Skip to content

2.5.2.0
Compare
Choose a tag to compare
@kwwall kwwall released this 13 Apr 03:42
· 53 commits to develop since this release
esapi-2.5.2.0
This tag was signed with the committer’s verified signature.
kwwall Kevin W. Wall
GPG key ID: 337995638A2A524F
Learn about vigilant mode.
15737a2
This commit was signed with the committer’s verified signature.
kwwall Kevin W. Wall
GPG key ID: 337995638A2A524F
Learn about vigilant mode.

Release Notes

The release notes for ESAPI release 2.5.2.0 are located at:
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.2.0-release-notes.txt

Configuration files located in configuration jar

Note that the attached file "esapi-2.5.2.0-configuration.jar" contains the default ESAPI configuration files intended for used in production. Download the file and unjar it via 'jar xf'. After you unjar that configuration jar, look under the 'configuration/' directory. Most of the files you are interested in are located under 'configuration/esapi', such as ESAPI.properties, validation.properties, etc. The attached file "esapi-2.5.2.0-configuration.jar.asc" is a detached GPG signature of that the file "esapi-2.5.2.0-configuration.jar" that was signed by ESAPI project co-lead, Kevin W. Wall.

CVEs addressed

  • CVE-2023-24998 was remediated. See Security Bulletin 11 for details.
  • CVE-2023-26119 was remediated. It is not yet know if it impacted ESAPI.

The release notes contain a more complete list of what has changed / fixed in ESAPI 2.5.2.0.

Assets 6
0 Join discussion