<ul>
<li><a href="#overview">Overview of Vaadin
@version@ Release</a></li>
- <li><a href="#security-fixes">Security fixes</a></li>
<li><a href="#changelog">Change log for Vaadin
@version@</a></li>
<li><a href="#enhancements">Enhancements in Vaadin
<h2 id="overview">Overview of Vaadin @version@ Release</h2>
<p>
- Vaadin @version@ is a maintenance release that includes a
- number of important bug fixes, as listed in the <a
+ Vaadin @version@ is a minor release that includes a
+ number of new features and bug fixes, as listed in the <a
+ href="#enhancements">list of enhancements</a> and <a
href="#changelog">change log</a> below.
</p>
- <p>
- For a list of enhancements in the last feature release, see
- <a href="#enhancements">Enhancements in Vaadin
- @version-minor@</a> and the <a
- href="http://vaadin.com/download/release/@version-minor@/@version-minor@.0/release-notes.html">Release
- Notes for Vaadin @version-minor@.0</a>.
- </p>
-
<!-- ================================================================ -->
- <h3 id="security-fixes">Security fixes in Vaadin Framework 7.1.11</h3>
-
- <p>
- Vaadin 7.1.11 fixes two security issues discovered during internal review.
- </p>
- <p><b>Escaping of OptionGroup item icon URLs</b></p>
- <p>
- The issue affects OptionGroup with item icons. Proper escaping of the
- src-attribute on the client side was not ensured when using icons for
- OptionGroup items. This could potentially, in certain situations, allow
- a malicious user to inject content, such as javascript, in order to
- perform a cross-site scripting (XSS) attack.
- </p>
- <p>
- In order for an application to be vulnerable, user provided input must
- be used to form a URL used to display an icon for an OptionGroup item,
- when showing that Option Group to other users.<br/>
- The vulnerability has been classified as moderate, due to it's limited
- application.
- </p>
- <p><b>Escaping of URLs in Util.getAbsoluteUrl()</b></p>
- <p>
- The client side Util.getAbsoluteUrl() did not ensure proper escaping
- of the given URL. This could potentially, in certain situations, allow
- a malicious user to inject content, such as javascript, in order to
- perform a cross-site scripting (XSS) attack.
- </p>
- <p>
- The method is used internally by the framework in such a manner that it
- is unlikely this attack vector can be utilized in practice. However,
- third party components, or future use of the method, could make an
- attack viable.<br/>
- The vulnerability has been classified as moderate, due to it's limited
- application.
- </p>
-
<h3 id="changelog">Change log for Vaadin @version@</h3>
<p>This release includes the following closed issues:</p>
<p>
You can also view the <a
href="http://dev.vaadin.com/query?status=closed&resolution=fixed&milestone=Vaadin+@version@&order=id">list
- of the closed issues</a> at the Vaadin developer's site. .
+ of the closed issues</a> at the Vaadin developer's site.
</p>
<h2 id="enhancements">Enhancements in Vaadin
<li>Responsive layouts</li>
</ul>
- <p>Tools have been updated for Vaadin @version-minor@ with
- the following changes:</p>
-
- <ul>
- <li>Maven
- <ul>
- <li>Theme compilation support using <tt>vaadin:update-theme</tt>
- and <tt>vaadin:compile-theme</tt></li>
- </ul>
- </li>
- <li>Eclipse
- <ul>
- <li>Theme compilation support using the
- provided button</li>
- <li>New projects are by default generated using
- Servlet 3.0 API</li>
- <li>Additional GWT compiler parameters can be
- specified</li>
- </ul>
- </li>
- </ul>
-
<p>
For enchancements introduced in Vaadin 7, see the <a
href="http://vaadin.com/download/release/7.0/7.0.0/release-notes.html">Release
from the Android SDK. They are 99% compatible.</li>
<li>StringToNumberConverter has been removed in favor of more specific
converters such as StringToBigDecimalConverter.</li>
- <li>(internal) Atmosphere has been updated from version 1.x to 2.x. These
- are not 100% compatible.</li>
- <li>(internal) There is no longer support for "multiple variable bursts"
+ <li>There is no longer support for "multiple variable bursts"
in the UIDL communication.</li>
</ul>
<h3 id="behavioraltering">Behavior altering changes</h3>
<h3 id="knownissues">Known issues</h3>
<ul>
- <li>Not all features are implemented for devices using pointer events.</li>
- <li>Push reconnecting does not work in all situations when</li>
- <ul>
- <li>using Firefox and streaming</li>
- <li>using IE8-11 and long-polling</li>
- </ul>
+ <li>Reconnecting a dropped push connection sometimes fails when using
+ Firefox and streaming.</li>
</ul>
<h3 id="limitations">Limitations</h3>
href="http://dev.vaadin.com/ticket/11493">#11493</a>)
</li>
<li>HTTP session can not be invalidated while using
- push (<a href="http://dev.vaadin.com/ticket/11721">#11721</a>)
+ push
over websockets on Tomcat 7 (<a href="http://dev.vaadin.com/ticket/11721">#11721</a>)
</li>
- <li>Cookies are not available while using
push (<a
+ <li>Cookies are not available while using
websockets (<a
href="http://dev.vaadin.com/ticket/11808">#11808</a>)
</li>
- <li>Not all proxies are compatible with websockets. If
- you are using push with an incompatible proxy you might
- have to force the transport mode to streaming. Some
- proxies have problems with streaming also - you need to
- ensure that the proxy does not buffer responses for HTTP
- streaming to work.</li>
+ <li>Not all proxies are compatible with websockets or streaming.
