mirrors
/
vaadin-framework
mirror of https://github.com/vaadin/framework.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 330 Wiki Activity
Browse Source

Update the release-notes (#13612) 

* Removed the "Tools have been updated for Vaadin 7.2 with the following changes:"
* Removed the security fix notice for 7.1.11
* Removed the text about using the experimental Eclipse plug-in
* Specify that 7.2 is a minor release
* Clarified the known issues section
* Listed Windows Phone 8 in supported devices
* Replaced vaadin.com/pro-account with vaadin.com/pro-tools and vaadin.com/support

Change-Id: I8e03b65453419c9cb9f4570067675156f2be76fe
tags/7.2.0
Jonatan Kronqvist 10 years ago
parent
35c174cfe6
commit
43c1a364fd
1 changed files with 24 additions and 128 deletions
Split View Show Diff Stats
  1. 24
    128
      WebContent/release-notes.html

+ 24
- 128
WebContent/release-notes.html View File

@@ -41,7 +41,6 @@
<ul>
<li><a href="#overview">Overview of Vaadin
@version@ Release</a></li>
<li><a href="#security-fixes">Security fixes</a></li>
<li><a href="#changelog">Change log for Vaadin
@version@</a></li>
<li><a href="#enhancements">Enhancements in Vaadin
@@ -70,56 +69,13 @@
<h2 id="overview">Overview of Vaadin @version@ Release</h2>

<p>
Vaadin @version@ is a maintenance release that includes a
number of important bug fixes, as listed in the <a
Vaadin @version@ is a minor release that includes a
number of new features and bug fixes, as listed in the <a
href="#enhancements">list of enhancements</a> and <a
href="#changelog">change log</a> below.
</p>

<p>
For a list of enhancements in the last feature release, see
<a href="#enhancements">Enhancements in Vaadin
@version-minor@</a> and the <a
href="http://vaadin.com/download/release/@version-minor@/@version-minor@.0/release-notes.html">Release
Notes for Vaadin @version-minor@.0</a>.
</p>

<!-- ================================================================ -->
<h3 id="security-fixes">Security fixes in Vaadin Framework 7.1.11</h3>

<p>
Vaadin 7.1.11 fixes two security issues discovered during internal review.
</p>
<p><b>Escaping of OptionGroup item icon URLs</b></p>
<p>
The issue affects OptionGroup with item icons. Proper escaping of the
src-attribute on the client side was not ensured when using icons for
OptionGroup items. This could potentially, in certain situations, allow
a malicious user to inject content, such as javascript, in order to
perform a cross-site scripting (XSS) attack.
</p>
<p>
In order for an application to be vulnerable, user provided input must
be used to form a URL used to display an icon for an OptionGroup item,
when showing that Option Group to other users.<br/>
The vulnerability has been classified as moderate, due to it's limited
application.
</p>
<p><b>Escaping of URLs in Util.getAbsoluteUrl()</b></p>
<p>
The client side Util.getAbsoluteUrl() did not ensure proper escaping
of the given URL. This could potentially, in certain situations, allow
a malicious user to inject content, such as javascript, in order to
perform a cross-site scripting (XSS) attack.
</p>
<p>
The method is used internally by the framework in such a manner that it
is unlikely this attack vector can be utilized in practice. However,
third party components, or future use of the method, could make an
attack viable.<br/>
The vulnerability has been classified as moderate, due to it's limited
application.
</p>

<h3 id="changelog">Change log for Vaadin @version@</h3>

<p>This release includes the following closed issues:</p>
@@ -130,7 +86,7 @@
<p>
You can also view the <a
href="http://dev.vaadin.com/query?status=closed&resolution=fixed&milestone=Vaadin+@version@&order=id">list
of the closed issues</a> at the Vaadin developer's site. .
of the closed issues</a> at the Vaadin developer's site.
</p>

<h2 id="enhancements">Enhancements in Vaadin
@@ -160,28 +116,6 @@
<li>Responsive layouts</li>
</ul>

<p>Tools have been updated for Vaadin @version-minor@ with
the following changes:</p>

<ul>
<li>Maven
<ul>
<li>Theme compilation support using <tt>vaadin:update-theme</tt>
and <tt>vaadin:compile-theme</tt></li>
</ul>
</li>
<li>Eclipse
<ul>
<li>Theme compilation support using the
provided button</li>
<li>New projects are by default generated using
Servlet 3.0 API</li>
<li>Additional GWT compiler parameters can be
specified</li>
</ul>
</li>
</ul>

<p>
For enchancements introduced in Vaadin 7, see the <a
href="http://vaadin.com/download/release/7.0/7.0.0/release-notes.html">Release
@@ -198,9 +132,7 @@
from the Android SDK. They are 99% compatible.</li>
<li>StringToNumberConverter has been removed in favor of more specific
converters such as StringToBigDecimalConverter.</li>
<li>(internal) Atmosphere has been updated from version 1.x to 2.x. These
are not 100% compatible.</li>
<li>(internal) There is no longer support for "multiple variable bursts"
<li>There is no longer support for "multiple variable bursts"
in the UIDL communication.</li>
</ul>
<h3 id="behavioraltering">Behavior altering changes</h3>
@@ -222,12 +154,8 @@

