Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changes to prepare for 2.5.0.0 release. #719

Merged
merged 2 commits into from
Jul 17, 2022
Merged

Changes to prepare for 2.5.0.0 release. #719

merged 2 commits into from
Jul 17, 2022

Conversation

kwwall
Copy link
Contributor

@kwwall kwwall commented Jul 16, 2022

This is show you can preview the 2.5.0.0 release notes and anything else. I anticipate that @davewichers will release AntiSamy 1.7.0 sometime tomorrow, so I wrote up the release notes and other changes in advance. Will need to make further tweaks to our pom.xml and the release notes regardless.

@jeremiahjstacey and @xeno6696 - Ideally I'd like you to at least take a quick glance at the release notes, but I am not requiring actual approval so don't feel compelled as there are no actual ESAPI code changes here. So, if you don't merge, then I will do so myself. Thanks.

@noloader
Copy link
Contributor

@kwwall,

PR #720 has a script to cleanup source files by removing extraneous trailing whitespace. It might be useful to run it over the ESAPI sources before you release.

@noloader
Copy link
Contributor

@kwwall,

[esapi4java-core-2.5.0.0-release-notes.txt](https://github.com/ESAPI/esapi-java-legacy/pull/719/files#diff-3c5c46b32147a4f40995efbd19cbf360666c8f2f29c06dfb5e1c49c2b50534bd):

  • "releas." -> "release."
  • "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if Dave Wichers relases it this weekend."
  • "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for this release"
  • "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for this ESAPI releas."
  • "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't upgrade to it for this release"
  • "@@@@ ---- End AntiSamy 1.7.0 section"
  • "@@@@ Adjust figures for final commits."

@davewichers
Copy link
Contributor

@kwwall
Copy link
Contributor Author

kwwall commented Jul 16, 2022 via email

@kwwall
Copy link
Contributor Author

kwwall commented Jul 16, 2022 via email

@kwwall
Copy link
Contributor Author

kwwall commented Jul 16, 2022

@davewichers - Thanks for the 1.7.0 release.

Copy link
Collaborator

@xeno6696 xeno6696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 typos is pretty slick. Sorry I’m late!

* Fix typos in 2.5.0.0 release notes.
* Emblesh section in release notes about AntiSamy as well as 'Know Issues / Problems' section.
* Fix pom.xml to address dependency convergence issue caused by AntiSamy 1.7.0 and drop '-SNAPSHOT' on ESAPI version.
* Address previously deprecated and not deleted AntiSamy Policy method in HTMLValidationRuleAntisamyPropertyTest.java JUnit test.
@kwwall kwwall merged commit d6251b5 into ESAPI:develop Jul 17, 2022
@kwwall kwwall deleted the 2.5.0.0-prep branch July 17, 2022 18:36
@noloader
Copy link
Contributor

noloader commented Jul 19, 2022

@kwwall,

I was reading through the Javadocs for ESAPI. There's a LegacyHTMLEntityCodec that looks like it could go away. It looks like has been deprecated for some time - since ESAPI 2.2.0.

If you are going to keep LegacyHTMLEntityCodec, then the class should have self tests to ensure it performs as expected. No self tests, then no code. All code has to have self tests.

# No Maven build or test failures after removing the class...
$ git rm src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java

https://javadoc.io/static/org.owasp.esapi/esapi/2.4.0.0/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.html

@kwwall
Copy link
Contributor Author

kwwall commented Jul 19, 2022

@noloader - Yeah, it's been 5 years, but we've never announced it's removal, so maybe we should weight until the next release when we add your JSON codec.

@xeno6696
Copy link
Collaborator

xeno6696 commented Jul 19, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants