ESAPI/esapi-java-legacy

Issues

• Fail to run Linux command with double quotes using executeSystemCommand

  #858 opened 24 days ago by raine93
  36

• 2.6.0.0 still using javax HttpServletRequest

  #863 opened 24 days ago by madmax138
  3

• Remove deprecated Validator.isValidSafeHTML methods

  #859 opened a month ago by kwwall
  1

• Update the logging properties to opt-out of the prefix events

  #844 opened 3 months ago by mickeyz07
  2

• Fix Typos

  #851 opened 3 months ago by DarioViva42
  1

• Update ESAPI pom to use latest version of AntiSamy (1.7.6)

  #847 opened 6 months ago by kwwall
  1

• ESAPI.encoder().canonicalize() converts "&or" or similar strings without having trailing semicolon as logical operator

  #846 opened 6 months ago by tusharkumawat
  4

• HTMLEntityCodec Mysteriously decodes &or

  #827 opened a year ago by xeno6696
  11

• Fix Encoder.getCanonicalizedURI(URI) for the test case of a double-ampersand in the HTML Query

  #826 opened 7 months ago by xeno6696
  1

• DefaultEncoder / getCanonicalizedURI returns mix encoding for HTML special characters

  #824 opened 7 months ago by xeno6696
  5

• ConcurrentModificationException

  #839 opened 7 months ago by JerryDevis
  9

• Validation does not work with esapi jakarta jar

  #837 opened 8 months ago by popa-raluca
  3

• Getting org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.

  #838 opened 9 months ago by PriyatamaB
  4

• Validator.isValidSafeHTML() is vulnerable as per CVE-2023-4780

  #835 opened 10 months ago by Adwait-Joshi94
  1

• java.io.FileNotFoundException Error in Logs When ESAPI.properties and validation.properties are in resources. and the application is up ,features are not working.

  #831 opened 10 months ago by sh26masood
  9

• easpi .properties and validation properties are present but still it is throwing error and the application is failing do you have any solution for this

  #832 opened 10 months ago by sh26masood
  3

• decode method doesn't work proper for some strings

  #814 opened a year ago by mukesh4804
  3

• canonicalize sees entity which isn't there

  #794 opened a year ago by bardware
  7

• Revert Dependency Check goal from 'purge' to 'check' once NVD API stops returning 503 'Service Unavailable' errors

  #815 opened a year ago by kwwall
  1

• Insecure default signature key length

  #798 opened a year ago by akwick
  3

• Option to omit event type prefix in logs

  #811 opened a year ago by RodolfoAndre
  1

• Fix Encoder.encodeForLDAP and Encoder.encodeForDN so they are strictly conformant with Section 3 of RFC 4515

  #812 opened a year ago by kwwall
  1

• Fix typo in comment in validation.properties files

  #808 opened a year ago by kwwall
  2

• Does esapi-java-legacy support jDK17

  #805 opened a year ago by JerryDevis
  1

• Change AntiSamy to eventually use SAX parser by default, but allow DOM parser to be used for backward compatibility

  #800 opened a year ago by kwwall
  0

• Logs printed using println() are always printed and no option to disable them.

  #796 opened a year ago by aabhasg
  2

• ESAPI excludes transitive dependency xalan from xom, but does not include it itself

  #795 opened a year ago by in-fke
  2

• Context should also be logged in HTMLValidationRule

  #793 opened a year ago by kwwall
  0

• ESAPI is not returning right logger level

  #780 opened 2 years ago by SalmanMohammedTR
  6

• Could not initialize class org. Owasp. Esapi. Reference. DefaultValidator

  #760 opened 2 years ago by SuperM-L
  6

• Add documenttion to CONTRIBUTING-TO-ESAPI.txt to mention signed commits are now required.

  #775 opened a year ago by kwwall
  2

• хз

  #792 opened a year ago by Koslx888
  1

• Fix Javadoc code example in ValidationErrorList

  #788 opened 2 years ago by kwwall
  0

• HTTPUtilities needs its Javadoc seriously reworked

  #783 opened 2 years ago by kwwall
  0

• Javadoc needs updated to correct links to OWASP ESAPI wiki page

  #781 opened 2 years ago by kwwall
  1

• Esapi giving issue working with graal native image

  #773 opened 2 years ago by kartik-kaushik
  1

• latest version of ESAPI 2.5.1.0 not working with spring boot 3.0, it gives classNotFound for javax.servlet.

  #770 opened 2 years ago by dwhacker
  2

• ESAPI 2.5.1.0 not working with spring boot 3.0, spring 6

  #769 opened 2 years ago by dwhacker
  2

• Add support for Jakarta Servlet API Specification

  #767 opened 2 years ago by guadgarcia
  3

• unable to locate resource: esapi-java-logging.properties

  #764 opened 2 years ago by RutujaPSonawane
  1

• JavaLogFactory is not loaded from ESAPI.properties file

  #761 opened 2 years ago by SubashJanarthanan
  1

• Upgrade batik-css-1.14 because of vulnerability

  #755 opened 2 years ago by pf-BenF
  4

• again ..

  #757 opened 2 years ago by happylife007
  3

• JSON encoder

  #754 opened 2 years ago by kwwall
  0

• Perform Release

  #752 opened 2 years ago by kwwall
  0

• Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception

  #747 opened 2 years ago by ss839x
  7

• Error in initializing org.owasp.esapi.logging.java.JavaLogFactory.

  #749 opened 2 years ago by Somdutta
  1

• ESAPI.securityConfiguration().setResourceDirectory(...) not considered anymore in loading of configuration via classloader

  #746 opened 2 years ago by nettermensch
  0

• Indirect dependency to vulnerable Xerces, CVE-2017-10355

  #743 opened 2 years ago by lathspell
  1

• Properties and properties files that are required, even if esapi logging is not used

  #742 opened 2 years ago by davidmichaelkarr
  3