Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0
Type: Pull Request
State: Merged
![dependabot[bot]](https://github.com/dependabot.png){kind=small}
dependabot[bot]Association: Contributor
Comments: 0
(about 1 year ago)
(about 1 year ago)
(about 1 year ago)
by dschadow
dependencies java
Bumps org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0.
Release notes
Sourced from org.owasp.esapi:esapi's releases.
2.6.1.0
Full Release Notes
Release notes for ESAPI release 2.6.1.0 are located at:
What's Changed
- Updated AntiSamy from release 1.7.7 to 1.7.8 which addresses the potentially exploitable vulnerability https://github.com/advisories/GHSA-73m2-qfq3-56cx. There is slim possibility that this could affect ESAPI users who have allowed certain CSS mark-up constructs to the AntiSamy policy file that they are using. However the default ESAPI AntiSamy policy file (antisamy-esapi.xml) does not permit CSS mark-up of any sort out unless it has been modified by the ESAPI client.
- Other minor updates to pom.xml
Full Changelog: https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.6.0.0...esapi-2.6.1.0
Other Notes
You may see GHAS Dependabot references to https://github.com/ESAPI/esapi-java-legacy/security/dependabot/17 for this (and previous releases). For a more thorough discussion of this, please see Discussion #877.
Configuration Jar
Note the associated file "esapi-2.6.1.0-configuration.jar" contains the default ESAPI configuration files under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file "esapi-2.6.0.0-configuration.jar.asc" is a GPG signature of that jar file made by Kevin W. Wall.
Commits
e0ef295Sigh. Fix comment again. This one was copy/paste error.5c0553cFix botched comment.99f5510Added comment about how OWASP Dependency Check is no longer working in case s...e6cf7a3Merge pull request #879 from kwwall/2.6.1.0a34b00dChanges for new release, 2.6.1.02904144Changes to replace manually created Developer Activity Report with a simple G...14678f6Env vars for new ESAPI version2f7885fNew release notes for ESAPI 2.6.1.05f267f7fix: pom.xml to reduce vulnerabilities (#875)6422acaUpdate SECURITY.md- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
1
1
+1
-1
Package Dependencies
org.owasp.esapi:esapi
maven
2.6.0.0 → 2.6.1.0
Patch
Technical Details
| ID: | 509179 |
| UUID: | 2530277644 |
| Node ID: | PR_kwDOAOu-Q86W0PkM |
| Host: | GitHub |
| Repository: | dschadow/JavaSecurity |
| Merge State: | Unknown |