github vaadin/flow 25.0.0-alpha19
Vaadin Flow 25.0.0-alpha19
on GitHub

latest release: 25.0.0-alpha20
pre-release16 hours ago

Changes since 25.0.0-alpha18

All changes

Breaking changes

  • Set minimum Node version to 24
    Commit · Pull request

    Node 24 becomes the active LTS before 25.0.0 - guaranteeing the longest possible support

  • Use Jackson for all JSON deserialization in codecs
    Commit · Pull request

    Simplify JacksonCodec and JsonCodec by using Jackson for all type deserialization instead of custom primitive type handling. This provides consistent behavior and better error messages but removes lenient type conversions (e.g., boolean to integer).

  • Set Java 21 as baseline
    Commit · Pull request

New features

  • Make RequestUtil#getUrlMapping public for manual security configuration
    Commit · Pull request

  • Add TypeReference support for generic type deserialization across all JSON APIs
    Commit · Pull request

    Add TypeReference parameter overloads to enable proper deserialization of generic collections like List and Map<String, Bean> across all Flow JSON APIs. This eliminates the need for unsafe casting when working with generic return types from JavaScript execution, property access, and event data handling. Key changes: - Add JacksonCodec.decodeAs(JsonNode, TypeReference) for core deserialization with full generic type information preservation - Add PendingJavaScriptResult.then/toCompletableFuture TypeReference overloads for executeJs() return value handling - Add Element.getProperty(String, TypeReference) for typed property access with generic collections - Add DomEvent.getEventData(TypeReference) for typed event data extraction - Add DomListenerRegistration.addEventData(Class/TypeReference) overloads that automatically introspect bean/record structures and register all properties - Add BeanUtil.getBeanPropertyPaths() utility for extracting property paths from beans/records using Java Bean introspection - Update @EventData javadoc to document existing bean/record support

  • Extend @ClientCallable to support beans and collections for all RPC calls
    Commit · Pull request

    Extend @ClientCallable to support custom beans and generic collections

  • Watch the CSS files in the project's public static resources folder
    Commit · Pull request

    Watches files in src/main/resources/META-INF/resources/ and other public static resources folders to support HMR for StyleSheet("foo.css"). ---------

  • Add Jackson serializers for Component and Node types
    Commit · Pull request

    • Add custom Jackson serializers to handle @v-node serialization for Components and Nodes in collections - Remove duplicate component handling from JacksonCodec.encodeWithTypeInfo() - ComponentSerializer delegates to NodeSerializer to eliminate code duplication - NodeSerializer handles all Node types (Element, ShadowRoot) with consistent @v-node logic - Prevents infinite recursion when serializing Components in collections - Maintains existing @v-node serialization format for client compatibility

  • Replace array-based type encoding with @v object format
    Commit · Pull request

    Replaces the array-based type encoding system [typeId, ...data] with - Nodes: {"@v": "node", "id": nodeId} → {"@v-node": nodeId} - Return channels: {"@v": "return", "nodeId": x, "channelId": y} → {"@v-return": [x, y]} - Removed legacy NODE_TYPE, ARRAY_TYPE, RETURN_CHANNEL_TYPE constants Reject objects with unknown @v- prefixed properties to maintain forward compatibility. This ensures that if new types are added in the future, older clients will fail cleanly rather than misinterpreting the data.

  • Add ComponentEffect.bindChildren
    Commit · Pull request · Issue

    Adds helper API ComponentEffect for binding ListSignal to any parent component or element.

  • Modular feature flag system using Service Provider Interface
    Commit · Pull request · Issue

