Skip to content

esapi-2.6.2.0
Compare
Choose a tag to compare
@kwwall kwwall released this 03 Jun 02:57
· 28 commits to develop since this release
esapi-2.6.2.0
This tag was signed with the committer’s verified signature.
kwwall Kevin W. Wall
GPG key ID: 337995638A2A524F
Verified
Learn about vigilant mode.
ba358e4
This commit was signed with the committer’s verified signature.
kwwall Kevin W. Wall
GPG key ID: 337995638A2A524F
Verified
Learn about vigilant mode.

Full Release Notes

Release notes for ESAPI release 2.6.2.0 are located at:

What's Changed

  • This is a minor patch release with the intent of updating the Apache Commons BeanUtils dependency from v1.9.4 to v1.11.0 to CVE-2025-48734.

Full Changelog: esapi-2.6.1.0...esapi-2.6.2.0

Other Notes

You may see GHAS Dependabot references to https://github.com/ESAPI/esapi-java-legacy/security/dependabot/17 for this (and previous releases). For a more thorough discussion of this, please see Discussion #877.

Configuration Jar

Note the associated file "esapi-2.6.2.0-configuration.jar" contains the default ESAPI configuration
files under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file
"esapi-2.6.2.0-configuration.jar.asc" is a GPG signature of that jar file made by Kevin W. Wall.

Assets 4
Loading
2 Join discussion