ESAPI Project Users

See the announcement in GitHub Discussion #889 and be sure to read the referenced Security Bulletin #

Hi Sarthak, I did a little research. There actually is a newer version of bsh jar from Dec 2, 2022.

On Wed, Feb 5, 2025 at 6:17 PM <xeno...@gmail.com> wrote: Let me qualify that abit: ESAPI is

All, The latest ESAPI release, 2.6.0.0, is now available from GitHub and Maven Central Repository. (

As noted in the GHAS Security Advisory, https://github.com/ESAPI/esapi-java-legacy/security/

The ESAPI 2.5.5.0 release is now official. You may note that some dates related to Maven reflect

I was aware of the "Enhanced Small Arms Protective Insert", but the "Enhanced System

On Wed, May 29, 2024 at 10:56 PM Kevin W. Wall <kevin....@gmail.com> wrote: > > See

Release 1.7.5 of AntiSamy was released last Friday, 2/2/2024. It addresses CVE-2024-23635 which you

It's been less than a week, but Dave Wichers suggested logging the deprecated DefaultValidator.

Ah. The eclipse transformer plugin. Time to read some docs. On Wed, Nov 29, 2023, 13:30 Kevin W. Wall

Looks like lots of others are getting the same error: https://github.com/jeremylong/DependencyCheck/

Should anyone care to look at the AntiSamy related tests that are now failing in ESAPI, I have

An update: Good news: That one test bizarrely just started working when I re-cloned and then copied

I think that avgvstvs' advice in the SO link you referenced is good advice. The only thing that I

On Saturday, July 29, 2023 at 11:18:30 AM UTC-4 Jeffrey Walton wrote: Hi Everyone, I'm having a

If you want the "Dark and Silent" approach, add: -Dorg.owasp.esapi.logSpecial.discard=true

Also, compiling it (at least for this particular example) is the easy part. Collecting all the jars

It's worth noting that invoking sed/awk/bash would remove the current ability to perform cross-

On Wed, May 31, 2023 at 12:06 PM Kevin W. Wall <kevin....@gmail.com> wrote: > > I

There's confusion here. You canonicalize to make a string safe for comparisons and encode when

See https://github.com/ESAPI/esapi-java-legacy/discussions/785 and feel free to continue the

Please read https://github.com/ESAPI/esapi-java-legacy/discussions/782 If you have questions, it is

Well, got past the power outage situation (although there were several "outages" caused by

Okay, thanks for that update. I guess the OpenSAML folks are not ones who care about all the

On Wed, Mar 22, 2023 at 11:15 AM Eyal Kalimi <naz...@gmail.com> wrote: Hi, We are using esapi

You might be interested in joining the discussion at https://github.com/ESAPI/esapi-java-legacy/

On Sun, Nov 27, 2022 at 6:24 PM Kevin W. Wall <kevin....@gmail.com> wrote: > > See

@Jeff Walton and others: Please check out https://github.com/ESAPI/esapi-java-legacy/issues/737 and

You are welcome. We had a volunteer step up and make the requested change to clarify the exception