Groups

ESAPI Project Dev

1–30 of 39

Google group for discussion of development directions of ESAPI.

0 selected

11/25/24

ESAPI 2.6.0.0 release now available - Deprecated Validator.isValidSafeHTML methods now removed

All, The latest ESAPI release, 2.6.0.0, is now available from GitHub and Maven Central Repository. (

unread,

ESAPI 2.6.0.0 release now available - Deprecated Validator.isValidSafeHTML methods now removed

All, The latest ESAPI release, 2.6.0.0, is now available from GitHub and Maven Central Repository. (

11/25/24

10/8/24

New ESAPI release - 2.5.5.0

The ESAPI 2.5.5.0 release is now official. You may note that some dates related to Maven reflect

unread,

New ESAPI release - 2.5.5.0

The ESAPI 2.5.5.0 release is now official. You may note that some dates related to Maven reflect

10/8/24

5/29/24

ESAPI 2.5.4.0 released

See https://github.com/ESAPI/esapi-java-legacy/discussions/841 for all the important details. Note:

unread,

ESAPI 2.5.4.0 released

See https://github.com/ESAPI/esapi-java-legacy/discussions/841 for all the important details. Note:

5/29/24

12/1/23

New ESAPI minor point / patch release issued - ESAPI 2.5.3.1

It's been less than a week, but Dave Wichers suggested logging the deprecated DefaultValidator.

unread,

New ESAPI minor point / patch release issued - ESAPI 2.5.3.1

It's been less than a week, but Dave Wichers suggested logging the deprecated DefaultValidator.

12/1/23

11/29/23

ESAPI 2.5.3.0 released

David, Great question. I made zero code changes to ESAPI other than changing our pom.xml. I suppose

unread,

ESAPI 2.5.3.0 released

David, Great question. I made zero code changes to ESAPI other than changing our pom.xml. I suppose

11/29/23

10/7/23

Working on new ESAPI release to update to new AntiSamy 1.7.4 release

AntiSamy just released a new release 1.7.4 yesterday that addresses some CVEs, one in a dependency (

unread,

Working on new ESAPI release to update to new AntiSamy 1.7.4 release

AntiSamy just released a new release 1.7.4 yesterday that addresses some CVEs, one in a dependency (

10/7/23

4/13/23

New ESAPI release 2.5.2.0 addresses 2 CVEs in transitive dependencies

See https://github.com/ESAPI/esapi-java-legacy/discussions/785 and feel free to continue the

unread,

New ESAPI release 2.5.2.0 addresses 2 CVEs in transitive dependencies

See https://github.com/ESAPI/esapi-java-legacy/discussions/785 and feel free to continue the

4/13/23

4/5/23

CVE-2023-24998 and why the ESAPI 2.5.2.0 release is momentarily delayed

Please read https://github.com/ESAPI/esapi-java-legacy/discussions/782 If you have questions, it is

unread,

CVE-2023-24998 and why the ESAPI 2.5.2.0 release is momentarily delayed

Please read https://github.com/ESAPI/esapi-java-legacy/discussions/782 If you have questions, it is

4/5/23

3/27/23

New ESAPI release this weekend looking much less likely

Well, got past the power outage situation (although there were several "outages" caused by

unread,

New ESAPI release this weekend looking much less likely

Well, got past the power outage situation (although there were several "outages" caused by

3/27/23

1/12/23

Discussion about ESAPI supporting jakarta.servlet-api

You might be interested in joining the discussion at https://github.com/ESAPI/esapi-java-legacy/

unread,

Discussion about ESAPI supporting jakarta.servlet-api

You might be interested in joining the discussion at https://github.com/ESAPI/esapi-java-legacy/

1/12/23

11/27/22

New ESAPI 2.5.1.0 release is now available for download

See https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.5.1.0 for details. Note that it

unread,

New ESAPI 2.5.1.0 release is now available for download

See https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.5.1.0 for details. Note that it

11/27/22

7/20/22

ESAPI 2.5.0.0 announcement

It's official and the 'develop' branch should now be properly updated as well as '

unread,

ESAPI 2.5.0.0 announcement

It's official and the 'develop' branch should now be properly updated as well as '

7/20/22

Kevin W. Wall, Matt Seil4

5/7/22

Thoughts on ESAPI switching from Google Groups to GitHub Discussions

I set up a temporary public repo at https://github.com/ESAPI/test-github-discussions that has GitHub

unread,

Thoughts on ESAPI switching from Google Groups to GitHub Discussions

I set up a temporary public repo at https://github.com/ESAPI/test-github-discussions that has GitHub

5/7/22

Kevin W. Wall, … Simon McClenahan4

4/28/22

Scheduling removal of Log4J 1 from ESAPI 2.x

reload4j seems similar to the slf4j bridge that I have mentioned previously. https://www.slf4j.org/

unread,

Scheduling removal of Log4J 1 from ESAPI 2.x

reload4j seems similar to the slf4j bridge that I have mentioned previously. https://www.slf4j.org/

4/28/22

4/24/22

New ESAPI release (2.4.0.0) available -- this is first Java 8 release; does not support Java 7!!!

Details For further details, see https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.4.

unread,

New ESAPI release (2.4.0.0) available -- this is first Java 8 release; does not support Java 7!!!

Details For further details, see https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.4.

4/24/22

4/17/22

New important ESAPI release that addresses several vulnerabilities just released

A new IMPORTANT release of #ESAPI (2.3.0.0) that patches several vulnerabilities is now available

unread,

New important ESAPI release that addresses several vulnerabilities just released

A new IMPORTANT release of #ESAPI (2.3.0.0) that patches several vulnerabilities is now available

4/17/22

1/7/22

OWASP looking for case studies

The OWASP Executive Director, Andrew van der Stock, announced today on the OWASP Leaders List that

unread,

OWASP looking for case studies

The OWASP Executive Director, Andrew van der Stock, announced today on the OWASP Leaders List that

1/7/22

1/7/22

ESAPI talks posted to YouTube

I recently (in Sept and Nov respectively) gave two slightly different talks at OWASP events -- a

unread,

ESAPI talks posted to YouTube

I recently (in Sept and Nov respectively) gave two slightly different talks at OWASP events -- a

1/7/22

12/1/21

Announcement about changes to minimal supported JRE for ESAPI 2.x

Background: Way back on May 3rd of this year, I cross-posted an email to both of the ESAPI mailing

unread,

Announcement about changes to minimal supported JRE for ESAPI 2.x

Background: Way back on May 3rd of this year, I cross-posted an email to both of the ESAPI mailing

12/1/21

Jeremiah Stacey2

8/13/21

ESAPI Log Pre-Filtering

Been about a month and there has been no input on this topic. Unless someone reaches out in favor of

unread,

ESAPI Log Pre-Filtering

Been about a month and there has been no input on this topic. Unless someone reaches out in favor of

8/13/21

5/8/21

ANNOUNCEMENT: ESAPI patch release 2.2.3.1 and why CVE-2021-29425 is not exploitable

ESAPI 2.2.3.1 was just pushed to Maven Central last evening. It is a very minor patch release to

unread,

ANNOUNCEMENT: ESAPI patch release 2.2.3.1 and why CVE-2021-29425 is not exploitable

ESAPI 2.2.3.1 was just pushed to Maven Central last evening. It is a very minor patch release to

5/8/21

5/6/21

ESAPI support for Java 7 -- how important is it to you?

I've received only one reply, otherwise crickets. Is anyone out there? -kevin On Mon, May 3, 2021

unread,

ESAPI support for Java 7 -- how important is it to you?

I've received only one reply, otherwise crickets. Is anyone out there? -kevin On Mon, May 3, 2021

5/6/21

4/19/21

ESAPI 'master' branch renamed to 'main' and ESAPI documentation updated accordingly

Matt has just recently completed renaming the 'master' branch as 'main' and I have

unread,

ESAPI 'master' branch renamed to 'main' and ESAPI documentation updated accordingly

Matt has just recently completed renaming the 'master' branch as 'main' and I have

4/19/21

3/24/21

Official ESAPI 2.2.3.0 announcement

ESAPI 2.2.3.0 is official. It is in Maven Central and everything on GitHub and the release there

unread,

Official ESAPI 2.2.3.0 announcement

ESAPI 2.2.3.0 is official. It is in Maven Central and everything on GitHub and the release there

3/24/21

Kevin W. Wall, Dave Wichers2

3/24/21

ESAPI 2.2.3.0 release

The release did make it out: https://repo1.maven.org/maven2/org/owasp/esapi/esapi/2.2.3.0/. But it

unread,

ESAPI 2.2.3.0 release

The release did make it out: https://repo1.maven.org/maven2/org/owasp/esapi/esapi/2.2.3.0/. But it

3/24/21

Kevin W. Wall, Matt Seil2

3/22/21

URGENT: ESAPI on MacOS with JDK 7 failing tests

I do not. On 3/22/2021 5:49 PM, Kevin W. Wall wrote: Dave Wichers informs me that the latest version

unread,

URGENT: ESAPI on MacOS with JDK 7 failing tests

I do not. On 3/22/2021 5:49 PM, Kevin W. Wall wrote: Dave Wichers informs me that the latest version

3/22/21

3/21/21

ESAPI Security Advisory #4 - How Does CVE-2020-9488 Impact ESAPI?

In about 10-15 minutes after this is email is posted, you will find ESAPI Security Advisory #4 posted

unread,

ESAPI Security Advisory #4 - How Does CVE-2020-9488 Impact ESAPI?

In about 10-15 minutes after this is email is posted, you will find ESAPI Security Advisory #4 posted

3/21/21

3/21/21

Heads up on next release (tentatively 2.2.3.0) and on deprecated methods being removed

Status update. I just finished initial draft of a new security advisory (for log4j 1.2.17 of course,

unread,

Heads up on next release (tentatively 2.2.3.0) and on deprecated methods being removed

Status update. I just finished initial draft of a new security advisory (for log4j 1.2.17 of course,

3/21/21

12/15/20

ESAPI GitHub issue #582 - Separating codecs and canonicalization functionality into a separate maven artifact

All, I would like to move this discussion of ESAPI GitHub issue #582 to here, since it is exactly the

unread,

ESAPI GitHub issue #582 - Separating codecs and canonicalization functionality into a separate maven artifact

All, I would like to move this discussion of ESAPI GitHub issue #582 to here, since it is exactly the

12/15/20

11/28/20

A new ESAPI release (2.2.2.0) is available

This release contains a few minor bug fixes but mostly addresses some potentially exposed

unread,

A new ESAPI release (2.2.2.0) is available

This release contains a few minor bug fixes but mostly addresses some potentially exposed

11/28/20

Search

Clear search

Close search

Google apps

Main menu