oracle JDK 7u321 using the legacy encoder returns encoded data in a format without `&#xd` or `&#13`.

Therefore a new Oracle JDK 7 & 8 Updates only system property, `com.sun.org.apache.xml.internal.security.lineFeedOnly`, has been made available to fall back to legacy Base64 encoded format.

Users can set this flag in one of two ways:

1. `-Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true`
2. `System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")`

This new system property is disabled by default. It has no effect on default behavior or when `com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property is set.

Later JDK family versions will only support the recommended property: `com.sun.org.apache.xml.internal.security.ignoreLineBreaks`