[ANNOUNCE] Apache Wicket 9.17.0 released
The Apache Wicket PMC is proud to announce Apache Wicket 9.17.0! Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org This release marks another minor release of Wicket 9. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 9.0.0. New and noteworthy -- This release fixes the following security issue: * CVE-2024-27439 - ‘Possible bypass of CSRF protection’ Reported by Jo Theunis: jo.theu...@dnsbelgium.be Using this release -- With Apache Maven update your dependency to (and don't forget to update any other dependencies on Wicket projects to the same version): org.apache.wicket wicket-core 9.17.0 Or download and build the distribution yourself, or use our convenience binary package you can find here: * Download: http://wicket.apache.org/start/wicket-9.x.html#manually Upgrading from earlier versions --- If you upgrade from 9.y.z this release is a drop in replacement. If you come from a version prior to 9.0.0, please read our Wicket 9 migration guide found at * http://s.apache.org/wicket9migrate Have fun! — The Wicket team CHANGELOG for 9.17.0: ** Bug * [WICKET-7086] - Injecting Spring bean may cause ClassCastException * [WICKET-7091] - FilePageStore throws NPE * [WICKET-7096] - stylesheets referenced via automatic linking miss nonce attribute * [WICKET-7097] - ServletWebResponse allows writing headers to committed HttpServletResponse ** Improvement * [WICKET-7093] - Add support for missing CSP directives * [WICKET-7094] - Make all CSP schemes configurable * [WICKET-7099] - Validate FormTester constructor parameter workingForm
Re: [VOTE] Release Apache Wicket 9.17.0
This vote passes. Thank you all. On 3/18/24 12:13, Tobias Soloschenko wrote: +1 kind regards Tobias Am 18.03.2024 um 12:01 schrieb Maxim Solodovnik : +1 tested: - signatures - build from sources - wicketstuff build - some exmaples BTW I guess the repository URL in the ANN email is wrong, Repository: g...@github.com:bitstorm/wicket.git -> g...@github.com:apache/wicket.git ? On Mon, 18 Mar 2024 at 00:14, Andrea Del Bene wrote: +1 to release. tested user guide examples On 3/13/24 22:36, Andrea Del Bene wrote: This is a vote to release Apache Wicket 9.17.0 Please download the source distributions found in our staging area linked below. I have included the signatures for both the source archives. This vote lasts for 72 hours minimum. [ ] Yes, release Apache Wicket 9.17.0 [ ] No, don't release Apache Wicket 9.17.0, because ... Distributions, changelog, keys and signatures can be found at: https://dist.apache.org/repos/dist/dev/wicket/9.17.0 Staging repository: https://repository.apache.org/content/repositories/orgapachewicket-1201 The binaries are available in the above link, as are a staging repository for Maven. Typically the vote is on the source, but should you find a problem with one of the binaries, please let me know, I can re-roll them some way or the other. Staging git repository data: Repository: g...@github.com:bitstorm/wicket.git Branch: build/wicket-9.17.0 Release tag: rel/wicket-9.17.0 CHANGELOG for 9.17.0: ** Bug * [WICKET-7086] - Injecting Spring bean may cause ClassCastException * [WICKET-7091] - FilePageStore throws NPE * [WICKET-7096] - stylesheets referenced via automatic linking miss nonce attribute * [WICKET-7097] - ServletWebResponse allows writing headers to committed HttpServletResponse ** Improvement * [WICKET-7093] - Add support for missing CSP directives * [WICKET-7094] - Make all CSP schemes configurable * [WICKET-7099] - Validate FormTester constructor parameter workingForm -- Best regards, Maxim
Re: [VOTE] Release Apache Wicket 9.17.0
