Author: dashorst
Date: Wed Sep 7 21:35:45 2011
New Revision: 1166410
URL: http://svn.apache.org/viewvc?rev=1166410&view=rev
Log:
Wicket 1.5 released
Added:
wicket/common/site/trunk/_posts/2011-09-07-wicket-1.5-released.md
wicket/common/site/trunk/_site/2011/09/
wicket/common/site/trunk/_site/2011/09/07/
wicket/common/site/trunk/_site/2011/09/07/wicket-1.5-released.html
Modified:
wicket/common/site/trunk/_posts/2011-08-23-cve-2011-2712.md
wicket/common/site/trunk/_site/2011/08/23/cve-2011-2712.html
wicket/common/site/trunk/_site/atom.xml
wicket/common/site/trunk/_site/index.html
wicket/common/site/trunk/index.md
Modified: wicket/common/site/trunk/_posts/2011-08-23-cve-2011-2712.md
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_posts/2011-08-23-cve-2011-2712.md?rev=1166410&r1=1166409&r2=1166410&view=diff
==============================================================================
--- wicket/common/site/trunk/_posts/2011-08-23-cve-2011-2712.md (original)
+++ wicket/common/site/trunk/_posts/2011-08-23-cve-2011-2712.md Wed Sep 7
21:35:45 2011
@@ -14,18 +14,17 @@ Apache Wicket 1.4.x
Apache Wicket 1.3.x and 1.5-RCx are not affected
Description:
-With multi window support application configuration and special query
parameters it
-is possible to execute any kind of JavaScript on a site running with the
-affected versions.
+With multi window support application configuration and special query
parameters it is possible to execute any kind of JavaScript on a site running
with the affected versions.
Mitigation:
Either disable multi window support with
-MyApp.java
-{% highlight xml %}
-public void init() {
- super.init();
- getPageSettings.setAutomaticMultiWindowSupport(false);
+{% highlight java %}
+public class MyApp extends WebApplication {
+ public void init() {
+ super.init();
+ getPageSettings.setAutomaticMultiWindowSupport(false);
+ }
}
{% endhighlight %}
Added: wicket/common/site/trunk/_posts/2011-09-07-wicket-1.5-released.md
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_posts/2011-09-07-wicket-1.5-released.md?rev=1166410&view=auto
==============================================================================
--- wicket/common/site/trunk/_posts/2011-09-07-wicket-1.5-released.md (added)
+++ wicket/common/site/trunk/_posts/2011-09-07-wicket-1.5-released.md Wed Sep
7 21:35:45 2011
@@ -0,0 +1,124 @@
+---
+layout: post
+title: Apache Wicket releases Wicket 1.5
+---
+The Apache Wicket team is proud to announce the immediate availability of the
newest release of their component oriented open source Java web framework.
Apache Wicket 1.5 has been in development for the last two years and brings
many improvements over previous versions.
+
+Downloading Apache Wicket 1.5
+-----------------------------
+
+You can download the release here:
[http://www.apache.org/dyn/closer.cgi/wicket/1.5.0][1]
+
+Or use this in your Maven POM to upgrade to the new version:
+
+{% highlight xml %}
+<dependency>
+ <groupId>org.apache.wicket</groupId>
+ <artifactId>wicket-core</artifactId>
+ <version>1.5.0</version>
+</dependency>
+{% endhighlight %}
+
+Please note that Wicket's main artifact ID has been renamed to `wicket-core`.
+
+You will need to upgrade all modules (i.e. wicket, wicket-extensions,
wicket-ioc, wicket-spring, etc) to 1.5.0. **It is not possible to mix previous
versions of Wicket with modules of this release.**
+
+Most notable changes
+--------------------
+
+With this release the Wicket team has revised many of its internals. A short
list:
+
+ - HTML5 components added: `EmailTextField`, `NumberTextField`, `UrlTextField`
and `RangeTextField`
+ - New inter-component events (explained below)
+ - Minimum required servlet API is servlet-api 2.5
+ - All standard validators now extend `Behavior` to allow for client side
validations
+ - `IBehavior` has been removed and `AbstractBehavior` has been deprecated,
you should now extend `Behavior` instead
+ - Simplified the [request cycle processing][3] and made it more extensible
+ - URL handling is now in one place
+ - Wicket's rendering code has been greatly simplified
+ - Improved browser [caching support][4]
+ - ClientSideImageMap replaces old ImageMap
+ - Better support for running behind proxies with `x-forwarded-for` header
+ - [Request cycle listeners][3] make it easier to integrate frameworks in your
Wicket application
+ - Consistent naming: methods with `Javascript` in the name have been renamed
to use proper capitalization: `JavaScript`
+ - Switching to HTTPS is as simple as configuring a new root mapper to make
Wicket HTTPS aware and annotating a page with @RequireHttps
+
+A longer list of changes and improvements can be found in our [migration
guide][2].
+
+### Inter-component events ###
+
+Wicket 1.5 offers a simple, yet flexible, way for component to communicate
with each other in a decoupled manner. The two major interfaces that facilitate
this are:
+
+{% highlight java %}
+/**
+ * Objects that can send events
+ */
+public interface IEventSource {
+ <T> void send(IEventSink sink, Broadcast broadcast, T payload);
+}
+{% endhighlight %}
+
+and
+
+{% highlight java %}
+/**
+ * Objects that can receive events
+ */
+public interface IEventSink
+{
+ /**
+ * Called when an event is sent to this sink
+ */
+ void onEvent(IEvent<?> event);
+}
+{% endhighlight %}
+
+The classes that implement these interfaces, and can thus participate in the
event mechanism are: `Component`, `RequestCycle`, `Session`, and `Application`.
+
+The mechanism allows for different event broadcast methods defined here:
+
+{% highlight java %}
+/**
+ * Defines the event broadcast type.
+ */
+public enum Broadcast {
+ BREADTH,
+ DEPTH,
+ BUBBLE,
+ EXACT;
+}
+{% endhighlight %}
+
+There is an example in wicket-examples which demonstrates the usage of this.
+
+Applications can register custom event dispatchers in `FrameworkSettings`; the
dispatchers can be used to build custom event delivery mechanisms. For example
a custom `IEventDispatcher` mechanism can route events to annotated methods,
for example:
+
+{% highlight java %}
+public class MyComponent extends Component {
+ @OnEvent
+ private void onUserAdded(UserAddedEvent event) {...}
+}
+{% endhighlight %}
+
+where `UserAddedEvent` is the event payload object.
+
+The default `Component#onEvent` method will be called even if custom
dispatchers are registered.
+
+A default event is raised whenever Wicket begins to create an AJAX response.
The payload of the event is the `AjaxRequestTarget` used for event. Sample
implementation:
+
+{% highlight java %}
+// component that always adds itself to the ajax response
+public class MyComponent extends Component {
+ public void onEvent(IEvent event) {
+ if (event.getPayload() instanceof AjaxRequestTarget) {
+ ((AjaxRequestTarget)event.getPayload()).add(this);
+ }
+ }
+}
+{% endhighlight %}
+
+
+[1]: http://www.apache.org/dyn/closer.cgi/wicket/1.5.0
+[2]: http://s.apache.org/wicket-1.5-migration
+[3]: https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html
+[4]: https://cwiki.apache.org/WICKET/caching-in-wicket-15.html
Modified: wicket/common/site/trunk/_site/2011/08/23/cve-2011-2712.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2011/08/23/cve-2011-2712.html?rev=1166410&r1=1166409&r2=1166410&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/2011/08/23/cve-2011-2712.html (original)
+++ wicket/common/site/trunk/_site/2011/08/23/cve-2011-2712.html Wed Sep 7
21:35:45 2011
@@ -153,12 +153,12 @@
<p>Description: With multi window support application configuration and
special query parameters it is possible to execute any kind of JavaScript on a
site running with the affected versions.</p>
<p>Mitigation: Either disable multi window support with</p>
-
-<p>MyApp.java</p>
-<div class='highlight'><pre><code class='xml'>public void init() {
- super.init();
- getPageSettings.setAutomaticMultiWindowSupport(false);
-}
+<div class='highlight'><pre><code class='java'><span class='kd'>public</span>
<span class='kd'>class</span> <span class='nc'>MyApp</span> <span
class='kd'>extends</span> <span class='n'>WebApplication</span> <span
class='o'>{</span>
+ <span class='kd'>public</span> <span class='kt'>void</span> <span
class='nf'>init</span><span class='o'>()</span> <span class='o'>{</span>
+ <span class='kd'>super</span><span class='o'>.</span><span
class='na'>init</span><span class='o'>();</span>
+ <span class='n'>getPageSettings</span><span class='o'>.</span><span
class='na'>setAutomaticMultiWindowSupport</span><span class='o'>(</span><span
class='kc'>false</span><span class='o'>);</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
</code></pre>
</div>
<p>or upgrade to <a
href='http://wicket.apache.org/2011/08/09/wicket-1.4.18-released.html'>Apache
Wicket 1.4.18</a> or <a
href='http://wicket.apache.org/2011/06/25/wicket-1.5-RC5.1-released.html'>Apache
Wicket 1.5-RC5.1</a></p>
Added: wicket/common/site/trunk/_site/2011/09/07/wicket-1.5-released.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2011/09/07/wicket-1.5-released.html?rev=1166410&view=auto
==============================================================================
--- wicket/common/site/trunk/_site/2011/09/07/wicket-1.5-released.html (added)
+++ wicket/common/site/trunk/_site/2011/09/07/wicket-1.5-released.html Wed Sep
7 21:35:45 2011
@@ -0,0 +1,275 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Apache Wicket - Apache Wicket releases Wicket 1.5</title>
+
+ <link rel="stylesheet" href="/css/screen.css" type="text/css"
media="screen" />
+
+ <!--[if lt ie 7]>
+ <link rel="stylesheet" href="/css/ie.css" type="text/css"
media="screen" />
+ <![endif]-->
+ <link rel="shortcut icon" href="/favicon.ico"
type="image/vnd.microsoft.icon" />
+ <link rel="alternate" type="application/atom+xml" href="/atom.xml" />
+ <meta http-equiv="content-type" content="text/html;charset=utf-8" />
+</head>
+<body>
+<div id="container">
+ <div id="content">
+ <div id="header"><a href="/"><h1 id="logo"><span>Apache
Wicket</span></h1></a></div>
+ <div id="navigation">
+ <h5><a name="Navigation-Wicket"></a>Meet Wicket</h5>
+ <ul>
+ <li>
+ <a href="/" title="Index">Home</a>
+ </li>
+ <li>
+ <a href="/meet/introduction.html"
title="Introduction">Introduction</a>
+ </li>
+ <li>
+ <a href="/meet/features.html"
title="Features">Features</a>
+ </li>
+ <li>
+ <a href="/meet/buzz.html" title="Buzz">Buzz</a>
+ </li>
+ <li>
+ <a href="/meet/vision.html" title="Vision">Vision</a>
+ </li>
+ <li>
+ <a href="/meet/blogs.html" title="Blogs">Blogs</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-GettingStarted"
id="Navigation-GettingStarted"></a>Get Started
+ </h5>
+ <ul>
+ <li>
+ <a href="/start/download.html" title="Download
Wicket">Download Wicket</a>
+ </li>
+ <li>
+ <a href="/start/quickstart.html" title="Getting started
via a Maven Archetype">Quickstart</a>
+ </li>
+ <li>
+ <a href="http://www.jweekend.com/dev/LegUp";
rel="nofollow">More archetypes</a>
+ </li>
+ <li>
+ <a href="/help" title="Get help">Get help</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Documentation"
id="Navigation-Documentation"></a>Learn
+ </h5>
+ <ul>
+ <li>
+ <a href="/learn/examples" title="Examples">Examples</a>
+ </li>
+ <li>
+ <a
href="http://wicketstuff.org/wicket14/compref/";>Components</a>
+ </li>
+ <li>
+ <a href="/learn/projects/" title="Projects extending
basic Wicket">Projects</a>
+ </li>
+ <li>
+ <a href="http://cwiki.apache.org/WICKET";>Wiki</a>
+ </li>
+ <li>
+ <a
href="http://cwiki.apache.org/WICKET/reference-library.html";>Reference guide</a>
+ </li>
+ <li>
+ <a href="/learn/books" title="Books">Books</a>
+ </li>
+ <li>
+ <a href="/learn/ides.html" title="IDEs">IDE plugins</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Releases"
id="Navigation-Releases"></a>Releases
+ </h5>
+ <ul>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.4.18";>Wicket 1.4</a>
+ (<a href="http://wicket.apache.org/apidocs/1.4";
title="JavaDocs of the latest stable release - 1.4.x">docs</a>)
+ </li>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.3.7";>Wicket 1.3</a>
+ (<a href="http://wicket.apache.org/apidocs/1.3";
