Closed kwwall closed 4 years ago
week before owasp compiled without below error (But compilation failing now).
org.owasp.encoder.esapi.ESAPIEncoder.Impl is not abstract and does not override abstract method getCanonicalizedURI(java.net.URI) in org.owasp.esapi.Encoder
Haven't changed any version of the "mvn or java" even getting the same error on released tag v1.2.1 and v1.2.2. What could lead to this compilation failure ?
It's failing because the ESAPI dependency is not pinned to a specific version, so the latest 2.x ESAPI jar gets used. But on 4/29, we pushed a new ESAPI release to Maven Central (2.2.0.0-RC2) which it is now pulling down. That new ESAPI jar has changed some of the interfaces. Thus the compilation errors.
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall NSA: All your crypto bit are belong to us.
On Thu, May 2, 2019, 03:45 guru prasad HB notifications@github.com wrote:
week before owasp compiled without below error . org.owasp.encoder.esapi.ESAPIEncoder.Impl is not abstract and does not override abstract method getCanonicalizedURI(java.net.URI) in org.owasp.esapi.Encoder
Haven't changed any version of the "mvn or java" even getting the same error on released tag v1.2.1 and v1.2.2. What could lead to this compilation failure ?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/OWASP/owasp-java-encoder/issues/31#issuecomment-488580148, or mute the thread https://github.com/notifications/unsubscribe-auth/AAO6PGYSZ2I2KU47XDRD45TPTKL2NANCNFSM4HJQ767Q .
I am assuming this is fixed, please reopen if not.
@jmanico - Not fixed; needs reopened. If you ask nicely, I'll even submit a PR. :)
Can we please have a PR, Kevin? Pretty please?
-- Jim Manico @Manicode
On Jul 29, 2020, at 8:44 PM, Kevin W. Wall notifications@github.com wrote:
@jmanico - Not fixed; needs reopened. If you ask nicely, I'll even submit a PR. :)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
@jmanico - Since the OWASP Java Encoder project is already using SLF4J and has that configured, I am just going to configure ESAPI to use SLF4J That will greatly simplify things since I don't need to use the esapi-java-logging.properties and can eliminate some of the Logger properties.
Okay; upon close look, you are not using any logger at all, so exceptions are not logged. But NBD. SLF4J works better without configuration than does JUL.
Running 'mvn compile' causes the following compilation errors in the encoder-esapi artifact (aka, ESAPI Thunk) when used with esapi-2.2.0.0-rc2.jar:
Note that this problem was described as part of your GitHub issue #30 but is not related to that. It was the serendipitous discovery caused by the non-pinned ESAPI transitive dependency that allowed this issue to be discovered.
If you want to eventually be able to support ESAPI 2.2.0.0 this will need to be fixed.