JDK-8177334 : Update xmldsig implementation to Apache Santuario 2.1.1
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
The xmldsig implementation is currently based on version 1.5.4 of Apache Santuario plus some additional selected patches for serious issues.
We should upgrade this to the latest stable version in JDK 11.
[~ebaron] Thanks! Yes. You can re-use JDK-8237765. It's targetting 8-pool.
[~sgehwolf] Absolutely! I should be able to propose it for review today, actually. Is the existing CSR sufficient for OpenJDK 8u as well?
[~ebaron] We should get JDK-8236645 fixed in OpenJDK 8u too. Is that on your radar?
Fix Request (jdk8u)
Requesting a jdk8u backport approval of this fix for parity with Oracle JDK. The JDK 11 changeset does not apply cleanly to jdk8u-dev and requires adjustments. The adjusted webrev below passes jdk_tier1 and the jdk_security tests.
8u webrev: https://cr.openjdk.java.net/~ebaron/jdk8u/JDK-8177334/webrev.03/
8u RFRs: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-April/011571.html
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012448.html (Review approved by andrew)