RFR: 8330542: Add two JAXP configuration files in preparation for a secure by default configuration [v6]

Sean Mullan mullan at openjdk.org
Thu May 2 19:15:56 UTC 2024


On Wed, 1 May 2024 22:33:29 GMT, Joe Wang <joehw at openjdk.org> wrote:

>> Add two sample configuration files:
>> 
>>   jaxp-strict.properties: used to set strict configuration, stricter than jaxp.properties in previous versions such as JDK 22
>> 
>>   jaxp-compat.properties: used to regain compatibility from any more restricted configuration than previous versions such as JDK 22
>
> Joe Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add implNote to java.xml module summary; Update make file; Update the config files; Add test.

src/java.xml/share/classes/module-info.java line 446:

> 444:  * This file allows deployments to test the more secure/strict behavior,
> 445:  * identify issues such as a processor unknowingly makes outbound network
> 446:  * connections to fetch DTD, or processes XML that relies on extension functions.

Some wording suggestions: 

 ```
* This file allows deployments to test the more secure/strict behavior and
 * identify issues such as a processor unknowingly making outbound network
 * connections to fetch a DTD, or processing XML that relies on extension functions.

src/java.xml/share/classes/module-info.java line 453:

> 451:  * be used to regain compatibility from a more strict configuration in a future release.
> 452:  * The difference from the default {@code jaxp.properties} is that it contains
> 453:  * additional properties that were not included in {@code jaxp.properties},

s/were/are/

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1588197231
PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1588201546


More information about the core-libs-dev mailing list