ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
This update is part of maintaining good code hygiene as it will better position us to patch any future vulnerabilities in ESAPI's dependencies, both direct and transitive, that arise because of our AntiSamy dependency.
Note that this potentially could be a "breaking change" if ESAPI users have custom antisamy-esapi.xml files. Thus be sure to note this in the 2.5.0.0 release notes.
kwwall
commented
2 years ago
This update is part of maintaining good code hygiene as it will better position us to patch any future vulnerabilities in ESAPI's dependencies, both direct and transitive, that arise because of our AntiSamy dependency.
Note that this potentially could be a "breaking change" if ESAPI users have custom antisamy-esapi.xml files. Thus be sure to note this in the 2.5.0.0 release notes.
Refer to the "IMPORTANT! - API breaking changes in 1.7.0" section in their README.md file, which presently is at https://github.com/nahsra/antisamy/blob/1.7.0/README.md#important---api-breaking-changes-in-170 for details.