title="JavaDocs of Apache Wicket 1.3.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.2";
class="external-link" rel="nofollow">Wicket 1.2</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.1";
class="external-link" rel="nofollow">Wicket 1.1</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.0";
class="external-link" rel="nofollow">Wicket 1.0</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Developers"
id="Navigation-Developers"></a>Contribute
+ </h5>
+ <ul>
+ <li>
+ <a href="/contribute/write.html" title="Writing
documentation">Writing docs</a>
+ </li>
+ <li>
+ <a href="/contribute/build.html" title="Building from
SVN">Build Wicket</a>
+ </li>
+ <li>
+ <a href="/contribute/patch.html" title="Provide a
patch">Provide a patch</a>
+ </li>
+ <li>
+ <a href="/contribute/release.html" title="Release
Wicket">Release Wicket</a>
+ </li>
+ <li>
+ <a href="http://fisheye6.atlassian.com/browse/wicket";
title="SVN Overview" class="external-link" rel="nofollow">Fisheye</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Apache" id="Navigation-Apache"></a>Apache
+ </h5>
+ <ul>
+ <li>
+ <a href="http://www.apache.org/"; class="external-link"
rel="nofollow">Apache</a>
+ </li>
+ <li>
+ <a href="http://www.apache.org/licenses/";
class="external-link" rel="nofollow">License</a>
+ </li>
+ <li>
+ <a
href="http://www.apache.org/foundation/sponsorship.html"; class="external-link"
rel="nofollow">Sponsorship</a>
+ </li>
+ <li>
+ <a href="http://apache.org/foundation/thanks.html";
class="external-link" rel="nofollow">Thanks</a>
+ </li>
+ </ul>
+</div>
+
+ <div id="contentbody">
+ <h1>Apache Wicket releases Wicket 1.5</h1>
+ <p>The Apache Wicket team is proud to announce the
immediate availability of the newest release of their component oriented open
source Java web framework. Apache Wicket 1.5 has been in development for the
last two years and brings many improvements over previous versions.</p>
+
+<h2 id='downloading_apache_wicket_15'>Downloading Apache Wicket 1.5</h2>
+
+<p>You can download the release here: <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5.0'>http://www.apache.org/dyn/closer.cgi/wicket/1.5.0</a></p>
+
+<p>Or use this in your Maven POM to upgrade to the new version:</p>
+<div class='highlight'><pre><code class='xml'><span
class='nt'><dependency></span>
+ <span class='nt'><groupId></span>org.apache.wicket<span
class='nt'></groupId></span>
+ <span class='nt'><artifactId></span>wicket-core<span
class='nt'></artifactId></span>
+ <span class='nt'><version></span>1.5.0<span
class='nt'></version></span>
+<span class='nt'></dependency></span>
+</code></pre>
+</div>
+<p>Please note that Wicket’s main artifact ID has been renamed to
<code>wicket-core</code>.</p>
+
+<p>You will need to upgrade all modules (i.e. wicket, wicket-extensions,
wicket-ioc, wicket-spring, etc) to 1.5.0. <strong>It is not possible to mix
previous versions of Wicket with modules of this release.</strong></p>
+
+<h2 id='most_notable_changes'>Most notable changes</h2>
+
+<p>With this release the Wicket team has revised many of its internals. A
short list:</p>
+
+<ul>
+<li>HTML5 components added: <code>EmailTextField</code>,
<code>NumberTextField</code>, <code>UrlTextField</code> and
<code>RangeTextField</code></li>
+
+<li>New inter-component events (explained below)</li>
+
+<li>Minimum required servlet API is servlet-api 2.5</li>
+
+<li>All standard validators now extend <code>Behavior</code> to allow for
client side validations</li>
+
+<li><code>IBehavior</code> has been removed and <code>AbstractBehavior</code>
has been deprecated, you should now extend <code>Behavior</code> instead</li>
+
+<li>Simplified the <a
href='https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html'>request
cycle processing</a> and made it more extensible</li>
+
+<li>URL handling is now in one place</li>
+
+<li>Wicket’s rendering code has been greatly simplified</li>
+
+<li>Improved browser <a
href='https://cwiki.apache.org/WICKET/caching-in-wicket-15.html'>caching
support</a></li>
+
+<li>ClientSideImageMap replaces old ImageMap</li>
+
+<li>Better support for running behind proxies with
<code>x-forwarded-for</code> header</li>
+
+<li><a
href='https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html'>Request
cycle listeners</a> make it easier to integrate frameworks in your Wicket
application</li>
+
+<li>Consistent naming: methods with <code>Javascript</code> in the name have
been renamed to use proper capitalization: <code>JavaScript</code></li>
+
+<li>Switching to HTTPS is as simple as configuring a new root mapper to make
Wicket HTTPS aware and annotating a page with @RequireHttps</li>
+</ul>
+
+<p>A longer list of changes and improvements can be found in our <a
href='http://s.apache.org/wicket-1.5-migration'>migration guide</a>.</p>
+
+<h3 id='intercomponent_events'>Inter-component events</h3>
+
+<p>Wicket 1.5 offers a simple, yet flexible, way for component to communicate
with each other in a decoupled manner. The two major interfaces that facilitate
this are:</p>
+<div class='highlight'><pre><code class='java'><span class='cm'>/**</span>
+<span class='cm'> * Objects that can send events</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span class='kd'>interface</span> <span
class='nc'>IEventSource</span> <span class='o'>{</span>
+ <span class='o'><</span><span class='n'>T</span><span
class='o'>></span> <span class='kt'>void</span> <span
class='n'>send</span><span class='o'>(</span><span class='n'>IEventSink</span>
<span class='n'>sink</span><span class='o'>,</span> <span
class='n'>Broadcast</span> <span class='n'>broadcast</span><span
class='o'>,</span> <span class='n'>T</span> <span class='n'>payload</span><span
class='o'>);</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>and</p>
+<div class='highlight'><pre><code class='java'><span class='cm'>/**</span>
+<span class='cm'> * Objects that can receive events</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span class='kd'>interface</span> <span
class='nc'>IEventSink</span>
+<span class='o'>{</span>
+ <span class='cm'>/**</span>
+<span class='cm'> * Called when an event is sent to this sink</span>
+<span class='cm'> */</span>
+ <span class='kt'>void</span> <span class='nf'>onEvent</span><span
class='o'>(</span><span class='n'>IEvent</span><span class='o'><?></span>
<span class='n'>event</span><span class='o'>);</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>The classes that implement these interfaces, and can thus participate in
the event mechanism are: <code>Component</code>, <code>RequestCycle</code>,
<code>Session</code>, and <code>Application</code>.</p>
+
+<p>The mechanism allows for different event broadcast methods defined here:</p>
+<div class='highlight'><pre><code class='java'><span class='cm'>/**</span>
+<span class='cm'> * Defines the event broadcast type.</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span class='kd'>enum</span> <span
class='n'>Broadcast</span> <span class='o'>{</span>
+ <span class='n'>BREADTH</span><span class='o'>,</span>
+ <span class='n'>DEPTH</span><span class='o'>,</span>
+ <span class='n'>BUBBLE</span><span class='o'>,</span>
+ <span class='n'>EXACT</span><span class='o'>;</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>There is an example in wicket-examples which demonstrates the usage of
this.</p>
+
+<p>Applications can register custom event dispatchers in
<code>FrameworkSettings</code>; the dispatchers can be used to build custom
event delivery mechanisms. For example a custom <code>IEventDispatcher</code>
mechanism can route events to annotated methods, for example:</p>
+<div class='highlight'><pre><code class='java'><span class='kd'>public</span>
<span class='kd'>class</span> <span class='nc'>MyComponent</span> <span
class='kd'>extends</span> <span class='n'>Component</span> <span
class='o'>{</span>
+ <span class='nd'>@OnEvent</span>
+ <span class='kd'>private</span> <span class='kt'>void</span> <span
class='nf'>onUserAdded</span><span class='o'>(</span><span
class='n'>UserAddedEvent</span> <span class='n'>event</span><span
class='o'>)</span> <span class='o'>{...}</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>where <code>UserAddedEvent</code> is the event payload object.</p>
+
+<p>The default <code>Component#onEvent</code> method will be called even if
custom dispatchers are registered.</p>
+
+<p>A default event is raised whenever Wicket begins to create an AJAX
response. The payload of the event is the <code>AjaxRequestTarget</code> used
for event. Sample implementation:</p>
+<div class='highlight'><pre><code class='java'><span class='c1'>// component
that always adds itself to the ajax response</span>
+<span class='kd'>public</span> <span class='kd'>class</span> <span
class='nc'>MyComponent</span> <span class='kd'>extends</span> <span
class='n'>Component</span> <span class='o'>{</span>
+ <span class='kd'>public</span> <span class='kt'>void</span> <span
class='nf'>onEvent</span><span class='o'>(</span><span class='n'>IEvent</span>
<span class='n'>event</span><span class='o'>)</span> <span class='o'>{</span>
+ <span class='k'>if</span> <span class='o'>(</span><span
class='n'>event</span><span class='o'>.</span><span
class='na'>getPayload</span><span class='o'>()</span> <span
class='k'>instanceof</span> <span class='n'>AjaxRequestTarget</span><span
class='o'>)</span> <span class='o'>{</span>
+ <span class='o'>((</span><span
class='n'>AjaxRequestTarget</span><span class='o'>)</span><span
class='n'>event</span><span class='o'>.</span><span
class='na'>getPayload</span><span class='o'>()).</span><span
class='na'>add</span><span class='o'>(</span><span class='k'>this</span><span
class='o'>);</span>
+ <span class='o'>}</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+ </div>
+ <div id="clearer"></div>
+ <div id="footer"><span>
+Copyright © 2010 — The Apache Software Foundation. Apache Wicket,
+Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo
+are trademarks of The Apache Software Foundation. All other marks mentioned
+may be trademarks or registered trademarks of their respective owners.
+</span></div>
+
+ </div>
+</div>
+</body>
+</html>
Modified: wicket/common/site/trunk/_site/atom.xml
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/atom.xml?rev=1166410&r1=1166409&r2=1166410&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/atom.xml (original)
+++ wicket/common/site/trunk/_site/atom.xml Wed Sep 7 21:35:45 2011
@@ -4,7 +4,7 @@
<title>Apache Wicket</title>
<link href="http://wicket.apache.org/atom.xml"; rel="self"/>
<link href="http://wicket.apache.org/"/>
- <updated>2011-08-30T09:03:41+02:00</updated>
+ <updated>2011-09-07T23:34:00+02:00</updated>
<id>http://wicket.apache.org/</id>
<author>
<name>Apache Wicket</name>
@@ -13,6 +13,129 @@
<entry>
+ <title>Apache Wicket releases Wicket 1.5</title>
+ <link href="http://wicket.apache.org/2011/09/07/wicket-1.5-released.html"/>
+ <updated>2011-09-07T00:00:00+02:00</updated>
+ <id>http://wicket.apache.org/2011/09/07/wicket-1.5-released</id>
+ <content type="html"><p>The Apache Wicket team is proud to announce
the immediate availability of the newest release of their component oriented
open source Java web framework. Apache Wicket 1.5 has been in development for
the last two years and brings many improvements over previous
versions.</p>
+
+<h2 id='downloading_apache_wicket_15'>Downloading Apache Wicket
1.5</h2>
+
+<p>You can download the release here: <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5.0'>http://www.apache.org/dyn/closer.cgi/wicket/1.5.0</a></p>
+
+<p>Or use this in your Maven POM to upgrade to the new version:</p>
+<div class='highlight'><pre><code class='xml'><span
class='nt'>&lt;dependency&gt;</span>
+ <span
class='nt'>&lt;groupId&gt;</span>org.apache.wicket<span
class='nt'>&lt;/groupId&gt;</span>
+ <span
class='nt'>&lt;artifactId&gt;</span>wicket-core<span
class='nt'>&lt;/artifactId&gt;</span>
+ <span class='nt'>&lt;version&gt;</span>1.5.0<span
class='nt'>&lt;/version&gt;</span>
+<span class='nt'>&lt;/dependency&gt;</span>
+</code></pre>
+</div>
+<p>Please note that Wicket&#8217;s main artifact ID has been renamed
to <code>wicket-core</code>.</p>
+
+<p>You will need to upgrade all modules (i.e. wicket, wicket-extensions,
wicket-ioc, wicket-spring, etc) to 1.5.0. <strong>It is not possible to
mix previous versions of Wicket with modules of this
release.</strong></p>
+
+<h2 id='most_notable_changes'>Most notable changes</h2>
+
+<p>With this release the Wicket team has revised many of its internals.
