JDK-8177334 : Update xmldsig implementation to Apache Santuario 2.1.1
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Affected Version: 8,11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-03-21
  • Updated: 2022-06-27
  • Resolved: 2018-06-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 7 JDK 8 Other
11 b19Fixed 7u321Fixed 8u231Fixed openjdk8u272Fixed
Related Reports
CSR :  
JDK-8203460 - Update xmldsig implementation to Apache Santuario 2.1.1
Relates :  
JDK-8218629 - XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
Relates :  
JDK-8236645 - JDK 8u231 introduces a regression with incompatible handling of XML messages
Relates :  
JDK-8217878 - ENVELOPING XML signature no longer works
Relates :  
JDK-8235603 - 8u231 Transform of DOM to byte array adds ASCII carriage return to signed XML
Sub Tasks
JDK-8180454 :  
Build succeeds - Resolved
JDK-8180455 :  
Run all tests - Resolved
JDK-8180456 :  
Apply necessary patches from both JDK and upstream - Resolved
JDK-8202891 :  
Release Note: Updated xmldsig Implementation to Apache Santuario 2.1.1 - Closed
Description
The xmldsig implementation is currently based on version 1.5.4 of Apache Santuario plus some additional selected patches for serious issues.

We should upgrade this to the latest stable version in JDK 11.
Comments
[~ebaron] Thanks! Yes. You can re-use JDK-8237765. It's targetting 8-pool.
19-08-2020
[~sgehwolf] Absolutely! I should be able to propose it for review today, actually. Is the existing CSR sufficient for OpenJDK 8u as well?
19-08-2020
[~ebaron] We should get JDK-8236645 fixed in OpenJDK 8u too. Is that on your radar?
19-08-2020
Fix Request (jdk8u) Requesting a jdk8u backport approval of this fix for parity with Oracle JDK. The JDK 11 changeset does not apply cleanly to jdk8u-dev and requires adjustments. The adjusted webrev below passes jdk_tier1 and the jdk_security tests. 8u webrev: https://cr.openjdk.java.net/~ebaron/jdk8u/JDK-8177334/webrev.03/ 8u RFRs: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-April/011571.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-May/011670.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-June/011965.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012448.html (Review approved by andrew)
17-08-2020
URL: http://hg.openjdk.java.net/jdk/jdk/rev/3810c9a2efa1 User: weijun Date: 2018-06-19 00:07:42 +0000
19-06-2018