Friday, May 13, 2011

OWASP 2.0 Released!

(From Chris Schmidt)

Friends, Romans, Countrymen - Lend me your ears!

It is my pleasure to announce the official release of ESAPI 2.0GA!

This release features some key enhancements over ESAPI 1.4.x including, but not limited to:
  • Upgrade baseline to use Java5
  • Completely redesigned and rewrote Encryptor
  • New and Improved Validation and Encoding Methods
  • Complete redesign of the ESAPI Locator and ObjectFactory
  • More unit tests
  • ESAPI Jar is now Signed with an OWASP Code Signing Certificate
  • ESAPI Jar is Sealed
  • And much, much more
We understand that a lot of you have been waiting a very long time for this, and so have we! It was important that we take our time with this release to make sure we had addressed everything possible prior to it going out. Included in that process was:
  • Peer review of the ESAPI Codebase
  • Code and Architecture Review of new Encryption
  • Adding and fixing unit tests
  • Tons of discussion and interaction with the OWASP Community and ESAPI Users
Without the feedback from our users, we could have never accomplished some of the awesome enhancements that have been made to the library since the last major release, so we owe you all a debt of gratitude for helping us design and implement controls that will ultimately help you write more secure applications.

We are currently in the process of getting a whole new suite of documentation, with a focus on integration tasks and actually using ESAPI in real applications - look for those documents over the next couple monthes, as well as a whole new contribs section in our repository aimed at providing turnkey components and solutions to some of the more commonly encountered integration points for ESAPI.

You can download the full distribution of ESAPI 2.0GA from our home on Google Code at:

The latest API Docs can always be found at:

Within the next 24-48 hours the distribution to Maven Central should be updated as well and you should be able to start using 2.0GA in your Maven projects as soon as that happens. Maven dependency will be:


As always, we would love to hear your feedback on the release and if you have any questions at all, you can join the ESAPI-User Mailing List here:

Thanks again to the OWASP and ESAPI Community for helping us build and release the tools that help make the internet just a little bit more sane!

The ESAPI Development and Management Teams

P.S. Please forward this along to any colleagues or distribution lists that may be interested.

No comments: