JDK-8259801 : Enable XML Signature secure validation mode by default
- Type: Enhancement
- Component: security-libs
- Sub-Component: javax.xml.crypto
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2021-01-14
- Updated: 2024-01-11
- Resolved: 2021-01-28
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 17 | JDK 8 |
|---|---|---|
| 11.0.23-oracleFixed | 17 b08Fixed  |
8u411Fixed |
Related Reports
|
CSR :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Sub Tasks
|
JDK-8260551 :
|
|
|
JDK-8260556 :
|
Description
The XML Signature secure validation mode is enabled by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager. Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.
Comments
|