GitHub / ESAPI/esapi-java-legacy issues and pull requests
#907 - gracefully handle null within 'stripControls', #906
Pull Request -
State: open - Opened by ThrawnCA about 1 month ago
- 2 comments
#901 - More tests
Pull Request -
State: open - Opened by jeremiahjstacey 4 months ago
- 1 comment
#900 - Ossrh Migration Support
Pull Request -
State: open - Opened by jeremiahjstacey 5 months ago
- 3 comments
#898 - Patch CVE-2025-48924 : commons-lang:2.6 to commons-lang3:3.19.0
Pull Request -
State: closed - Opened by duttonw 5 months ago
- 1 comment
#897 - [JDK17] I thought you moved to Jakarta
Issue -
State: closed - Opened by paulpozicheun 7 months ago
- 2 comments
#895 - Fixes #894. Remove outdated commons-lang and commons-configuration dependencies with problematic CVEs.
Pull Request -
State: open - Opened by sabbott1877 8 months ago
#895 - Fixes #894. Remove outdated commons-lang and commons-configuration dependencies with problematic CVEs.
Pull Request -
State: open - Opened by sabbott1877 8 months ago
- 10 comments
#894 - Upgrade to use Commons-Lang3
Issue -
State: open - Opened by Zokal84 8 months ago
Labels: enhancement
#893 - Four tests failing with "UnsupportedOperation This method has been removed for security."
Issue -
State: open - Opened by wilx 8 months ago
- 2 comments
#892 - Fixed botched property name in configuration/esapi/ESAPI.properties
Issue -
State: closed - Opened by kwwall 8 months ago
- 1 comment
Labels: bug, Configuration
#891 - Migrate from Sonatype's OSSRH to Sonatype's Central Repository Portal
Issue -
State: open - Opened by kwwall 8 months ago
- 25 comments
Labels: help wanted, Priority-High, Component-Docs, Build-Maven
#888 - Merging Private Branch contents from Kevin's Repo.
Pull Request -
State: closed - Opened by xeno6696 9 months ago
- 2 comments
#888 - Merging Private Branch contents from Kevin's Repo.
Pull Request -
State: open - Opened by xeno6696 9 months ago
#887 - fix: CVE-2024-47554 vulnerability
Pull Request -
State: closed - Opened by gustavonj 9 months ago
- 2 comments
#886 - Javadoc enhancements
Pull Request -
State: closed - Opened by kwwall 9 months ago
- 2 comments
Labels: javadoc
#886 - Javadoc enhancements
Pull Request -
State: closed - Opened by kwwall 9 months ago
- 2 comments
Labels: javadoc
#884 - Prep work for ESAPI release 2.6.2.0
Pull Request -
State: open - Opened by kwwall 9 months ago
#884 - Prep work for ESAPI release 2.6.2.0
Pull Request -
State: closed - Opened by kwwall 9 months ago
#883 - Update Apache Commons BeanUtils from 1.9.4 to 1.11.0 to address CVE-2025-48734
Issue -
State: closed - Opened by kwwall 9 months ago
- 1 comment
Labels: bug, Vulnerable Dependencies
#882 - Fix guessed release date for 2.6.1.0 to its actual release date.
Pull Request -
State: closed - Opened by kwwall 9 months ago
#882 - Fix guessed release date for 2.6.1.0 to its actual release date.
Pull Request -
State: closed - Opened by kwwall 9 months ago
#881 - Bump commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0
Pull Request -
State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, java
#879 - 2.6.1.0 release prep
Pull Request -
State: closed - Opened by kwwall 10 months ago
#879 - 2.6.1.0 release prep
Pull Request -
State: closed - Opened by kwwall 10 months ago
#876 - Upgrade version of antisamy to 1.7.8 to update transitive dependency affected by CVE-2025-27820
Issue -
State: closed - Opened by NilsRenaud 10 months ago
- 1 comment
Labels: enhancement
#875 - [Snyk] Security upgrade org.owasp.antisamy:antisamy from 1.7.7 to 1.7.8
Pull Request -
State: closed - Opened by kwwall 10 months ago
- 2 comments
#875 - [Snyk] Security upgrade org.owasp.antisamy:antisamy from 1.7.7 to 1.7.8
Pull Request -
State: closed - Opened by kwwall 10 months ago
- 2 comments
#874 - jakarta.servlet-api 5.0(Jakarta EE 9) change the package name from javax.xxx to jakarta.xxxx,
Issue -
State: closed - Opened by swxEmily 11 months ago
- 1 comment
Labels: enhancement
#872 - Upgrade the version of commons-configuration
Issue -
State: open - Opened by smmsit about 1 year ago
Labels: enhancement
#871 - Bump to org.apache.commons:commons-configuration2
Pull Request -
State: open - Opened by picsouds about 1 year ago
#871 - Bump to org.apache.commons:commons-configuration2
Pull Request -
State: closed - Opened by picsouds about 1 year ago
- 6 comments
#870 - Remove dependency to commons-collections4 (fixes #868)
Pull Request -
State: open - Opened by reschke about 1 year ago
#870 - Remove dependency to commons-collections4 (fixes #868)
Pull Request -
State: open - Opened by reschke about 1 year ago
- 6 comments
#869 - use latest stable release of commons-collections4 (fixes #868)
Pull Request -
State: closed - Opened by reschke about 1 year ago
- 1 comment
#869 - use latest stable release of commons-collections4 (fixes #868)
Pull Request -
State: closed - Opened by reschke about 1 year ago
- 1 comment
#868 - Do not depend on commons-collections4 milestone (use 4.4 instead)
Issue -
State: closed - Opened by reschke about 1 year ago
- 7 comments
Labels: bug
#867 - How to turn off ESAPI logs or change its log level
Issue -
State: closed - Opened by raine93 about 1 year ago
- 8 comments
#866 - Invalid version attribute in esapi.tld within esapi-2.6.0.0.jar causes deployment failure.
Issue -
State: open - Opened by Afridi76320 about 1 year ago
- 9 comments
Labels: bug
#865 - Http -Parameter Value Length / Validation issue
Issue -
State: open - Opened by RobertMolenda about 1 year ago
Labels: bug
#863 - 2.6.0.0 still using javax HttpServletRequest
Issue -
State: closed - Opened by madmax138 over 1 year ago
- 3 comments
Labels: enhancement
#860 - Preparation for ESAPI release 2.6.0.0
Pull Request -
State: closed - Opened by kwwall over 1 year ago
#860 - Preparation for ESAPI release 2.6.0.0
Pull Request -
State: open - Opened by kwwall over 1 year ago
#859 - Remove deprecated Validator.isValidSafeHTML methods
Issue -
State: closed - Opened by kwwall over 1 year ago
- 1 comment
Labels: bug
#858 - Fail to run Linux command with double quotes using executeSystemCommand
Issue -
State: open - Opened by raine93 over 1 year ago
#856 - Release prep 2.5.5.0
Pull Request -
State: open - Opened by kwwall over 1 year ago
#856 - Release prep 2.5.5.0
Pull Request -
State: closed - Opened by kwwall over 1 year ago
#855 - Readability Improvement - Wrapped Steps inside Collapsible Details
Pull Request -
State: closed - Opened by DebajitKumarPhukan over 1 year ago
- 1 comment
#855 - Readability Improvement - Wrapped Steps inside Collapsible Details
Pull Request -
State: closed - Opened by DebajitKumarPhukan over 1 year ago
- 1 comment
#853 - Improved documentation
Pull Request -
State: closed - Opened by DebajitKumarPhukan over 1 year ago
- 3 comments
#853 - Improved documentation
Pull Request -
State: closed - Opened by DebajitKumarPhukan over 1 year ago
- 3 comments
#852 - Fix Typos
Pull Request -
State: closed - Opened by DarioViva42 over 1 year ago
- 1 comment
#852 - Fix Typos
Pull Request -
State: closed - Opened by DarioViva42 over 1 year ago
- 1 comment
#851 - Fix Typos
Issue -
State: closed - Opened by DarioViva42 over 1 year ago
- 1 comment
Labels: enhancement
#850 - fix some typos and other small refactorings
Pull Request -
State: closed - Opened by DarioViva42 over 1 year ago
- 9 comments
#850 - fix some typos and other small refactorings
Pull Request -
State: closed - Opened by DarioViva42 over 1 year ago
- 3 comments
#848 - Pom updates to address issue #847
Pull Request -
State: closed - Opened by kwwall over 1 year ago
#848 - Pom updates to address issue #847
Pull Request -
State: closed - Opened by kwwall over 1 year ago
#847 - Update ESAPI pom to use latest version of AntiSamy (1.7.6)
Issue -
State: closed - Opened by kwwall over 1 year ago
- 1 comment
Labels: enhancement, Build-Maven
#846 - ESAPI.encoder().canonicalize() converts "&or" or similar strings without having trailing semicolon as logical operator
Issue -
State: closed - Opened by tusharkumawat over 1 year ago
- 3 comments
Labels: bug
#845 - Update the logging properties to opt-out of the prefix events #844
Pull Request -
State: closed - Opened by mickeyz07 over 1 year ago
- 11 comments
#845 - Update the logging properties to opt-out of the prefix events #844
Pull Request -
State: closed - Opened by mickeyz07 over 1 year ago
- 11 comments
#844 - Update the logging properties to opt-out of the prefix events
Issue -
State: closed - Opened by mickeyz07 over 1 year ago
- 2 comments
Labels: enhancement, Component-Logger
#840 - Issue #839 JavaLogFactory ConcMod
Pull Request -
State: closed - Opened by jeremiahjstacey almost 2 years ago
- 1 comment
#840 - Issue #839 JavaLogFactory ConcMod
Pull Request -
State: closed - Opened by jeremiahjstacey almost 2 years ago
- 1 comment
#839 - ConcurrentModificationException
Issue -
State: closed - Opened by JerryDevis almost 2 years ago
- 9 comments
Labels: bug
#838 - Getting org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
Issue -
State: open - Opened by PriyatamaB almost 2 years ago
Labels: bug
#837 - Validation does not work with esapi jakarta jar
Issue -
State: closed - Opened by popa-raluca almost 2 years ago
- 3 comments
Labels: bug
#835 - Validator.isValidSafeHTML() is vulnerable as per CVE-2023-4780
Issue -
State: open - Opened by Adwait-Joshi94 about 2 years ago
Labels: bug
#833 - fix: upgrade Antisamy to 1.7.5 to resolve CVE-2024-23635
Pull Request -
State: closed - Opened by mpreziuso about 2 years ago
- 2 comments
#833 - fix: upgrade Antisamy to 1.7.5 to resolve CVE-2024-23635
Pull Request -
State: closed - Opened by mpreziuso about 2 years ago
- 2 comments
#832 - easpi .properties and validation properties are present but still it is throwing error and the application is failing do you have any solution for this
Issue -
State: closed - Opened by sh26masood about 2 years ago
- 2 comments
#831 - java.io.FileNotFoundException Error in Logs When ESAPI.properties and validation.properties are in resources. and the application is up ,features are not working.
