RFR: 8314180: Disable XPath in XML Signatures
Weijun Wang
weijun at openjdk.org
Thu Jun 12 12:47:44 UTC 2025
On Tue, 10 Jun 2025 12:29:24 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> The XPath Transform is rarely used, introduces complexity, and is not recommended by the [XML Signature Best Practices](https://www.w3.org/TR/xmldsig-bestpractices/) document. Applications should use the XPath Transform 2.0 Filter instead, which was designed to be an alternative to the XPath Transform. This change will disable the XPath Transform by default.
Marked as reviewed by weijun (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/25721#pullrequestreview-2920998704
More information about the security-dev
mailing list