Issues

Select view

Select search mode

Bug
ESAPI configuration files not included in dist.
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 4, 2015
Bug
User session just jumped from unknown to 0:0:0:0:0:0:0:1
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 4, 2015
Improvement
EncryptedPropertiesUtils Switch for Adding Values
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
HTTPParameterValue
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
HttpParamtervalue for allowing Xml Data
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
-Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Performance
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Regex in ESAPI.properties is not considering few of the french characters
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
logger is gettin class cast exception
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
New Feature
Content Security Policy - Java Servlet Filter
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Log4j configuration with no root level causes NPE in Log4jLogger.java
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
setHeader blocks legitimate headers due to header name size limit being too low
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
AbstractAccessReferenceMap.addDirectReference not invariant
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
StringUtils.union broken which has minor impact on CSRF Protection and random file name generation
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Construct "&" in Validator.URL is simple character class, not reference to ampersand
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Patch for /trunk/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ClassCastException on SecurityWrapperResponse
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Improvement
ClassCastException during web application redeploy due to the grift logging classes
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
PolicyFactory Sanitize method weird output
Unassigned
Max Gelman
Done
Nov 13, 2014
Jan 5, 2015
Improvement
RequestRateThrottleFilter may not work as expected with hits=1 or hits=2
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Unsynchronized get method, synchronized set method
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Incorrect lazy initialization of static field instance
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Resource leak: FileInputStream is not closed on method exit
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Incorrect Equality test on floating point values
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Resource leak: This FileReader is not closed on method exit
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Improvement
Deprecate current HttpUtilities.setRememberToken() and replace with one not requiring user password
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
ValidatorTest.testIsValidDate fails if default locale is not US
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
ESAPI.properties file not being built / deployed as part of production downloads
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Insecure default configuration for Executor.ApprovedExecutables in ESAPI.properties file
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Crypto MAC by-pass makes default ESAPI symmetric encrytion using CBC mode vulnerable to padding oracle attacks
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Double checked locking on Log4JLogFactory.getInstance()
Unassigned
Max Gelman
Done
Nov 13, 2014
Jan 5, 2015
Improvement
Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Jan 5, 2015
Bug
Eliminate eclipse code warnings to improve quality
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
AuthenticatedUser isCredentialsNonExpired() have todo comment, but default return false;
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Issue with decodeFromURL method in the DefaultEncoder
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Canonicaling "&ESAPILEG-37;Device&ESAPILEG-37; changes the meaning of the input string
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ClassCastException when using ESAPI logger
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
encodeForCSS brakes color values
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
HTMLEntityCodec#decode incorrectly decodes upper-case accented letters as their lower-case counterparts
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
encodeForHTMLAttribute escapes the forward slash
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
non-BMP characters incorrectly encoded
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
isValidDate fails with patterns ending with "yyyy"
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Java 7 J2EE StandardSessionFacade is not comparable
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ClassNotFoundException: org.owasp.esapi.reference.accesscontrol.DefaultAccessController AccessController class
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
CSS and images not working with ESAPIWebApplicationFirewallFilter
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ESAPI validator isValidRedirectLocation does not work
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Config Error
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Canoniclizing out of EncodeforLdap or EncodeForDN if contains specific characters like "(, ) #" etc. messes up the input.
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
jsessionid validator regex in esapi.properties not applicable to ids generated by tomcat
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
1-50 of 338