Issue -
State: closed - Opened by sh26masood about 2 years ago
- 3 comments
Labels: bug
#830 - [Snyk] Security upgrade org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5
Pull Request -
State: closed - Opened by kwwall about 2 years ago
- 2 comments
#830 - [Snyk] Security upgrade org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5
Pull Request -
State: closed - Opened by kwwall about 2 years ago
- 2 comments
#829 - Bump org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5
Pull Request -
State: closed - Opened by dependabot[bot] about 2 years ago
- 1 comment
Labels: Vulnerable Dependencies
#829 - Bump org.owasp.antisamy:antisamy from 1.7.4 to 1.7.5
Pull Request -
State: closed - Opened by dependabot[bot] about 2 years ago
- 2 comments
Labels: Vulnerable Dependencies
#828 - PR to fix #824 and reference to #823
Pull Request -
State: closed - Opened by xeno6696 about 2 years ago
- 5 comments
#828 - PR to fix #824 and reference to #823
Pull Request -
State: closed - Opened by xeno6696 about 2 years ago
- 5 comments
#827 - HTMLEntityCodec Mysteriously decodes &or
Issue -
State: open - Opened by xeno6696 about 2 years ago
Labels: bug
#826 - Fix Encoder.getCanonicalizedURI(URI) for the test case of a double-ampersand in the HTML Query
Issue -
State: closed - Opened by xeno6696 about 2 years ago
- 1 comment
Labels: bug
#825 - Bump org.owasp:dependency-check-maven from 9.0.0 to 9.0.6
Pull Request -
State: open - Opened by dependabot[bot] about 2 years ago
Labels: Vulnerable Dependencies
#825 - Bump org.owasp:dependency-check-maven from 9.0.0 to 9.0.6
Pull Request -
State: closed - Opened by dependabot[bot] about 2 years ago
Labels: Vulnerable Dependencies
#824 - DefaultEncoder / getCanonicalizedURI returns mix encoding for HTML special characters
Issue -
State: closed - Opened by xeno6696 about 2 years ago
- 5 comments
#818 - 2.5.3.1 preparation
Pull Request -
State: closed - Opened by kwwall over 2 years ago
- 1 comment
#817 - Update GitHub issue templates to remove reference to now closed Discu…
Pull Request -
State: closed - Opened by kwwall over 2 years ago
- 1 comment
#815 - Revert Dependency Check goal from 'purge' to 'check' once NVD API stops returning 503 'Service Unavailable' errors
Issue -
State: open - Opened by kwwall over 2 years ago
- 1 comment
Labels: bug, Priority-High, Build-Maven
#814 - decode method doesn't work proper for some strings
Issue -
State: open - Opened by mukesh4804 over 2 years ago
- 3 comments
Labels: bug, Priority-Low
#813 - Added property to omit event type information in logs
Pull Request -
State: closed - Opened by RodolfoAndre over 2 years ago
- 3 comments
#813 - Added property to omit event type information in logs
Pull Request -
State: closed - Opened by RodolfoAndre over 2 years ago
- 3 comments
#812 - Fix Encoder.encodeForLDAP and Encoder.encodeForDN so they are strictly conformant with Section 3 of RFC 4515
Issue -
State: closed - Opened by kwwall over 2 years ago
- 1 comment
Labels: bug, Component-Encoder
#811 - Option to omit event type prefix in logs
Issue -
State: open - Opened by RodolfoAndre over 2 years ago
- 1 comment
Labels: enhancement
#809 - Preparation for ESAPI 2.5.3.0 release
Pull Request -
State: closed - Opened by kwwall over 2 years ago
- 5 comments
#808 - Fix typo in comment in validation.properties files
Issue -
State: closed - Opened by kwwall over 2 years ago
- 2 comments
Labels: bug, Configuration, documentation_comments
#807 - fix typo, remove double `and`
Pull Request -
State: closed - Opened by robstoll over 2 years ago
#805 - Does esapi-java-legacy support jDK17
Issue -
State: closed - Opened by JerryDevis over 2 years ago
- 1 comment
#803 - Update antisamy lib version
Pull Request -
State: closed - Opened by sreekesh93 over 2 years ago
- 1 comment
#802 - [Snyk] Security upgrade org.owasp.antisamy:antisamy from 1.7.3 to 1.7.4
Pull Request -
State: closed - Opened by kwwall over 2 years ago
- 1 comment
#801 - Bump org.owasp.antisamy:antisamy from 1.7.3 to 1.7.4
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 2 comments
Labels: Vulnerable Dependencies
#800 - Change AntiSamy to eventually use SAX parser by default, but allow DOM parser to be used for backward compatibility
Issue -
State: open - Opened by kwwall over 2 years ago
Labels: enhancement
#799 - Using Eclipse Transformer plugin to create Jakarta JAR
Pull Request -
State: closed - Opened by jcputney over 2 years ago
- 3 comments