Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ESAPI/esapi-java-legacy
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: esapi-2.6.2.0
Choose a base ref
...
head repository: ESAPI/esapi-java-legacy
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: esapi-2.7.0.0
Choose a head ref
  • 19 commits
  • 26 files changed
  • 3 contributors

Commits on Jun 3, 2025

  1. Modify pom.xml for next planned release.

    @kwwall
    kwwall committed Jun 3, 2025
    Configuration menu
    Copy the full SHA
    9ac6c97 View commit details
    Browse the repository at this point in the history

  2. Update latest version to 2.6.2.0

    @kwwall
    kwwall committed Jun 3, 2025
    Configuration menu
    Copy the full SHA
    bc0d887 View commit details
    Browse the repository at this point in the history

Commits on Jun 9, 2025

  1. Sdd comment about doclint options.

    @kwwall
    kwwall committed Jun 9, 2025
    Configuration menu
    Copy the full SHA
    849c15e View commit details
    Browse the repository at this point in the history

  2. Add 2 properties associated w/ disabling stuff by default.

    @kwwall
    kwwall committed Jun 9, 2025
    Configuration menu
    Copy the full SHA
    40026bf View commit details
    Browse the repository at this point in the history

  3. Class for new unchecked exception type.

    @kwwall
    kwwall committed Jun 9, 2025
    Configuration menu
    Copy the full SHA
    436fee5 View commit details
    Browse the repository at this point in the history

  4. Miscellaneous Javadoc enhancements.

    @kwwall
    kwwall committed Jun 9, 2025
    Configuration menu
    Copy the full SHA
    1da613b View commit details
    Browse the repository at this point in the history

  5. Fix Javadoc typos. Shout-out to @sempf for spotting most of these.

    @kwwall
    kwwall committed Jun 9, 2025
    Configuration menu
    Copy the full SHA
    2d444b9 View commit details
    Browse the repository at this point in the history

Commits on Jun 10, 2025

  1. Fix to spelling errors in the class javadoc.

    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    02f4a91 View commit details
    Browse the repository at this point in the history

  2. Fix 2 typos identified by @xeno6696.

    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    8225a67 View commit details
    Browse the repository at this point in the history

  3. Changed the tongue-in-cheek propert names to the actual ones we are u… 

    …sing.
    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    61de71f View commit details
    Browse the repository at this point in the history

  4. Changed the tongue-in-cheek property names to the actual ones we are … 

    …using.
    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    06d0ff2 View commit details
    Browse the repository at this point in the history

  5. hanged the tongue-in-cheek property names to the actual ones we are u… 

    …sing.
    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    a10e323 View commit details
    Browse the repository at this point in the history

  6. Add missing newline.

    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    844eb0c View commit details
    Browse the repository at this point in the history

  7. New property file for testing DefaultEncoder.encodeForSQL when it's 

    method is not explicitly enabled. Should result in a NotConfiguredByDefaultException being thrown.
    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    eb425bb View commit details
    Browse the repository at this point in the history

  8. Added 2 new field names whose values are the 2 new property names.

    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    0129740 View commit details
    Browse the repository at this point in the history

  9. Added Javadoc to encodeForSQL method regarding how to enabled it.

    @kwwall
    kwwall committed Jun 10, 2025
    Configuration menu
    Copy the full SHA
    23a2b76 View commit details
    Browse the repository at this point in the history

Commits on Jun 11, 2025

  1. Merge pull request #886 from kwwall/develop 

    Javadoc enhancements
    @xeno6696
    xeno6696 authored Jun 11, 2025
    Configuration menu
    Copy the full SHA
    e232291 View commit details
    Browse the repository at this point in the history

Commits on Jun 27, 2025

  1. Merging Private Branch contents from Kevin's Repo. (#888) 

    * Fix javadoc botch forgetting to end italics. :(

* Added new static method 'isMethodExplicityEnabled' abd other minor Javadoc tweaks.

* Added default exception message if one wasn't specified or was empty.

* Changed to use a more politically correct property name. But I still
like 'ESAPI.enableLegCannonModeAndGetMyAssFired.justification' better.  ;-)

* Add code to ensure that DefaultEncoder.encodeForSQL is explicity enabled if someone wants to use it.

* Updating ESAPI util for ExplictMethod verify

Updating parameter null check to test null case.
Removing null check on property result (if null ConfigurationException
is thrown).

Simplifying return from method to verify response is not empty.

* ESAPI methodEnabled Tests

Adding branch testing for ESAPI.isMethodExplicitlyEnabled behavior to
account for parameter cases.

Only case not covered is providing an ESAPI.properties that does not
contain the new key.

* Test Coverage

using the SecurityConfigurationWrapper to verify remaining test case
when a ConfigurationException is thrown when the new property is
missing or undefined.

* Added deprecations, deprecation warnings, and other Javadoc refinements.

* Reference specific CVE ID for logged message.

* Change from EVENT_FAILURE to SECURITY_FAILURE, because it potentially is, despite best intentions.

* Draft #2. Needs reviewd and completed. Track changes disabled.

* Apparently {@inheritdoc} doesn't inherit @deprecated from interfaces.
Plus minor type fix ('class' ==> 'method').

* Draft 3 - completed several more sections.

* Minor corrections to ESAPI Security Bulletin #13.

* Update to FileUploads 1.6.0 to address CVE-2025-48976, which likely didn't affect HTTPUtilities.getFileUploads interaces anyway.

* Implement java.util.function.Supplier since we are using Java 8 for a while.

* Incorporate Jeremiah Stacey's feedback.

* Incorporate Erika von Kampen's feedback.

* Final draft of Security Bulletin #13 until CVE published. (Need to include its summary description.)

* Fix minor typos.

* Update versions of spotbugs-maven-plugin and maven-pmd-plugin.

* Update previous release date.

* release info for 2.7.0.0

* ESAPI 2.7.0.0 release notes.

---------

Co-authored-by: kwwall <[email protected]>
Co-authored-by: jeremiah.stacey <[email protected]>
    @xeno6696 @kwwall @jeremiahjstacey
    3 people authored Jun 27, 2025
    Configuration menu
    Copy the full SHA
    f75ac2c View commit details
    Browse the repository at this point in the history

  2. Remove '-SNAPSHOT' from release # to prep official release.

    @kwwall
    kwwall committed Jun 27, 2025
    Configuration menu
    Copy the full SHA
    0fa4c0f View commit details
    Browse the repository at this point in the history
Loading