2.5.4.0
kwwall
Kevin W. Wall
Full release notes
Full release notes for ESAPI release 2.5.4.0 are located at:
It contains important details, which you need to read as you MUST remove (or rename) 'esapi-java-logging.properties' if you are using ESAPI's default logging, which is JUL. Otherwise ESAPI will throw a ConfigurationException (which may appear as a java.lang.ExceptionInInitializerError or as a java.lang.NoClassDefFoundError, depending on circumstances). Please refer to the "Configuring the JavaLogFactory" wiki page for additional details.
YOU HAVE BEEN WARNED!!!
What's Changed
- Bump org.owasp:dependency-check-maven from 9.0.0 to 9.0.6 by @dependabot in #825
- fix: upgrade Antisamy to 1.7.5 to resolve CVE-2024-23635 by @mpreziuso in #833
- Issue #839 JavaLogFactory ConcMod by @jeremiahjstacey in #840
- PR to fix #824 and reference to #823 by @xeno6696 in #828
New Contributors
- @mpreziuso made their first contribution in #833
Full Changelog: esapi-2.5.3.1...esapi-2.5.4.0
Configuration files located in configuration jar
Note that the attached file "esapi-2.5.4.0-configuration.jar" contains the default ESAPI configuration files intended for used in production. Download the file and unjar it via 'jar xf'. After you unjar that configuration jar, look under the 'configuration/' directory. Most of the files you are interested in are located under 'configuration/esapi', such as ESAPI.properties, validation.properties, etc. The attached file "esapi-2.5.3.1-configuration.jar.asc" is a detached GPG signature of that the file "esapi-2.5.4.0-configuration.jar" that was signed by ESAPI project co-lead, Kevin W. Wall.
