Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Vaadin 6.7.0.rc1 is available
Vaadin 6.7.0 fixes several security issues discovered by Wouter Coekaerts (http://wouter.coekaerts.be/) and an internal review. Immediate upgrade to a version containing the fixes is strongly recommended for all users. The issues are:
#7670 Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN() (critical)
#7669 CSRF/XSS vulnerability through separator injection (important)
#7672 Contributory XSS: possibility for injection in certain components (moderate)
If you are currently on the 6.6 branch, please update to 6.6.7, which incorporates the security fixes listed above.
Vaadin 6.7.0.rc1 is the first Release Candidate for the next minor release of Vaadin framework.
This release contains several new features and enhancements. For a detailed list, see the list of closed issues in Vaadin Trac for a detailed change log. For other release information, see the Release Notes.
Get the installation package from the download site at http://vaadin.com/download. If you are using the Vaadin Plugin for Eclipse, upgrade the Vaadin version from the project preferences. If using Maven, the repositories will replicate in a few hours.
As always, when upgrading from an earlier version, you should recompile any custom widget sets and refresh your project in Eclipse. See the General Upgrade Notes for more details on upgrading.