Issues

Select view

Select search mode

Bug
Log4j configuration with no root level causes NPE in Log4jLogger.java
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
StringUtils.union broken which has minor impact on CSRF Protection and random file name generation
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Patch for /trunk/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
PolicyFactory Sanitize method weird output
Unassigned
Max Gelman
Done
Nov 13, 2014
Jan 5, 2015
Bug
Incorrect lazy initialization of static field instance
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Insecure default configuration for Executor.ApprovedExecutables in ESAPI.properties file
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Crypto MAC by-pass makes default ESAPI symmetric encrytion using CBC mode vulnerable to padding oracle attacks
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Double checked locking on Log4JLogFactory.getInstance()
Unassigned
Max Gelman
Done
Nov 13, 2014
Jan 5, 2015
Bug
Java 7 J2EE StandardSessionFacade is not comparable
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ClickjackFilter after doFilter
Unassigned
Max Gelman
Done
Nov 13, 2014
Jan 4, 2015
Bug
ESAPI methods use deprecated constants
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
UE: NullPointerException in DefaultSecurityConfiguration
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Remove Version from project name in pom.xml
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Validation Type Error
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Handling of multiple and mixed encoding is incorrect in canoncalization
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ESAPI throws a FileNotFoundException
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
printStackTrace when loading configuration file
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Incorrect import in HTMLValidationRule
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Logger.EventType should have a public constructor
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
adding ValidationErrorList variant to the "is" checks in the validator
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Patch for /tags/releases/2.0_rc10/src/main/java/org/owasp/esapi/reference/DefaultUser.java
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Misc bug fixes in DefaultSecurityConfiguration
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Changes to DefaultSecurityConfiguration to look in 'esapi' directories.
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
DefaultSecurityConfiguration.getInstance causes NullPointerException when ESAPI.properties doesn't exist
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Revise CryptoHelper.computeDerivedKeys() in accordance with review recommendations
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
CipherTextSerializer.java - Assertions
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Change the ".esapi" folder to "esapi"
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
getValidDirectoryPath needs to verify canonicalization better
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Bug found in union() method of EncoderConstants class.
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Add new "audit" log level that ALWAYS get's logged
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Please migrate the WAF to using the ESAPI logging mechanism
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Please migrate the WAF to using the ESAPI logging mechanism
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
JSESSIONID is hard-coded in WAF files
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
AccessControlPolicy.xml configuration
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Broken links to ESAPI-User mailinglist
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
SecurityWrapperRequest.getContextPath() throws IntrusionException when application is deployed at the ROOT path
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
XSS Filter for consideration
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Rename .esapi directories and document changes
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
esapi-2.0_rc10-config.zip does not include esapi jar
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Change .esapi property file folder to esapi
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
DefaultSecurityConfiguration.loadConfiguration() does not reload validation.properties
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
DefaultEncoder.canonicalize() should respect value of Encoder.AllowMultipleEncoding property
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Cannot configure per-class or per-package log levels with Log4j Logger
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
ESAPI URL validation RX is vulnerable to DoS
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
Need a version of EncryptedProperties that extends java.util.Properties
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
org.owasp.esapi.filters.SecurityWrapperResponse.createCookieHeader does not respect HttpOnly and Secure properties in ESAPI.properties
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
DefaultEncoder not respecting IntrusionDetector.Disable=true in ESAPI.properties
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
HTTPParameterValue regular expression is too restriction
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
SecurityWrapperRequest.setAllowableContentRoot() protection evasion
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
Bug
org.owasp.esapi.filters.SecurityWrapperResponse cookie size limits
Unassigned
Max Gelman
Unresolved
Nov 13, 2014
Nov 13, 2014
1-50 of 176