+1 kind regards Tobias > Am 18.03.2024 um 12:01 schrieb Maxim Solodovnik : > > +1 > > tested: > - signatures > - build from sources > - wicketstuff build > - some exmaples > > BTW I guess the repository URL in the ANN email is wrong, > Repository: g...@github.com:bitstorm/wicket.git -> > g...@github.com:apache/wicket.git ? > >> On Mon, 18 Mar 2024 at 00:14, Andrea Del Bene wrote: >> >> +1 to release. tested user guide examples >> >>> On 3/13/24 22:36, Andrea Del Bene wrote: >>> This is a vote to release Apache Wicket 9.17.0 >>> >>> Please download the source distributions found in our staging area >>> linked below. >>> >>> I have included the signatures for both the source archives. This vote >>> lasts for 72 hours minimum. >>> >>> [ ] Yes, release Apache Wicket 9.17.0 >>> [ ] No, don't release Apache Wicket 9.17.0, because ... >>> >>> Distributions, changelog, keys and signatures can be found at: >>> >>>https://dist.apache.org/repos/dist/dev/wicket/9.17.0 >>> >>> Staging repository: >>> >>> https://repository.apache.org/content/repositories/orgapachewicket-1201 >>> >>> The binaries are available in the above link, as are a staging >>> repository for Maven. Typically the vote is on the source, but should >>> you find a problem with one of the binaries, please let me know, I can >>> re-roll them some way or the other. >>> >>> Staging git repository data: >>> >>>Repository: g...@github.com:bitstorm/wicket.git >>>Branch: build/wicket-9.17.0 >>>Release tag: rel/wicket-9.17.0 >>> >>> >>> >>> >>>CHANGELOG for 9.17.0: >>> >>> ** Bug >>> >>>* [WICKET-7086] - Injecting Spring bean may cause ClassCastException >>>* [WICKET-7091] - FilePageStore throws NPE >>>* [WICKET-7096] - stylesheets referenced via automatic linking >>> miss nonce attribute >>>* [WICKET-7097] - ServletWebResponse allows writing headers to >>> committed HttpServletResponse >>> >>> ** Improvement >>> >>>* [WICKET-7093] - Add support for missing CSP directives >>>* [WICKET-7094] - Make all CSP schemes configurable >>>* [WICKET-7099] - Validate FormTester constructor parameter >>> workingForm >>> > > > > -- > Best regards, > Maxim
Re: [VOTE] Release Apache Wicket 9.17.0
+1 tested: - signatures - build from sources - wicketstuff build - some exmaples BTW I guess the repository URL in the ANN email is wrong, Repository: g...@github.com:bitstorm/wicket.git -> g...@github.com:apache/wicket.git ? On Mon, 18 Mar 2024 at 00:14, Andrea Del Bene wrote: > > +1 to release. tested user guide examples > > On 3/13/24 22:36, Andrea Del Bene wrote: > > This is a vote to release Apache Wicket 9.17.0 > > > > Please download the source distributions found in our staging area > > linked below. > > > > I have included the signatures for both the source archives. This vote > > lasts for 72 hours minimum. > > > > [ ] Yes, release Apache Wicket 9.17.0 > > [ ] No, don't release Apache Wicket 9.17.0, because ... > > > > Distributions, changelog, keys and signatures can be found at: > > > > https://dist.apache.org/repos/dist/dev/wicket/9.17.0 > > > > Staging repository: > > > > https://repository.apache.org/content/repositories/orgapachewicket-1201 > > > > The binaries are available in the above link, as are a staging > > repository for Maven. Typically the vote is on the source, but should > > you find a problem with one of the binaries, please let me know, I can > > re-roll them some way or the other. > > > > Staging git repository data: > > > > Repository: g...@github.com:bitstorm/wicket.git > > Branch: build/wicket-9.17.0 > > Release tag: rel/wicket-9.17.0 > > > > > > > > > > CHANGELOG for 9.17.0: > > > > ** Bug > > > > * [WICKET-7086] - Injecting Spring bean may cause ClassCastException > > * [WICKET-7091] - FilePageStore throws NPE > > * [WICKET-7096] - stylesheets referenced via automatic linking > > miss nonce attribute > > * [WICKET-7097] - ServletWebResponse allows writing headers to > > committed HttpServletResponse > > > > ** Improvement > > > > * [WICKET-7093] - Add support for missing CSP directives > > * [WICKET-7094] - Make all CSP schemes configurable > > * [WICKET-7099] - Validate FormTester constructor parameter > > workingForm > > -- Best regards, Maxim
[ANNOUNCE] WicketStuff 10.0.0 Released
