--
You received this message because you are subscribed to the Google Groups "ESAPI Project Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to esapi-project-u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/esapi-project-users/48c3d5d2-68ff-471c-9019-dad3cacfba28n%40owasp.org.
Apologies, I contacted tech directly with a description of what's
going on (included below).
They've confirmed this assessment is accurately describing the
issue encountered.
The (newer) version of ESAPI that you're using is trying to call a method from SecurityConfiguration interface that does not exist in the (older) ESAPI version being used by the OpenSAML library.
- OpenSAML has a dependency on ESAPI v2.0.1. That version was released in 2011.
- Your baseline is using ESAPI v2.5.1, released in 2022.
- The method SecurityConfiguration.getBooleanProp did not exist in the ESAPI baseline until January of 2016.
Based on the dates of the ESAPI releases, I think that the minimum version for compatibility is 2.1.0.1 -- released February 2016
References:
- https://mvnrepository.com/artifact/org.opensaml/opensaml/2.6.6
- see the "compile dependencies" section on the page, lists ESAPI v. 2.0.1
- https://github.com/ESAPI/esapi-java-legacy/blame/develop/src/main/java/org/owasp/esapi/SecurityConfiguration.java
- See the commit of the getBooleanProp method on line 136 -- dated 2016
- https://mvnrepository.com/artifact/org.owasp.esapi/esapi
- Noting the release dates for the ESAPI versions
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/esapi-project-users/CAOPE6PhjWJBsrkAodkriO0_jG6Cjy%2BEVdCAgYynEUuEQbPar8g%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/esapi-project-users/06ce890e-955f-a568-7664-ac583cc2229f%40gmail.com.