ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
Our organization has filed security finding in our application because of usagae of ESAPI open source library in our application. Based on investigation, finding is filed because of CVE-2023-4780, presence of method Validator.isValidSafeHTML(). As per https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm , this method will be deleted in next one year. We would like to know in which release this method will be deleted and if there is any short term remediation through which we can resolve this finding?
Hi Team,
Our organization has filed security finding in our application because of usagae of ESAPI open source library in our application. Based on investigation, finding is filed because of CVE-2023-4780, presence of method Validator.isValidSafeHTML(). As per https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm , this method will be deleted in next one year. We would like to know in which release this method will be deleted and if there is any short term remediation through which we can resolve this finding?
Thanks, Adwait Joshi