[OWASP-ESAPI] ESAPI 1.4 released!

Andrea Cogliati andrea.cogliati at owasp.org
Fri Nov 14 11:45:37 EST 2008


I've tried to build ESAPI 1.4 on both Mac OS X Leopard and Vista. I've  
got some failures in tests:

- testIsValidFileUpload fails on Leopard (expected, see comment in  
source code)
- testDoubleEncodingCanonicalization fails on both platforms
- testNormalize fails on Leopard
- testDoubleEncodingCanonicalization fails on Vista
- testLoad fails with an uncaught exception on both platforms


On Nov 3, 2008, at 5:03 PM, Kevin Fealey wrote:

> ESAPI 1.4 has been released!  The links to earlier versions of the  
> ESAPI have been deprecated on Google Code.  They are still  
> accessible, but will not display by default.  Here are some of the  
> changes in 1.4:
> 	• Updated Javadocs for interfaces to describe what reference  
> implementations should accomplish.
> 	• Fixed tags in Javadocs so parameter names, etc. should be correct.
> 	• Removed all references to interfaces that no longer exist.
> 	• Added Multi-platform support for ESAPI test cases.  They have  
> been tested for compatibility with MacOS X, Linux, Solaris, and  
> Windows Vista.
> 	• Updated Javascript codec to better follow the spec.
> 	• Added session tracking to User to track multiple sessions.
> 	• Updated Logger to read logging level out of ESAPI.properties.
> 	• Edited Logger to output to a file specified in the security  
> configuration.
> 	• Enhanced log output format.
> 	• Added methods to FileBasedAccessController to view data as  
> objects, rather than Strings.
> Our goal for this release was to enhance functionality and  
> usability, ie. make it easier for developers to use the API.  We  
> feel that by clarifying many topics in the Javadocs, it should be  
> much easier to get started with ESAPI.
> We've seen a solid response from people starting to use the ESAPI,  
> and we're getting a lot of questions about how some things work.   
> I'm going to try to add new content to the Wiki weekly to address  
> most of the questions, so please check back here regularly.
> Thanks,
> Kevin
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi

More information about the OWASP-ESAPI mailing list