-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ESAPI 2.2.0.0-RC2 causes compilation errors in Java Encoder project #31
Comments
week before owasp compiled without below error (But compilation failing now). Haven't changed any version of the "mvn or java" even getting the same error on released tag v1.2.1 and v1.2.2. What could lead to this compilation failure ? |
It's failing because the ESAPI dependency is not pinned to a specific
version, so the latest 2.x ESAPI jar gets used. But on 4/29, we pushed a
new ESAPI release to Maven Central (2.2.0.0-RC2) which it is now pulling
down. That new ESAPI jar has changed some of the interfaces. Thus the
compilation errors.
…-kevin
--
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
On Thu, May 2, 2019, 03:45 guru prasad HB ***@***.***> wrote:
week before owasp compiled without below error .
org.owasp.encoder.esapi.ESAPIEncoder.Impl is not abstract and does not
override abstract method getCanonicalizedURI(java.net.URI) in
org.owasp.esapi.Encoder
Haven't changed any version of the "mvn or java" even getting the same
error on released tag v1.2.1 and v1.2.2. What could lead to this
compilation failure ?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#31 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAO6PGYSZ2I2KU47XDRD45TPTKL2NANCNFSM4HJQ767Q>
.
|
I am assuming this is fixed, please reopen if not. |
@jmanico - Not fixed; needs reopened. If you ask nicely, I'll even submit a PR. :) |
Can we please have a PR, Kevin? Pretty please?
…
|
@jmanico - Since the OWASP Java Encoder project is already using SLF4J and has that configured, I am just going to configure ESAPI to use SLF4J That will greatly simplify things since I don't need to use the esapi-java-logging.properties and can eliminate some of the Logger properties. |
Okay; upon close look, you are not using any logger at all, so exceptions are not logged. But NBD. SLF4J works better without configuration than does JUL. |
Running 'mvn compile' causes the following compilation errors in the encoder-esapi artifact (aka, ESAPI Thunk) when used with esapi-2.2.0.0-rc2.jar:
Note that this problem was described as part of your GitHub issue #30 but is not related to that. It was the serendipitous discovery caused by the non-pinned ESAPI transitive dependency that allowed this issue to be discovered.
If you want to eventually be able to support ESAPI 2.2.0.0 this will need to be fixed.
The text was updated successfully, but these errors were encountered: