JDK-8238185 : Release Note: New Oracle specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Affected Version: 7u321,8u241,8u251
  • Priority: P3
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2020-01-29
  • Updated: 2021-06-22
  • Resolved: 2020-02-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u321Resolved 8u241Resolved
Oracle JDK 8u231 upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue where XML signature using Base64 encoding resulted in appending `&#xd` or `&#13` to the encoded output. This behavioural change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.

Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without `&#xd` or `&#13`. 

Therefore a new Oracle JDK 8 Updates only system property - `com.sun.org.apache.xml.internal.security.lineFeedOnly` is made available to fall back to legacy Base64 encoded format.

Users can set this flag in one of two ways:

1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")

This new system property is disabled by default. It has no effect on default behaviour nor when `com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property is set.

Later JDK family versions will only support the recommended property: `com.sun.org.apache.xml.internal.security.ignoreLineBreaks`