On Fri, 19 Apr 2024 17:39:30 GMT, Joe Wang <jo...@openjdk.org> wrote:
>> Add two sample configuration files: >> >> jaxp-strict.properties: used to set strict configuration, stricter than >> jaxp.properties in previous versions such as JDK 22 >> >> jaxp-compat.properties: used to regain compatibility from any more >> restricted configuration than previous versions such as JDK 22 > > Joe Wang has updated the pull request incrementally with one additional > commit since the last revision: > > fix typo src/java.xml/share/conf/jaxp-compat.properties line 12: > 10: # > 11: # jaxp-strict.properties: this file resembles what will become the > Secure-By-Default > 12: # configuration where a strict restriction is the default. This file > allows strict restriction needs rewording. Perhaps something that indicates that this property file provides settings that will be equivalent to that will be the default JAXP settings in a future release to make the use of JAXP more secure out of the box src/java.xml/share/conf/jaxp-compat.properties line 20: > 18: # JDK has switched to a strict configuration as indicated in > jaxp-strict.properties. > 19: # This configuration contains the same properties as those in > jaxp-strict.properties > 20: # except it sets them back to the current status of the JDK. Note that, > although '....sets them back to the current status of the JDK' I think you are trying to indicate that this property file specifies the JAXP property values that were in place prior to being More Secure? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1572927195 PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1572940722