I am currently using esapi 2.0.1 version jar and trying to upgrade it to esapi 2.5.2.0 jar to fix the cwe_id=CWE-310. I am getting these error "org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException" and "java.lang.reflect.InvocationTargetException Randomizer class (org.owasp.esapi.reference.DefaultRandomizer) CTOR threw exception must be in class path" to fix the cwe_id=CWE-310.
Will updating the below changes help in ESAPI.properties file? Please assist.
ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
Yes, fixing your ESAPI.properties file to use ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory will definitely help. See https://github.com/ESAPI/esapi-java-legacy/wiki/Configuration-Reference:-JavaLogFactory for further details, including the Links section there if you have more trouble. There is an SO page that I had bookmarked for this that @avgvstvs had written up but I can never find bc I have too many bookmarks, but I will drop him and email and ask him to add it.