Both these are at Maven Central. CloudStack cross-site scripting defenses should be improved. The project doesn't have mature encoder/sanitization for JSON and HTML so these might be useful for those purposes.
-----Original Message----- From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] Sent: Wednesday, September 24, 2014 12:07 PM To: dev Subject: Re: What is process for bundling third-party code with CloudStack? Demitrius, I second Rohits request. That said the BSD license is on the A-list at [1] so no problem there. We must agree it makes technical sense to include them. There must be attribution in the LICENSE file. they should be maven central includable so we don't have to put them in our source tree. and that's it. [1] https://www.apache.org/legal/3party.html On Wed, Sep 24, 2014 at 8:57 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Can you share with us what you’re trying to do with it? > > On 24-Sep-2014, at 8:10 pm, Demetrius Tsitrelis < > demetrius.tsitre...@citrix.com> wrote: > > OWASP has some security-related modules which would be great to > incorporate into CloudStack: > > > > https://www.owasp.org/index.php/OWASP_Java_Encoder_Project > > > > https://www.owasp.org/index.php/OWASP_JSON_Sanitizer > > > > These are BSD licensed. What is the process for bundling them into > CloudStack? Legal review, etc.? > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +41 779015219 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related > services > > IaaS Cloud Design & Build< > http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment > framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Infrastructure Support< > http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training Courses< > http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are > intended solely for the use of the individual to whom it is addressed. > Any views or opinions expressed are solely those of the author and do > not necessarily represent those of Shape Blue Ltd or related > companies. If you are not the intended recipient of this email, you > must neither take any action based upon its contents, nor copy or show > it to anyone. Please contact the sender if you believe you have > received this email in error. Shape Blue Ltd is a company incorporated > in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA > Pty Ltd is a company registered by The Republic of South Africa and is traded > under license from Shape Blue Ltd. ShapeBlue is a registered trademark. > -- Daan
