Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.5.3.1 preparation #818

Merged
merged 8 commits into from
Nov 30, 2023
Merged

2.5.3.1 preparation #818

merged 8 commits into from
Nov 30, 2023

Conversation

kwwall
Copy link
Contributor

@kwwall kwwall commented Nov 30, 2023

ESAPI 2.5.3.1 is a minor point release that adds:

  • Updated Javadoc for the Validator.isValidSafeHTML and ValidationRule.getValid methods.
  • Adds an always on log message (a single time only) if either of the isValidSafeHTML methods is invoked. The warning notes that the method is deprecated and provides a link to the GitHub Security Advisory.

@kwwall kwwall requested a review from xeno6696 November 30, 2023 04:01
@kwwall
Copy link
Contributor Author

kwwall commented Nov 30, 2023

@xeno6696 - This should be really fast to review. The code changes are minimal (limited to DefaultValidator class). The rest are documentation changes and a minor pom tweak. Please try to get this done before 5pm ET on Dec 1, 2023 so I can get the release started right after work. That will allow me to finish it before I have to travel Sat morning. Thanks.

xeno6696
xeno6696 approved these changes Nov 30, 2023
View reviewed changes
Copy link
Collaborator

@xeno6696 xeno6696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No changes requested, logging statement with the URL looks good. I'll comb through the documentation tweaks looking for typos and whatnot but that's not worth holding up a release.

src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -382,6 +386,12 @@ public Date getValidDate(String context, String input, DateFormat format, boolea
*/
@Override
public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) {
// Ensure a message about deprecation is logged once if this or the
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, this is pretty much straight up/downvote.

@xeno6696 xeno6696 merged commit 1a37a65 into ESAPI:develop Nov 30, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xeno6696 xeno6696 xeno6696 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kwwall @xeno6696