Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

Browse the repository at this point in the history

* Fix javadoc botch forgetting to end italics. :(

* Added new static method 'isMethodExplicityEnabled' abd other minor Javadoc tweaks.

* Added default exception message if one wasn't specified or was empty.

* Changed to use a more politically correct property name. But I still
like 'ESAPI.enableLegCannonModeAndGetMyAssFired.justification' better.  ;-)

* Add code to ensure that DefaultEncoder.encodeForSQL is explicity enabled if someone wants to use it.

* Updating ESAPI util for ExplictMethod verify

Updating parameter null check to test null case.
Removing null check on property result (if null ConfigurationException
is thrown).

Simplifying return from method to verify response is not empty.

* ESAPI methodEnabled Tests

Adding branch testing for ESAPI.isMethodExplicitlyEnabled behavior to
account for parameter cases.

Only case not covered is providing an ESAPI.properties that does not
contain the new key.

* Test Coverage

using the SecurityConfigurationWrapper to verify remaining test case
when a ConfigurationException is thrown when the new property is
missing or undefined.

* Added deprecations, deprecation warnings, and other Javadoc refinements.

* Reference specific CVE ID for logged message.

* Change from EVENT_FAILURE to SECURITY_FAILURE, because it potentially is, despite best intentions.

* Draft #2. Needs reviewd and completed. Track changes disabled.

* Apparently {@inheritdoc} doesn't inherit @deprecated from interfaces.
Plus minor type fix ('class' ==> 'method').

* Draft 3 - completed several more sections.

* Minor corrections to ESAPI Security Bulletin #13.

* Update to FileUploads 1.6.0 to address CVE-2025-48976, which likely didn't affect HTTPUtilities.getFileUploads interaces anyway.

* Implement java.util.function.Supplier since we are using Java 8 for a while.

* Incorporate Jeremiah Stacey's feedback.

* Incorporate Erika von Kampen's feedback.

* Final draft of Security Bulletin #13 until CVE published. (Need to include its summary description.)

* Fix minor typos.

* Update versions of spotbugs-maven-plugin and maven-pmd-plugin.

* Update previous release date.

* release info for 2.7.0.0

* ESAPI 2.7.0.0 release notes.

---------

Co-authored-by: kwwall <kevin.w.wall@gmail.com>
Co-authored-by: jeremiah.stacey <jeremiah.j.stacey@gmail.com>

3 people authored

Browse the repository at this point in the history

Browse the repository at this point in the history