JDK-8177334 : Update xmldsig implementation to Apache Santuario 2.1.1
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Affected Version: 8,11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-03-21
  • Updated: 2021-07-26
  • Resolved: 2018-06-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 7 JDK 8 Other
11 b19Fixed 7u321Fixed 8u231Fixed openjdk8u272Fixed
Related Reports
CSR :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8180454 :  
JDK-8180455 :  
JDK-8180456 :  
JDK-8202891 :  
Description
The xmldsig implementation is currently based on version 1.5.4 of Apache Santuario plus some additional selected patches for serious issues.

We should upgrade this to the latest stable version in JDK 11.
Comments
[~ebaron] Thanks! Yes. You can re-use JDK-8237765. It's targetting 8-pool.
19-08-2020

[~sgehwolf] Absolutely! I should be able to propose it for review today, actually. Is the existing CSR sufficient for OpenJDK 8u as well?
19-08-2020

[~ebaron] We should get JDK-8236645 fixed in OpenJDK 8u too. Is that on your radar?
19-08-2020

Fix Request (jdk8u) Requesting a jdk8u backport approval of this fix for parity with Oracle JDK. The JDK 11 changeset does not apply cleanly to jdk8u-dev and requires adjustments. The adjusted webrev below passes jdk_tier1 and the jdk_security tests. 8u webrev: https://cr.openjdk.java.net/~ebaron/jdk8u/JDK-8177334/webrev.03/ 8u RFRs: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-April/011571.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-May/011670.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-June/011965.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012448.html (Review approved by andrew)
17-08-2020