You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2013/10/09 17:06:45 UTC

[jira] [Commented] (OFBIZ-5343) Update owasp-esapi-java

    [ https://issues.apache.org/jira/browse/OFBIZ-5343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790437#comment-13790437 ] 

Jacques Le Roux commented on OFBIZ-5343:
----------------------------------------

I was working on this when I noticed this page: https://www.owasp.org/index.php?title=ESAPI-JavaStatus

So the current stable release is still 1.4, and our patched version (OFBIZ-3135) still stands (I will rename it to owasp-esapi-full-java-1.4-patched-by-OFBIZ-3135.jar)

Since I begin to work on this, here are some points worth to note:
# The most important David's initial commits related to ESAPI introduction are:
741442
741466
741478
741496
741743
741755
741857
742053
742352
742355
742394
742412
742413
# The version 2.1.0 needs a change in StringUtil class (I attach OFBIZ-5343-Update owasp-esapi-java.patch anyway)
# According to https://owasp-esapi-java.googlecode.com/svn/trunk_doc/1.4.4/site/dependencies.html, it seems 
commons-configuration-1.9.jar
avalon-logkit-1.0.1.jar
miss/ed in LICENSE file  (not sure about this one, since it's about transitive dependencies, even 2 levels for logkit-1.0.1.jar that I renamed avalon-logkit-1.0.1.jar)
# There are a lot of differences betwen the ESAPI.properties files (1.4 vs 2.1). I began to work on it, and apart the ones David commented out and moved at bottom, *all lines should be readed and reviewed*
# I also attach the files which will be needed when moving forward 2.1+:
commons-configuration-1.9.jar
esapi-2.1.0.jar
logkit-1.0.1.jar

> Update owasp-esapi-java
> -----------------------
>
>                 Key: OFBIZ-5343
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5343
>             Project: OFBiz
>          Issue Type: Task
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>              Labels: esapi
>             Fix For: SVN trunk
>
>
> As reported by Christoph Neuroth at OFBIZ-5254, we still use a patched version from OFBIZ-3135 and it's time to update to last version



--
This message was sent by Atlassian JIRA
(v6.1#6144)