WicketStuff core 10.0.0 based on Apache Wicket 10.0.0 is released and soon will be available at Maven Central! dependabot[bot] (50): Bump org.springframework:spring-core from 6.0.10 to 6.0.15 (#760) Bump org.springframework:spring-core from 6.0.15 to 6.0.16 (#761) Bump com.hazelcast:hazelcast in /datastores-parent/datastore-hazelcast (#763) Bump org.springframework:spring-web from 6.0.16 to 6.0.17 (#765) Bump actions/checkout from 2 to 4 (#766) Bump actions/setup-java from 2 to 4 (#768) Bump actions/cache from 2 to 4 (#770) Bump ch.qos.logback:logback-classic from 1.4.8 to 1.5.0 (#815) Bump commons-logging:commons-logging from 1.2 to 1.3.0 (#814) Bump org.apache.maven.plugins:maven-surefire-report-plugin (#813) Bump org.apache.maven.plugins:maven-project-info-reports-plugin (#812) Bump org.javassist:javassist from 3.29.2-GA to 3.30.2-GA (#811) Bump org.apache.maven.archetype:archetype-packaging from 3.1.0 to 3.2.1 (#805) Bump org.apache.felix:org.apache.felix.webconsole from 3.1.8 to 5.0.0 (#802) Bump com.datastax.cassandra:cassandra-driver-core from 3.6.0 to 3.11.5 (#801) Bump org.apache.maven.plugins:maven-clean-plugin from 3.2.0 to 3.3.2 (#799) Bump com.hazelcast:hazelcast from 5.3.5 to 5.3.6 (#798) Bump org.webjars.bower:datatables from 1.10.19 to 1.10.21 (#796) Bump org.ow2.asm:asm-util from 9.5 to 9.6 (#795) Bump scala.version from 2.13.11 to 2.13.13 (#794) Bump com.google.protobuf:protobuf-java from 3.19.6 to 3.25.3 (#787) Bump redis.clients:jedis from 4.3.1 to 5.1.1 (#786) Bump org.apache.maven.plugins:maven-jxr-plugin from 2.5 to 3.3.2 (#783) Bump org.apache.servicemix.bundles:org.apache.servicemix.bundles.cglib (#782) Bump org.apache.ignite:ignite-core from 2.14.0 to 2.16.0 (#781) Bump org.apache.maven.plugins:maven-checkstyle-plugin from 2.15 to 3.3.1 (#776) Bump spring.version from 6.0.17 to 6.1.4 (#773) Bump net.javacrumbs.json-unit:json-unit from 2.17.0 to 3.2.7 (#769) Bump org.apache.shiro:shiro-core from 1.11.0 to 1.13.0 (#759) Bump org.glassfish.main.extras:glassfish-embedded-all from 4.0 to 7.0.12 (#778) Bump org.apache.shiro:shiro-web from 1.11.0 to 1.13.0 (#758) Bump log4j.version from 2.20.0 to 2.23.0 (#797) Bump org.codehaus.mojo:findbugs-maven-plugin from 3.0.1 to 3.0.5 (#829) Bump ch.qos.logback:logback-classic from 1.5.0 to 1.5.2 (#828) Bump org.webjars.npm:tinymce from 6.8.2 to 6.8.3 (#827) Bump org.codehaus.mojo:taglist-maven-plugin from 2.4 to 3.0.0 (#826) Bump org.apache.maven.plugins:maven-archetype-plugin from 3.1.0 to 3.2.1 (#825) Bump org.apache.maven.plugins:maven-site-plugin (#824) Bump jakarta.servlet.jsp:jakarta.servlet.jsp-api from 3.1.0 to 3.1.1 (#823) Bump org.glassfish.main.extras:glassfish-embedded-all (#820) Bump com.sun.xml.bind:jaxb-core from 2.3.0.1 to 4.0.4 (#819) Bump org.mockito:mockito-core from 5.10.0 to 5.11.0 (#818) Bump org.apache.maven.plugins:maven-toolchains-plugin from 1.1 to 3.1.0 (#817) Bump shiro.version from 1.13.0 to 2.0.0 (#816) Bump slf4j.version from 2.0.7 to 2.0.12 (#779) Bump org.clojure:clojure from 1.11.1 to 1.11.2 (#830) Bump ch.qos.logback:logback-classic from 1.5.2 to 1.5.3 (#836) Bump com.sun.xml.bind:jaxb-core from 4.0.4 to 4.0.5 (#835) Bump com.fasterxml.jackson.core:jackson-databind from 2.14.3 to 2.16.2 (#833) Bump redis.clients:jedis from 5.1.1 to 5.1.2 (#832) Maxim Solodovnik (15): Switching to the next development version schemaLocation for web.xml files is updated Jetty DTD URL is updated Dependencies are updated Merge is fixed Duplicate property removed TinyMCE 3 and 4 are dropped Modules for TinyMCE 3 and 4 are dropped Dependencies are updated Fixes issue #764: presense of 'getAttribute' function is being tested Dependencies are updated Dependencies are updated Fast serializer is updated GPG plugin is updated wicketstuff-core-10.0.0 is released Johannes Renoth (1): Add TinyMCE 6 module (#762) Martin Tzvetanov Grigorov (1): Add dependabot config for updating the Java deps and Github Actions Silas Porth (1): Update/partial rewrite of editable-grid (#756) The WicketStuff team