build(deps): bump org.owasp.esapi:esapi from 2.5.1.0 to 2.5.2.0

[dependabot]

Bumps org.owasp.esapi:esapi from 2.5.1.0 to 2.5.2.0.

Release notes

Sourced from org.owasp.esapi:esapi's releases.

2.5.2.0

Release Notes

The release notes for ESAPI release 2.5.2.0 are located at: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.2.0-release-notes.txt

Configuration files located in configuration jar

Note that the attached file "esapi-2.5.2.0-configuration.jar" contains the default ESAPI configuration files intended for used in production. Download the file and unjar it via 'jar xf'. After you unjar that configuration jar, look under the 'configuration/' directory. Most of the files you are interested in are located under 'configuration/esapi', such as ESAPI.properties, validation.properties, etc. The attached file "esapi-2.5.2.0-configuration.jar.asc" is a detached GPG signature of that the file "esapi-2.5.2.0-configuration.jar" that was signed by ESAPI project co-lead, Kevin W. Wall.

CVEs addressed

• CVE-2023-24998 was remediated. See Security Bulletin 11 for details.
• CVE-2023-26119 was remediated. It is not yet know if it impacted ESAPI.

The release notes contain a more complete list of what has changed / fixed in ESAPI 2.5.2.0.

Commits

• 15737a2 Minor updates to release steps to mention problems that maven-site-plugin and...
• ded3c13 Update commits based on final release prep.
• fc4f466 Correct release date to 4/12/2023.
• 74a5730 Remove '-SNAPSHOT' suffix for official release.
• fea010a Initial 2.5.2.0 release preparation (#784)
• 3230ed9 Update table of releases in SECURITY.md
• 33ba9d8 How CVE-2023-24998 impacts ESAPI -- major rewrite
• d9f9fc1 CVE-2023-24998 and Security Bulletin #11
• 74abc79 How CVE-2023-24998 impacts ESAPI
• 5ef7738 Upgrade the maven site and related plugins, and other little cleanup. (#779)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/184938075

The labels on this github issue will be updated when the story is started.