[ https://issues.apache.org/jira/browse/OFBIZ-5343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790437#comment-13790437 ]
Jacques Le Roux commented on OFBIZ-5343: ---------------------------------------- I was working on this when I noticed this page: https://www.owasp.org/index.php?title=ESAPI-JavaStatus So the current stable release is still 1.4, and our patched version (OFBIZ-3135) still stands (I will rename it to owasp-esapi-full-java-1.4-patched-by-OFBIZ-3135.jar) Since I begin to work on this, here are some points worth to note: # The most important David's initial commits related to ESAPI introduction are: 741442 741466 741478 741496 741743 741755 741857 742053 742352 742355 742394 742412 742413 # The version 2.1.0 needs a change in StringUtil class (I attach OFBIZ-5343-Update owasp-esapi-java.patch anyway) # According to https://owasp-esapi-java.googlecode.com/svn/trunk_doc/1.4.4/site/dependencies.html, it seems commons-configuration-1.9.jar avalon-logkit-1.0.1.jar miss/ed in LICENSE file (not sure about this one, since it's about transitive dependencies, even 2 levels for logkit-1.0.1.jar that I renamed avalon-logkit-1.0.1.jar) # There are a lot of differences betwen the ESAPI.properties files (1.4 vs 2.1). I began to work on it, and apart the ones David commented out and moved at bottom, *all lines should be readed and reviewed* # I also attach the files which will be needed when moving forward 2.1+: commons-configuration-1.9.jar esapi-2.1.0.jar logkit-1.0.1.jar > Update owasp-esapi-java > ----------------------- > > Key: OFBIZ-5343 > URL: https://issues.apache.org/jira/browse/OFBIZ-5343 > Project: OFBiz > Issue Type: Task > Components: framework > Affects Versions: SVN trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Labels: esapi > Fix For: SVN trunk > > > As reported by Christoph Neuroth at OFBIZ-5254, we still use a patched > version from OFBIZ-3135 and it's time to update to last version -- This message was sent by Atlassian JIRA (v6.1#6144)