package). See <a href="#upgrading">General Upgrade Instructions</a> for more details on upgrading.</p>
<!-- ====================================================================== -->
+<h3>Security fixes in Vaadin Framework 6.6.7</h3>
+<ul>
+ <li><a href="http://dev.vaadin.com/ticket/7669">#7669</a> CSRF/XSS vulnerability through separator injection</li>
+ <li><a href="http://dev.vaadin.com/ticket/7670">#7670</a> Directory traversal vulnerability</li>
+ <li><a href="http://dev.vaadin.com/ticket/7671">#7671</a> Contributory XSS: Possibility to inject HTML/JavaScript in system error messages</li>
+ <li><a href="http://dev.vaadin.com/ticket/7672">#7672</a> Contributory XSS: possibility for injection in certain components</li>
+</ul>
+
<h3>Enhancements in Vaadin Framework 6.6</h3>
<p>General enhancements:</p>
<li>Server communication methods in <b>ApplicationConnection</b> can now be overridden (<a href="http://dev.vaadin.com/ticket/6885">#6885</a>)</li>
</ul>
+<h3>Fixes in Vaadin @version@</h3>
+ <p>
+ #7669 CSRF/XSS vulnerability through separator injection
+ #7670 Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN()
+ #7671 Contributory XSS: Possibility to inject HTML/javascript in system error messages
+ #7541 Table.setColumnCollapsed("id",true) will cleared PropertyDataSource for any fields in table item properties
+ #7672 Contributory XSS: possibility for injection in certain components
+ #3125 Portlet size is not updated when window is resized
+ #6420 Solution for menu too long.
+ #7560 ComboBox: Writing the name of a new item and clicking on drop down menu works inconsistently.
+ #7653 Update screenshots for Safari 5.1
+ #7654 Update screenshots for Safari 5.1
+ </p>
+ <p>
+ The <a
+ href="http://dev.vaadin.com/query?status=closed&type=defect&milestone=Vaadin+6.7.0.rc1&or&status=closed&type=defect&milestone=Vaadin+6.7.0.beta1&group=status&col=id&col=summary&col=owner&col=type&col=priority&col=component&col=version&order=priority">full
+ details of the defects</a> can be found at dev.vaadin.com.
+ </p>
+
<h3>Backward-Incompatible Changes in Vaadin Framework 6.6</h3>
<ul>