JDK-8316542 : Release Note: New System Property to Toggle XML Signature Secure Validation Mode
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Affected Version:
    7u411,8u401,8u401-perf,11.0.22-oracle 7u411,8u401,8u401-perf,11.0.22-oracle
  • Priority: P3
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2023-09-19
  • Updated: 2023-11-27
  • Resolved: 2023-09-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 7 JDK 8
11.0.22-oracleResolved 17.0.10-oracleResolved 7u411Resolved 8u401Resolved
Related Reports
Cloners :  
JDK-8301765 - Release Note: New System Property to Toggle XML Signature Secure Validation Mode
Description
A new system property named `org.jcp.xml.dsig.secureValidation` has been added. It can be used to enable or disable the XML Signature secure validation mode. The system property should be set to "true" to enable, or "false" to disable. Any other value for the system property is treated as "false". If the system property is set, it supersedes the `XMLCryptoContext` property value. 

Secure validation mode is enabled by default if you are running the code with a SecurityManager, otherwise it is disabled by default.