Details
-
Sub-task
-
Resolution: Delivered
-
P4
-
8u411, 8u411-perf, 11.0.23-oracle, 17.0.11-oracle
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8324545 | 11.0.23-oracle | Marc Palmerjohnson | P4 | Resolved | Delivered | |
JDK-8328192 | 8u411-perf | Marc Palmerjohnson | P4 | Resolved | Delivered | |
JDK-8324544 | 8u411 | Marc Palmerjohnson | P4 | Resolved | Delivered |
Description
The XML Signature implementation has been updated to Santuario 3.0.2. Support for the following EdDSA signatures has been added: `ED25519` and `ED448`. While these new algorithm URIs are not defined in `javax.xml.crypto.dsig.SignatureMethod` in the JDK Update releases, they may be represented as string literals in order to be functionally equivalent. The JDK supports EdDSA since [JDK 15](https://openjdk.org/jeps/339). Releases earlier than that may use 3rd party security providers. One other difference is that the JDK still supports the [`here()` function](https://www.w3.org/TR/xmldsig-core1/#function-here) by default. However, we recommend avoiding the use of the `here()` function in new signatures and replacing existing signatures that use the `here()` function. Future versions of the JDK will likely disable, and eventually remove, support for this function, as it cannot be supported using the standard Java XPath API. Users can now disable the `here()` function by setting the security property `jdk.xml.dsig.hereFunctionSupported` to "false".
Attachments
Issue Links
- backported by
-
JDK-8324544 Release Note: Update XML Security for Java to 3.0.2
- Resolved
-
JDK-8324545 Release Note: Update XML Security for Java to 3.0.2
- Resolved
-
JDK-8328192 Release Note: Update XML Security for Java to 3.0.2
- Resolved