Release 2.5.2.0 now available #785
kwwall
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
New ESAPI release available in GitHub under Releases. Also, confirmed it is now available from Maven Central, but as of Thu Apr 13 04:30:49 UTC 2023, it yet does not show up in any of the searches I've tried (e.g, from https://mvnrepository.com/artifact/org.owasp.esapi/esapi or via https://search.maven.org/search?q=ESAPI), but sometimes that takes several hours and one time it took 3 days!
Release Notes
The release notes for ESAPI release 2.5.2.0 are located at:
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.2.0-release-notes.txt
Configuration files located in configuration jar
Note that the attached file "esapi-2.5.2.0-configuration.jar" contains the default ESAPI configuration files intended for used in production. Download the file and unjar it via 'jar xf'. After you unjar that configuration jar, look under the 'configuration/' directory. Most of the files you are interested in are located under 'configuration/esapi', such as ESAPI.properties, validation.properties, etc. The attached file "esapi-2.5.2.0-configuration.jar.asc" is a detached GPG signature of that the file "esapi-2.5.2.0-configuration.jar" that was signed by ESAPI project co-lead, Kevin W. Wall.
CVEs addressed
The release notes contain a more complete list of what has changed / fixed in ESAPI 2.5.2.0.
This discussion was created from the release 2.5.2.0.
Beta Was this translation helpful? Give feedback.
All reactions