Vaadin 7.7.17 was the last public open-source version of the Vaadin 7 framework. Vaadin guarantees 5 years of maintenance from the release date of long-term release (LTS) versions. Official support for Vaadin 7 ended in February 2019.
Vaadin Prime subscription customers get access to Vaadin 7 version that extends the support for up until 2029. Vaadin will fix issues in the framework and widgets, ensuring that your applications and end-customers don’t feel any negative impact.
- Vaadin 7 Core framework.
- All Vaadin 7-specific Pro add-ons (for example, Touchkit for Vaadin 7).
- All official Core Add-ons (for example CDI, Spring, ContextMenu, etc.).
- New feature development for Vaadin 7 (Enterprise subscribers only). Enterprise customers can use Expert on Demand (EoD) support hours for this.
- Your internal web framework that powers your critical business web applications is built on Vaadin 7.
- You have a customer-facing web application built on Vaadin 7 and still have binding support agreements with your customers.
- The cost of migrating to a more recent Vaadin version is more than the cost of extended maintenance.
Types of maintenance tasks
The Vaadin support team will perform two types of maintenance tasks:
- Proactive tasks
- Automated integration testing on Vaadin 7-supported browsers.
- 3rd party library monitoring for security alerts etc.
- Security impact monitoring of any new features added to Vaadin 7 (through EoD etc.). The security impact is reviewed through the normal review processes.
- Reactive maintenance tasks
- Responding to bug fix and warranty priorities for Vaadin 7.
- Responding to Expert Chat requests for Vaadin 7-related issues.
- If Vaadin receives a report for a security flaw, Vaadin will fix the issue, and then communicate the incident to all affected customers (through a private mailing list).
- Expert Chat can be used for Vaadin 7-related communication.
Bug Fixes and feature releases in the Framework since version 7.7.17
Under the extended maintenance service, Vaadin has already released the following versions to our customers:
- fix: Update Vaadin7 to use atmosphere-runtime 2.2.13.vaadin2. Fixes issues with thread leakage and UUIDBroadcasterCache concurrency
- Add MPR UI id request parameter, which is needed in new version of MPR
- fix: set Vaadin session attribute using lock in reinitializeSession
- Update to Jsoup 1.14.2
- fix: Prevent possible deadlock in findOrCreateVaadinSession.
- Remove buildhelpers module and its dependencies, dead code removal. Module existence can cause issues with Ivy + Ant projects.
- Clear thread local instances on connection lost in push handler. Fixes minor memory leak.
- Clear out ClientCache when UI is detached to prevent a minor memory leak
- Updated license checker version to give more intuitive error message.
- Fixed Table/TreeTable styles so that cell border does not grow row height, which breaks things (fixes e.g. issue #12251)
- Updated Jetty version to 9.4.38.v20210224 to avoid false positive vulnerability alert in dependency check of BOM.
- Fix: use time-constant comparison for CSRF tokens (CVE-2021-31403)
- Fix: use time-constant comparison for security tokens (CVE-2021-31403)
- Made checkAtmosphereSupport() non-static. This was needed to enable bug fix in Multiplatform Runtime Product.
- Changed license from Apache 2.0 to CVDLv4.
- Fixed issue when ComboBox does not select or add a new value when typing fast and tabbing out (issue #6671).
- Fixed regression in Grid. Adding columns when there are hidden columns could throw IndexOutOfBounds exception.
- Fixed EmailValidator regexp pattern not to halt on malicious input (issue #7757). (CVE-2020-36320)
- Use APPLICATION scope for the session lock with Portlets. This fixes deadlock issue when multiple portlets on the same page.
- Fixing issue with Push stopping working in some circumstances.
- Fix issue where Chrome refused to select text in Table.
- Fix issue with Grid resizing (issue #11893).
- Fix Push reconnect issue with Websockets (e.g. issue #7190).
- Fix issue with incorrect column selector position with Multiplatform runtime.
- Fixed XSS vulnerability with Grid header captions.
- Added feature to disable touch detection in Table / TreeTable (implemented via DoD hours).
- Fixed ComboBox autocompletion issue with Chrome.
- Fixed Firefox 67+ issue with global variable called "u2f".
- Fixed XSS vulnerability with Panel caption.
- Fixed Grid issue: enabling/disabling multisect multiple times broke sorting.
- Fixed broken keyboard navigation with Firefox 65+ in MenuBar, Slider, DateField, Tree, and Table.
Bug Fixes and feature releases in the Pro products
- Fix to work with Jsoup 1.14.2.
- Fixes NPE and another potential exception that can happen in production mode.
- Use service worker, local storage aka PWA when using newer Firefox / Android versions.
- Added support for service worker, local storage aka PWA when using newer Chrome / Android versions. Newest Chrome / Android removed support for AppCache, which rendered TouchKit unfunctional.
- Fix path issue when deployed to Windows servers.
How to access the releases
Starting with 7.7.23, the extended maintenance releases are deployed to Maven Central. You will need a license to use the extended support releases - the license file and the instructions on how to use it can be found here: https://vaadin.com/pro/validate-license
List of supported technologies
Vaadin 7 is compatible with Java 6 and newer up to Java 8. Java 9 and above are explicitly not supported. Vaadin 7 is especially supported on the following operating systems:
- Mac OS X
Vaadin Framework 7 requires Java Servlet API 3.0 but also supports later versions and should work with any Java application server that conforms to the standard. The following application servers are supported:
- Apache Tomcat 5-8.5
- Apache TomEE 1.7 and 7.0
- Oracle WebLogic Server 10.3-12.2
- IBM WebSphere Application Server 7-9
- JBoss Application Server 4-7
- Wildfly 8-13
- Jetty 5-9
- Glassfish 2-4
Vaadin 7 supports the JSR-286 Portlet specification and all portals that implement the specification should work. The following portals are supported:
- Liferay Portal 5.2-6.2
- GateIn Portal 3
- eXo Platform 3
- IBM WebSphere Portal 8
Vaadin Framework 7 supports the following desktop browsers:
- Mozilla Firefox: latest
- Mozilla Firefox ESR: latest 3 ESR releases
- Internet Explorer 11: latest
- EdgeHTML: latest
- Chromium Edge: latest
- Safari on Mac: latest
- Google Chrome: latest
Additionally, Vaadin supports the built-in browsers in the following mobile operating systems:
- iOS: latest 3 iOS releases
- Android: latest 3 Android releases with Chrome
- Vaadin SQL Container supports the following databases: