|
| 1 | +Release notes for ESAPI 2.2.1.0 |
| 2 | + Release date: 2020-May-12 |
| 3 | + Project leaders: |
| 4 | + -Kevin W. Wall < [email protected]> |
| 5 | + |
| 6 | + |
| 7 | +Previous release: ESAPI 2.2.0.0, 2019-June-24 |
| 8 | + |
| 9 | + |
| 10 | +Executive Summary: Important Things to Note for this Release |
| 11 | +------------------------------------------------------------ |
| 12 | + |
| 13 | + TBD |
| 14 | + |
| 15 | +================================================================================================================= |
| 16 | + |
| 17 | +Basic ESAPI facts |
| 18 | + |
| 19 | +ESAPI 2.2.0.0 release: |
| 20 | + 194 Java source files |
| 21 | + 4150 JUnit tests in 118 Java source files |
| 22 | + |
| 23 | +ESAPI 2.2.1.0 release: |
| 24 | + TBD |
| 25 | + |
| 26 | +GitHub Issues fixed in this release |
| 27 | + |
| 28 | +Issue # GitHub Issue Title |
| 29 | +---------------------------------------------------------------------------------------------- |
| 30 | + |
| 31 | +143 Enchance encodeForOS to auto-detect the underling OS |
| 32 | +226 Javadoc Inaccuracy in getRandomInteger() and getRandomReal() |
| 33 | +245 KeyDerivationFunction::computeDerivedKey - possible security level mismatch |
| 34 | +256 White space clean up |
| 35 | +382 Build Fails on path with space |
| 36 | +494 Encoder's encodeForCSS doesn't handle RGB Triplets |
| 37 | +503 Bug on on referrer header when value contains `§ion` like `www.asdf.com?a=1§ion=2` |
| 38 | +509 HTMLValidationRule.getValid(String,String) does not follow documented specifications |
| 39 | +511 Add missing documentation to Validator.addRule() and Validator.getRule() |
| 40 | +512 Update Apache Commons Bean Utils to 1.9.4 |
| 41 | +515 Adding tests for getCookies (also 516) |
| 42 | +519 Issue 494 CSSCodec RGB Triplets |
| 43 | +530 Log Bridge Tests |
| 44 | +536 Various fixes |
| 45 | +538 Addressing log4j 1.x CVE-2019-17571 |
| 46 | + |
| 47 | +----------------------------------------------------------------------------- |
| 48 | + |
| 49 | + Changes requiring special attention |
| 50 | + |
| 51 | +----------------------------------------------------------------------------- |
| 52 | + |
| 53 | +TBD |
| 54 | + |
| 55 | +----------------------------------------------------------------------------- |
| 56 | + |
| 57 | + Other changes in this release, some of which not tracked via GitHub issues |
| 58 | + |
| 59 | +----------------------------------------------------------------------------- |
| 60 | + |
| 61 | +Documentation updates for locating Jar files |
| 62 | +Unneeded code removed from ExtensiveEncoder |
| 63 | +Inline reader added to ExtensiveEncoder |
| 64 | +Additional time for windows to always sleep more than given seconds in CryptoTokenTest |
| 65 | +Change required by tweak to CipherText.toString() method |
| 66 | +Removed call to deprecated CryptoHelper.computeDerivedKey() method |
| 67 | +New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class |
| 68 | +Use existing toString method rather than a StringBuilder |
| 69 | +Documentation and tests |
| 70 | +JavaLogger move |
| 71 | +Splitting user infor from Client Supplier |
| 72 | + |
| 73 | +----------------------------------------------------------------------------- |
| 74 | + |
| 75 | +Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12) |
| 76 | +Generated manually (this time) |
| 77 | + |
| 78 | +Developer Total commits Total Number |
| 79 | + of Files Changed |
| 80 | +===================================================== |
| 81 | +jeremiahjstacey 11 68 |
| 82 | +kwwall 15 26 |
| 83 | +wiitek 3 6 |
| 84 | +xeno6696 8 9 |
| 85 | +Michael-Ziluck 2 3 |
| 86 | +===================================================== |
| 87 | + |
| 88 | +----------------------------------------------------------------------------- |
| 89 | + |
| 90 | +53 Closed PRs since 2.2.0.0 release |
| 91 | +=================================== |
| 92 | +504 New scripts to suppress noise for 'mvn test' |
| 93 | +510 Resolve #509 - Properly throw exception when HTML fails |
| 94 | +513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\ |
| 95 | +519 Issue 494 CSSCodec RGB Triplets |
| 96 | +520 OS Name DefaultExecutorTests #143 |
| 97 | +540 Issue 382: Build Fails on path with space |
| 98 | +596 Closes Issue 245 |
| 99 | + |
| 100 | +----------------------------------------------------------------------------- |
| 101 | + |
| 102 | +Notice: |
| 103 | + |
| 104 | + Release notes written by Bill Sempf ( [email protected]) please direct any communication to me. |
| 105 | + |
| 106 | +Project co-leaders |
| 107 | + Kevin W. Wall (kwwall) |
| 108 | + Matt Seil (xeno6696) |
| 109 | + |
| 110 | +Special shout-outs to: |
| 111 | + Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire |
| 112 | + Dave Wichers (davewichers) - for Maven Central / Sonatype help |
| 113 | + |
| 114 | +Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it. |
| 115 | + |
0 commit comments