Release 2.4.0.0 · ESAPI/esapi-java-legacy

Release notes for ESAPI release 2.4.0.0 are located at:
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt

IMPORTANT:

This release is NOT compatible with Java 7. Java 8 or later is required to use this version of ESAPI. The ESAPi 2.3.0.0 release was the last release to support Java 7.
This release of ESAPI fixes an older DoS vulnerability (CVE-2022-28366) that we were unable to patch while supporting Java 7 as the minimal JDK, as well as a newer DoS vulnerability (CVE-2022-29546) that previously did not have a CVE ID during our 2.3.0.0 release. ESAPI users might have seen either of these DoS vulnerabilities manifested via Validator.isValidSafeHTML() and Validator.getValidSafeHTML() in previous releases.

Finally, note that the file "esapi-2.4.0.0-configuration.jar" (see below) contains the default ESAPI configuration files under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file "esapi-2.4.0.0-configuration.jar.asc" is a GPG signature of that jar file made by 'Kevin W. Wall (GitHub signing key) [email protected]'.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2.4.0.0