[Esapi-user] [Esapi-dev] [OWASP-ESAPI] Vulnerability alerts ....

Jim Manico jim.manico at owasp.org
Wed Jan 27 18:20:28 EST 2010


 > What are the current ETAs for 1.4.4 and 2.0?  The final release date 
will factor into which version we end up having to take.

I plan to release 1.4.4 this or next week
2.0 rc5 within 2 weeks, 2.0 GA in approximately 4 weeks, is my best guess.

- Jim



>
> On Wed, Jan 27, 2010 at 6:16 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     The truth is that we rushed out ESAPI 1.4.0 with a *large *number
>     of bugs - but this was somewhat disclosed since many of our unit
>     tests did not pass. Each of these point releases increase the
>     quality and integrity of the project.
>
>     I plan to release 1.4.4 this or next week so we finally, _*for the
>     first time*_, actually pass all the unit tests within the 1.4
>     branch. We will slow down releases after 1.4.4 unless something
>     critical comes up.
>
>     ESAPI 2.0 has a more mature release process in place We are on the
>     4th release *candidate* and do not intend to promote it to GA
>     until we have a release quality product.
>
>     I feel personally ashamed for all of the bleeding that early
>     adopters of ESAPI 1.4 have experienced. I get a lot of off-list
>     email with a wide variety of questions and problems.
>
>     But I feel that 1.4.4 will bring us to a place of better integrity
>     with ESAPI 1.4, which is why I wish to release it soon.
>
>     And we should all thank Ed Shaller for his many efforts in
>     cleaning up the 1.4 branch.
>
>     -- 
>     Jim Manico
>     OWASP Podcast Host/Producer
>     OWASP ESAPI Project Manager
>     http://www.manico.net  <http://www.manico.net/>
>
>
>
>
>
>>     My personal opinion is that that philosophy is more applicable to
>>     enterprise apps and hosted services/apps than products. Esapi is a
>>     product, doesn't matter that it's free, that attribute is irrelevant
>>     for purposes of this discussion. Once that major version number goes
>>     on, pencils down except for patches, and if there are an endless
>>     stream of patches, there are greater problems from either techology or
>>     process perspective or both. Fwiw, as are all my notes to the
>>     interweb. Redhat or someone need to take the bull by the horns, inject
>>     resources and more formal process, the php port for example is fun but
>>     now I need that done more than I need entertainment.
>>
>>     On 1/27/10, Jim Manico<jim.manico at owasp.org>  <mailto:jim.manico at owasp.org>  wrote:
>>        
>>>       >  What is the goal/philosopsy of these point releases?
>>>
>>>     http://en.wikipedia.org/wiki/Release_early,_release_often
>>>
>>>          
>>>>     I'm still a little bit concerned of the frequency of the 1.4 series
>>>>     releases as of late.  GIven Bernie's other thread re: a mailing list
>>>>     for vulerability patches, I don't want to consume 1.4.3 and then have
>>>>     to retest everything when 1.4.4 comes out in order to remian PA-DSS
>>>>     compliant.  What is the goal/philosopsy of these point releases?
>>>>
>>>>     On Tue, Jan 26, 2010 at 5:01 PM, Jim Manico<jim.manico at owasp.org  <mailto:jim.manico at owasp.org>
>>>>     <mailto:jim.manico at owasp.org>>  wrote:
>>>>
>>>>          >  Not to make this more complicated, but as of a few short months
>>>>          ago, 1.4.0 was the most recent stable version of ESAPI.  jump
>>>>          ahead to today, and 1.4.3 was just recently released.
>>>>
>>>>          Yes, (I think that) as the project matures we will be releasing
>>>>          more often. "Release Early, Release Often!"
>>>>
>>>>
>>>>          >  Is a point release like this going to have functionality or fixes?
>>>>
>>>>          Mostly just fixes. We have *added* new functionality that *helps*
>>>>          with integration (better configuration, mostly). But we are *not*
>>>>          changing any of the core interfaces in these point releases. I did
>>>>          add log4j support recently, but this is an "add on" that does not
>>>>          break backwards compatibility.
>>>>
>>>>          ESAPI 1.4.0 + 1.4.1 are honestly beta, at best. I do not recommend
>>>>          using either in a production environment. This is a controversial
>>>>          statement that is my opinion only. 1.4.2 is significantly more
>>>>          stable and 1.4.3 is mostly a fix to the unit test mechanism. At
>>>>          bare mininum, upgrade to ESAPI 1.4.2 now.
