JDK-8259801 : Enable XML Signature secure validation mode by default
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-01-14
  • Updated: 2024-01-11
  • Resolved: 2021-01-28
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 8
11.0.23-oracleFixed 17 b08Fixed 8u411Fixed
Related Reports
CSR :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8260551 :  
JDK-8260556 :  
The XML Signature secure validation mode is enabled by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.
Fix request [11u] I backport this for parity with 11.0.23-oracle. Risk of breaking installations that don't pass the security validation. I guess this is acceptable, or better, desireable to improve security. CSR available. Clean except for one copyright, marked clean. Test passes.

Full Git URL: https://github.com/openjdk/jdk/commit/baf46bac41f11c01691c4d4c77b24f76fedb5926

A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2426 Date: 2024-01-03 12:03:05 +0000

Changeset: baf46bac Author: Sean Mullan <mullan@openjdk.org> Date: 2021-01-28 14:28:27 +0000 URL: https://git.openjdk.java.net/jdk/commit/baf46bac