1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Vaadin Framework @version@</title>
<link rel="stylesheet" type="text/css" href="css/styles.css" />
<!--[if lte IE 6]>
<link rel="stylesheet" type="text/css" href="css/ie.css" />
<![endif]-->
<style type="text/css">
.nested-list ol {
counter-reset: item
}
.nested-list li {
display: block
}
.nested-list li:before {
content: counters(item, ".") ". ";
counter-increment: item
}
</style>
</head>
<body>
<div id="header">
<h1>Vaadin – thinking of U and I</h1>
<div id="version">
<strong>Version @version@</strong>
</div>
</div>
<!-- /header -->
<div id="content">
<p>Version @version@ built on @builddate@.</p>
<h2 id="tableofcontents">Release Notes for Vaadin Framework
@version@</h2>
<ul>
<li><a href="#overview">Overview of Vaadin
@version@ Release</a></li>
<li><a href="#security-fixes">Security fixes</a></li>
<li><a href="#changelog">Change log for Vaadin
@version@</a></li>
<li><a href="#enhancements">Enhancements in Vaadin
@version-minor@</a></li>
<li><a href="#limitations">Limitations in
@version-minor@</a></li>
<li><a href="#vaadin">Vaadin Installation</a></li>
<li><a href="#package">Package Contents</a></li>
<li><a href="#migrating">Migrating from Vaadin 6 to
Vaadin 7</a></li>
<li><a href="#dependencies">Vaadin @version@
dependencies</a></li>
<li><a href="#upgrading">Upgrading to Vaadin
@version-minor@</a></li>
<li><a href="#supportedversions">Supported
technologies</a></li>
<li><a href="#vaadinontheweb">Vaadin on the Web</a></li>
</ul>
<h2 id="overview">Overview of Vaadin @version@ Release</h2>
<p>
Vaadin @version@ is a maintenance release that includes a
number of important bug fixes, as listed in the <a
href="#changelog">change log</a> below.
</p>
<p>
For a list of enhancements in the last feature release, see
<a href="#enhancements">Enhancements in Vaadin
@version-minor@</a> and the <a
href="http://vaadin.com/download/release/@version-minor@/@version-minor@.0/release-notes.html">Release
Notes for Vaadin @version-minor@.0</a>.
</p>
<!-- ================================================================ -->
<h3 id="security-fixes">Security fixes in Vaadin Framework 7.1.11</h3>
<p>
Vaadin 7.1.11 fixes two security issues discovered during internal review.
</p>
<p><b>Escaping of OptionGroup item icon URLs</b></p>
<p>
The issue affects OptionGroup with item icons. Proper escaping of the
src-attribute on the client side was not ensured when using icons for
OptionGroup items. This could potentially, in certain situations, allow
a malicious user to inject content, such as javascript, in order to
perform a cross-site scripting (XSS) attack.
</p>
<p>
In order for an application to be vulnerable, user provided input must
be used to form a URL used to display an icon for an OptionGroup item,
when showing that Option Group to other users.<br/>
The vulnerability has been classified as moderate, due to it's limited
application.
</p>
<p><b>Escaping of URLs in Util.getAbsoluteUrl()</b></p>
<p>
The client side Util.getAbsoluteUrl() did not ensure proper escaping
of the given URL. This could potentially, in certain situations, allow
a malicious user to inject content, such as javascript, in order to
perform a cross-site scripting (XSS) attack.
</p>
<p>
The method is used internally by the framework in such a manner that it
is unlikely this attack vector can be utilized in practice. However,
third party components, or future use of the method, could make an
attack viable.<br/>
The vulnerability has been classified as moderate, due to it's limited
application.
</p>
<h3 id="changelog">Change log for Vaadin @version@</h3>
<p>This release includes the following closed issues:</p>
<ul>@release-notes-tickets@
</ul>
<p>
You can also view the <a
href="http://dev.vaadin.com/query?status=closed&resolution=fixed&milestone=Vaadin+@version@&order=id">list
of the closed issues</a> at the Vaadin developer's site. .