>>>>
>>>>          However, this does NOT apply to release candidates for the 2.0
>>>>          branch. We have been and will continue to change the core of the
>>>>          ESAPI 2.0 branch (trunk) until 2.0 is finalized (GA). Once 2.0 is
>>>>          at GA, I agree that we should not make core changes (ie: changes
>>>>          to the core interfaces).
>>>>
>>>>          Acceptable, Rob? Thoughts - anyone else?
>>>>
>>>>          - Jim
>>>>
>>>>
>>>>          2010-01-26 06:41:05 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Since 1.4.3 is out, fix version to 1.4.4-SNAPSHOT...
>>>>
>>>>
>>>>          2010-01-26 06:39:14 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Lots of little fixes for compiler warnings in eclipse in the 1.4
>>>>             branch. There are still a lot but now there are less...
>>>>
>>>>
>>>>          2010-01-26 01:18:45 HST  manico.james
>>>>
>>>>             1.4.3 final!
>>>>
>>>>          2010-01-24 11:07:43 HST  manico.james
>>>>
>>>>             code comment clarification for order of property file loading
>>>>
>>>>          2010-01-23 21:52:42 HST  manico.james
>>>>
>>>>              if .esapi folder not found or does not contain
>>>>          ESAPI.properties, look for a directory named 'resources' on the
>>>>          classpath
>>>>
>>>>          2010-01-21 08:31:11 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Unit test for previous commit.
>>>>
>>>>
>>>>          2010-01-21 08:15:35 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Handle null from getResource when a resource is not found.
>>>>          Instead of a
>>>>             NPE being thrown, a FileNotFoundException is which is inline
>>>>          with the
>>>>             javadocs for the method that say a IOException is thrown "If
>>>>          the file
>>>>             cannot be found or opended for reading."
>>>>
>>>>
>>>>          2010-01-21 08:13:23 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Change version from 1.4.2 to 1.4.3-SNAPSHOT so a stray mvn install
>>>>             doesn't mess up local repositories.
>>>>
>>>>
>>>>          2010-01-18 03:58:31 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Add wrapped getDisableIntrusionDetection() and change to concrete
>>>>             instead of abstract so missing methods cause compilation errors
>>>>          with
>>>>             this instead of subclasses of it (not that direct instances of this
>>>>             class are very useful...).
>>>>
>>>>
>>>>          2010-01-18 00:43:02 HST  manico.james
>>>>
>>>>             1.4.2 final!
>>>>
>>>>          2010-01-18 00:36:40 HST  manico.james
>>>>
>>>>             pom now titled 1.4.2
>>>>
>>>>          2010-01-17 19:58:51 HST  manico.james
>>>>
>>>>             backported spaces in resource paths per 1.5 changes
>>>>
>>>>          2010-01-17 15:49:29 HST  manico.james
>>>>
>>>>             cleanup of new intrusion disable code
>>>>
>>>>          2010-01-17 15:29:03 HST  manico.james
>>>>
>>>>             properly defaulting intrusion detection disabling to false
>>>>
>>>>          2010-01-17 15:00:10 HST  manico.james
>>>>
>>>>             Allows for complete disabling of the ESAPI intrusion detector.
>>>>          Reference implementation ESAPI.properties defaults intrusion
>>>>          detection to ON.
>>>>
>>>>          2010-01-17 14:41:54 HST  manico.james
>>>>
>>>>             deprecating encrypt/decrypt functions due to weak crypto
>>>>
>>>>          2010-01-17 13:41:00 HST  manico.james
>>>>
>>>>             undoing the 2.0->1.4 Encoder changes
>>>>
>>>>          2010-01-17 12:09:15 HST  manico.james
>>>>
>>>>             backported the entire 1.5 encoder mechanism back to 1.4
>>>>
>>>>          2010-01-17 12:04:31 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Make patterns private static in SafeFile instead of one per
>>>>          instance.
>>>>
>>>>             Remove some more characters from the tests so that it passes as
>>>>          is in
>>>>             windows. SafeFile needs work but now isn't the time for it.
>>>>
>>>>
>>>>
>>>>          2010-01-17 06:33:50 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Add commented sections of pom.xml and external-1.4-jdk.txt
>>>>          containing
>>>>             information on how to have Maven compile and run tests with an
>>>>          external
>>>>             1.4 JDK.
>>>>
>>>>
>>>>
>>>>          2010-01-16 16:53:23 HST  manico.james
>>>>
>>>>             Removing System.out.printlns
>>>>
>>>>          2010-01-16 16:51:34 HST  manico.james
>>>>
>>>>             Fix to filepath validation including relevant unit tests.
