[Esapi-user] [Esapi-dev] ESAPI 2.0 rc7 (for Java 1.5+) is now live!

Kevin W. Wall kevin.w.wall at gmail.com
Sun Aug 29 09:48:48 EDT 2010


Jim Manico wrote:
> ESAPI 2.0 rc7 for Java 1.5 and above is now live!
> ...<deleted>...
> Major enhancements include:
> ...<deleted>...
> 5)  Additional Encryptor cleanup

Specifically, changes to make to Encryptor so that it is no longer
vulnerable to "padding oracle attacks" (issue #120) and fixes to
seal() so that it now properly works if the message being sealed
contains a ":" (issue #28).

And, in addition,

6) Examples should now work (if you follow directions in README.txt)
   whether ESAPI has been pulled from the SVN repository or downloaded
   from the zip file. (Issue #114.)

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the Esapi-user mailing list