Steinar Bang created SHIRO-885:
----------------------------------
Summary: Use OWASP Java Encoder with OSGi manifest
Key: SHIRO-885
URL: https://issues.apache.org/jira/browse/SHIRO-885
Project: Shiro
Issue Type: Improvement
Reporter: Steinar Bang
Shiro currently uses version 1.2.2 of the OWASP, encoder.
The MANIFEST.MF of this version of the encoder lacks OSGi headers, which
requires karaf to wrap it when loading the runtime dependencies of shiro:
{noformat}
175 │ Active │ 80 │ 0 │
wrap_file__home_sb_.m2_repository_org_owasp_encoder_encoder_1.2.2_encoder-1.2.2.jar
{noformat}
It would be nice not to have to rely on wrap in karaf, and it does look like
version 1.2.3 of the OWASP Encoder has OSGi headers.
Here is the MANIFEST.MF of version 1.2.3 of the OWASP encoder:
{noformat}
Manifest-Version: 1.0
Bundle-Description: The OWASP Encoders package is a collection of high
-performance low-overhead contextual encoders, that when utili
zed correctly, is an effective tool in preventing Web Applicat
ion security vulnerabilities such as Cross-Site Scripting.
Bundle-License: http://www.opensource.org/licenses/BSD-3-Clause
Bundle-SymbolicName: org.owasp.encoder
Built-By: jeremy
Bnd-LastModified: 1604861240860
Bundle-ManifestVersion: 2
Bundle-DocURL: https://www.owasp.org/
Bundle-Vendor: OWASP (Open Web-Application Security Project)
Tool: Bnd-3.3.0.201609221906
Originally-Created-By: Apache Maven Bundle Plugin
Export-Package: org.owasp.encoder;version="1.2.3"
Bundle-Name: Java Encoder
Bundle-Version: 1.2.3
Created-By: Apache Maven Bundle Plugin
Build-Jdk: 1.8.0_212
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
