Patched in ESAPI 184.108.40.206 and later. See important remediation details in the reference given below.
Manually edit your antisamy-esapi.xml configuration files to change the "onsiteURL" regular expression as per remediation instructions in the reference below.
If you have any questions or comments about this advisory: * Email one of the project co-leaders. See email addresses listed on the OWASP ESAPI wiki page, under "Leaders". * Send email to one of the two ESAPI related Google Groups listed under Where to Find More Information on ESAPI on our README.md page.