Changes to prepare for 2.5.0.0 release. #719
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
|
@noloader - I'm aware of these; I left them in as a reminder. Will clean
them up tomorrow. Wasn't sure if Dave was going to get 1.7.0 released or if
I'd have to do the ESAPI 2.5.0.0 release using AntiSamy 1.6.8.
…On Sat, Jul 16, 2022 at 6:08 PM Jeffrey Walton ***@***.***> wrote:
@kwwall <https://github.com/kwwall>,
[esapi4java-core-2.5.0.0-release-notes.txt](
https://github.com/ESAPI/esapi-java-legacy/pull/719/files#diff-3c5c46b32147a4f40995efbd19cbf360666c8f2f29c06dfb5e1c49c2b50534bd
):
- "releas." -> "release."
- "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if
Dave Wichers relases it this weekend."
- "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for this
release"
- "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for
this ESAPI releas."
- "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't upgrade
to it for this release"
- "@@@@ ---- End AntiSamy 1.7.0 section"
- "@@@@ Adjust figures for final commits."
—
Reply to this email directly, view it on GitHub
<#719 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAO6PG6MWONOATSTMV4T2HLVUMXEHANCNFSM53YT5JRA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
| OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
|
|
Well, except for the typo on 'release'. Good catch on that. I was planning
on running aspell on it tomorrow, after making the other changes, so I
probably would have found it then, but thanks for noting it.
…-kevin
On Sat, Jul 16, 2022, 6:39 PM Kevin W. Wall ***@***.***> wrote:
@noloader - I'm aware of these; I left them in as a reminder. Will clean
them up tomorrow. Wasn't sure if Dave was going to get 1.7.0 released or if
I'd have to do the ESAPI 2.5.0.0 release using AntiSamy 1.6.8.
On Sat, Jul 16, 2022 at 6:08 PM Jeffrey Walton ***@***.***>
wrote:
> @kwwall <https://github.com/kwwall>,
>
> [esapi4java-core-2.5.0.0-release-notes.txt](
> https://github.com/ESAPI/esapi-java-legacy/pull/719/files#diff-3c5c46b32147a4f40995efbd19cbf360666c8f2f29c06dfb5e1c49c2b50534bd
> ):
>
> - "releas." -> "release."
> - "@@@@ TODO: Adjust for AntiSamy 1.7.0 updates as indicated below if
> Dave Wichers relases it this weekend."
> - "@@@@ Delete next 2 lines if we don't update to ESAPI 1.7.0 for
> this release"
> - "@@@@ - Delete issue 717 if we don't update to AntiSamy 17.0 for
> this ESAPI releas."
> - "@@@@ ---- Begin AntiSamy 1.7.0 section - delete if we don't
> upgrade to it for this release"
> - "@@@@ ---- End AntiSamy 1.7.0 section"
> - "@@@@ Adjust figures for final commits."
>
> —
> Reply to this email directly, view it on GitHub
> <#719 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAO6PG6MWONOATSTMV4T2HLVUMXEHANCNFSM53YT5JRA>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter:
@KevinWWall | OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
|
|
@davewichers - Thanks for the 1.7.0 release. |
xeno6696
reviewed
Jul 17, 2022
xeno6696
reviewed
Jul 17, 2022
xeno6696
approved these changes
Jul 17, 2022
* Fix typos in 2.5.0.0 release notes. * Emblesh section in release notes about AntiSamy as well as 'Know Issues / Problems' section. * Fix pom.xml to address dependency convergence issue caused by AntiSamy 1.7.0 and drop '-SNAPSHOT' on ESAPI version. * Address previously deprecated and not deleted AntiSamy Policy method in HTMLValidationRuleAntisamyPropertyTest.java JUnit test.
|
I was reading through the Javadocs for ESAPI. There's a If you are going to keep |
|
@noloader - Yeah, it's been 5 years, but we've never announced it's removal, so maybe we should weight until the next release when we add your JSON codec. |
|
Great question. Yes, it was a backstop--I kept the old Codec around as
a just-in-case something terrible was discovered if the conversion to
using the AbstractIntegerCodec encountered something in the real world
that I couldn't envision.
I will do something similar with the PercentCodec that I'm currently
slogging through.
…On 7/19/2022 4:33 AM, Kevin W. Wall wrote:
@noloader <https://github.com/noloader> - Yeah, it's been 5 years, but
we've never announced it's removal, so maybe we should weight until
the next release when we add your JSON codec.
—
Reply to this email directly, view it on GitHub
<#719 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACIQAQPJQFSPWUKGKNZINJTVU2G7VANCNFSM53YT5JRA>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is show you can preview the 2.5.0.0 release notes and anything else. I anticipate that @davewichers will release AntiSamy 1.7.0 sometime tomorrow, so I wrote up the release notes and other changes in advance. Will need to make further tweaks to our pom.xml and the release notes regardless.
@jeremiahjstacey and @xeno6696 - Ideally I'd like you to at least take a quick glance at the release notes, but I am not requiring actual approval so don't feel compelled as there are no actual ESAPI code changes here. So, if you don't merge, then I will do so myself. Thanks.