XML signatures that use XPath transforms have been disabled by default. The XPath transform is not recommended by the [XML Signature Best Practices](https://www.w3.org/TR/xmldsig-bestpractices/) document. Applications should use the XPath Filter 2.0 transform instead, which was designed to be an alternative to the XPath transform. If necessary, and at their own risk, applications can workaround this policy by modifying the `jdk.xml.dsig.secureValidationPolicy` security property and re-enabling the XPath transform.