IT Mill Toolkit 5.4.1 is available

IT Mill Toolkit 5.4.1 contains critical security fixes and you are recommended to upgrade immediately

IT Mill Toolkit 5.4.1 fixes several security issues discovered by Wouter Coekaerts ( and an internal review. Immediate upgrade to a version containing the fixes is strongly recommended for all users. The issues are:

#7670 Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN() (critical)

#7669 CSRF/XSS vulnerability through separator injection (important)

#7671 Contributory XSS: Possibility to inject HTML/javascript in system error messages (important)

#7672 Contributory XSS: possibility for injection in certain components (moderate)

If you are using a version of Vaadin 6, please update to Vaadin 6.6.7, which also incorporates these fixes.

You can download IT Mill Toolkit 5.4.1 from
the downloads page