ESAPI 2.5.3.1 is now avaiable

[kwwall]

ESAPI 2.5.3.1 is a minor point release based on the recent 2.5.3.0 release that adds:

• Updated Javadoc for the Validator.isValidSafeHTML and ValidationRule.getValid methods.
• Adds an always-on log message (a single time only) if either of the isValidSafeHTML methods is invoked. The warning notes that the method is deprecated and provides a link to the GitHub Security Advisory. The warning message itself looks something like this:

[2023-11-30 23:51:13] [DefaultLogger] [SECURITY AUDIT Anonymous:@unknown -> /ExampleApplication/DefaultLogger] WARNING: You are using the Validator.isValidSafeHTML interface, which has been deprecated and should be avoided. See GitHub Security Advisory https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm for details. 

The rationale for this point release was to add the logging so that if ESAPI logs are sent to your SIEM, it provides a message to set up an alert / trigger for. Also, we added clarifying Javadoc for the 2 Validator.isValidSafeHTML methods and corrected the ESAPI property name actually used by ValidationRule.getValid.

You may find this release at https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.5.3.1