esapi-java-legacy

esapi-java-legacy copied to clipboard

Invalid version attribute in esapi.tld within esapi-2.6.0.0.jar causes deployment failure.

9

### Description While deploying a web application using `esapi-2.6.0.0.jar`, the following error is encountered: ### Steps to Reproduce 1. Deploy a web application that includes `esapi-2.6.0.0.jar` in the `WEB-INF/lib` folder....

Afridi76320

Method separation in DefaultSecurityConfiguration.loadConfiguration()

1

_From [[email protected]](https://code.google.com/u/101715130151500774229/) on July 19, 2011 09:54:26_ in DefaultSecurityConfiguration, the loadConfiguration method is allowed to be overridden, but has too many logical components, requiring duplication in overridden methods. This method...

meg23

More tests

1

I got bored and thought I'd pick out some low-hanging classes for a couple more tests.

jeremiahjstacey

Fixes #894. Remove outdated commons-lang and commons-configuration dependencies with problematic CVEs.

11

I updated the dependency-check-maven plugin version locally to 12.1.1 and ran with a later JDK to confirm no other CVEs were detected.

sabbott1877

Hi, The ESAPI library still depends on Commons Collections 3.x, which contains a known vulnerability. Apache Commons Collections is a transitive dependency of Apache Commons BeanUtils. BeanUtils itself has been...

jn-pt

Four tests failing with "UnsupportedOperation This method has been removed for security."

2

I have been looking at 2.4.0.0 that we us in our old product and I have tried running tests. Four tests are failing: ``` [ERROR] EncryptedPropertiesUtilsTest.testCreateNew:93 » UnsupportedOperation This method...

wilx