</p>
<h2 id="enhancements">Enhancements in Vaadin
@version-minor@</h2>
<p>The @version-minor@ includes many major and minor
enhancements. Below is a list of the most notable changes:</p>
<ul>
<li>Valo theme – <a href="#valo">see the separate section</a>
about the features of the new theme and how to use it</li>
</ul>
<!-- <p>Tools have been updated for Vaadin @version-minor@ with
the following changes:</p>
<ul>
<li>-</li>
</ul>-->
<p>
For enchancements introduced in Vaadin 7, see the <a
href="http://vaadin.com/download/release/7.0/7.0.0/release-notes.html">Release
Notes for Vaadin 7.0.0</a>.
</p>
<h2 id="valo">Valo theme</h2>
<p>Valo is a brand new built-in theme for Vaadin. It leverages
the <a href="http://www.sass-lang.com">Sass CSS preprocessor</a> heavily,
providing a variety of ways to customize the look and feel of your theme.
Read the introductory blog post describing the features for the
<a href="https://vaadin.com/blog/-/blogs/7-series">Vaadin 7.x series</a>.</p>
<h4>Using Valo</h4>
<p>The Java-based Sass compiler bundled with this Vaadin release
does not support all the features that Valo requires at the moment.
The compiler in the release version of Vaadin 7.3 will support Valo,
but for this alpha release, you need to use the original Ruby-based
compiler (or any other Sass 3.2 compatible Sass compiler). See
instructions below.</p>
<ul>
<li>Install the command-line version of the Sass compiler by following
the instructions in <a href="http://sass-lang.com/install">http://sass-lang.com/install</a></li>
<li>Unpack the <code>VAADIN/themes/valo</code> folder from
<code>vaadin-themes-7.3.0.alpha1.jar</code> and place it under your
project's <code>VAADIN/themes</code> folder</li>
<li>In your project's custom theme, import Valo and do any modifications
you wish using the Sass API in Valo (i.e., variables, mixins, and functions),
and then include the main valo mixin<br>
<br>Example (in <code>my-theme-name.scss</code>):<br>
<pre>// Any variables you wish to override should be done before importing Valo
// Modify the base color of the theme
$v-app-background-color: hsl(200, 50%, 50%);
@import "../valo/valo";
.my-theme-name {
@include valo;
}
</pre>
</li>
<li>From the command-line, navigate to your project's
<code>VAADIN/themes/my-theme-name</code> folder and use the following command
to compile the theme:<br><br>
<code>$ sass styles.scss styles.css</code></li>
</ul>
<h3 id="limitations">Limitations</h3>
<ul>
<li><p>It is currently not possible to specify <tt>font-size</tt>
as <tt>em</tt> or <tt>%</tt>, or layout component sizes
with <tt>em</tt> (<a
href="http://dev.vaadin.com/ticket/10634">#10634</a>).</p><p>This
does not apply to Valo, but using em sizes to size layouts is discouraged,
because it results in fractional component sizes in many cases, which
might cause unwanted 1px gaps between components.</p>
</li>
<li>Push is currently not supported in portals (See <a
href="http://dev.vaadin.com/ticket/11493">#11493</a>)
</li>
<li>HTTP session can not be invalidated while using
push (<a href="http://dev.vaadin.com/ticket/11721">#11721</a>)
</li>
<li>Cookies are not available while using push (<a
href="http://dev.vaadin.com/ticket/11808">#11808</a>)
</li>
<li>Not all proxies are compatible with websockets. If
you are using push with an incompatible proxy you might
have to force the transport mode to streaming. Some
proxies have problems with streaming also - you need to
ensure that the proxy does not buffer responses for HTTP
streaming to work.</li>
</ul>
<h2 id="vaadin">Vaadin Installation</h2>
<p>
<b>Vaadin</b> is a Java framework for building modern web
applications that look great, perform well and make you and
your users happy. <b>Vaadin</b> is available under the
Apache License, Version 2.0 (see the
<tt>license.html</tt>
in the Vaadin ZIP or JAR package).
</p>
<p>
The easiest ways to install <b>Vaadin</b> are:
</p>
<ul>
<li>If using Maven, define it as a dependency or use
any of the available archetypes (only <tt>vaadin-application</tt>
is available for Vaadin 7 at the time of this release)
to create a new project
</li>
<li>If using Eclipse, use the Vaadin Plugin for
Eclipse, which automatically downloads the Vaadin
libraries. To use this prerelease version, the plugin
should be installed from the experimental update site (<tt>http://vaadin.com/eclipse/experimental</tt>).
