JDK-8275082 : Update XML Security for Java to 2.3.0
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-10-11
  • Updated: 2024-01-11
  • Resolved: 2021-12-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 17 JDK 18 JDK 8
11.0.15Fixed 13.0.11Fixed 15.0.7Fixed 17.0.3Fixed 18 b27Fixed 8u321Fixed
Related Reports
Duplicate :  
JDK-8277818 - "WARNING: The input bytes to the digest operation are null." by Apache Santuario
Relates :  
JDK-8254646 - Incorrect system resource file causing can not register URI http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1
Relates :  
JDK-8305972 - Update XML Security for Java to 3.0.2
Relates :  
JDK-8255255 - Update Apache Santuario (XML Signature) to version 2.2.1
Description
Update the java.xml.crypto module in OpenJDK to match Apache Santuario 2.3.0 as in https://github.com/apache/santuario-xml-security-java/releases/tag/xmlsec-2.3.0.
Comments
Fix request (11u): I'd like to backport it already for 11.0.15, reason is to have the latest fixes of Update XML Security for Java to 2.3.0 in the April CPU update. The patch applies cleanly.
22-03-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk11u/pull/33 Date: 2022-03-21 16:02:46 +0000
21-03-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk11u-dev/pull/825 Date: 2022-02-15 08:49:50 +0000
15-02-2022
Fix request (11u): I'd like to backport it here, too, to keep 11u on par with other LTS releases. The jdk13u-dev backport of this change applies cleanly to 11.
11-02-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk13u-dev/pull/322 Date: 2022-02-01 07:04:54 +0000
01-02-2022
Fix request (13u): after 15u, I'd like to backport it here, too. The adapted fix similar to that of 15u applies seamlessly (if not the original fix), all available tests do pass.
01-02-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk15u-dev/pull/165 Date: 2022-01-31 08:30:15 +0000
31-01-2022
Fix request (15u): I'd like to backport it here, too, to keep 15u on par with major releases
31-01-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk17u-dev/pull/119 Date: 2022-01-25 14:49:11 +0000
25-01-2022
Fix Request (17u) I would like to have the patch in 17u as well, because the issue is present there too. The patch applies cleanly.
25-01-2022
Changeset: 2c31a173 Author: Weijun Wang <weijun@openjdk.org> Date: 2021-12-06 18:00:54 +0000 URL: https://git.openjdk.java.net/jdk/commit/2c31a1735d5b8646ed8984a5475d5c8c9c91c19d
06-12-2021
No regression test. This change updates java.xml.crypto to be consistent with upstream code from Apache Santuario. Existing tests and interop tests run fine.
06-12-2021