Skip to content

ESAPI 2.2.3.0
Compare
Choose a tag to compare
@kwwall kwwall released this 24 Mar 04:14
· 334 commits to develop since this release
esapi-2.2.3.0
This tag was signed with the committer’s verified signature.
kwwall Kevin W. Wall
GPG key ID: 337995638A2A524F
Learn about vigilant mode.
67980b8
This commit was signed with the committer’s verified signature.
kwwall Kevin W. Wall
GPG key ID: 337995638A2A524F
Learn about vigilant mode.

This is a patch release with the primary intent of updating some dependencies, some with known vulnerabilities. Main update are:
-- AntiSamy, from 1.5.11 to 1.6.2.
-- As a result of the AntiSamy upgrade, the transitive dependency xercesImpl was updated from 2.12.0 to 2.12.1 which should address CVE-2020-14338.
-- Apache batik-css, updated from 1.13 to 1.14.

See the ESAPI 2.2.3.0 release notes for details.

Note the configuration jar and its detached signature are also attached. Also note that the 2 security advisories are (sort of) relevant if you are either using ESAPI's deprecated log4j 1.x logging or are concerned about your SCA tools popping up warnings about ESAPI:

Assets 4