50 lines
1.4 KiB
Markdown
50 lines
1.4 KiB
Markdown
|
## SignedXml and EncryptedXml Breaking Changes
|
||
|
|
|
||
|
|
### Scope
|
||
|
|
Minor
|
||
|
|
|
||
|
|
### Version Introduced
|
||
|
|
4.6.2
|
||
|
|
|
||
|
|
### Source Analyzer Status
|
||
|
|
Planned
|
||
|
|
|
||
|
|
### Change Description
|
||
|
|
|
||
|
|
In .NET Framework 4.6.2, Security fixes in `SignedXml` and `EncryptedXml` lead
|
||
|
|
to different run-time behaviors. For example,
|
||
|
|
|
||
|
|
* If a document has multiple elements with the same `id` attribute and a
|
||
|
|
signature targets one of those elements as the root of the signature, the
|
||
|
|
document will now be considered invalid.
|
||
|
|
* Documents using non-canonical XPath transform algorithms in references are now
|
||
|
|
considered invalid.
|
||
|
|
* Documents using non-canonical XSLT transform algorithms in references are now
|
||
|
|
consider invalid.
|
||
|
|
* Any program making use of external resource detached signatures will be unable
|
||
|
|
to do so.
|
||
|
|
|
||
|
|
- [ ] Quirked
|
||
|
|
- [ ] Build-time break
|
||
|
|
|
||
|
|
### Recommended Action
|
||
|
|
|
||
|
|
Developers might want to review the usage of
|
||
|
|
`System.Security.Cryptography.Xml.XmlDsigXsltTransform` and
|
||
|
|
`System.Security.Cryptography.Xml.XmlDsigXPathTransform`, as well as types
|
||
|
|
derived from `System.Security.Cryptography.Xml.Transform` since a document
|
||
|
|
receiver may not be able to process it.
|
||
|
|
|
||
|
|
### Affected APIs
|
||
|
|
|
||
|
|
* `T:System.Security.Cryptography.Xml.Transform`
|
||
|
|
* `T:System.Security.Cryptography.Xml.XmlDsigXPathTransform`
|
||
|
|
* `T:System.Security.Cryptography.Xml.XmlDsigXsltTransform`
|
||
|
|
|
||
|
|
### Category
|
||
|
|
Security
|
||
|
|
|
||
|
|
[More information](https://github.com/Microsoft/dotnet/blob/master/releases/net462/dotnet462-changes.md)
|
||
|
|
|
||
|
|
<!-- breaking change id: 156 -->
|