[OFBIZ-5343] Update owasp-esapi-java - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 14.12.01
Component/s: framework
Labels:
- esapi

Description

As reported by Christoph Neuroth at ~~OFBIZ-5254~~, we still use a patched version from ~~OFBIZ-3135~~ and it's time to update to last version

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OFBIZ-5343-Update owasp-esapi-java.patch
09/Oct/13 15:08
5 kB
Jacques Le Roux
logkit-1.0.1.jar
09/Oct/13 15:08
70 kB
Jacques Le Roux
esapi-2.1.0.jar
09/Oct/13 15:08
358 kB
Jacques Le Roux
commons-configuration-1.9.jar
09/Oct/13 15:08
350 kB
Jacques Le Roux

Issue Links

is duplicated by

OFBIZ-5795 Update esapi to 2.1.0

Closed

is part of

OFBIZ-1525 Issue to group security concerns

Open

is related to

OFBIZ-5254 Services allow arbitrary HTML for parameters with allow-html set to "safe"

Closed

OFBIZ-3135 In owasp-esapi-java, htmlCodec.decode is broken for all entities where entity.substr(0, x) exists

Closed

Activity

People

Assignee:: Jacopo Cappellato

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Oct/13 06:59

Updated:: 19/Feb/15 22:03

Resolved:: 31/Dec/14 17:31