-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes to prepare for 2.5.0.0 release. #719
Conversation
|
@noloader - I'm aware of these; I left them in as a reminder. Will clean
them up tomorrow. Wasn't sure if Dave was going to get 1.7.0 released or if
I'd have to do the ESAPI 2.5.0.0 release using AntiSamy 1.6.8.
…On Sat, Jul 16, 2022 at 6:08 PM Jeffrey Walton ***@***.***> wrote:
@kwwall <https://github.com/kwwall>,
[esapi4java-core-2.5.0.0-release-notes.txt](
https://github.com/ESAPI/esapi-java-legacy/pull/719/files#diff-3c5c46b32147a4f40995efbd19cbf360666c8f2f29c06dfb5e1c49c2b50534bd
):
- "releas." -> "release."
- "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if
Dave Wichers relases it this weekend."
- "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for this
release"
- "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for
this ESAPI releas."
- "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't upgrade
to it for this release"
- "@@@@ ---- End AntiSamy 1.7.0 section"
- "@@@@ Adjust figures for final commits."
—
Reply to this email directly, view it on GitHub
<#719 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAO6PG6MWONOATSTMV4T2HLVUMXEHANCNFSM53YT5JRA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
| OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
|
Well, except for the typo on 'release'. Good catch on that. I was planning
on running aspell on it tomorrow, after making the other changes, so I
probably would have found it then, but thanks for noting it.
…-kevin
On Sat, Jul 16, 2022, 6:39 PM Kevin W. Wall ***@***.***> wrote:
@noloader - I'm aware of these; I left them in as a reminder. Will clean
them up tomorrow. Wasn't sure if Dave was going to get 1.7.0 released or if
I'd have to do the ESAPI 2.5.0.0 release using AntiSamy 1.6.8.
On Sat, Jul 16, 2022 at 6:08 PM Jeffrey Walton ***@***.***>
wrote:
> @kwwall <https://github.com/kwwall>,
>
> [esapi4java-core-2.5.0.0-release-notes.txt](
> https://github.com/ESAPI/esapi-java-legacy/pull/719/files#diff-3c5c46b32147a4f40995efbd19cbf360666c8f2f29c06dfb5e1c49c2b50534bd
> ):
>
> - "releas." -> "release."
> - "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if
> Dave Wichers relases it this weekend."
> - "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for
> this release"
> - "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for
> this ESAPI releas."
> - "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't
> upgrade to it for this release"
> - "@@@@ ---- End AntiSamy 1.7.0 section"
> - "@@@@ Adjust figures for final commits."
>
> —
> Reply to this email directly, view it on GitHub
> <#719 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAO6PG6MWONOATSTMV4T2HLVUMXEHANCNFSM53YT5JRA>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter:
@KevinWWall | OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
|
@davewichers - Thanks for the 1.7.0 release. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3 typos is pretty slick. Sorry I’m late!
* Fix typos in 2.5.0.0 release notes. * Emblesh section in release notes about AntiSamy as well as 'Know Issues / Problems' section. * Fix pom.xml to address dependency convergence issue caused by AntiSamy 1.7.0 and drop '-SNAPSHOT' on ESAPI version. * Address previously deprecated and not deleted AntiSamy Policy method in HTMLValidationRuleAntisamyPropertyTest.java JUnit test.
I was reading through the Javadocs for ESAPI. There's a If you are going to keep
|
@noloader - Yeah, it's been 5 years, but we've never announced it's removal, so maybe we should weight until the next release when we add your JSON codec. |
Great question. Yes, it was a backstop--I kept the old Codec around as
a just-in-case something terrible was discovered if the conversion to
using the AbstractIntegerCodec encountered something in the real world
that I couldn't envision.
I will do something similar with the PercentCodec that I'm currently
slogging through.
…On 7/19/2022 4:33 AM, Kevin W. Wall wrote:
@noloader <https://github.com/noloader> - Yeah, it's been 5 years, but
we've never announced it's removal, so maybe we should weight until
the next release when we add your JSON codec.
—
Reply to this email directly, view it on GitHub
<#719 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACIQAQPJQFSPWUKGKNZINJTVU2G7VANCNFSM53YT5JRA>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
This is show you can preview the 2.5.0.0 release notes and anything else. I anticipate that @davewichers will release AntiSamy 1.7.0 sometime tomorrow, so I wrote up the release notes and other changes in advance. Will need to make further tweaks to our pom.xml and the release notes regardless.
@jeremiahjstacey and @xeno6696 - Ideally I'd like you to at least take a quick glance at the release notes, but I am not requiring actual approval so don't feel compelled as there are no actual ESAPI code changes here. So, if you don't merge, then I will do so myself. Thanks.