[Esapi-user] State of affairs

Chris Schmidt chrisisbeef at gmail.com
Thu Nov 6 17:48:17 UTC 2014


Sverre -

The ESAPI project is still kicking - we are in active development for ESAPI
3.0 currently ( https://github.com/ESAPI/esapi-java ) and the 2.x code from
Google Code has been moved to GitHub (
https://github.com/ESAPI/esapi-java-legacy ).

Kevin is working with some folks on fixing bugs in the 2.x branch and we
are in the process of spinning up a new Confluence and JIRA on Atlassian
On-Demand. We also have our CI hosted at cloudbees (
https://esapi.ci.cloudbees.com/ )

AFAIK (Kevin can verify) CVE-2013-5960 and CVE-2013-5679 are fixed in
source, and we were awaiting a few final bug-fixes to issue a new release.

Thanks! Let us know if you have additional questions!

~Chris



On Thu, Nov 6, 2014 at 9:23 AM, Sverre Aleksandersen <
sverre.aleksandersen at gmail.com> wrote:

> Hi,
>
> I’m looking at ESAPI as part of a school project.
> After reading Kevin Walls blog post (
> http://off-the-wall-security.blogspot.no/2014/03/esapi-no-longer-owasp-flagship-project.html)
> and stackoverflow post (
> http://stackoverflow.com/questions/23396171/to-wrap-or-not-to-wrap-esapi/23575210#23575210)
> I’m wondering of ESAPIs state of affairs.
> Has it or will it be removed as a OWASP flagship project?
> Looking at the latest commit’s on github, it seems that theres at least
> some activity.
> What about CVE-2013-5960 and CVE-2013-5679? Have they been resolved?
> Any new releases planned?
>
> I’m struggling to find up-to-date information about ESAPI and it’s future.
>
> Best regards,
> Sverre Aleksandersen
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>


-- 
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20141106/1a31ed50/attachment.html>


More information about the Esapi-user mailing list