esapi-java-legacy icon indicating copy to clipboard operation
esapi-java-legacy copied to clipboard

Published 20 hours ago verified publisher icon ESAPI

Invalid version attribute in esapi.tld within esapi-2.6.0.0.jar causes deployment failure.

Open Afridi76320 opened this issue 9 months ago • 9 comments

Description

While deploying a web application using esapi-2.6.0.0.jar, the following error is encountered:

Steps to Reproduce

  1. Deploy a web application that includes esapi-2.6.0.0.jar in the WEB-INF/lib folder.
  2. Start the Tomcat server.
  3. Observe the deployment logs.

Expected Behavior

The application should deploy successfully without errors.

Actual Behavior

Deployment fails due to an invalid version attribute value in esapi.tld. The value 2.x is not a valid decimal format.

Suggested Fix

Update the esapi.tld file within esapi-2.6.0.0.jar to use a valid decimal value for the version attribute. For example, replace 2.x with 2.0.

Environment

  • Tomcat Version: [10.1.34]
  • ESAPI Version: 2.6.0.0
  • Java Version: [java17]
  • Operating System: [MAC]

Impact

This issue prevents the deployment of applications that depend on the ESAPI library, making the library unusable in its current state.

Additional Information

This issue is reproducible on multiple environments. A quick workaround involves extracting the JAR, editing the esapi.tld file, and re-packaging the JAR. However, an official fix is preferred.

Afridi76320 avatar Jan 08 '25 13:01 Afridi76320