>>>>
>>>>          2010-01-16 15:42:47 HST  manico.james
>>>>
>>>>             normalize removed from codebase completely
>>>>
>>>>          2010-01-16 09:19:16 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Use the "basedir" system property to find the
>>>>          src/test/resources directory
>>>>             containing the config files for tests.
>>>>
>>>>
>>>>          2010-01-16 08:15:42 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Change the CSS encoding in 1.4 to be like the version in 2.0.
>>>>          Update
>>>>             the EncoderTest to handle this change.
>>>>
>>>>
>>>>          2010-01-16 00:43:55 HST  manico.james
>>>>
>>>>          http://code.google.com/p/owasp-esapi-java/issues/detail?id=90
>>>>          backported to the 1.4 branch
>>>>
>>>>          2010-01-15 19:18:16 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Fixes for Encryptedproperties, DefaultEncryptedProperties and
>>>>             EncryptedPropertiesTest in 1.4. These will be migrated to 2.0 in my
>>>>             next commit.
>>>>
>>>>             Modify DefaultEncrypedProperties#getProperty(String) to return
>>>>          null when
>>>>             the key does not exist. This is more inline with what users
>>>>          will expect
>>>>             as it is what java.util.Properties#getProperty(String) does.
>>>>          Previously
>>>>             this would throw a NullPointerException in
>>>>          Base64#decode(String) when
>>>>             it tried to decode null which was confusing at best.
>>>>
>>>>             Modify javadoc for EncryptedProperties#getProperty(String) to
>>>>          define
>>>>             the expected behavior in the case of a non-existent key.
>>>>
>>>>             Add EncryptedPropertiesTest#testNonExistantKey() to test the
>>>>          behavior
>>>>             of non-existent keys in isolation.
>>>>
>>>>             Modify EncryptedPropertiesTest#testGetProperty() to not expect an
>>>>             Exception to be thrown in the case of a non-existant key.
>>>>
>>>>             Modify EncrypedPropertiesTest#testKeySet() to not depend on the
>>>>          order
>>>>             of the keys in the key set.
>>>>
>>>>             Combine EncrypedPropertiesTest#testStore()
>>>>             and EncryptedPropertiesTest#testLoad() into
>>>>             EncryptedProperties#testStoreLoad() as testLoad() depended on
>>>>          testStore()
>>>>             running first which I'm not sure junit/surefire guarantees.
>>>>          Also modify
>>>>             to write to and read from a byte array input and output stream
>>>>          to avoid
>>>>             managing a temporary file.
>>>>
>>>>             Remove EncryptedProperties#main(String[]) as it wasn't worth
>>>>          porting the
>>>>             above to it and mvn -Dtest=EncryptedPropertiesTest test is
>>>>          functionally
>>>>             equivalent to what was originally desired.
>>>>
>>>>             I think that's all...
>>>>
>>>>
>>>>
>>>>          2010-01-15 17:47:48 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Change setCurrentHTTP to not attempt to wrap a null request or null
>>>>             response.
>>>>
>>>>
>>>>          2010-01-15 11:34:55 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Lots of changes to rather broken tests in SafeFileTest. Tests that
>>>>             were testing java.io.File were modified to actually test
>>>>          SafeFile or
>>>>             removed. Further, printing of test results and not using junit
>>>>          was fixed.
>>>>
>>>>             As there haven't been major changes to SafeFile this change to
>>>>             SafeFileTest will be commited to the 2.0 branch as well.
>>>>
>>>>
>>>>          2010-01-15 03:48:25 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Fix HTTPUtilitiesTest that was trying to use the resources
>>>>          directory
>>>>             which was null causing a NPE.
>>>>
>>>>             This also adds some file test utilities for creating temporary
>>>>          directories
>>>>             and recursively removing them. This may be worth forwarding to
>>>>          2.0 at
>>>>             some point to help cleanup other file based unit tests there as
>>>>          well.
>>>>
>>>>
>>>>          2010-01-15 03:45:08 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Fix unix test in a similar fashion to how it was fixed in the
>>>>             2.0 branch. This required the reimplemnentation/backport of
>>>>             SecurityConfigurationWrapper for 1.4 as well.
>>>>
>>>>
>>>>          2010-01-15 03:42:05 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Fix unix test that expects /bin/sh to be a directory.
>>>>
>>>>             Note that this was also previously fixed in the 2.0 branch.
