search

OWASP / owasp-java-encoder

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
https://owasp.org/www-project-java-encoder/
BSD 3-Clause "New" or "Revised" License
483 stars 112 forks source link

Compile error #63

Closed ghost closed 1 month ago

ghost commented 1 year ago

Compilation breaks with org.owasp.esapi:esapi:2.5.1.0 because org.owasp.encoder.esapi.ESAPIEncoder.Impl does not implement the new methods

which were introduced with the 2.5.1.0.

Solution (?):

kwwall commented 1 year ago

@Manicode- I can submit a PR to fix this for you if you want, but I am away on business with only a company laptop, so I likely won't be able to address it until probably Saturday.

On Wed, Nov 30, 2022, 9:40 AM SOLcoelle @.***> wrote:

Compilation breaks with org.owasp.esapi:esapi:2.5.1.0 because org.owasp.encoder.esapi.ESAPIEncoder.Impl does not implement the new methods

  • org.owasp.encoder.esapi.ESAPIEncoder.Impl#decodeFromJSON
  • org.owasp.encoder.esapi.ESAPIEncoder.Impl#encodeForJSON

which were introduced with the 2.5.1.0.

Solution (?):

  • Set a fix dependency on the previous version of org.owasp.esapi:esapi
  • Implement and test the missing interface functions
  • Update the dependency

— Reply to this email directly, view it on GitHub https://github.com/OWASP/owasp-java-encoder/issues/63, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PG64JDKDWFGEY67JMXLWK5RNVANCNFSM6AAAAAASPWTYMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

-kevin

TheMarvelFan commented 9 months ago

Hi, What is the latest on this issue?

kwwall commented 9 months ago

@TheMarvelFan - I never heard back from @Manicode (but perhaps that's because he's not using GH handle @jmanico) so I never submitted a PR. But given that I and on the verge of releasing a new ESAPI release (2.5.3.0) in the next day or two, it seems prudent to wait until that is released.

@jmanico - I think this is related to the esapi-thunk portion of the OWASP Java Encoder project. I think the fix should be pretty easy.

TheMarvelFan commented 9 months ago

Alright I will check back after 2 days, and open a PR asap.

jmanico commented 9 months ago

Kevin, I have not touched this in a while. Would you care to help?

kwwall commented 9 months ago

Sure. I'll create a PR for it a soon as the new ESAPI 2.5.3.0 release is available from Maven Central. Should have that done by this Friday at the latest.

-kevin

On Wed, Nov 22, 2023, 5:46 PM Jim Manico @.***> wrote:

Kevin, I have not touched this in a while. Would you care to help?

— Reply to this email directly, view it on GitHub https://github.com/OWASP/owasp-java-encoder/issues/63#issuecomment-1823597970, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PGZUDR2RRWN464W3QNTYFZ6F3AVCNFSM6AAAAAASPWTYM2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRTGU4TOOJXGA . You are receiving this because you commented.Message ID: @.***>