JDK-8260556 : Update Security Guide for Enable XML Signature secure validation mode by default
- Type: Sub-task
- Component: docs
- Sub-Component: guides
- Affected Version: 17
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2021-01-27
- Updated: 2024-02-21
- Resolved: 2021-06-28
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 17 | JDK 8 |
|---|---|---|
| 11.0.23-oracleResolved | 17Fixed  |
8u421Fixed |
Description
The XML Digital Signature API Overview and Tutorial should be updated for this change. Proposed text below, do a diff against current to see what changed: ======= XML Signature Secure Validation Mode The XML Signature secure validation mode can protect you from XML Signatures that may contain potentially hostile constructs that can cause denial-of-service or other types of security issues. The constraints are specified in the `jdk.xml.dsig.secureValidationPolicy` security property in the `java.security` configuration file. The XML Signature secure validation mode is enabled by default. If necessary, and at your own risk, you can disable the XML Signature secure validation mode by setting the "org.jcp.xml.dsig.secureValidation" property to Boolean.FALSE with the `DOMValidateContext.setProperty()` API.
Comments
|