This is a maintenance release for Vaadin 24.0. See 24.0.0 release notes for details and resources.
Note
To fix cve-2023-34035, Spring Security 6.0.5 has been introduced a breaking change. Vaadin 24.0.11 is compatible with the latest Springboot containing the breaking change.
Changelogs
- Flow (24.0.12) and Hilla (2.0.11)
- Design System
- Designer (Release notes)
- Design System Publisher (Documentation)
- TestBench (9.0.4)
- Classic Components(24.0.0)
- Multiplatform Runtime (MPR) (7.0.6)
- Router (1.7.5)
- Vaadin Kits
- Designer (Release notes)
Official add-ons and plugins:
- Spring add-on (24.0.12)
- CDI add-on (15.0.1)
- Maven plugin (24.0.11)
- Gradle plugin (24.0.11)
- Quarkus plugin (2.0.1)
known vulnerability
TestBench brings the dependency pkg:maven/com.google.guava/guava@31.1-jre
, that has the vulnerability described in CVE-2020-8908 and CVE-2023-2976, the problematic method has been deprecated in guava and it is not used in Vaadin.