vaadin/platform 23.3.34

Vaadin 23.3.34

on GitHub

This is a maintenance release for Vaadin 23.3. See 23.3.0 release notes for details and resources.

Notable Changes

• Since Vaadin 23.3, the minimal supported spring.boot.version is 2.7.x
  • Spring boot 2.7 is using logback-classic 1.2.12, reported in CVE-2023-6378, logback-* 1.2.13 contains the fix
• Since Vaadin 23.3.5, due to the founded vulnerability (CVE-2022-1471), dependency for org.yaml:snakeyaml has been removed.
  • Vaadin project is not depending on the vulnerable dependency (org.yaml:snakeyaml) directly, users can add the dependency if needed
• Vaadin 23.3.x depends on Spring framework 5.3.x, which has been identified with vulnerability CVE-2016-1000027
  • as the faulty code has been deprecated in spring framework 5.3.x, Vaadin 23.3 project is NOT affected.

Changelogs

• Flow (23.3.30) and Hilla (1.3.34)
• Design System
  • Web Components (23.3.32)
  • Flow Components (23.3.34)
• TestBench (8.2.6)
• Classic Components(23.3.0)
• Multiplatform Runtime (MPR) (6.1.11)
• Router (1.7.5)
• Vaadin Kits
  • Collaboration Kit (aka Collaboration Engine) (5.3.1)
  • Azure Kit (1.0.0)
  • Kubernetes Kit (1.0.4)
  • Observability Kit (1.1.0)
  • SSO Kit (1.0.0)
  • Swing Kit (1.0.1)
• Designer (Release notes)
• Design System Publisher (Documentation)

Official add-ons and plugins:

• Spring add-on (23.3.30)
• CDI add-on (14.1.1)
• Maven plugin (23.3.34)
• Gradle plugin (23.3.34)
• OSGi plugin (8.1.2)
• Quarkus plugin (1.1.4)
• Portlet plugin (2.1.0)