github vaadin/platform 23.4.1
Vaadin 23.4.1

latest releases: 24.6.0.alpha3, 23.5.10, 24.5.4...
6 months ago

This is a maintenance release for Vaadin 23.4. See 23.4.0 release notes for details and resources.

Notable Changes

  • Since Vaadin 23.3, the minimal supported spring.boot.version is 2.7.x
    • Spring boot 2.7 is using logback-classic 1.2.12, reported in CVE-2023-6378, logback-* 1.2.13 contains the fix
  • Since Vaadin 23.3.5, due to the founded vulnerability (CVE-2022-1471), dependency for org.yaml:snakeyaml has been removed.
    • Vaadin project is not depending on the vulnerable dependency (org.yaml:snakeyaml) directly, users can add the dependency if needed
  • Vaadin 23.3.x depends on Spring framework 5.3.x, which has been identified with vulnerability CVE-2016-1000027
    • as the faulty code has been deprecated in spring framework 5.3.x, Vaadin 23.4 project is NOT affected.

Changelogs

Official add-ons and plugins:

  • Spring add-on (23.4.1)
  • CDI add-on (14.1.1)
  • Maven plugin (23.4.1)
  • Gradle plugin (23.4.1)
  • OSGi plugin (8.1.2)
  • Quarkus plugin (1.1.4)
  • Portlet plugin (2.1.0)

Don't miss a new platform release

NewReleases is sending notifications on new releases.