38 lines
1.1 KiB
Plaintext
38 lines
1.1 KiB
Plaintext
include::../common/rationale.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
Before Java 17, XML Digital Signature API does not apply restrictions on XML signature validation unless the application runs with a security manager, which is rare.
|
|
|
|
== What is the potential impact
|
|
|
|
include::../common/impact.adoc[]
|
|
|
|
include::./how-to-fix/java-se.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/docs.adoc[]
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Set the 'org.jcp.xml.dsig.secureValidation' property to true on the 'DOMValidateContext' to validate this XML signature securely.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 25 Jan 2022, 10:34:00 Quentin Jaquier wrote:
|
|
Quick fixes (for Java): even if it is technically possible to provide a fix that would result in compliant code, it does not sound wise to set properties blindly, as it can have side effects. Fixing the issue requires a careful and good understanding of the overall context of the code.
|
|
|
|
endif::env-github,rspecator-view[]
|