8259801: Enable XML Signature secure validation mode by default

[seanjmullan]

This change enables the XML Signature secure validation mode by default. This will improve out of the box security by restricting signatures that contain potentially unsafe content by default.

Please also review the CSR: https://bugs.openjdk.java.net/browse/JDK-8260154

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change must be properly reviewed

Issue

• JDK-8259801: Enable XML Signature secure validation mode by default

Reviewers

• Weijun Wang (@wangweij - Reviewer) ⚠️ Review applies to 0c2e049
• Rajan Halade (@rhalade - Reviewer) ⚠️ Review applies to 0c2e049

Download

$ git fetch https://git.openjdk.java.net/jdk pull/2197/head:pull/2197
$ git checkout pull/2197

[bridgekeeper]

👋 Welcome back mullan! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@seanjmullan The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[seanjmullan]

/csr

[openjdk]

@seanjmullan this pull request will not be integrated until the CSR request JDK-8260154 for issue JDK-8259801 has been approved.

[seanjmullan]

/assignee mullan

[openjdk]

@seanjmullan Unknown command assignee - for a list of valid commands use /help.

[seanjmullan]

/assignee seanjmullan

[openjdk]

@seanjmullan Unknown command assignee - for a list of valid commands use /help.

[seanjmullan]

/help

[openjdk]

@seanjmullan Available commands:

• cc - add or remove an additional classification label
• contributor - adds or removes additional contributors for a PR
• covered - used when employer has signed the OCA
• csr - require a compatibility and specification request (CSR) for this pull request
• help - shows this text
• integrate - performs integration of the changes in the PR
• issue - edit the list of issues that this PR solves
• label - add or remove an additional classification label
• reviewer - manage additional reviewers for a PR
• reviewers - set the number of additional required reviewers for this PR
• signed - used after signing the OCA
• solves - edit the list of issues that this PR solves
• sponsor - performs integration of a PR that is authored by a non-committer
• summary - updates the summary in the commit message
• test - used to run tests

[mlbridge]

Webrevs

• 01: Full - Incremental (ff15a1d)
• 00: Full (0c2e049)

[openjdk]

@seanjmullan This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8259801: Enable XML Signature secure validation mode by default

Reviewed-by: weijun, rhalade

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 20 new commits pushed to the master branch:

• 20e7df5: 8260466: Test TestHeapDumpOnOutOfMemoryError.java needs multiple @test sections
• 11d6467: 8260407: cmp != __null && cmp->Opcode() == Op_CmpL failure with -XX:StressLongCountedLoop=200000000 in lucene
• d07af2b: 8255531: MethodHandles::permuteArguments throws NPE when duplicating dropped arguments
• a68c6c2: 8260579: PPC64 and S390 builds failures after JDK-8260467
• 8752257: 8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
• 8fe1323: 8260520: Avoid getting permissions in JarFileFactory when no SecurityManager installed
• ecde52e: 8260506: VersionHelper cleanup
• a97aedf: 8256215: Shenandoah: re-organize saving/restoring machine state in assembler code
• 316d52c: 8260497: Shenandoah: Improve SATB flushing
• 11a70d1: 8260426: awt debug_mem.c DMem_AllocateBlock might leak memory
• ... and 10 more: https://git.openjdk.java.net/jdk/compare/0eed2c3312fbb5e06bb9c41b4d210790bd1822a4...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[seanjmullan]

/integrate

[openjdk]

@seanjmullan Since your change was applied there have been 20 commits pushed to the master branch:

• 20e7df5: 8260466: Test TestHeapDumpOnOutOfMemoryError.java needs multiple @test sections
• 11d6467: 8260407: cmp != __null && cmp->Opcode() == Op_CmpL failure with -XX:StressLongCountedLoop=200000000 in lucene
• d07af2b: 8255531: MethodHandles::permuteArguments throws NPE when duplicating dropped arguments
• a68c6c2: 8260579: PPC64 and S390 builds failures after JDK-8260467
• 8752257: 8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
• 8fe1323: 8260520: Avoid getting permissions in JarFileFactory when no SecurityManager installed
• ecde52e: 8260506: VersionHelper cleanup
• a97aedf: 8256215: Shenandoah: re-organize saving/restoring machine state in assembler code
• 316d52c: 8260497: Shenandoah: Improve SATB flushing
• 11a70d1: 8260426: awt debug_mem.c DMem_AllocateBlock might leak memory
• ... and 10 more: https://git.openjdk.java.net/jdk/compare/0eed2c3312fbb5e06bb9c41b4d210790bd1822a4...master

Your commit was automatically rebased without conflicts.

Pushed as commit baf46ba.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.