[OWASP-ESAPI] When will ESAPI Java version 2.0rc1 be released?
jeff.williams at owasp.org
Thu May 14 23:38:40 EDT 2009
There has been quite a lot of activity recently, I'm sorry for not posting
here more. All the details are in SVN, and you can build the latest version
with Maven easily. All the test cases pass but we're not quite finished with
some of the updates and features.
We haven't set an exact date but I expect that we'll release v2.0rc1 in a
few weeks. If anyone wants a sneak peek of version 2.0 now, I'd be happy to
make one available. It's fairly stable, but we are testing the new features.
Version 2.0 implements many recommendations from the ESAPI Summit,
particularly internationalization, access control extensibility, and
validator extensibility. We've also added a web application firewall so that
*every* Java web application can easily deploy global protections and
In addition, a full line-by-line review was performed by one of the major
systems integrators. They suggested a number of important improvements that
we've almost completed.
Here's the list of organizations using ESAPI. There are a lot more who like
the idea and are investigating. If your organization is using ESAPI, please
let me know!
* American Express
* Apache Foundation
* Booz Allen Hamilton
* Aspect Security
* Foundstone (McAfee)
* The Hartford
* Infinite Campus
* Nationwide Insurance
* U.S. Navy - SPAWAR
* The World Bank
* SANS Institute
> -----Original Message-----
> From: owasp-esapi-bounces at lists.owasp.org [mailto:owasp-esapi-
> bounces at lists.owasp.org] On Behalf Of Paul Grove
> Sent: Thursday, May 14, 2009 5:58 PM
> To: owasp-esapi at lists.owasp.org
> Subject: [OWASP-ESAPI] When will ESAPI Java version 2.0rc1 be released?
> I am looking at integrating ESAPI with Spring and JSF/Facelets and
> would like to use ESAPI 2.0
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
More information about the OWASP-ESAPI