+<b>IMPORTANT:</b> We are aware that all versions of ESAPI (unless you are using very select parts) do not work with Jakarta EE. Jakarta EE relies on <b>jakarta.servlet-api</b>. ESAPI is built to use <b>javax.servlet-api</b>. This causes things like Spring Boot 3, Spring 6, Tomcat 10, the latest version of Jetty, etc. to fail to load certain (well, many) ESAPI classes. The reason for this is that the package names between these 2 libraryes are different! The dependency <b>javax.servlet-api</b> has a package namespace of <code>javax.servlet</code>. The <b>jakarta.servlet-api</b> library is using the package namespace of <code>jakarta.servlet</code>. So references to things like <code>ServletRequest</code>, <code>ServletResponse</code>, etc. in ESAPI are using <code>javax.servlet.ServletRequest</code> and <code>javax.servlet.ServletResponse</code> respectively. We cannot make it work for both at once and we will not stop supporting <b>javax.servlet-api</b>, which is what most of our existing ESAPI clients are using.
0 commit comments