</li>
</ul>
<p>
It is also available as a ZIP package downloadable from <a
href="http://vaadin.com/download">Vaadin Download
page</a>.
</p>
<h3 id="package">Package Contents</h3>
<p>Inside the ZIP installation package you will find:</p>
<ul>
<li>Separate server-side (<tt>vaadin-server</tt>) and
client-side (<tt>vaadin-client</tt>, <tt>vaadin-client-compiler</tt>)
development libraries
</li>
<li>Precompiled widget set (<tt>vaadin-client-compiled</tt>)
for server-side development
</li>
<li>Shared library (<tt>vaadin-shared</tt>) for both
server- and client-side libraries
</li>
<li>Built-in themes (<tt>vaadin-themes</tt>)
</li>
<li>Dependency libraries provided under the <tt>lib/</tt>
folder
</li>
</ul>
<p>
See the
<tt>README.TXT</tt>
in the installation package for detailed information about
the package contents. <a href="http://vaadin.com/book">Book
of Vaadin</a> (for Vaadin 7) gives more detailed
instructions.
</p>
<p>
For server-side development, copy the
<tt>vaadin-server</tt>
,
<tt>vaadin-client-compiled</tt>
,
<tt>vaadin-shared</tt>
, and
<tt>vaadin-themes</tt>
from the main folder and the dependencies from the
<tt>lib</tt>
folder to the
<tt>WEB-INF/lib</tt>
folder of your Vaadin project. (The
<tt>vaadin-client-compiled</tt>
is necessary if you do not wish to compile the widget set by
your own, which you need to do if you use almost any add-on
components.)
</p>
<h4 id="package.updates">Updates to the Packaging</h4>
<p>
Since Vaadin 7.2.0, the old vaadin-theme-compiler has been moved into
a separate project and renamed to vaadin-sass-compiler. It is now included
along with the other 3rd party dependencies in the ZIP package.
</p>
<p>
For pure client-side development, you only need the
<tt>vaadin-client</tt>
and
<tt>vaadin-client-compiler</tt>
JARs, which should be put to a non-deployed project library
folder, such as
<tt>lib</tt>
. You also need them if you compile the widget set for any
reason, such as using Vaadin add-ons, or create new
server-side components integrated with client-side widgets.
</p>
<h2 id="migrating">Migrating from Vaadin 6</h2>
<p>
All Vaadin 6 applications need some changes when migrating
to Vaadin 7. The most obvious changes are in the
application/window API and require extending either <b>UI</b>
or <b>UI.LegacyApplication</b> instead of <b>Application</b>.
A detailed list of migration changes are given in the <a
href="https://vaadin.com/wiki/-/wiki/Main/Migrating+from+Vaadin+6+to+Vaadin+7">Vaadin
7 Migration Guide</a>.
</p>
<p>Any custom client-side widgets need to be ported to use
the new client-server communication API, or the Vaadin 6
compatibility API.</p>
<p>
Vaadin 6 add-ons (ones that contain widgets) do not work in
Vaadin 7 - please check the add-ons in <a
href="http://vaadin.com/directory/">Vaadin Directory</a>
for Vaadin 7 support.
</p>
<h2 id="dependencies">Vaadin @version@ Dependencies</h2>
<p>When using Maven, Ivy, Gradle, or other dependency
management system, all Vaadin dependencies are downloaded
automatically. This is also the case when using the Vaadin
Plugin for Eclipse.</p>
<p>
The Vaadin ZIP installation package includes the
dependencies in the
<tt>lib</tt>
subfolder. These need to be copied to the
<tt>WEB-INF/lib</tt>
folder of the web application that uses Vaadin.
</p>
<p>
The dependencies are listed in the <a href="license.html">Licensing
description</a>. Some are explicit dependencies packaged and
distributed as separate JARs, while some are included inside
other libraries.
</p>
<h3>Bean Validation</h3>
<p>
If you use the bean validation feature in Vaadin 7, you need
a Bean Validation API implementation. You need to install
the implementation JAR in the
<tt>WEB-INF/lib</tt>
directory of the web application that uses validation.
