-
|
I need to fix vulnerabilities reported by blackduck related esapi, to achieve this I am trying to update esapi version from 2.0.0.0 to latest one which is 2.5.1.0 . While I update, I am not getting any compile time errors but when the packages deployed on wildfly server Could you please let me know, is there any specific version requirement related to wildfly as to support esapi latest version. We are using Java 8 . |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
There are no specific requirements related to wildfly for any esapi version. In all likelihood you will need to update your deployed esapi configuration. Suggest reading through all of the release notes between your targeted versions to identify the changes required. |
Beta Was this translation helpful? Give feedback.
-
|
@ppramod - If would be helpful if you could mention the specific error(s) that you are seeing and if you have an exception stack trace, then to post the entire stack trace if possible (if need be, you can edit out any proprietary / sensitive information and just replace it with something like XXXX or whatever). Generally, what we have seen cause errors is people try to use their old ESAPI.properties files as-is, which means that they may not pick up some essential changes, such as to ESAPI.Logger. Generally those are written in the release notes, but so as not to make the notices in the release notes too overwhelming, we typically only mention that for a release or two and then drop them. Which means that @jeremiahjstacey is right...you really need to read through the (detailed) release notes in succession. Going from 2.2.0.0 to 2.5.1.0 is a big jump. By doing that, you probably skipped reading the detailed release notes for 2.2.1.0, 2.2.1.1, 2.2.2.0, 2.2.3.0, 2.2.3.1, 2.3.0.0, 2.4.0.0, and 2.5.0.0. I generally try to balance too much with not enough and to achieve that, I typically figure that the average ESAPI user is maybe only 2 or 3 releases behind. |
Beta Was this translation helpful? Give feedback.
-
|
@jeremiahjstacey ,@kwwall - release notes directions helped me to upgrade esapi from 2.2.0.0 to 2.2.1.1, I had to change ESAPI.Logger class, from org.owasp.esapi.reference.JavaLogFactory to org.owasp.esapi.logging.java.JavaLogFactory. Though my goal is to upgrade to latest one, will go step by step. Once again thank you both of you !! |
Beta Was this translation helpful? Give feedback.
@ppramod - If would be helpful if you could mention the specific error(s) that you are seeing and if you have an exception stack trace, then to post the entire stack trace if possible (if need be, you can edit out any proprietary / sensitive information and just replace it with something like XXXX or whatever).
Generally, what we have seen cause errors is people try to use their old ESAPI.properties files as-is, which means that they may not pick up some essential changes, such as to ESAPI.Logger. Generally those are written in the release notes, but so as not to make the notices in the release notes too overwhelming, we typically only mention that for a release or two and then drop them.…