Thursday, April 28, 2011

ESAPI 2.0 Update

(from Chris Schmidt)

Just a couple of quick updates and some announcements.

1. We are currently awaiting the verification to complete for our code signing cert - as soon as I receive the cert I will be pushing 2.0GA out the door!

2. There was an excellent paper done on the ESAPI4JS project and I have blogged about it (and linked to the paper hosted at OWASP) - blog is at

3. I have made a run at some initial contrib modules for esapi and will be creating a contrib branch to host the source and binaries (as well as making the binaries available via maven) sometime this week. Contrive include authn/authz integration with Spring-security, contextual encoding integration with freemarker, and hopefully validation integration using jsr303, spring and hibernate-validator. These have been hands-down the most asked about integrations that I have been asked about and I wrote then for use in an app that I am currently writing.

Chris Schmidt

No comments: