You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: documentation/esapi4java-core-2.2.1.0-release-notes.txt
+32-1Lines changed: 32 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -124,6 +124,37 @@ Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly Pow
124
124
125
125
We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
126
126
127
+
128
+
*** IMPORTANT WORKAROUND for 2.2.1.0 ESAPI Logging ***
129
+
130
+
Lastly, if you try to use the new ESAPI 2.2.1.0 logging, you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability, but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later), you MUST set the ESAPI.Logger property to one of:
131
+
132
+
org.owasp.esapi.logging.java.JavaLogFactory - To use the new default, java.util.logging (JUL)
133
+
org.owasp.esapi.logging.log4j.Log4JLogFactory - To use the end-of-life Log4J 1.x logger
134
+
org.owasp.esapi.logging.slf4j.Slf4JLogFactory - To use the new (to release 2.2.0.0) SLF4J logger
135
+
136
+
In addition, if you wish to use JUL for logging, you *must* supply an "esapi-java-logging.properties" file in your classpath. Unfortunately, we failed to drop add that to the ESAPI configuration jar under the GitHub 'Releases', so this file has been added explicitly to the 2.2.1.0 release 'Assets' for this release (for details, see https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.1.0). Even worse, there was a logic error in the static initializer of JavaLogFactory (now fixed in the 2.2.1.1 patch release) that causes a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
137
+
138
+
If you are using JavaLogFactory or Slf4JLogFactory, you will also want to ensure that you have the following ESAPI logging properties set to get the logs to appear what you are used to with Log4J 1.x logging:
139
+
# Set the application name if these logs are combined with other applications
140
+
Logger.ApplicationName=ExampleApplication
141
+
# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
142
+
Logger.LogEncodingRequired=false
143
+
# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
144
+
Logger.LogApplicationName=true
145
+
# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
146
+
Logger.LogServerIP=true
147
+
# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
148
+
# want to place it in a specific directory.
149
+
Logger.LogFileName=ESAPI_logging_file
150
+
# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
151
+
Logger.MaxLogFileSize=10000000
152
+
# Determines whether ESAPI should log the user info.
153
+
Logger.UserInfo=true
154
+
# Determines whether ESAPI should log the session id and client IP.
0 commit comments