Patch 2#911
Open
lumpkingod-boop wants to merge 2081 commits into
Open
Conversation
Major-white space clean-up. And best thing is @xeno6696 touched all these files last so he now "owns" them. 👍 :D
… much time fixing Javadoc. Sigh. Actually fixed the Javadoc this time.
…roperty Encoder.DefaultCodecList instead of having hard-coded codecs.
Issues 686 & 689 - Create DefaultEncoder from Encoder.DefaultCodecList and Javadoc clean-up
* Versions Update - Spotbugs Spotbugs to 4.7.0 * Versions Updates - maven-project-info-reports-plugin Plugin version to 3.3.0 * Versions Updates - maven-site-plugin Plugin version to 4.0.0-M1
Adding GitHub issue templates for bugs and enhancements.
Just an experiment gone bad.
old / irrelevant paragraphs or reorganizing them to a new section (e.g., "Ancient History" section). This is snapshot as emailed to Matt & Jeremiah.
method is not explicitly enabled. Should result in a NotConfiguredByDefaultException being thrown.
Javadoc enhancements
* Fix javadoc botch forgetting to end italics. :( * Added new static method 'isMethodExplicityEnabled' abd other minor Javadoc tweaks. * Added default exception message if one wasn't specified or was empty. * Changed to use a more politically correct property name. But I still like 'ESAPI.enableLegCannonModeAndGetMyAssFired.justification' better. ;-) * Add code to ensure that DefaultEncoder.encodeForSQL is explicity enabled if someone wants to use it. * Updating ESAPI util for ExplictMethod verify Updating parameter null check to test null case. Removing null check on property result (if null ConfigurationException is thrown). Simplifying return from method to verify response is not empty. * ESAPI methodEnabled Tests Adding branch testing for ESAPI.isMethodExplicitlyEnabled behavior to account for parameter cases. Only case not covered is providing an ESAPI.properties that does not contain the new key. * Test Coverage using the SecurityConfigurationWrapper to verify remaining test case when a ConfigurationException is thrown when the new property is missing or undefined. * Added deprecations, deprecation warnings, and other Javadoc refinements. * Reference specific CVE ID for logged message. * Change from EVENT_FAILURE to SECURITY_FAILURE, because it potentially is, despite best intentions. * Draft ESAPI#2. Needs reviewd and completed. Track changes disabled. * Apparently {@inheritdoc} doesn't inherit @deprecated from interfaces. Plus minor type fix ('class' ==> 'method'). * Draft 3 - completed several more sections. * Minor corrections to ESAPI Security Bulletin ESAPI#13. * Update to FileUploads 1.6.0 to address CVE-2025-48976, which likely didn't affect HTTPUtilities.getFileUploads interaces anyway. * Implement java.util.function.Supplier since we are using Java 8 for a while. * Incorporate Jeremiah Stacey's feedback. * Incorporate Erika von Kampen's feedback. * Final draft of Security Bulletin ESAPI#13 until CVE published. (Need to include its summary description.) * Fix minor typos. * Update versions of spotbugs-maven-plugin and maven-pmd-plugin. * Update previous release date. * release info for 2.7.0.0 * ESAPI 2.7.0.0 release notes. --------- Co-authored-by: kwwall <kevin.w.wall@gmail.com> Co-authored-by: jeremiah.stacey <jeremiah.j.stacey@gmail.com>
Added reference to Security Bulletin ESAPI#12 for GHSA-r68h-jhhj-9jvm.
Minor update to desription in summary after minor revisions in published CVE.
…d.justification (which I liked better even though it was just a joke during code review) and changed it to ESAPI.dangerouslyAllowUnsafeMethods.justification, which is what it was supposed to be as per the code. The good news is, this mostly harmless as the justification would have always been logged as 'None'.
…ts easier to locate in the maven central repository.
…hought I could use the project name to create a customized filter URL to simplify the link in the instructions, but that doesn't appear to work as desired. This qualifier should make it easier to identify the desired project contents much easier among multiple deployments.
Updating section 2.3 with sonatype-supported gpg key servers Updating section 7 with new Reference URLs for updated workflow.
Ossrh Migration Support
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.