Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

[dependabot]

Bumps org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0.

Release notes

Sourced from org.owasp.esapi:esapi's releases.

2.6.1.0

Full Release Notes

Release notes for ESAPI release 2.6.1.0 are located at:

• https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.6.1.0-release-notes.txt

What's Changed

• Updated AntiSamy from release 1.7.7 to 1.7.8 which addresses the potentially exploitable vulnerability GHSA-73m2-qfq3-56cx. There is slim possibility that this could affect ESAPI users who have allowed certain CSS mark-up constructs to the AntiSamy policy file that they are using. However the default ESAPI AntiSamy policy file (antisamy-esapi.xml) does not permit CSS mark-up of any sort out unless it has been modified by the ESAPI client.
• Other minor updates to pom.xml

Full Changelog: ESAPI/esapi-java-legacy@esapi-2.6.0.0...esapi-2.6.1.0

Other Notes

You may see GHAS Dependabot references to https://github.com/ESAPI/esapi-java-legacy/security/dependabot/17 for this (and previous releases). For a more thorough discussion of this, please see Discussion #877.

Configuration Jar

Note the associated file "esapi-2.6.1.0-configuration.jar" contains the default ESAPI configuration files under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file "esapi-2.6.0.0-configuration.jar.asc" is a GPG signature of that jar file made by Kevin W. Wall.

Commits

• e0ef295 Sigh. Fix comment again. This one was copy/paste error.
• 5c0553c Fix botched comment.
• 99f5510 Added comment about how OWASP Dependency Check is no longer working in case s...
• e6cf7a3 Merge pull request #879 from kwwall/2.6.1.0
• a34b00d Changes for new release, 2.6.1.0
• 2904144 Changes to replace manually created Developer Activity Report with a simple G...
• 14678f6 Env vars for new ESAPI version
• 2f7885f New release notes for ESAPI 2.6.1.0
• 5f267f7 fix: pom.xml to reduce vulnerabilities (#875)
• 6422aca Update SECURITY.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)