Skip to content

Vaadin 23.3.22

Compare
Choose a tag to compare
@vaadin-bot vaadin-bot released this 06 Sep 08:33
· 49 commits to 23.3 since this release
00f94ee

This is a maintenance release for Vaadin 23.3. See 23.3.0 release notes for details and resources.

Notable Changes

  • Since Vaadin 23.3, the minimal supported spring.boot.version is 2.7.x
  • Since Vaadin 23.3.5, due to the founded vulnerability (CVE-2022-1471), dependency for org.yaml:snakeyaml has been removed.
    • Vaadin project is not depending on the vulnerable dependency (org.yaml:snakeyaml) directly, users can add the dependency if needed
  • Vaadin 23.3.x depends on Spring framework 5.3.x, which has been identified with vulnerability CVE-2016-1000027
    • as the faulty code has been deprecated in spring framework 5.3.x, Vaadin 23.3 project is NOT affected.

Changelogs

Official add-ons and plugins:

  • Spring add-on (23.3.18)
  • CDI add-on (14.1.1)
  • Maven plugin (23.3.22)
  • Gradle plugin (23.3.22)
  • OSGi plugin (8.1.2)
  • Quarkus plugin (1.1.4)
  • Portlet plugin (2.1.0)