RFR: 8330542: Add two JAXP configuration files in preparation for a secure by default configuration [v6]
Sean Mullan
mullan at openjdk.org
Thu May 2 19:15:56 UTC 2024
On Wed, 1 May 2024 22:33:29 GMT, Joe Wang <joehw at openjdk.org> wrote:
>> Add two sample configuration files:
>>
>> jaxp-strict.properties: used to set strict configuration, stricter than jaxp.properties in previous versions such as JDK 22
>>
>> jaxp-compat.properties: used to regain compatibility from any more restricted configuration than previous versions such as JDK 22
>
> Joe Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> Add implNote to java.xml module summary; Update make file; Update the config files; Add test.
src/java.xml/share/classes/module-info.java line 446:
> 444: * This file allows deployments to test the more secure/strict behavior,
> 445: * identify issues such as a processor unknowingly makes outbound network
> 446: * connections to fetch DTD, or processes XML that relies on extension functions.
Some wording suggestions:
```
* This file allows deployments to test the more secure/strict behavior and
* identify issues such as a processor unknowingly making outbound network
* connections to fetch a DTD, or processing XML that relies on extension functions.
src/java.xml/share/classes/module-info.java line 453:
> 451: * be used to regain compatibility from a more strict configuration in a future release.
> 452: * The difference from the default {@code jaxp.properties} is that it contains
> 453: * additional properties that were not included in {@code jaxp.properties},
s/were/are/
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1588197231
PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1588201546
More information about the core-libs-dev
mailing list