On Wed, 1 Dec 2021 17:31:37 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Import Apache Santuario 2.3.0 without the secure validation changes since in > OpenJDK we are using the `jdk.xml.dsig.secureValidationPolicy` security > property for XML Signature secure validation protection. > > Two commits are pushed: > > - 2.3.0: Import 2.3.0 code changes > - revert: revert the Santuario secure validation changes src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/Policy.java line 53: > 51: private static Map<String, Integer> minKeyMap; > 52: private static boolean noDuplicateIds; > 53: private static boolean noRMLoops; Does it really make any difference, moving the initialization to the initialize() method? The comment on line 46 no longer apply now that the initialization is relocated. ------------- PR: https://git.openjdk.java.net/jdk/pull/6644
