See https://issues.apache.org/bugzilla/show_bug.cgi?id=38444 for more information. This is a bug in the Apache XML Security implementation that was fixed after we released JDK 6. We should also fix this bug in JDK 6, as it is serious and is blocking some users from using the XPath Filter 2 Transform in their signatures.
This is a small change (3 lines of code) that has been fixed in the Apache XMLSec
implementation for 2 years now without any issues. Backporting this fix is very low