A short list:</p>
+
+<ul>
+<li>HTML5 components added: <code>EmailTextField</code>,
<code>NumberTextField</code>, <code>UrlTextField</code>
and <code>RangeTextField</code></li>
+
+<li>New inter-component events (explained below)</li>
+
+<li>Minimum required servlet API is servlet-api 2.5</li>
+
+<li>All standard validators now extend <code>Behavior</code>
to allow for client side validations</li>
+
+<li><code>IBehavior</code> has been removed and
<code>AbstractBehavior</code> has been deprecated, you should now
extend <code>Behavior</code> instead</li>
+
+<li>Simplified the <a
href='https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html'>request
cycle processing</a> and made it more extensible</li>
+
+<li>URL handling is now in one place</li>
+
+<li>Wicket&#8217;s rendering code has been greatly
simplified</li>
+
+<li>Improved browser <a
href='https://cwiki.apache.org/WICKET/caching-in-wicket-15.html'>caching
support</a></li>
+
+<li>ClientSideImageMap replaces old ImageMap</li>
+
+<li>Better support for running behind proxies with
<code>x-forwarded-for</code> header</li>
+
+<li><a
href='https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html'>Request
cycle listeners</a> make it easier to integrate frameworks in your
Wicket application</li>
+
+<li>Consistent naming: methods with <code>Javascript</code>
in the name have been renamed to use proper capitalization:
<code>JavaScript</code></li>
+
+<li>Switching to HTTPS is as simple as configuring a new root mapper to
make Wicket HTTPS aware and annotating a page with @RequireHttps</li>
+</ul>
+
+<p>A longer list of changes and improvements can be found in our <a
href='http://s.apache.org/wicket-1.5-migration'>migration
guide</a>.</p>
+
+<h3 id='intercomponent_events'>Inter-component events</h3>
+
+<p>Wicket 1.5 offers a simple, yet flexible, way for component to
communicate with each other in a decoupled manner. The two major interfaces
that facilitate this are:</p>
+<div class='highlight'><pre><code class='java'><span
class='cm'>/**</span>
+<span class='cm'> * Objects that can send events</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span
class='kd'>interface</span> <span
class='nc'>IEventSource</span> <span class='o'>{</span>
+ <span class='o'>&lt;</span><span
class='n'>T</span><span class='o'>&gt;</span> <span
class='kt'>void</span> <span class='n'>send</span><span
class='o'>(</span><span class='n'>IEventSink</span>
<span class='n'>sink</span><span class='o'>,</span>
<span class='n'>Broadcast</span> <span
class='n'>broadcast</span><span class='o'>,</span>
<span class='n'>T</span> <span
class='n'>payload</span><span class='o'>);</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>and</p>
+<div class='highlight'><pre><code class='java'><span
class='cm'>/**</span>
+<span class='cm'> * Objects that can receive events</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span
class='kd'>interface</span> <span
class='nc'>IEventSink</span>
+<span class='o'>{</span>
+ <span class='cm'>/**</span>
+<span class='cm'> * Called when an event is sent to this
sink</span>
+<span class='cm'> */</span>
+ <span class='kt'>void</span> <span
class='nf'>onEvent</span><span class='o'>(</span><span
class='n'>IEvent</span><span
class='o'>&lt;?&gt;</span> <span
class='n'>event</span><span class='o'>);</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>The classes that implement these interfaces, and can thus participate
in the event mechanism are: <code>Component</code>,
<code>RequestCycle</code>, <code>Session</code>, and
<code>Application</code>.</p>
+
+<p>The mechanism allows for different event broadcast methods defined
here:</p>
+<div class='highlight'><pre><code class='java'><span
class='cm'>/**</span>
+<span class='cm'> * Defines the event broadcast type.</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span
class='kd'>enum</span> <span class='n'>Broadcast</span>
<span class='o'>{</span>
+ <span class='n'>BREADTH</span><span
class='o'>,</span>
+ <span class='n'>DEPTH</span><span
class='o'>,</span>
+ <span class='n'>BUBBLE</span><span
class='o'>,</span>
+ <span class='n'>EXACT</span><span
class='o'>;</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>There is an example in wicket-examples which demonstrates the usage
of this.</p>
+
+<p>Applications can register custom event dispatchers in
<code>FrameworkSettings</code>; the dispatchers can be used to
build custom event delivery mechanisms. For example a custom
<code>IEventDispatcher</code> mechanism can route events to
annotated methods, for example:</p>
+<div class='highlight'><pre><code class='java'><span
class='kd'>public</span> <span class='kd'>class</span>
<span class='nc'>MyComponent</span> <span
class='kd'>extends</span> <span class='n'>Component</span>
<span class='o'>{</span>
+ <span class='nd'>@OnEvent</span>
+ <span class='kd'>private</span> <span
class='kt'>void</span> <span
class='nf'>onUserAdded</span><span
class='o'>(</span><span class='n'>UserAddedEvent</span>
<span class='n'>event</span><span class='o'>)</span>
<span class='o'>{...}</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>where <code>UserAddedEvent</code> is the event payload
object.</p>
+
+<p>The default <code>Component#onEvent</code> method will be
called even if custom dispatchers are registered.</p>
+
+<p>A default event is raised whenever Wicket begins to create an AJAX
response. The payload of the event is the
<code>AjaxRequestTarget</code> used for event. Sample
implementation:</p>
+<div class='highlight'><pre><code class='java'><span
class='c1'>// component that always adds itself to the ajax
response</span>
+<span class='kd'>public</span> <span
class='kd'>class</span> <span
class='nc'>MyComponent</span> <span
class='kd'>extends</span> <span class='n'>Component</span>
<span class='o'>{</span>
+ <span class='kd'>public</span> <span
class='kt'>void</span> <span
class='nf'>onEvent</span><span class='o'>(</span><span
class='n'>IEvent</span> <span
class='n'>event</span><span class='o'>)</span> <span
class='o'>{</span>
+ <span class='k'>if</span> <span
class='o'>(</span><span class='n'>event</span><span
class='o'>.</span><span
class='na'>getPayload</span><span class='o'>()</span>
<span class='k'>instanceof</span> <span
class='n'>AjaxRequestTarget</span><span class='o'>)</span>
<span class='o'>{</span>
+ <span class='o'>((</span><span
class='n'>AjaxRequestTarget</span><span
class='o'>)</span><span class='n'>event</span><span
class='o'>.</span><span
class='na'>getPayload</span><span
class='o'>()).</span><span class='na'>add</span><span
class='o'>(</span><span class='k'>this</span><span
class='o'>);</span>
+ <span class='o'>}</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
+</code></pre>
+</div></content>
+ </entry>
+
+ <entry>
<title>Wicket 1.5-RC7 released</title>
<link href="http://wicket.apache.org/2011/08/28/1.5-RC7-released.html"/>
<updated>2011-08-28T00:00:00+02:00</updated>
@@ -58,12 +181,12 @@
<p>Description: With multi window support application configuration and
special query parameters it is possible to execute any kind of JavaScript on a
site running with the affected versions.</p>
<p>Mitigation: Either disable multi window support with</p>
-
-<p>MyApp.java</p>
-<div class='highlight'><pre><code class='xml'>public void
init() {
- super.init();
- getPageSettings.setAutomaticMultiWindowSupport(false);
-}
+<div class='highlight'><pre><code class='java'><span
class='kd'>public</span> <span class='kd'>class</span>
<span class='nc'>MyApp</span> <span
class='kd'>extends</span> <span
class='n'>WebApplication</span> <span class='o'>{</span>
+ <span class='kd'>public</span> <span
class='kt'>void</span> <span
class='nf'>init</span><span class='o'>()</span> <span
class='o'>{</span>
+ <span class='kd'>super</span><span
class='o'>.</span><span class='na'>init</span><span
class='o'>();</span>
+ <span class='n'>getPageSettings</span><span
class='o'>.</span><span
class='na'>setAutomaticMultiWindowSupport</span><span
class='o'>(</span><span class='kc'>false</span><span
class='o'>);</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
</code></pre>
</div>
<p>or upgrade to <a
href='http://wicket.apache.org/2011/08/09/wicket-1.4.18-released.html'>Apache
Wicket 1.4.18</a> or <a
href='http://wicket.apache.org/2011/06/25/wicket-1.5-RC5.1-released.html'>Apache
Wicket 1.5-RC5.1</a></p>
@@ -237,34 +360,4 @@
<p>I hope you enjoy it, more details are available on <a
href='http://wicketinaction.com/2011/03/apache-wicket-cookbook-is-published/'>Wicket
In Action Blog Post</a> <br /><br /><br /><br
/><br /></p></content>
</entry>
- <entry>
- <title>Wicket 1.5-rc2 released</title>
- <link
href="http://wicket.apache.org/2011/02/25/wicket-1.5-rc2-released.html"/>
- <updated>2011-02-25T00:00:00+01:00</updated>
- <id>http://wicket.apache.org/2011/02/25/wicket-1.5-rc2-released</id>
- <content type="html"><p>The Wicket Team is proud to introduce the
second Release Candidate in Wicket 1.5 series. See the changelog for the list
of bug fixes and improvements done between 1.5-RC1 and 1.5-rc2</p>
-
-<p>More detailed migration notes are available on our <a
href='https://cwiki.apache.org/WICKET/migration-to-wicket-15.html'>Migrate
to 1.5 Wiki Page</a></p>
-
-<p>Release Artifacts:</p>
-
-<ul>
-<li><a
href='http://svn.apache.org/repos/asf/wicket/releases/wicket-1.5-rc2'>Subversion
tag</a></li>
-
-<li><a
href='https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&amp;version=12316059'>Changelog</a></li>
-
-<li>To use in Maven:</li>
-</ul>
-<div class='highlight'><pre><code class='xml'><span
class='nt'>&lt;dependency&gt;</span>
- <span
class='nt'>&lt;groupId&gt;</span>org.apache.wicket<span
class='nt'>&lt;/groupId&gt;</span>
- <span
class='nt'>&lt;artifactId&gt;</span>wicket-core<span
class='nt'>&lt;/artifactId&gt;</span>
- <span class='nt'>&lt;version&gt;</span>1.5-rc2<span
class='nt'>&lt;/version&gt;</span>
-<span class='nt'>&lt;/dependency&gt;</span>
-</code></pre>
-</div>
-<ul>
-<li>Download the <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5-rc2'>full
distribution</a> (including source)</li>
-</ul></content>
- </entry>
-
</feed>
Modified: wicket/common/site/trunk/_site/index.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/index.html?rev=1166410&r1=1166409&r2=1166410&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/index.html (original)
+++ wicket/common/site/trunk/_site/index.html Wed Sep 7 21:35:45 2011
@@ -163,7 +163,87 @@
</ul>
<p>Wicket is released under the <a
href='http://www.apache.org/licenses/LICENSE-2.0.html'>Apache License, Version
2.0</a>.</p>
+<h1>Security announcement: CVE-2011-2712</h1>
+<p>A XSS vulnerability has been found in Apache Wicket version 1.4. This is
solved in Apache Wicket 1.4.18. Please upgrade your applications to this
release. Wicket versions 1.3.x and 1.5.x are not affected by this
vulnerability. <a href='2011/08/23/cve-2011-2712.html'>More information</a></p>
+<h1 id='apache_wicket_releases_wicket_15'><a
href='/2011/09/07/wicket-1.5-released.html'>Apache Wicket releases Wicket
1.5</a></h1>
+<p>The Apache Wicket team is proud to announce the immediate availability of
the newest release of their component oriented open source Java web framework.
Apache Wicket 1.5 has been in development for the last two years and brings
many improvements over previous versions.</p><h2
id='downloading_apache_wicket_15'>Downloading Apache Wicket 1.5</h2><p>You can
download the release here: <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5.0'>http://www.apache.org/dyn/closer.cgi/wicket/1.5.0</a></p><p>Or
use this in your Maven POM to upgrade to the new version:</p><div
class='highlight'><pre><code class='xml'><span
class='nt'><dependency></span>
+ <span class='nt'><groupId></span>org.apache.wicket<span
class='nt'></groupId></span>
+ <span class='nt'><artifactId></span>wicket-core<span
class='nt'></artifactId></span>
+ <span class='nt'><version></span>1.5.0<span
class='nt'></version></span>
+<span class='nt'></dependency></span>
+</code></pre>
+</div><p>Please note that Wicket’s main artifact ID has been renamed to
<code>wicket-core</code>.</p><p>You will need to upgrade all modules (i.e.
wicket, wicket-extensions, wicket-ioc, wicket-spring, etc) to 1.5.0. <strong>It
is not possible to mix previous versions of Wicket with modules of this
release.</strong></p><h2 id='most_notable_changes'>Most notable
changes</h2><p>With this release the Wicket team has revised many of its
internals. A short list:</p><ul>
+<li>HTML5 components added: <code>EmailTextField</code>,
<code>NumberTextField</code>, <code>UrlTextField</code> and
<code>RangeTextField</code></li>
+
+<li>New inter-component events (explained below)</li>
+
+<li>Minimum required servlet API is servlet-api 2.5</li>
+
+<li>All standard validators now extend <code>Behavior</code> to allow for
client side validations</li>
+
+<li><code>IBehavior</code> has been removed and <code>AbstractBehavior</code>
has been deprecated, you should now extend <code>Behavior</code> instead</li>
+
+<li>Simplified the <a
href='https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html'>request
cycle processing</a> and made it more extensible</li>
+
+<li>URL handling is now in one place</li>
+
+<li>Wicket’s rendering code has been greatly simplified</li>
+
+<li>Improved browser <a
href='https://cwiki.apache.org/WICKET/caching-in-wicket-15.html'>caching
support</a></li>
+
+<li>ClientSideImageMap replaces old ImageMap</li>
+
+<li>Better support for running behind proxies with
<code>x-forwarded-for</code> header</li>
+
+<li><a
href='https://cwiki.apache.org/WICKET/requestcycle-in-wicket-15.html'>Request
cycle listeners</a> make it easier to integrate frameworks in your Wicket
application</li>
+
+<li>Consistent naming: methods with <code>Javascript</code> in the name have
been renamed to use proper capitalization: <code>JavaScript</code></li>
+
+<li>Switching to HTTPS is as simple as configuring a new root mapper to make
Wicket HTTPS aware and annotating a page with @RequireHttps</li>
+</ul><p>A longer list of changes and improvements can be found in our <a
href='http://s.apache.org/wicket-1.5-migration'>migration guide</a>.</p><h3
id='intercomponent_events'>Inter-component events</h3><p>Wicket 1.5 offers a
simple, yet flexible, way for component to communicate with each other in a
decoupled manner. The two major interfaces that facilitate this are:</p><div
class='highlight'><pre><code class='java'><span class='cm'>/**</span>
+<span class='cm'> * Objects that can send events</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span class='kd'>interface</span> <span
class='nc'>IEventSource</span> <span class='o'>{</span>
+ <span class='o'><</span><span class='n'>T</span><span
class='o'>></span> <span class='kt'>void</span> <span
class='n'>send</span><span class='o'>(</span><span class='n'>IEventSink</span>
<span class='n'>sink</span><span class='o'>,</span> <span
class='n'>Broadcast</span> <span class='n'>broadcast</span><span
class='o'>,</span> <span class='n'>T</span> <span class='n'>payload</span><span
class='o'>);</span>
+<span class='o'>}</span>
+</code></pre>
+</div><p>and</p><div class='highlight'><pre><code class='java'><span
class='cm'>/**</span>
+<span class='cm'> * Objects that can receive events</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span class='kd'>interface</span> <span
class='nc'>IEventSink</span>
+<span class='o'>{</span>
+ <span class='cm'>/**</span>
+<span class='cm'> * Called when an event is sent to this sink</span>
+<span class='cm'> */</span>
+ <span class='kt'>void</span> <span class='nf'>onEvent</span><span
class='o'>(</span><span class='n'>IEvent</span><span class='o'><?></span>
<span class='n'>event</span><span class='o'>);</span>
+<span class='o'>}</span>
+</code></pre>
+</div><p>The classes that implement these interfaces, and can thus participate
in the event mechanism are: <code>Component</code>, <code>RequestCycle</code>,
<code>Session</code>, and <code>Application</code>.</p><p>The mechanism allows
for different event broadcast methods defined here:</p><div
class='highlight'><pre><code class='java'><span class='cm'>/**</span>
+<span class='cm'> * Defines the event broadcast type.</span>
+<span class='cm'> */</span>
+<span class='kd'>public</span> <span class='kd'>enum</span> <span
class='n'>Broadcast</span> <span class='o'>{</span>
+ <span class='n'>BREADTH</span><span class='o'>,</span>
+ <span class='n'>DEPTH</span><span class='o'>,</span>
+ <span class='n'>BUBBLE</span><span class='o'>,</span>
+ <span class='n'>EXACT</span><span class='o'>;</span>
+<span class='o'>}</span>
+</code></pre>
+</div><p>There is an example in wicket-examples which demonstrates the usage
of this.</p><p>Applications can register custom event dispatchers in
<code>FrameworkSettings</code>; the dispatchers can be used to build custom
event delivery mechanisms. For example a custom <code>IEventDispatcher</code>
mechanism can route events to annotated methods, for example:</p><div
class='highlight'><pre><code class='java'><span class='kd'>public</span> <span
