Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

update ESAPI extension to 2.6.0.0

Description

https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.5.2.0

There is an associated CVE, but that’s for antisamy which we don’t directly use yet (https://luceeserver.atlassian.net/browse/LDEV-838 )

Also drops Log4j

https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.2.0-release-notes.txt

Linked issues

relates to

update guava in ESAPI extension to 32.01 due to CVE

Activity

Show:

Details
Assignee
Michael Offner
Reporter
Zac Spitzer
Labels
ESAPI
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
7.0.0
Priority
Minor

Created 26 April 2022 at 08:56

Updated 6 March 2025 at 11:35

Flag notifications

Something's gone wrong

Looks like you've been signed out. Try logging in again.

Something's gone wrong

Looks like you've been signed out. Try logging in again.