RFR: 8330542: Add two sample configuration files in preparation for a more secure by default configuration [v3]

[Lance Andersen]

On Fri, 19 Apr 2024 17:39:30 GMT, Joe Wang <joehw at openjdk.org> wrote:

>> Add two sample configuration files:
>> 
>>   jaxp-strict.properties: used to set strict configuration, stricter than jaxp.properties in previous versions such as JDK 22
>> 
>>   jaxp-compat.properties: used to regain compatibility from any more restricted configuration than previous versions such as JDK 22
>
> Joe Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   fix typo

src/java.xml/share/conf/jaxp-compat.properties line 12:

> 10: #
> 11: # jaxp-strict.properties: this file resembles what will become the Secure-By-Default
> 12: # configuration where a strict restriction is the default. This file allows

strict restriction needs rewording.

Perhaps something that indicates that this property file provides settings that will be equivalent to that will be the default JAXP settings in a future release to make the use of JAXP more secure out of the box

src/java.xml/share/conf/jaxp-compat.properties line 20:

> 18: # JDK has switched to a strict configuration as indicated in jaxp-strict.properties.
> 19: # This configuration contains the same properties as those in jaxp-strict.properties
> 20: # except it sets them back to the current status of the JDK. Note that, although

'....sets them back to the current status of the JDK'

I think you are trying to indicate that this property file specifies the JAXP property values that were in place prior to being More Secure?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1572927195
PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1572940722