Upgrade version of antisamy to 1.7.8 to update transitive dependency affected by CVE-2025-27820

#### The issue
[ESAPI 2.6.0.0](https://mvnrepository.com/artifact/org.owasp.esapi/esapi/2.6.0.0) depends on [antisamy 1.7.7](https://mvnrepository.com/artifact/org.owasp.antisamy/antisamy/1.7.7) which depends on [apache http client 5.4.1](https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5/5.4.1) which has a known vulnerability: [CVE-2025-27820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27820).

#### The solution
Antisamy released a new version: 1.7.8 which uses on a fixed Apache HTTP Client. ESAPI only have to update its version of antisamy.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Upgrade version of antisamy to 1.7.8 to update transitive dependency affected by CVE-2025-27820 #876

The issue

The solution

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Upgrade version of antisamy to 1.7.8 to update transitive dependency affected by CVE-2025-27820 #876

Description

The issue

The solution

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions