[ANNOUNCE] Apache Wicket 9.17.0 released

[Andrea Del Bene]

The Apache Wicket PMC is proud to announce Apache Wicket 9.17.0!
Apache Wicket is an open source Java component oriented web application
framework that powers thousands of web applications and web sites for
governments, stores, universities, cities, banks, email providers, and
more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 9. We
use semantic versioning for the development of Wicket, and as such no
API breaks are present in this release compared to 9.0.0.

New and noteworthy
------------------
This release fixes the following security issue:

 * CVE-2024-27439 - ‘Possible bypass of CSRF protection’
   Reported by Jo Theunis: jo.theu...@dnsbelgium.be


Using this release
------------------

With Apache Maven update your dependency to (and don't forget to
update any other dependencies on Wicket projects to the same version):

<dependency>
    <groupId>org.apache.wicket</groupId>
    <artifactId>wicket-core</artifactId>
    <version>9.17.0</version>
</dependency>

Or download and build the distribution yourself, or use our
convenience binary package you can find here:

 * Download: http://wicket.apache.org/start/wicket-9.x.html#manually

Upgrading from earlier versions
-------------------------------

If you upgrade from 9.y.z this release is a drop in replacement. If
you come from a version prior to 9.0.0, please read our Wicket 9
migration guide found at

 * http://s.apache.org/wicket9migrate

Have fun!

— The Wicket team


========================================================================

    CHANGELOG for 9.17.0:

** Bug

    * [WICKET-7086] - Injecting Spring bean may cause ClassCastException
    * [WICKET-7091] - FilePageStore throws NPE
    * [WICKET-7096] - stylesheets referenced via automatic linking miss 
nonce attribute
    * [WICKET-7097] - ServletWebResponse allows writing headers to 
committed HttpServletResponse

** Improvement

    * [WICKET-7093] - Add support for missing CSP directives
    * [WICKET-7094] - Make all CSP schemes configurable
    * [WICKET-7099] - Validate FormTester constructor parameter workingForm