Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Vulnerability with Push Requests with Atmosphere
Hello all,
our application is configured to work with push. The requests to the app server look like the following
https://skip.dot.com/app/PUSH?skip=stuff&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.2.13.vaadin3-jquery&X-Atmosphere-Transport=long-polling&X-Atmosphere-TrackMessageSize=true&Content-Type=application%2Fjson%3B%20charset%3DUTF-8&X-atmo-protocol=true&_=123456789
The X-Atmosphere-Framework parameter reveals a concrete implementation (version 2.2.13.vaadin3-jquery) which has been pointed out in a security audit as something one should avoid (or remove, in our case). (By the way, Vaadin has others, e.g. https://skip.dot.com/app/VAADIN/vaadinPush.js?v=7.6.4)
My question is whether it's possible to configure the application to use another framework. Or if there's an entry point we could implement to avoid passing around of version numbers? Has Vaadin been updated to use a newerversion of Atmosphere, as 2.2 has already reached "end-of-life" (https://github.com/Atmosphere/atmosphere).
Any hints are welcome.
Thanks in advance!
Cheers
Tupi