http://coldfusion.com logo
#lucee
Title
# lucee
b

bdw429s

02/22/2022, 10:30 PM
Trying to run some ColdBox test suites today and I'm getting this odd error
Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
on Lucee 5.3.8.206 (stack in the thread). Has anyone ever seen this before?
The root cause is
Copy code
java.lang.ClassNotFoundException: org.lucee.extension.esapi.log.LogFactoryImpl not found by org.lucee.esapi [69]
At first, I thought maybe I had accidentally gotten a newer version of the ESAPI lib with the new Log4j bits installed on 5.3.8. but my OWASP extension version is
2.2.0.1
which is from last year.
It's worth mentioning, the line of CF code causing the error is just a boring old use of
encodeForHTML()
inside the Testbox framework
Copy code
<strong>#encodeForHTML( local.thisSpec.message )#</strong>
😮 1
l

leftbower

02/23/2022, 10:36 PM
I started getting it too, with the same function. I had thought it was a result of installing the latest OWASP extension onto 5.3.8 because upgrading to the 5.3.9 RC, with latest OWASP made it go away.. Didn't look back after that...
b

bdw429s

02/23/2022, 10:37 PM
yeah, same here. I had to use the 5.3.9 builds to keep working
I'm just worried this some new sort of dev bleeding into older Lucee versions and it may start causing people issues.
@zackster Can you give this a look please?
If this is happening due to recent development on the ESAPI extension, I don't want it to start borking people's production 5.3.8 installations out there
z

zackster

02/23/2022, 10:39 PM
File a regression plz
b

bdw429s

02/23/2022, 10:40 PM
Well, I wanted to ensure it actually was one first and not just a boneheaded thing I did
Plus, file it against what? I was using 5.3.8 when I got the error.
So is it a bug in 5.3.8 or 5.3.9?
Just seemed like a bit more research was needed before I dove into the ticket tracker with it
z

zackster

02/23/2022, 11:43 PM
Fair enough! So an existing profile (lucee version and extensions) just started throwing errors?
b

bdw429s

02/24/2022, 12:05 AM
Yeah, forgetting the site in CommandBox and starting fresh was giving me this. Not necessarily on the first page hit, but once it started, it wouldn't go away
d

dswitzer

02/24/2022, 12:27 PM
3 Views