You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shiro.apache.org by "Francois Papon (Jira)" <ji...@apache.org> on 2022/06/29 20:25:00 UTC

[jira] [Assigned] (SHIRO-885) Use OWASP Java Encoder with OSGi manifest

     [ https://issues.apache.org/jira/browse/SHIRO-885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Francois Papon reassigned SHIRO-885:
------------------------------------

    Assignee: Francois Papon

> Use OWASP Java Encoder with OSGi manifest
> -----------------------------------------
>
>                 Key: SHIRO-885
>                 URL: https://issues.apache.org/jira/browse/SHIRO-885
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Steinar Bang
>            Assignee: Francois Papon
>            Priority: Major
>
> Shiro currently uses version 1.2.2 of the OWASP, encoder.
> The MANIFEST.MF of this version of the encoder lacks OSGi headers, which requires karaf to wrap it when loading the runtime dependencies of shiro:
> {noformat}
> 175 │ Active   │  80 │ 0                  │ wrap_file__home_sb_.m2_repository_org_owasp_encoder_encoder_1.2.2_encoder-1.2.2.jar
> {noformat}
> It would be nice not to have to rely on wrap in karaf, and it does look like version 1.2.3 of the OWASP Encoder has OSGi headers.
> Here is the MANIFEST.MF of version 1.2.3 of the OWASP encoder:
> {noformat}
> Manifest-Version: 1.0
> Bundle-Description: The OWASP Encoders package is a collection of high
>  -performance low-overhead        contextual encoders, that when utili
>  zed correctly, is an effective tool in        preventing Web Applicat
>  ion security vulnerabilities such as Cross-Site        Scripting.
> Bundle-License: http://www.opensource.org/licenses/BSD-3-Clause
> Bundle-SymbolicName: org.owasp.encoder
> Built-By: jeremy
> Bnd-LastModified: 1604861240860
> Bundle-ManifestVersion: 2
> Bundle-DocURL: https://www.owasp.org/
> Bundle-Vendor: OWASP (Open Web-Application Security Project)
> Tool: Bnd-3.3.0.201609221906
> Originally-Created-By: Apache Maven Bundle Plugin
> Export-Package: org.owasp.encoder;version="1.2.3"
> Bundle-Name: Java Encoder
> Bundle-Version: 1.2.3
> Created-By: Apache Maven Bundle Plugin
> Build-Jdk: 1.8.0_212
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@shiro.apache.org
For additional commands, e-mail: issues-help@shiro.apache.org