downloaded a book from the below link
https://www.owasp.org/images/7/79/ESAPI_Book.pdf
The book is depended on the esapi-3.10 version. But i am not able to find esapi-3.1.0.jar.
Where can find the respective jar.
Thank you.
~Shyam
Actually, it probably was a typo, but more likely it was supposed to say ESAPI 1.3 rather than 3.1. That's even about a year before I got involved with ESAPI. If you notice the date for this was 2008 and I just checked and release 1.3 was made available in Sept 2008.
So, in other words, this ESAPI book is really ancient history. And the previous answer is correct in that the latest official release is 2.1.0. The 2.1.1 release is almost done but because of other commitments (e.g., GSoC), it will likely be awhile until it is released unless I get some volunteers to assist.
-kevin
Notify OWASP. The most recent version of esapi is 2.1.0. This is a typo.
Related
Very little has changed in a while for BIRT. Since the project seems still heavily used, it would be interesting to know if there are future plans and if so, what is entailed in those plans. Subsequently, based on the development status: Is BIRT still a safe platform to base development on or is it expected to just be conserved in the current state such that occuring bugs probably won't get fixed?
We decided to use BIRT instead of Jasper 8 years ago.
We are still using 4.2.1 for development and 4.3.0 for production runtime.
I reported several bugs since then and only very few of them got fixed.
Furthermore, I developed some patches to enhance the word emitter output - with no reaction from any one at all.
I also developed a patch to allow kind of a vertical tab (to place something at a fix y position on the page (but not in the page footer). With my previous experience of the community, I did not publish that one.
I can say that while the source code is quite easy to read, it is nevertheless almost impossible to understand what is actually going on, because the functions are extremely deeply nested.
My conclusion with 8 years experience of using BIRT for production:
PROS:
BIRT is very powerful and flexible, you can achieve some very cool results.
The quality of the resulting PDFs.
There are only very few things I miss and cannot work around.
The runtime engine is very stable and fast enough, very few problems.
The community is helpful.
CONS:
From an open-source perspective, it is one of the weakest projects I know of.
New versions tend to introduce more bugs than they fix.
Bugs, ideas and patches from the community seem to be ignored most of the time.
Lack of internal code quality and documentation.
Update Dec 2021:
BIRT is back again!
The open source project is quite busy (see answer by Alexander Fedorov) and every help is welcome.
It looks like there will be a new release soon.
Until then, building BIRT yourself (with Eclipse 2021-09 and Java 11) has become quite easy thanks to the common effort of the community.
Metadata and information about the health of an Eclipse project can be found on projects.eclipse.org:
The Birt project is still alive, but not as active as before:
there has been only one release per year since 2016 and
in the last three months there have been more than 20 commits from 11 contributors.
Like all open source projects, the success of the project depends on participation. Therefore, I encourage everybody to report bugs and propose changes to Birt and other open source projects.
Update: Good news, Eclipse Birt has been rebooted. It is under active development again, there have been more than 100 commits in two and a half months and the release 4.9.0 is scheduled for March 16, 2022.
The Eclipse BIRT project has been restarted recently, and we are working to prepare Eclipse BIRT 4.9 release.
Contributors are very welcome. Here is the brief instruction regarding steps how to join this effort: https://eclipse.github.io/birt-website/docs/community
Latest versions of BIRT are not available in maven.
I can not find any link related with 2.1.5 from SourceForge. I wonder whether I can still use this version as a third party component in my product.
Any comment would be appreciated very much!
Sure you can. Search the web and you will find that version easily (e.g. here or here) It is a different question however whether you should still use that version. It is quite old and lots of bugs have been fixed and new functionality has been added. So do the following:
check the license restrictions (LGPL vs. AGPL)
if you don't have a problem with a GPL based license then use the latest 5.X version
if you can't use APGL buy a commercial license or use at least version 2.1.7
if you go the 2.1.7 route do some testing - in many cases it will do its job still fine. If not you'll probably have to fix it by yourself
Update: I would now use openPDF which is a maintained fork based on 2.1.7.
It is this sad moment to a developer's life that he has to maintain and fix legacy code... In my case I have to deal with a modified (core scripts) tinyMCE 3.2.2 which I have to update to the latest version in order to play in IE9+...
So my question is if there is a way to check which files have been changed since version 3.2.2 and try to update only those cause it is an overkill to check all the code for the modifications...
Thanks in advance
I fear there are so many changes in so many files that most of them have changed since then and in order to work with IE9.
If possible you should never ever modify the core code. Instead use custom plugins if possible.
Is three20 still actively being developed? From the three20.info site, I see no new features/UI elements since earlier this year when I looked into it.
Besides three20, is there another good framework out there?
As far as i know, Three20 is only maintained by community (bug fixes). Jeff left the project and decided to clean up that mess & provide solid documentation.
He recently started a new project on github called Nimbus, his plan is to port all features of Three20 to Nimbus without the problems we face today with Three20.
I haven't given up on three20 yet. It's a good framework and it saves me hours of work. I'm submitting bug fixes and small improvements to the framework from time to time and I see some activity in github. (not as much as it used to be)
I tried using nimbus, and I was really impressed with the documentation and existing classes. However, note that the developer went to work in CA and said he'll contribute less to his new framework.
The three20.info site is not maintained, but you can download the latest version from github.com/facebook/three20.
I'm looking at using the MongoDB-CSharp driver for MongoDB on a small test project. The downloads have binary and source, but I can't find any documentation anywhere.
Does anyone know if there's documentation for MongoDB-CSharp, or should I just be reading the source??
Thanks
I've been looking at the source :-). I found the Linq Integration Tests in the typedcollections branch to be a good start:
http://github.com/samus/mongodb-csharp/blob/typedcollections/source/MongoDB.Tests/IntegrationTests/Linq/MongoQueryTests.cs
Craig's wiki is good too, but I only found that last weekend.
You may want to give the typedcollections branch a look rather than the downloads because that's were all the recent development has been going on.
MongoDB-CSharp is about to release a beta. With it comes some wiki documentation. You can check out the pre-release docs at http://wiki.github.com/craiggwilson/mongodb-csharp/. Can you tell me what other types of information would be useful?