ZBUG-1932: Upgrading jar with new changes from owasp library v20211018.2 #6
Conversation
rcyarrapothu
requested review from
dasiyogesh,
desouzas,
log2akshat,
ronstra-synacor and
silentsakky
There was a problem hiding this comment.
@rcyarrapothu can you please separate your single commit into the library specific upgrade commits and Zimbra specific changes, it will be easier for us to track.
@log2akshat As mentioned in the notes, all the changes on this PR are for upgrading the library and no new changes were added specifically for zimbra issues.
|
| @@ -4,7 +4,7 @@ | |||
| <!-- PROPERTIES --> | |||
| <property file='build-custom.properties' /> | |||
|
|
|||
| <property name='version' value='20190610.3'/> | |||
| <property name='version' value='20190610.4'/> | |||
There was a problem hiding this comment.
Is this change is also a part of upgrading the library and not the Zimbra specific change ?
There was a problem hiding this comment.
added this change to a separate commit
rcyarrapothu
force-pushed
the
bugfix/ZBUG-1932
branch
from
4e0e7a8 to
6e918e4
Compare
Problem:
When OWASP zimbra_use_owasp_html_sanitizer = true, URL in the HTML message is getting modified. Character &num replace by #_
Issues: ZBUG-1932 and ZBUG-1385
Approach and Fix:
ZBUG-1932 and ZBUG-1385
Customer has reported that the url mentioned in the email is getting modified since &num is being changed to #
While debugging the problem, noticed that these issues are fixed on the original owasp library when tried with the latest release v20211018.2 . So getting the latest changes from the newest release v20211018.2 and updating our repo.
Testing Done:
Verified with mime attached in ZBUG-1932 and ZBUG-1385. The urls are working as expected with new changes. Also re-validated the fixes made on this repo earlier and they are working as expected.
For QA:
Please re-validate the previous fixes done on this library along with ZBUG-1932 and ZBUG-1385.
Previous fixed tickets are ZBUG-1948, TSS-18004 and ZBUG-1148
Ref PRs:
zm-mailbox#1227
zm-zcs-lib#89
Notes: There are no code changes done to resolve this issue. All the changes on this PR are from the latest release on owasp library v20211018.2. Added few test-cases in zm-mailbox to test this particular scenario.