vaadin/platform 24.0.11

Vaadin 24.0.11

on GitHub

This is a maintenance release for Vaadin 24.0. See 24.0.0 release notes for details and resources.

Note

To fix cve-2023-34035, Spring Security 6.0.5 has been introduced a breaking change. Vaadin 24.0.11 is compatible with the latest Springboot containing the breaking change.

Changelogs

• Flow (24.0.12) and Hilla (2.0.11)
• Design System
  • Web Components (24.0.12)
  • Flow Components (24.0.11)
• Designer (Release notes)
• Design System Publisher (Documentation)
• TestBench (9.0.4)
• Classic Components(24.0.0)
• Multiplatform Runtime (MPR) (7.0.6)
• Router (1.7.5)
• Vaadin Kits
  • Azure Kit (1.0.0)
  • Collaboration Kit (6.0.0)
  • Kubernetes Kit (2.0.0)
  • Observability Kit (2.0.0)
  • SSO Kit (2.0.5)
  • Swing Kit (2.0.0)
• Designer (Release notes)

Official add-ons and plugins:

• Spring add-on (24.0.12)
• CDI add-on (15.0.1)
• Maven plugin (24.0.11)
• Gradle plugin (24.0.11)
• Quarkus plugin (2.0.1)

known vulnerability

TestBench brings the dependency pkg:maven/com.google.guava/guava@31.1-jre, that has the vulnerability described in CVE-2020-8908 and CVE-2023-2976, the problematic method has been deprecated in guava and it is not used in Vaadin.