</p>
<h2 id="upgrading">Upgrading to Vaadin @version-minor@</h2>
<h3>Upgrading the Eclipse Plugin</h3>
<p>
Vaadin 7 requires that you use a compatible version of the
Vaadin Plugin for Eclipse. The stable version of the plugin
is available from the
<tt>http://vaadin.com/eclipse</tt>
update site. Please see the <a
href="https://vaadin.com/book/vaadin7/-/page/getting-started.eclipse.html#getting-started.eclipse.update">section
about updating the plugin</a> in the Book of Vaadin and the
<a href="http://vaadin.com/eclipse">installation
instructions at the download site</a> for more details.
</p>
<p>
You can also use the <i>experimental</i> Vaadin Plugin for
Eclipse. Its update site is
<tt>http://vaadin.com/eclipse/experimental</tt>
.
</p>
<h3>General Upgrading Instructions</h3>
<p>When upgrading from an earlier Vaadin version, you must:
</p>
<ul>
<li>Recompile your classes using the new Vaadin
version. Binary compatibility is only guaranteed for
maintenance releases of Vaadin.</li>
<li>Recompile any add-ons you have created using the
new Vaadin</li>
<li>Unless using the precompiled widget set, recompile
your widget set using the new Vaadin version</li>
</ul>
<p>Remember also to refresh the project in your IDE to
ensure that the new version of everything is in use.</p>
<p>
By using the "
<tt>?debug</tt>
" URL parameter, you can verify that the version of the
servlet, the theme, and the widget set all match.
</p>
<p>
<b>Eclipse</b> users should always check if there is a new
version of the Eclipse Plug-in available. The Eclipse
Plug-in can be used to update the Vaadin version in the
project (Project properties » Vaadin).
</p>
<p>
<b>Maven</b> users should update the Vaadin dependency
version in the
<tt>pom.xml</tt>
unless it is defined as
<tt>LATEST</tt>
. You must also ensure that the GWT dependency uses the
correct version and recompile your project and your widget
set.
</p>
<p>
<b>Liferay and other portal</b> users must install the
Vaadin libraries in
<t>ROOT/WEB-INF/lib/</b> in the portal (and remove a
possibly obsolete older <tt>vaadin.jar</tt>). Additionally,
the contents of the <tt>vaadin-client-compiled</tt> and <tt>vaadin-themes</tt>
must be extracted to the <tt>ROOT/html/VAADIN</tt> directory
in the Liferay installation. If your portal uses custom
widgets, install the latest version of <a
href="http://vaadin.com/directory#addon/vaadin-control-panel-for-liferay">Vaadin
Control Panel for Liferay</a> for easy widget set
compilation - when it is available - the add-on is not
compatible with Vaadin @version@ at the time of this Vaadin
release. <!-- TODO: Remove note when done --></t>
</p>
<h2 id="gae">
Notes and Limitations for Google App Engine
</h4>
</h2>
<p>The following instructions and limitations apply when you
run a Vaadin application under the Google App Engine.</p>
<ul>
<li>
<p>
Applications must use <b>GAEVaadinServlet</b>
instead of <b>VaadinServlet</b> in
<tt>web.xml</tt>
.
</p>
</li>
<li>
<p>
Session support must be enabled in
<tt>appengine-web.xml</tt>
:
</p> <pre> <sessions-enabled>true</sessions-enabled></pre>
</li>
<li>
<p>Avoid using the session for storage, usual App
Engine limitations apply (no synchronization, that
is, unreliable).</p>
</li>
<li>
<p>
Vaadin uses memcache for mutex, the key is of the
form
<tt>_vmutex<sessionid></tt>
.
</p>
</li>
<li>
<p>
The Vaadin <b>VaadinSession</b> class is serialized
separately into memcache and datastore; the memcache
key is
<tt>_vac<sessionid></tt>
and the datastore entity kind is
<tt>_vac</tt>
with identifiers of the type
<tt>_vac<sessionid></tt>
.
</p>
</li>
<li>
<p>
DO NOT update application state when serving an <b>ConnectorResource</b>
(such as <b>ClassResource</b>.<i>getStream()</i>).
</p>
</li>
<li>
<p>The application remains locked during uploads - a
progress bar is not possible</p>
</li>
</ul>
<p>
For other known problems, see open tickets at developer site
<a href="http://dev.vaadin.com/">dev.vaadin.com</a>.
</p>
<h2 id="supportedversions">Supported Technologies</h2>
<p>
Vaadin 7 is compatible with <b>Java 6</b> and newer. Vaadin
7 is especially supported on the following <b>operating
systems</b>:
</p>
<ul>
<li>Windows</li>
<li>Linux</li>
<li>Mac OS X</li>
</ul>
<p>
Vaadin 7 requires <b>Java Servlet API 2.4</b> but also
supports later versions and should work with any Java
application server that conforms to the standard. The
following <b>application servers</b> are supported:
</p>
<ul>
<li>Apache Tomcat 5-8</li>
<li>Apache TomEE 1</li>
<li>Oracle WebLogic Server 10.3-12</li>
<li>IBM WebSphere Application Server 7-8</li>
<li>JBoss Application Server 4-7</li>
<li>Wildfly 8</li>
<li>Jetty 5-9</li>
<li>Glassfish 2-4</li>
</ul>
<p>
Vaadin 7 supports the JSR-286 Portlet specification and all
portals that implement the specification should work. The
following <b>portals</b> are supported:
</p>
<ul>
<li>Liferay Portal 5.2-6</li>
<li>GateIn Portal 3</li>
<li>eXo Platform 3</li>
</ul>
<p>
Vaadin also supports <b>Google App Engine</b>.
</p>
<p>
Vaadin supports the following <b>desktop browsers</b>:
</p>
<ul>
<li>Mozilla Firefox 18-24</li>
<li>Mozilla Firefox 17 ESR</li>
<li>Internet Explorer 8-10</li>
<li>Safari 6</li>
<li>Opera 12,16</li>
<li>Google Chrome 23-29</li>
</ul>
<p>
Additionally, Vaadin supports the built-in browsers in the
following <b>mobile operating systems</b>:
</p>
<ul>
<li>iOS 5-7</li>
<li>Android 2.3-4</li>
</ul>
<p>Vaadin SQL Container supports the following databases:</p>
<ul>
<li>HSQLDB</li>
<li>MySQL</li>
<li>MSSQL</li>
<li>Oracle</li>
<li>PostgreSQL</li>
</ul>
<h2 id="vaadinontheweb">Vaadin on the Web</h2>
<ul>
<li><a href="http://vaadin.com">vaadin.com - The
developer portal containing everything you need to
know about Vaadin</a></li>
<li><a href="http://vaadin.com/demo">vaadin.com/demo
- A collection of demos for Vaadin</a></li>
<li><a href="http://vaadin.com/learn">vaadin.com/learn
- Getting started with Vaadin</a></li>
<li><a href="http://vaadin.com/forum">vaadin.com/forum
- Forums for Vaadin related discussions</a></li>
<li><a href="http://vaadin.com/book">vaadin.com/book
- Book of Vaadin - everything you need to know about
Vaadin</a></li>
<li><a href="http://vaadin.com/api">vaadin.com/api
- Online javadocs</a></li>
<li><a href="http://vaadin.com/directory">vaadin.com/directory
- Add-ons for Vaadin</a></li>
<li><a href="http://vaadin.com/pro-account">vaadin.com/pro-account
- Commercial support and tools for Vaadin
development </a></li>
<li><a href="http://vaadin.com/services">vaadin.com/services
- Expert services for Vaadin</a></li>
<li><a href="http://vaadin.com/company">vaadin.com/company
- Information about the company behind Vaadin</a></li>
<li><a href="http://dev.vaadin.com">dev.vaadin.com
- Bug tracker</a></li>
<li><a
href="http://dev.vaadin.com/wiki/Vaadin/Development/StartingVaadin7Development">How
to get the source code of Vaadin</a></li>
</ul>
</div>
<!-- /content-->
<div id="footer">
<span class="slogan"><strong>vaadin <em>}></em>
</strong> thinking of U and I<span> <a href="#top">↑ Back
to top</a>
</div>
<!-- /footer -->
</body>
</html>
<!-- Keep this comment at the end of the file
Local variables:
mode: xml
sgml-omittag:nil
sgml-shorttag:nil
sgml-namecase-general:nil
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-exposed-tags:nil
sgml-local-catalogs:("/etc/sgml/catalog" "/usr/share/xemacs21/xemacs-packages/etc/psgml-dtds/CATALOG")
sgml-local-ecat-files:("ECAT" "~/sgml/ECAT" "/usr/share/sgml/ECAT" "/usr/local/share/sgml/ECAT" "/usr/local/lib/sgml/ECAT")
End:
-->
|