Oracle JDK 8u231 upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue where XML signature using Base64 encoding resulted in appending `
` or `
` to the encoded output. This behavioural change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.
Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without `
` or `
Therefore a new Oracle JDK 8 Updates only system property - `com.sun.org.apache.xml.internal.security.lineFeedOnly` is made available to fall back to legacy Base64 encoded format.
Users can set this flag in one of two ways:
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
This new system property is disabled by default. It has no effect on default behaviour nor when `com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property is set.
Later JDK family versions will only support the recommended property: `com.sun.org.apache.xml.internal.security.ignoreLineBreaks`