JDK-8305972 : Update XML Security for Java to 3.0.2
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2023-04-13
  • Updated: 2024-01-19
  • Resolved: 2023-05-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 8
11.0.23-oracleFixed 17.0.11-oracleFixed 21 b24Fixed 8u411Fixed
Related Reports
CSR :  
JDK-8307507 - Update XML Security for Java to 3.0.2
Relates :  
JDK-8308595 - Consider changing default value of jdk.xml.dsig.hereFunctionSupported security property to false
Relates :  
JDK-8275082 - Update XML Security for Java to 2.3.0
Relates :  
JDK-8319124 - Update XML Security for Java to 3.0.3
Sub Tasks
JDK-8308194 :  
Release Note: Update XML Security for Java to 3.0.2 - Closed
JDK-8322473 :  
Release Note: Update XML Security for Java to 3.0.2 - Resolved
Description
Update the java.xml.crypto module in OpenJDK to match Apache Santuario 3.0.2 as in https://github.com/apache/santuario-xml-security-java/releases/tag/xmlsec-3.0.2.
Comments
Fix request [11u] I backport this for parity with 11.0.21-oracle. Medium to larger risk. Change to security coding. Non-clean backport. But required to alleviate change in Apache Santuario. The backport had to be modified to remove new features not eligible for 11. As EdDSA is not supported out-of-the-box in 11 (JDK-8166597 is missing) some test had to be disabled. Tests pass. SAP nightly testing passed.
18-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2455 Date: 2024-01-11 19:19:19 +0000
12-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2116 Date: 2024-01-09 14:24:22 +0000
09-01-2024
Fix request [17u] I backport this for parity with 17.0.11-oracle. Medium to larger risk. Change to security coding. Non-clean backport. But required to alleviate change in Apache Santuario. The backport had to be modified to remove new features not eligible for 17. Tests pass. SAP nightly testing passed.
30-11-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2006 Date: 2023-11-30 08:48:30 +0000
30-11-2023
Changeset: f0aebc81 Author: Weijun Wang <weijun@openjdk.org> Date: 2023-05-19 17:46:41 +0000 URL: https://git.openjdk.org/jdk/commit/f0aebc8141de5a50c88658a40caa01967a9afc53
19-05-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/13840 Date: 2023-05-05 17:57:34 +0000
05-05-2023