Closed kwwall closed 2 years ago
@kwwall,
PR #720 has a script to cleanup source files by removing extraneous trailing whitespace. It might be useful to run it over the ESAPI sources before you release.
@kwwall,
[esapi4java-core-2.5.0.0-release-notes.txt](https://github.com/ESAPI/esapi-java-legacy/pull/719/files#diff-3c5c46b32147a4f40995efbd19cbf360666c8f2f29c06dfb5e1c49c2b50534bd)
:
@noloader - I'm aware of these; I left them in as a reminder. Will clean them up tomorrow. Wasn't sure if Dave was going to get 1.7.0 released or if I'd have to do the ESAPI 2.5.0.0 release using AntiSamy 1.6.8.
On Sat, Jul 16, 2022 at 6:08 PM Jeffrey Walton @.***> wrote:
@kwwall https://github.com/kwwall,
esapi4java-core-2.5.0.0-release-notes.txt:
- "releas." -> "release."
- "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if Dave Wichers relases it this weekend."
- "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for this release"
- "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for this ESAPI releas."
- "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't upgrade to it for this release"
- "@@@@ ---- End AntiSamy 1.7.0 section"
- "@@@@ Adjust figures for final commits."
— Reply to this email directly, view it on GitHub https://github.com/ESAPI/esapi-java-legacy/pull/719#issuecomment-1186305530, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PG6MWONOATSTMV4T2HLVUMXEHANCNFSM53YT5JRA . You are receiving this because you were mentioned.Message ID: @.***>
-- Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall | OWASP ESAPI Project co-lead NSA: All your crypto bit are belong to us.
Well, except for the typo on 'release'. Good catch on that. I was planning on running aspell on it tomorrow, after making the other changes, so I probably would have found it then, but thanks for noting it.
-kevin
On Sat, Jul 16, 2022, 6:39 PM Kevin W. Wall @.***> wrote:
@noloader - I'm aware of these; I left them in as a reminder. Will clean them up tomorrow. Wasn't sure if Dave was going to get 1.7.0 released or if I'd have to do the ESAPI 2.5.0.0 release using AntiSamy 1.6.8.
On Sat, Jul 16, 2022 at 6:08 PM Jeffrey Walton @.***> wrote:
@kwwall https://github.com/kwwall,
esapi4java-core-2.5.0.0-release-notes.txt:
- "releas." -> "release."
- "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if Dave Wichers relases it this weekend."
- "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for this release"
- "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for this ESAPI releas."
- "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't upgrade to it for this release"
- "@@@@ ---- End AntiSamy 1.7.0 section"
- "@@@@ Adjust figures for final commits."
— Reply to this email directly, view it on GitHub https://github.com/ESAPI/esapi-java-legacy/pull/719#issuecomment-1186305530, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PG6MWONOATSTMV4T2HLVUMXEHANCNFSM53YT5JRA . You are receiving this because you were mentioned.Message ID: @.***>
-- Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall | OWASP ESAPI Project co-lead NSA: All your crypto bit are belong to us.
@davewichers - Thanks for the 1.7.0 release.
@kwwall,
I was reading through the Javadocs for ESAPI. There's a LegacyHTMLEntityCodec
that looks like it could go away. It looks like has been deprecated for some time - since ESAPI 2.2.0.
If you are going to keep LegacyHTMLEntityCodec
, then the class should have self tests to ensure it performs as expected. No self tests, then no code. All code has to have self tests.
# No Maven build or test failures after removing the class...
$ git rm src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
@noloader - Yeah, it's been 5 years, but we've never announced it's removal, so maybe we should weight until the next release when we add your JSON codec.
Great question. Yes, it was a backstop--I kept the old Codec around as a just-in-case something terrible was discovered if the conversion to using the AbstractIntegerCodec encountered something in the real world that I couldn't envision.
I will do something similar with the PercentCodec that I'm currently slogging through.
On 7/19/2022 4:33 AM, Kevin W. Wall wrote:
@noloader https://github.com/noloader - Yeah, it's been 5 years, but we've never announced it's removal, so maybe we should weight until the next release when we add your JSON codec.
— Reply to this email directly, view it on GitHub https://github.com/ESAPI/esapi-java-legacy/pull/719#issuecomment-1188940999, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACIQAQPJQFSPWUKGKNZINJTVU2G7VANCNFSM53YT5JRA. You are receiving this because you were mentioned.Message ID: @.***>
This is show you can preview the 2.5.0.0 release notes and anything else. I anticipate that @davewichers will release AntiSamy 1.7.0 sometime tomorrow, so I wrote up the release notes and other changes in advance. Will need to make further tweaks to our pom.xml and the release notes regardless.
@jeremiahjstacey and @xeno6696 - Ideally I'd like you to at least take a quick glance at the release notes, but I am not requiring actual approval so don't feel compelled as there are no actual ESAPI code changes here. So, if you don't merge, then I will do so myself. Thanks.