include::../common/rationale.adoc[]

== Why is this an issue?

Before Java 17, XML Digital Signature API does not apply restrictions on XML signature validation unless the application runs with a security manager, which is rare.

== What is the potential impact

include::../common/impact.adoc[]

include::./how-to-fix/java-se.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/standards.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Set the 'org.jcp.xml.dsig.secureValidation' property to true on the 'DOMValidateContext' to validate this XML signature securely.


'''
== Comments And Links
(visible only on this page)

=== on 25 Jan 2022, 10:34:00 Quentin Jaquier wrote:
Quick fixes (for Java): even if it is technically possible to provide a fix that would result in compliant code, it does not sound wise to set properties blindly, as it can have side effects. Fixing the issue requires a careful and good understanding of the overall context of the code.

endif::env-github,rspecator-view[]