+ Use long polling to avoid these problems.</li>
</ul>
<h2 id="vaadin">Vaadin Installation</h2>
<li>If using Eclipse, use the Vaadin Plugin for
Eclipse, which automatically downloads the Vaadin
- libraries. To use this prerelease version, the plugin
- should be installed from the experimental update site (<tt>http://vaadin.com/eclipse/experimental</tt>).
+ libraries.
</li>
</ul>
directory of the web application that uses validation.
</p>
- <h2 id="upgrading">Upgrading to Vaadin @version-minor@</h2>
-
- <h3>Upgrading the Eclipse Plugin</h3>
-
- <p>
- Vaadin 7 requires that you use a compatible version of the
- Vaadin Plugin for Eclipse. The stable version of the plugin
- is available from the
- <tt>http://vaadin.com/eclipse</tt>
- update site. Please see the <a
- href="https://vaadin.com/book/vaadin7/-/page/getting-started.eclipse.html#getting-started.eclipse.update">section
- about updating the plugin</a> in the Book of Vaadin and the
- <a href="http://vaadin.com/eclipse">installation
- instructions at the download site</a> for more details.
- </p>
-
- <p>
- You can also use the <i>experimental</i> Vaadin Plugin for
- Eclipse. Its update site is
- <tt>http://vaadin.com/eclipse/experimental</tt>
- .
- </p>
-
- <h3>General Upgrading Instructions</h3>
+ <h2 id="upgrading">Upgrading from Vaadin 7.1 to Vaadin @version-minor@</h2>
<p>When upgrading from an earlier Vaadin version, you must:
</p>
version. Binary compatibility is only guaranteed for
maintenance releases of Vaadin.</li>
- <li>Recompile any add-ons you have created using the
- new Vaadin</li>
-
<li>Unless using the precompiled widget set, recompile
- your widget set using the new Vaadin version</li>
+ your widget set using the new Vaadin version.</li>
</ul>
<p>Remember also to refresh the project in your IDE to
the contents of the <tt>vaadin-client-compiled</tt> and <tt>vaadin-themes</tt>
must be extracted to the <tt>ROOT/html/VAADIN</tt> directory
in the Liferay installation. If your portal uses custom
- widgets, install the latest version of <a
- href="http://vaadin.com/directory#addon/vaadin-control-panel-for-liferay">Vaadin
- Control Panel for Liferay</a> for easy widget set
- compilation - when it is available - the add-on is not
- compatible with Vaadin @version@ at the time of this Vaadin
- release. <!-- TODO: Remove note when done --></t>
+ widgets, you can use <a
+ href="http://vaadin.com/directory#addon/liferay-control-panel-plugin-for-vaadin:vaadin">
+ Liferay Control Panel for Vaadin</a> for easy widget set compilation.</t>
</p>
<h2 id="gae">
</p>
<p>
- Vaadin supports the following <b>desktop browsers</b>:
+ Vaadin @version@ supports the following <b>desktop browsers</b>:
</p>
<ul>
- <li>Mozilla Firefox 18-28</li>
+ <li>Mozilla Firefox 18-29</li>
<li>Mozilla Firefox 17 ESR, 24 ESR</li>
<li>Internet Explorer 8-11</li>
<li>Safari 6-7</li>
<ul>
<li>iOS 5-7</li>
<li>Android 2.3-4</li>
+ <li>Windows Phone 8</li>
</ul>
<p>Vaadin SQL Container supports the following databases:</p>
<li><a href="http://vaadin.com/directory">vaadin.com/directory
- Add-ons for Vaadin</a></li>
- <li><a href="http://vaadin.com/pro-account">vaadin.com/pro-account
- - Commercial support and tools for Vaadin
- development </a></li>
+ <li><a href="http://vaadin.com/pro-tools">vaadin.com/pro-tools
+ - Commercial tools for Vaadin development</a></li>
+ <li><a href="http://vaadin.com/support">vaadin.com/support
+ - Commercial support for Vaadin development </a></li>
<li><a href="http://vaadin.com/services">vaadin.com/services
- Expert services for Vaadin</a></li>
<li><a href="http://vaadin.com/company">vaadin.com/company
projects / vaadin-framework.git / commitdiff