1.4 KiB
1.4 KiB
SignedXml and EncryptedXml Breaking Changes
Scope
Minor
Version Introduced
4.6.2
Source Analyzer Status
Planned
Change Description
In .NET Framework 4.6.2, Security fixes in SignedXml and EncryptedXml lead
to different run-time behaviors. For example,
- If a document has multiple elements with the same
idattribute and a signature targets one of those elements as the root of the signature, the document will now be considered invalid. - Documents using non-canonical XPath transform algorithms in references are now considered invalid.
- Documents using non-canonical XSLT transform algorithms in references are now consider invalid.
- Any program making use of external resource detached signatures will be unable to do so.
- Quirked
- Build-time break
Recommended Action
Developers might want to review the usage of
System.Security.Cryptography.Xml.XmlDsigXsltTransform and
System.Security.Cryptography.Xml.XmlDsigXPathTransform, as well as types
derived from System.Security.Cryptography.Xml.Transform since a document
receiver may not be able to process it.
Affected APIs
T:System.Security.Cryptography.Xml.TransformT:System.Security.Cryptography.Xml.XmlDsigXPathTransformT:System.Security.Cryptography.Xml.XmlDsigXsltTransform
Category
Security