RFR: 8231507: Update Apache Santuario (XML Signature) to version 2.1.4
Weijun Wang
weijun.wang at oracle.com
Thu Oct 10 10:08:54 UTC 2019
Hi Fedor,
First, thanks a lot for the contribution. Overall the code change looks fine, but I have several comments:
1. The change in EncryptionConstants.java is not necessary. In this module we only do the signature part, but not encryption.
2. For the same reason, 5 new methods in XMLUtils.java about encryption.
3. In DOMRetrievalMethod.java, please revert to the use of "Policy.restrictNumTransforms(newTransforms.size())". The java.xml.crypto module inside OpenJDK is a little different from Santuario here and it uses a java.security property named "jdk.xml.dsig.secureValidationPolicy".
4. XMLDSigRI.java contains no actual change and can be kept unchanged.
Have you found a committer to sponsor your code change? If not, I'll be happy to do it.
Thanks,
Max
> On Oct 8, 2019, at 12:35 AM, Fedor Burdun <fedor.burdun at azul.com> wrote:
>
> Dear all,
>
> Would you please review the following change?
> Bug: https://bugs.openjdk.java.net/browse/JDK-8231507
> Webrev: http://cr.openjdk.java.net/~fijiol/8231507/webrev.00/
>
> This change upgrades Apache Santuario library to version 2.1.4
>
> Best regards,
> Fedor
More information about the security-dev
mailing list