class='kd'>class</span> <span class='nc'>MyComponent</span> <span
class='kd'>extends</span> <span class='n'>Component</span> <span
class='o'>{</span>
+ <span class='nd'>@OnEvent</span>
+ <span class='kd'>private</span> <span class='kt'>void</span> <span
class='nf'>onUserAdded</span><span class='o'>(</span><span
class='n'>UserAddedEvent</span> <span class='n'>event</span><span
class='o'>)</span> <span class='o'>{...}</span>
+<span class='o'>}</span>
+</code></pre>
+</div><p>where <code>UserAddedEvent</code> is the event payload
object.</p><p>The default <code>Component#onEvent</code> method will be called
even if custom dispatchers are registered.</p><p>A default event is raised
whenever Wicket begins to create an AJAX response. The payload of the event is
the <code>AjaxRequestTarget</code> used for event. Sample
implementation:</p><div class='highlight'><pre><code class='java'><span
class='c1'>// component that always adds itself to the ajax response</span>
+<span class='kd'>public</span> <span class='kd'>class</span> <span
class='nc'>MyComponent</span> <span class='kd'>extends</span> <span
class='n'>Component</span> <span class='o'>{</span>
+ <span class='kd'>public</span> <span class='kt'>void</span> <span
class='nf'>onEvent</span><span class='o'>(</span><span class='n'>IEvent</span>
<span class='n'>event</span><span class='o'>)</span> <span class='o'>{</span>
+ <span class='k'>if</span> <span class='o'>(</span><span
class='n'>event</span><span class='o'>.</span><span
class='na'>getPayload</span><span class='o'>()</span> <span
class='k'>instanceof</span> <span class='n'>AjaxRequestTarget</span><span
class='o'>)</span> <span class='o'>{</span>
+ <span class='o'>((</span><span
class='n'>AjaxRequestTarget</span><span class='o'>)</span><span
class='n'>event</span><span class='o'>.</span><span
class='na'>getPayload</span><span class='o'>()).</span><span
class='na'>add</span><span class='o'>(</span><span class='k'>this</span><span
class='o'>);</span>
+ <span class='o'>}</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
<h1 id='wicket_15rc7_released'><a
href='/2011/08/28/1.5-RC7-released.html'>Wicket 1.5-RC7 released</a></h1>
<p>The Wicket Team is proud to introduce the seventh Release Candidate in
Wicket 1.5 series. See the changelog for the list of bug fixes and improvements
done between 1.5-RC5.1 and 1.5-RC7</p><p>More detailed migration notes are
available on our <a
href='https://cwiki.apache.org/WICKET/migration-to-wicket-15.html'>Migrate to
1.5 Wiki Page</a></p><p>Release Artifacts:</p><ul>
<li><a
href='http://svn.apache.org/repos/asf/wicket/releases/wicket-1.5-RC7'>Subversion
tag</a></li>
@@ -181,14 +261,13 @@
</code></pre>
</div><ul>
<li>Download the <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5-RC7'>full
distribution</a> (including source)</li>
-</ul>
-<h1 id='cve20112712__apache_wicket_xss_vulnerability'><a
href='/2011/08/23/cve-2011-2712.html'>CVE-2011-2712 - Apache Wicket XSS
vulnerability</a></h1>
-<p>Vendor: The Apache Software Foundation</p><p>Versions Affected: Apache
Wicket 1.4.x</p><p>Apache Wicket 1.3.x and 1.5-RCx are not
affected</p><p>Description: With multi window support application configuration
and special query parameters it is possible to execute any kind of JavaScript
on a site running with the affected versions.</p><p>Mitigation: Either disable
multi window support with</p><p>MyApp.java</p><div class='highlight'><pre><code
class='xml'>public void init() {
- super.init();
- getPageSettings.setAutomaticMultiWindowSupport(false);
-}
-</code></pre>
-</div><p>or upgrade to <a
href='http://wicket.apache.org/2011/08/09/wicket-1.4.18-released.html'>Apache
Wicket 1.4.18</a> or <a
href='http://wicket.apache.org/2011/06/25/wicket-1.5-RC5.1-released.html'>Apache
Wicket 1.5-RC5.1</a></p><p>Credit: This issue was discovered by Sven
Krewitt of TÃV Rheinland i-sec GmbH.</p><h1>Older news items</h1><ul>
+</ul><h1>Older news items</h1><ul>
+
+
+<li>
+ <a href='/2011/08/23/cve-2011-2712.html'>CVE-2011-2712 - Apache Wicket
XSS vulnerability</a> - <span>23 Aug 2011</span><br />
+ Vendor: The Apache Software Foundation Versions Affected: Apache Wicket
1.4.x Apache Wicket 1.3.x and 1.5-RCx are not affected Description: With multi
window support application configuration...
+ <a href='/2011/08/23/cve-2011-2712.html'>more</a></li>
<li>
@@ -244,12 +323,6 @@
This is sixteenth release of the Wicket 1.4.x series. This is primarily
a minor bugfix release on the 1.4.x (stable) branch. Subversion tag Changelog
To...
<a href='/2011/02/25/wicket-1.4.16-released.html'>more</a></li>
-
-<li>
- <a href='/2011/01/22/wicket-1.5-RC1-released.html'>Wicket 1.5-RC1
released</a> - <span>22 Jan 2011</span><br />
- The Wicket Team is proud to introduce the first Release Candidate in
Wicket 1.5 series. The 1.5 series provides the following major improvements: A
more...
- <a href='/2011/01/22/wicket-1.5-RC1-released.html'>more</a></li>
-
</ul>
<h1 id='books_about_wicket'>Books about Wicket</h1>
Modified: wicket/common/site/trunk/index.md
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/index.md?rev=1166410&r1=1166409&r2=1166410&view=diff
==============================================================================
--- wicket/common/site/trunk/index.md (original)
+++ wicket/common/site/trunk/index.md Wed Sep 7 21:35:45 2011
@@ -18,6 +18,10 @@ reusable components written with plain J
Wicket is released under the [Apache License, Version
2.0](http://www.apache.org/licenses/LICENSE-2.0.html).
+<h1>Security announcement: CVE-2011-2712</h1>
+A XSS vulnerability has been found in Apache Wicket version 1.4. This is
solved in Apache Wicket 1.4.18. Please upgrade your applications to this
release. Wicket versions 1.3.x and 1.5.x are not affected by this vulnerability.
+[More information](2011/08/23/cve-2011-2712.html)
+
{% for post in site.posts limit:2 %}
# [{{ post.title}}]({{post.url}}) #
{{post.content}}
