ESAPI 2.6.0.0 release now available - Deprecated Validator.isValidSafeHTML methods now removed

[Kevin W. Wall]

All,

The latest ESAPI release, 2.6.0.0, is now available from GitHub and Maven Central Repository. (Note, depending on when you read this, the 2.6.0.0 release may not yet be showing up on the previous Maven Central link, but you can confirm that it is indeed there by examining https://central.sonatype.com/artifact/org.owasp.esapi/esapi/2.6.0.0/versions or https://repo1.maven.org/maven2/org/owasp/esapi/esapi/2.6.0.0/.)

If you wish to discuss this release, I would encourage you to do so via the GitHub announcement in the Discussions forum so that more people can see your comments.

With the release of 2.6.0.0, the ESAPI team now considers the GitHub Advanced Security advisory, https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm, to be officially remediated.

The next release tentatively will be 2.7.0.0 and for it we are considering making the minimal Java version that ESAPI supports Java 11. See GitHub Discussion #862 for details.

-kevin

--

Blog: https://off-the-wall-security.blogspot.com/    | GitHub: @kwwall | OWASP ESAPI Project co-lead | OWASP and ACM lifetime member

NSA: All your crypto bit are belong to us.