[OWASP-ESAPI] ESAPI 1.4 released!
andrea.cogliati at owasp.org
Fri Nov 14 11:45:37 EST 2008
I've tried to build ESAPI 1.4 on both Mac OS X Leopard and Vista. I've
got some failures in tests:
- testIsValidFileUpload fails on Leopard (expected, see comment in
- testDoubleEncodingCanonicalization fails on both platforms
- testNormalize fails on Leopard
- testDoubleEncodingCanonicalization fails on Vista
- testLoad fails with an uncaught exception on both platforms
On Nov 3, 2008, at 5:03 PM, Kevin Fealey wrote:
> ESAPI 1.4 has been released! The links to earlier versions of the
> ESAPI have been deprecated on Google Code. They are still
> accessible, but will not display by default. Here are some of the
> changes in 1.4:
> • Updated Javadocs for interfaces to describe what reference
> implementations should accomplish.
> • Fixed tags in Javadocs so parameter names, etc. should be correct.
> • Removed all references to interfaces that no longer exist.
> • Added Multi-platform support for ESAPI test cases. They have
> been tested for compatibility with MacOS X, Linux, Solaris, and
> Windows Vista.
> • Added session tracking to User to track multiple sessions.
> • Updated Logger to read logging level out of ESAPI.properties.
> • Edited Logger to output to a file specified in the security
> • Enhanced log output format.
> • Added methods to FileBasedAccessController to view data as
> objects, rather than Strings.
> Our goal for this release was to enhance functionality and
> usability, ie. make it easier for developers to use the API. We
> feel that by clarifying many topics in the Javadocs, it should be
> much easier to get started with ESAPI.
> We've seen a solid response from people starting to use the ESAPI,
> and we're getting a lot of questions about how some things work.
> I'm going to try to add new content to the Wiki weekly to address
> most of the questions, so please check back here regularly.
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
More information about the OWASP-ESAPI