>>>>
>>>>
>>>>          2010-01-15 03:39:18 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Remove unneeded cast to DefaultSecurityConfiguration which also
>>>>          prevents
>>>>             other implementations of SecurityConfiguration from working.
>>>>
>>>>             Note that this was previously fixed in the 2.0 branch.
>>>>
>>>>
>>>>          2010-01-14 12:43:11 HST  manico.james
>>>>
>>>>             validation doc cleanup
>>>>
>>>>          2010-01-13 14:58:20 HST  manico.james
>>>>
>>>>             documentation cleanup for validation
>>>>
>>>>          2010-01-13 14:42:05 HST  manico.james
>>>>
>>>>             documentation cleanup for validation
>>>>
>>>>          2009-12-13 18:12:09 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             CSSCodec:
>>>>                 switch back to back slash self for printable ascii
>>>>             EncoderTest:
>>>>                 fix tests that got messed up by back ports and such
>>>>                 normalize still fails but this is known (issue 74)
>>>>                 double encoding fails and needs checking
>>>>
>>>>
>>>>          2009-12-13 17:37:11 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             HashTrieTest#testValues() was throwing a ClassCastException in the
>>>>             sort. It turns out Boolean is not Comparable in 1.4 but is in
>>>>          1.5. This
>>>>             has been changed to Integer in the 1.4 branch.
>>>>
>>>>
>>>>          2009-12-13 17:10:02 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Fix issue 15 by extending HttpServlet{Request,Response}Wrapper
>>>>          instead
>>>>             of just implementing HttpServlet{Request,Response}. As this
>>>>          change only
>>>>             changes this classes super class (no longer java.lang.Object)
>>>>          and the
>>>>             interfaces are the same this shouldn't cause existing code issues.
>>>>
>>>>             This does fix the problem where containers expect to be able to
>>>>          unwrap
>>>>             their original request in the wrapped one.
>>>>
>>>>
>>>>          2009-12-13 16:07:55 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             CSSCodec:
>>>>                 fix issues with backslash self for hex digits (issue 77)
>>>>                 split out tests from CodecTest
>>>>                 add tests to verify lack of regression for issue 77
>>>>                 change to not encode alphanumerics
>>>>             HTMLEntityCodec:
>>>>                 fix theta/thetasym issues with decoding by backporting 2.0 fix
>>>>                     (issue 45)
>>>>             JavaScriptCodec:
>>>>                 fix corner case which would throw a
>>>>          IndexOutOfBoundsException (issue 78)
>>>>                 changed massive if (a) ret, if(b) ret, to switch statement
>>>>             PercentCodec:
>>>>                 back port percent codec fixes for issue 75
>>>>             CodecTest:
>>>>                 back ported to 1.4
>>>>                 modify some tests to work with 1.4 as 1.4 encodes
>>>>          somethings differently
>>>>
>>>>             I think that's all...
>>>>
>>>>
>>>>
>>>>          2009-12-08 12:28:03 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Big nasty patch to back port the XMLEntityCodec to 1.4. This
>>>>          includes
>>>>             most of the functionality needed for the HTMLCodec fix which is
>>>>          next. This
>>>>             includes codec.HashTrieTest, util.NullSafe and
>>>>          util.CollectionsUtil.
>>>>
>>>>             Two new classes have been added:
>>>>
>>>>             codec.AbstractCodec:
>>>>
>>>>             This is a base abstract codec.Codec implementation to
>>>>             ease porting. In 1.4 Codec is a interface and in 2.0 it is a
>>>>          abstract
>>>>             class. Ports back to 1.4 ca use AbstractCodec as their base
>>>>          instead.
>>>>
>>>>             util.PrimWrap:
>>>>
>>>>             This is a simple class to wrap primitives in their java.lang
>>>>          classes. This
>>>>             is here to help back porting of auto boxing code from the 2.0
>>>>          branch. By
>>>>             using this instead of new Character(), etc we can easily
>>>>          implement our
>>>>             own fly weight caching of these objects as 1.5 does in it's
>>>>          auto boxing
>>>>             if and when the overhead incurred in creating new objects each time
>>>>             becomes a issue.
>>>>
>>>>
>>>>
>>>>          2009-12-08 12:11:30 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Remove use of sun proprietary normalize method. This breaks
>>>>          this method's
>>>>             functionality which I do not like. However, this is what has
>>>>          been done
>>>>             in the 2.0 branch. There is code commented out in the 2.0
>>>>          branch to use
>>>>             the new java.text.Normalize however that is only available in
>>>>          1.6. To
>>>>             make matters worse, the interface to the sun proprietary
>>>>          version has
>>>>             changed and, as is, this will not compile with latter jdks (at
>>>>          least
>>>>             1.6). I am adding a issue to document and remind us about this.