    Refactored feature flags to use Service Provider Interface (SPI) pattern, allowing each module to define its own feature flags that are dynamically loaded at runtime. This eliminates the need to hardcode all feature flags in the FeatureFlags class. Changes: - Added FeatureFlagProvider interface for modules to implement - Split feature flags into domain-specific providers: - CoreFeatureFlagProvider: Core Flow framework features - CopilotFeatureFlagProvider: Copilot-related features (placeholder) - HillaFeatureFlagProvider: Hilla-related features - FlowComponentsFeatureFlagProvider: Flow Components features - TestFeatureFlagProvider: Test-only features (in test sources) - Updated FeatureFlags to load features dynamically via ServiceLoader - Removed static feature flag definitions from FeatureFlags - Maintained backward compatibility with public static references for commonly used flags - Updated debug window to no longer filter EXAMPLE feature (now only in tests) - Fixed Maven plugin's CombinedClassLoader to properly combine resources from all classloaders, allowing ServiceLoader to find all service provider files The CombinedClassLoader fix ensures that the build-dev-bundle plugin can properly load feature flag providers by combining META-INF/services resources from all classloaders instead of returning resources from only the first classloader. This design provides better modularity and extensibility, allowing new modules to easily add their own feature flags without modifying core classes. 🤖 Generated with Claude Code

  • Add bean deserialization support for executeJs return values
    Commit · Pull request

    • Extend JacksonCodec.decodeAs() to deserialize JSON objects into Java beans using Jackson - Extend JsonCodec.decodeAs() with similar bean deserialization support for consistency - Add comprehensive unit tests for simple beans, nested beans, null handling, and error cases - Add default constructors to test bean classes for Jackson compatibility - Add integration tests with new buttons for testing bean return values from client - Add ExecJavaScriptIT tests to verify complete client-to-server bean deserialization flow - Maintain full backward compatibility for existing primitive type decoding - Support both simple and complex nested bean structures returned from JavaScript This enables JavaScript code to return complex objects that are automatically deserialized into typed Java beans on the server side.

  • Add bean serialization support
    Commit · Pull request

    Implements bean-only serialization using Jackson. Beans are serialized on server and handled as standard JS objects on client.

Fixes

  • Make StyleSheet for AppShell support non-root context path
    Commit · Pull request

  • Update old override
    Commit · Pull request · Issue

    Update old platform version override when a dependency is added for the override.

  • I18NProvider.translate return same as Component.translate
    Commit · Pull request · Issue

    The I18NProvider.translate should return the same as Component.translate when no provider can be found.

  • ElementRequestHandler requests are no longer blocked by Spring Security (#22055)
    Commit · Pull request · Issue

    Note! This fix was 100% made by AI and this must be taken into account when reviewing. The issue was that ElementRequestHandler requests without a URL postfix were generating URLs like /VAADIN/dynamic/resource/0// instead of /VAADIN/dynamic/resource/0//upload. These URLs were not recognized as internal framework requests by Spring Security's CSRF filter, causing them to be blocked. The fix modifies HandlerHelper.isFrameworkInternalRequest() to recognize all dynamic resource requests as internal, not just upload requests. Security is maintained by rejecting paths with directory traversal attempts. 🤖 Generated with Claude Code

  • Apply preventDefault only to filtered events (#22294)
    Commit · Pull request

    When preventDefault() or stopPropagation() is used with setFilter(), it now only prevents default behavior for events that match the filter. This allows for more granular control, e.g., preventing default only for space key while allowing tab key to function normally. The fix modifies ElementListenerMap to check for preventDefault and stopPropagation expressions and make them conditional when a filter is present.

  • Check legacy frontend folder from prepare step
    Commit · Pull request

  • Null for primitive should not fail decode
    Commit · Pull request

    Decoding null to primitive should not fail as dom event data may be missing parts sent from the client.

  • Make sure request principal is available
    Commit · Pull request · Issue

    When Spring Security request matchers are executed within SpringPathAccessChecker the request object is a stub instance that throw UnsupportedOperationException for many methods. This can cause failure when the path access checker is used in combination with request matchers that, for example, try to access the request user principal. An example is the pre-configured 'isAllowedHillaView' matcher. This change wraps the request matchers configured by Vaadin so that the request principal is taken from the Spring Security context, if not available on the request. In addition provides documentation and helper to set a global HttpServletRequestTransformer to augment all requests handled by WebInvocationPrivilegeEvaluator with the proper getUserPrincipal method override.

  • Instead of throwing, warn if legace frontend folder is used
    Commit · Pull request

  • Reintroduce valuecontext constructors
    Commit · Pull request

Check out latest releases or
releases around vaadin/flow 25.0.0-alpha19

Don't miss a new flow release

NewReleases is sending notifications on new releases.

Get notifications