|
What's new in this version: New Features:
- xml/jaxp
- New XML Processing Limits
Three processing limits have been added to the XML libraries. These are:
- jdk.xml.xpathExprGrpLimit
- Description: Limits the number of groups an XPath expression can contain.
- Type: integer
- Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 10.
- jdk.xml.xpathExprOpLimit
- Description: Limits the number of operators an XPath expression can contain.
- Type: integer
- Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 100.
- jdk.xml.xpathTotalOpLimit
- Description: Limits the total number of XPath operators in an XSL Stylesheet.
- Type: integer
- Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 10000.
- Supported processors
- jdk.xml.xpathExprGrpLimit and jdk.xml.xpathExprOpLimit are supported by the XPath processor.
- ll three limits are supported by the XSLT processor.
- Setting properties
- For the XSLT processor, the properties can be changed through the TransformerFactory. For example,
- TransformerFactory factory = TransformerFactory.newInstance();
- factory.setAttribute("jdk.xml.xpathTotalOpLimit", "1000");
- For both the XPath and XSLT processors, the properties can be set through the system property and jaxp.properties configuration file located in the conf directory of the Java installation. For example,
- System.setProperty("jdk.xml.xpathExprGrpLimit", "20");
- or in the jaxp.properties file,
- jdk.xml.xpathExprGrpLimit=20
- JDK-8270504 (not public)
Other Notes:
- security-libs/java.security
- ➜ Only Expose Certificates With Proper Trust Settings as Trusted Certificate Entries in macOS KeychainStore
- On macOS, only certificates with proper trust settings in the user keychain will be exposed as trusted certificate entries in the KeychainStore type of keystore. Also, calling the KeyStore::setCertificateEntry method or the keytool -importcert command on a KeychainStore keystore now fails with a KeyStoreException. Instead, call the macOS "security add-trusted-cert" command to add a trusted certificate into the user keychain.
- JDK-8278449 (not public)
- core-libs/javax.naming
- ➜ Parsing of URL Strings in Built-In JNDI Providers Is More Strict
The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers as been made more strict. The strength of the parsing can be controlled by system properties:
- -Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict" (to control "ldap:" URLs)
- -Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict" (to control "dns:" URLs)
- -Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict" (to control "rmi:" URLs)
- The default value is "compat" for all of them.
- The "legacy" mode turns the new validation off.
- The "compat" mode limits incompatibilities.
- The "strict" mode is stricter and may cause regression by rejecting URLs that an application might consider as valid.
- If an illegal URL string is found, a javax.naming.NamingException (or a subclass of it) is raised.
- JDK-8278972 (not public)
Fixed:
- This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 17.0.3 Bug Fixes page. |
