- Several fixes to SecurityWrapperRequest.
- Overhauled Singleton implementations to make the ObjFactory create instances or singletons rather than having ESAPI manage unreliably.
- Changes to get rid of deprecated Encryptor encrypt() / decrypt() methods and replace them with the new, stronger encrypt() / decrypt() methods.
- Several Validation fixes around returning consistent error states.
- Made changes t0 the Encryptor so that it is no longer vulnerable to "padding oracle attacks" (issue #120)
- Fixes to seal() so that it now properly works if the message being sealed contains a ":" (issue #28).
- Examples should now work (if you follow directions in README.txt)
whether ESAPI has been pulled from the SVN repository or downloaded
from the zip file. (Issue #114.)
Saturday, August 28, 2010
ESAPI 2.0 rc7 (for Java 1.5+) is now live!
ESAPI 2.0 rc7 for Java 1.5 and above is now live!
You can download the complete zip file here:
You can browse the ESAPI 2.0 rc7 Javadocs here:
Additional online project documentation can be found here:
Major enhancements include:
Please see changelog.txt at the root of the zip file for more information.
Thanks to Kevin Wall, Chris “Beef” Schmidt, Jonathon Ruckwood and Ed Schaller for their contributions in this release.
Malama Pono Aloha,
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager