IT Mill Toolkit 5.4.1 contains critical security fixes and you are recommended to upgrade immediately
IT Mill Toolkit 5.4.1 fixes several security issues discovered by Wouter Coekaerts (http://wouter.coekaerts.be/) and an internal review. Immediate upgrade to a version containing the fixes is strongly recommended for all users. The issues are:
#7670 Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN() (critical)
#7669 CSRF/XSS vulnerability through separator injection (important)
#7671 Contributory XSS: Possibility to inject HTML/javascript in system error messages (important)
#7672 Contributory XSS: possibility for injection in certain components (moderate)
If you are using a version of Vaadin 6, please update to Vaadin 6.6.7, which also incorporates these fixes.
You can download IT Mill Toolkit 5.4.1 from
the downloads page
.