Vaadin 6.6.5 available

Vaadin 6.6.5 is a maintenance release for the 6.6 branch of Vaadin Framework.

This release contains a new feature designed to help you increase the security of your Vaadin applications. One general security threat against web applications is known as
session fixation
. The attack relies on the attacker discovering or manipulating the value of the cookie containing the session id of a trusted user and thereby getting access to the application as if logged in as that user. The most reliable general countermeasure to this threat is to change the value of the session id when the user logs in or is about to perform any “important” task. As of version 6.6.5, WebApplicationContext contains a method named reinitializeSession that can be used to change the session id used by the user’s web browser.

See the
list of closed issues
in Vaadin Trac for a detailed change log. For other release information, see the
Release Notes
. The demos are deployed at
http://demo.vaadin.com/
.

Get the installation package from the download site at
http://vaadin.com/download
. If you are using the Vaadin Plugin for Eclipse, upgrade the Vaadin version from the project preferences. If using Maven, the repositories will replicate in a few hours. The offline
Vaadin Plug-in for Eclipse
has also been updated to the new 6.6.5 and will shortly be available for download.

As always, when upgrading from an earlier version, you should recompile any custom widget sets and refresh your project in Eclipse. See the
General Upgrade Notes
for more details on upgrading.