JDK-8322473 : Release Note: Update XML Security for Java to 3.0.2
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version:
    8u411,8u411-perf,11.0.23-oracle,17.0.11-oracle 8u411,8u411-perf,11.0.23-oracle,17.0.11-oracle
  • Priority: P4
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2023-12-19
  • Updated: 2024-03-14
  • Resolved: 2023-12-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 8
11.0.23-oracleResolved 17.0.11-oracleResolved 8u411Resolved
Description
The XML Signature implementation has been updated to Santuario 3.0.2. Support for the following EdDSA signatures has been added: `ED25519` and `ED448`. While these new algorithm URIs are not defined in `javax.xml.crypto.dsig.SignatureMethod` in the JDK Update releases, they may be represented as string literals in order to be functionally equivalent. The JDK supports EdDSA since [JDK 15](https://openjdk.org/jeps/339). Releases earlier than that may use 3rd party security providers. One other difference is that the JDK still supports the [`here()` function](https://www.w3.org/TR/xmldsig-core1/#function-here) by default. However, we recommend avoiding the use of the `here()` function in new signatures and replacing existing signatures that use the `here()` function. Future versions of the JDK will likely disable, and eventually remove, support for this function, as it cannot be supported using the standard Java XPath API. Users can now disable the `here()` function by setting the security property `jdk.xml.dsig.hereFunctionSupported` to "false".