[Esapi-user] 2.1 branch + status

Jim Manico jim.manico at owasp.org
Sun Apr 25 03:30:41 EDT 2010

Hello ESAPI Community,

I'm in the process of branching the 2.0 trunk to a 2.1 branch for our 
next development (documentation) sprint.

We are waiting for a review of the 2.0 rc6 Encryptor. It make take some 
time since individuals who are truly capable of this review are rare - 
and ones willing to do it as a volunteer are even rarer. OWASP runs on a 
shoe-string budget, we cannot afford professional review.

In fact, ESAPI-Java currently does not provide a production 
implemenentation of the full Encryptor interface. We deprecated 
encrypt/decrypt in the 1.4 branch - and 2.0 is still a RC. And I feel 
in-integrity with this decision. Applied crypto is hard - very hard - 
and I want to make sure that our next production 2.0 release is as close 
to "right" as possible.

Please stand by for more information. Thank you for your contined 
support of the OWASP ESAPI project.

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

More information about the Esapi-user mailing list