This is a maintenance release for Vaadin 23.4. See 23.4.0 release notes for details and resources.
Notable Changes
- Since Vaadin 23.3, the minimal supported spring.boot.version is 2.7.x
- Spring boot 2.7 is using logback-classic 1.2.12, reported in CVE-2023-6378, logback-* 1.2.13 contains the fix
- Since Vaadin 23.3.5, due to the founded vulnerability (CVE-2022-1471), dependency for
org.yaml:snakeyaml
has been removed.- Vaadin project is not depending on the vulnerable dependency (
org.yaml:snakeyaml
) directly, users can add the dependency if needed
- Vaadin project is not depending on the vulnerable dependency (
- Vaadin 23.3.x depends on Spring framework 5.3.x, which has been identified with vulnerability CVE-2016-1000027
- as the faulty code has been deprecated in spring framework 5.3.x, Vaadin 23.4 project is NOT affected.
Changelogs
- Flow (23.4.1) and Hilla (1.4.1)
- Design System
- TestBench (8.2.6)
- Classic Components(23.3.0)
- Multiplatform Runtime (MPR) (6.1.11)
- Router (1.7.5)
- Vaadin Kits
- Designer (Release notes)
- Design System Publisher (Documentation)
Official add-ons and plugins: