Open bharathmit opened 2 months ago
@bharathmit - As per our security policy, we only support the latest 2.x release. So, 2.5.1.0 is already past end-of-life. Everything except the current release is.
That largely is because:
So, you really ought to update to ESAPI release 2.5.4.0.
That said, if you don't, you may find this Vulnerability Summary helpful. It references the relevant Security Bulletin that describes if ESAPI is actually impacted (that is, if the vulnerability has an exploitable path via a standard ESAPI configuration) and often, what workarounds are available.
We don't intend to switch to the newest version of esapi jar; we are currently utilizing 2.5.1.0.
We discovered that 2.5.1.0 contains some vulnerabilities in the jars. So, can we still utilize the jar? Also, what is the end of life/support (EOL/EOS) for version 2.5.1.0?