>>>>
>>>>
>>>>
>>>>          2009-12-07 12:53:53 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Change version of Junit library to 3.8.1 instead of 4.4. ESAPI
>>>>          1.4 is
>>>>             targeted at Java 1.4 and Junit 4 requires Java 1.5 (aka 5.0).
>>>>          This change
>>>>             allows tests to build with a Java 1.4 compiler.
>>>>
>>>>
>>>>
>>>>          2009-12-07 12:50:29 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             Backport current JSP tag libraries from 2.0rcs to 1.4.1rcs
>>>>
>>>>             No changes were needed.
>>>>
>>>>
>>>>
>>>>          2009-12-06 01:04:48 HSTschallee at darkmist.net  <mailto:schallee at darkmist.net>
>>>>          <mailto:schallee at darkmist.net>
>>>>
>>>>             ignore and delete target directory
>>>>
>>>>
>>>>          2009-12-04 19:26:17 HST  manico.james
>>>>
>>>>             update
>>>>
>>>>          2009-12-04 19:25:28 HST  manico.james
>>>>
>>>>             fix to ESAPI log4j configuration
>>>>
>>>>          2009-12-04 19:24:27 HST  manico.james
>>>>
>>>>             allowing configuration of Log4J logger in properties file
>>>>
>>>>          2009-12-04 19:21:07 HST  manico.james
>>>>
>>>>             setting perm ignore on target folder
>>>>
>>>>          2009-12-04 19:17:21 HST  manico.james
>>>>
>>>>             Log4J logger in the 1.4 style of logging is now compiling correctly
>>>>
>>>>          2009-12-04 18:55:53 HST  manico.james
>>>>
>>>>             fixing settings for forbidden apis (now just warn; normalize)
>>>>
>>>>          2009-12-04 18:48:00 HST  manico.james
>>>>
>>>>             more cleanup....
>>>>
>>>>          2009-12-04 18:02:33 HST  manico.james
>>>>
>>>>             fixed issues with Logging
>>>>
>>>>          2009-12-04 17:47:59 HST  manico.james
>>>>
>>>>             significant fixes to pom.xml
>>>>
>>>>          2009-12-04 17:40:19 HST  manico.james
>>>>
>>>>             more reorg of code for maven
>>>>
>>>>          2009-12-04 17:38:02 HST  manico.james
>>>>
>>>>             target should not be checked in, sorry (x3)
>>>>
>>>>          2009-12-04 17:37:38 HST  manico.james
>>>>
>>>>             more reorg of code for maven
>>>>
>>>>          2009-12-04 17:29:05 HST  manico.james
>>>>
>>>>             target should not be checked in, sorry (x2)
>>>>
>>>>          2009-12-04 17:28:33 HST  manico.james
>>>>
>>>>             moving code to proper directories
>>>>
>>>>          2009-12-04 17:24:46 HST  manico.james
>>>>
>>>>             target should not be checked in, sorry
>>>>
>>>>          2009-12-04 17:21:44 HST  manico.james
>>>>
>>>>             fixing pom...
>>>>
>>>>          2009-12-04 17:03:37 HST  manico.james
>>>>
>>>>             pom cleanup
>>>>
>>>>          2009-12-04 16:49:19 HST  manico.james
>>>>
>>>>             removed sealing code so building working for now.
>>>>
>>>>          2009-12-04 16:39:53 HST  manico.james
>>>>
>>>>             Maven integration working
>>>>
>>>>          2009-12-04 16:36:21 HST  manico.james
>>>>
>>>>             updating maven
>>>>
>>>>          2009-12-04 16:22:55 HST  manico.james
>>>>
>>>>             backwards compatible fix.
>>>>
>>>>          2009-12-04 16:02:34 HST  manico.james
>>>>
>>>>             upgrade to latest Eclipse
>>>>
>>>>          2009-12-04 16:02:19 HST  manico.james
>>>>
>>>>             Fix to OracleCodec, small formatting change to MySQLCodec
>>>>
>>>>
>>>>            
>>>     --
>>>     Jim Manico
>>>     OWASP Podcast Host/Producer
>>>     OWASP ESAPI Project Manager
>>>     http://www.manico.net  <http://www.manico.net/>
>>>
>>>
>>>          
>>        
>
>
>


-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100127/eed32053/attachment-0001.html 


More information about the Esapi-user mailing list