RFR: 8275082: Update XML Security for Java to 2.3.0
Valerie Peng
valeriep at openjdk.java.net
Thu Dec 2 20:40:22 UTC 2021
On Wed, 1 Dec 2021 17:31:37 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Import Apache Santuario 2.3.0 without the secure validation changes since in OpenJDK we are using the `jdk.xml.dsig.secureValidationPolicy` security property for XML Signature secure validation protection.
>
> Two commits are pushed:
>
> - 2.3.0: Import 2.3.0 code changes
> - revert: revert the Santuario secure validation changes
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/Policy.java line 53:
> 51: private static Map<String, Integer> minKeyMap;
> 52: private static boolean noDuplicateIds;
> 53: private static boolean noRMLoops;
Does it really make any difference, moving the initialization to the initialize() method? The comment on line 46 no longer apply now that the initialization is relocated.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6644
More information about the security-dev
mailing list