<h3 id="knownissues">Known issues</h3>
<ul>
<li>Not all features are implemented for devices using pointer events.</li>
<li>Push reconnecting does not work in all situations when</li>
<ul>
<li>using Firefox and streaming</li>
<li>using IE8-11 and long-polling</li>
</ul>
<li>Reconnecting a dropped push connection sometimes fails when using
Firefox and streaming.</li>
</ul>

<h3 id="limitations">Limitations</h3>
@@ -241,17 +169,13 @@
href="http://dev.vaadin.com/ticket/11493">#11493</a>)
</li>
<li>HTTP session can not be invalidated while using
push (<a href="http://dev.vaadin.com/ticket/11721">#11721</a>)
push over websockets on Tomcat 7 (<a href="http://dev.vaadin.com/ticket/11721">#11721</a>)
</li>
<li>Cookies are not available while using push (<a
<li>Cookies are not available while using websockets (<a
href="http://dev.vaadin.com/ticket/11808">#11808</a>)
</li>
<li>Not all proxies are compatible with websockets. If
you are using push with an incompatible proxy you might
have to force the transport mode to streaming. Some
proxies have problems with streaming also - you need to
ensure that the proxy does not buffer responses for HTTP
streaming to work.</li>
<li>Not all proxies are compatible with websockets or streaming.
Use long polling to avoid these problems.</li>
</ul>

<h2 id="vaadin">Vaadin Installation</h2>
@@ -278,8 +202,7 @@

<li>If using Eclipse, use the Vaadin Plugin for
Eclipse, which automatically downloads the Vaadin
libraries. To use this prerelease version, the plugin
should be installed from the experimental update site (<tt>http://vaadin.com/eclipse/experimental</tt>).
libraries.
</li>
</ul>

@@ -416,30 +339,7 @@
directory of the web application that uses validation.
</p>

<h2 id="upgrading">Upgrading to Vaadin @version-minor@</h2>

<h3>Upgrading the Eclipse Plugin</h3>

<p>
Vaadin 7 requires that you use a compatible version of the
Vaadin Plugin for Eclipse. The stable version of the plugin
is available from the
<tt>http://vaadin.com/eclipse</tt>
update site. Please see the <a
href="https://vaadin.com/book/vaadin7/-/page/getting-started.eclipse.html#getting-started.eclipse.update">section
about updating the plugin</a> in the Book of Vaadin and the
<a href="http://vaadin.com/eclipse">installation
instructions at the download site</a> for more details.
</p>

<p>
You can also use the <i>experimental</i> Vaadin Plugin for
Eclipse. Its update site is
<tt>http://vaadin.com/eclipse/experimental</tt>
.
</p>

<h3>General Upgrading Instructions</h3>
<h2 id="upgrading">Upgrading from Vaadin 7.1 to Vaadin @version-minor@</h2>

<p>When upgrading from an earlier Vaadin version, you must:
</p>
@@ -449,11 +349,8 @@
version. Binary compatibility is only guaranteed for
maintenance releases of Vaadin.</li>

<li>Recompile any add-ons you have created using the
new Vaadin</li>

<li>Unless using the precompiled widget set, recompile
your widget set using the new Vaadin version</li>
your widget set using the new Vaadin version.</li>
</ul>

<p>Remember also to refresh the project in your IDE to
@@ -492,12 +389,9 @@
the contents of the <tt>vaadin-client-compiled</tt> and <tt>vaadin-themes</tt>
must be extracted to the <tt>ROOT/html/VAADIN</tt> directory
in the Liferay installation. If your portal uses custom
widgets, install the latest version of <a
href="http://vaadin.com/directory#addon/vaadin-control-panel-for-liferay">Vaadin
Control Panel for Liferay</a> for easy widget set
compilation - when it is available - the add-on is not
compatible with Vaadin @version@ at the time of this Vaadin
release. <!-- TODO: Remove note when done --></t>
widgets, you can use <a
href="http://vaadin.com/directory#addon/liferay-control-panel-plugin-for-vaadin:vaadin">
Liferay Control Panel for Vaadin</a> for easy widget set compilation.</t>
</p>

<h2 id="gae">
@@ -623,11 +517,11 @@
</p>

<p>
Vaadin supports the following <b>desktop browsers</b>:
Vaadin @version@ supports the following <b>desktop browsers</b>:
</p>

<ul>
<li>Mozilla Firefox 18-28</li>
<li>Mozilla Firefox 18-29</li>
<li>Mozilla Firefox 17 ESR, 24 ESR</li>
<li>Internet Explorer 8-11</li>
<li>Safari 6-7</li>
@@ -643,6 +537,7 @@
<ul>
<li>iOS 5-7</li>
<li>Android 2.3-4</li>
<li>Windows Phone 8</li>
</ul>

<p>Vaadin SQL Container supports the following databases:</p>
@@ -674,9 +569,10 @@
<li><a href="http://vaadin.com/directory">vaadin.com/directory
- Add-ons for Vaadin</a></li>

<li><a href="http://vaadin.com/pro-account">vaadin.com/pro-account
- Commercial support and tools for Vaadin
development </a></li>
<li><a href="http://vaadin.com/pro-tools">vaadin.com/pro-tools
- Commercial tools for Vaadin development</a></li>
<li><a href="http://vaadin.com/support">vaadin.com/support
- Commercial support for Vaadin development </a></li>
<li><a href="http://vaadin.com/services">vaadin.com/services
- Expert services for Vaadin</a></li>
<li><a href="http://vaadin.com/company">vaadin.com/company

Write Preview
Loading…
Cancel
Save