Incompatibility between OpenSAML version 2.6.6 and ESAPI version 2.5.4

Since version 2.2.1.1 of ESAPI, the package for the JavaLogFactory class has changed (org.owasp.esapi.reference.JavaLogFactory -> org.owasp.esapi.logging.java.JavaLogFactory). See the ESAPI documentation.

Version 2.6.6 of OpenSAML uses ESAPI version 2.0.1 (https://mvnrepository.com/artifact/org.opensaml/opensaml/2.6.6). The code refers to the old package of this class, causing an error to appear in the logs (https://github.com/ESAPI/esapi-java-legacy/issues/695).

Caused by: java.lang.ClassNotFoundException: sqsaml.org.owasp.esapi.reference.JavaLogFactory
	........
	at sqsaml.org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) ~[security.saml-9.0.0-SNAPSHOT.jar:?]
	at sqsaml.org.owasp.esapi.ESAPI.encoder(ESAPI.java:101) ~[security.saml-9.0.0-SNAPSHOT.jar:?]
	at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.populateVelocityContext(HTTPPostEncoder.java:155)

This bug occurs when using an HTTP-POST link.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information