github vaadin/flow 5.0.3
Vaadin Flow 5.0.3
on GitHub

latest releases: 24.3.18, 24.4.9, 24.5.0.beta3...
3 years ago

Vaadin Flow V5.0.3

Changes in Flow from 5.0.2

  • Breaking Changes:

    • Make VaadinService.dependencyFilters unmodifiable

      While the change is backwards compatible from API perspective, it could be considered a behavior change although there is quite low risk of exposure in apps. Thus targeting 2.5 for the LTS and the recently released 5.0.

  • Fixes:

    • Remove old devDependencies. PR:9931. Ticket:9720

      Clean away also old devDependencies on Package update.

    • Encode attribute value during transfer from embedded web app. PR:9583

      encode attribute value during transfer from embedded web app

    • Add empty list handling to DataCommunicator#collectKeysToFlush. PR:9516. Ticket:1837

    • Lock versions to what is set in package.json. PR:9859

      Even without platform versions we should manage the used versions by using exactly what is defined in the package.json as if we had a platform versions file.

    • Correct regexp to only match when digit first. PR:9496. Ticket:9494

      Use Matcher::find instead of Matcher::matches as matches never matched.

    • Use ordered Set for deterministic CompositeDataGenerator. PR:9657. Ticket:9656

      Use LinkedHashSet (not HashSet) to keep the order of data generators in CompositeDataGenerator.

    • Avoid BeforeClient executions for nodes with different StateTree. PR:9715. Ticket:9397

    • Use proper logging for installing pnpm and its directory. PR:9724. Ticket:9571

    • Use thread-safe map for bootstrap HTML fragment cache. PR:9852

      The cache is only protected from multiple accesses at the same time by the same user. Many users can use it simultaneously

    • Use time-constant comparison for CSRF tokens. PR:9875 Thanks to Xhelal Likaj for reporting this

      This hardens the framework against a theoretical timing attack based on comparing how quickly a request with an invalid CSRF token is rejected.

    • Use time-constant comparison for security tokens (#9896). PR:9910 Thanks to Xhelal Likaj for reporting this

      This is the same as #9875, but also applied for the upload security key and the push id since both of those are also used to protect against cross-site attacks. In addition, documentation for the push id is clarified to point out its role.

    • Importing binary file in frontend file (#9955). PR:9959. Ticket:9926

      Catch MalformedInputException for reading file during import visit for frontend files where file is binary and can not be read as lines.

Check out latest releases or
releases around vaadin/flow 5.0.3

Don't miss a new flow release

NewReleases is sending notifications on new releases.

Get notifications