[Esapi-user] WAF

Chris Schmidt chris.schmidt at owasp.org
Wed Mar 9 18:31:14 EST 2011

This is very risky to remove before the 2.0 GA Release. Can we just
deprecate it for GA and remove it in a subsequent version?

This isn't the first time this conversation has come up.

On 3/9/11 6:03 PM, "Christian Heinrich" <christian.heinrich at owasp.org>

> Jim,
> On Tue, Mar 8, 2011 at 5:16 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> I agree 100% that the ESAPI WAF should be split out into its own
>> project. Arshan (the original author) asked for this in the first place!
>> How about we start a new project: owasp-java-waf to work on this code
>> standalone?
>> Arshan, are you ok with this sir?
> The proposed transitional roadmap would be:
> 1. Import the current Java WAF code from the current ESAPI RC into a
> separate (i.e. new) SVN repository.
> 2. Remove the Java WAF code from the next release of ESAPI RC and
> update the changelog referencing the new repository.
> 3. Mark the outstanding issues regarding WAF on the ESAPI Java as
> closed but assigned to the new repository.
> I haven't heard from Arshan yet - would it be possible to simply give
> him commit access to the new repository if we don't receive a
> response?

Chris Schmidt
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
Blog: http://yet-another-dev.blogspot.com

More information about the Esapi-user mailing list