JDK-8238185 : Release Note: Oracle Specific JDK Update of System Property to Fall Back to Legacy Base64 Encoding Format
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Affected Version: 7u321,8u241,8u251
  • Priority: P3
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2020-01-29
  • Updated: 2021-08-18
  • Resolved: 2020-02-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u321Resolved 8u241Resolved
Description
Oracle JDK 8u231 has upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue in which XML signatures using Base64 encoding appended `&#xd` or `&#13` to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.

Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without `&#xd` or `&#13`. 

Therefore an Oracle specific JDK 8 Update of a new system property `com.sun.org.apache.xml.internal.security.lineFeedOnly` has been made available to fall back to legacy Base64 encoded format.

Users can set this flag in one of two ways:

1. `-Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true`
2. `System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")`

This new system property is disabled by default. It has no effect on default behavior or when the `com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property is set.

Later JDK family versions will only support the recommended property: `com.sun.org.apache.xml.internal.security.ignoreLineBreaks`