Vaadin 7 extended maintenance
Vaadin 7.7.17 was the last public open-source version of the Vaadin 7 framework. Vaadin guarantees 5 years of maintenance from the release date of long-term release (LTS) versions. Official support for Vaadin 7 ended in February 2019.
Vaadin Prime subscription customers get access to Vaadin 7 version that extends the support for up until 2029. Vaadin will fix issues in the framework and widgets, ensuring that your applications and end-customers don’t feel any negative impact.
- Vaadin 7 Core framework.
- All Vaadin 7-specific Pro add-ons (for example, Touchkit for Vaadin 7).
- All official Core Add-ons (for example CDI, Spring, ContextMenu, etc.).
- New feature development for Vaadin 7 (Enterprise subscribers only). Enterprise customers can use Expert on Demand (EoD) support hours for this.
- Your internal web framework that powers your critical business web applications is built on Vaadin 7.
- You have a customer-facing web application built on Vaadin 7 and still have binding support agreements with your customers.
- The cost of migrating to a more recent Vaadin version is more than the cost of extended maintenance.
Types of maintenance tasks
The Vaadin support team will perform two types of maintenance tasks:
- Proactive tasks
- Automated integration testing on Vaadin 7-supported browsers.
- 3rd party library monitoring for security alerts etc.
- Security impact monitoring of any new features added to Vaadin 7 (through EoD etc.). The security impact is reviewed through the normal review processes.
- Reactive maintenance tasks
- Responding to bug fix and warranty priorities for Vaadin 7.
- Responding to Expert Chat requests for Vaadin 7-related issues.
- If Vaadin receives a report for a security flaw, Vaadin will fix the issue, and then communicate the incident to all affected customers (through a private mailing list).
- Expert Chat can be used for Vaadin 7-related communication.
Bug Fixes and feature releases since version 7.7.17
Under the extended maintenance service, Vaadin has already released the following versions to our customers:
- Remove buildhelpers module and its dependencies, dead code removal. Module existence can cause issues with Ivy + Ant projects.
- Clear thread local instances on connection lost in push handler
- Clear out ClientCache when UI is detached to prevent a minor memory leak
- Updated license checker version
- Fixed Table/TreeTable styles so that cell border does not grow row height, which breaks things (fixes e.g. issue #12251)
- Updated Jetty version to 9.4.38.v20210224
- Fix: use time-constant comparison for CSRF tokens
- Fix: use time-constant comparison for security tokens
- Made checkAtmosphereSupport() non-static.
- Changed license from Apache 2.0 to CVDLv4.
- Fixed issue when ComboBox does not select or add a new value when typing fast and tabbing out (issue #6671).
- Fixed regression in Grid. Adding columns when there are hidden columns could throw IndexOutOfBounds exception.
- Fixed EmailValidator regexp pattern not to halt on malicious input (issue #7757).
- Use APPLICATION scope for the session lock with Portlets.
- Fixing issue with Push stopping working in some circumstances.
- Fix issue where Chrome refused to select text in Table.
- Fix issue with Grid resizing (issue #11893).
- Fix Push reconnect issue with Websockets (e.g. issue #7190).
- Fix issue with incorrect column selector position with Multiplatform runtime.
- Fixed XSS vulnerability with Grid header captions.
- Added feature to disable touch detection in Table / TreeTable (implemented via DoD hours).
- Fixed ComboBox autocompletion issue with Chrome.
- Fixed Firefox 67+ issue with global variable called "u2f".
- Fixed XSS vulnerability with Panel caption.
- Fixed Grid issue: enabling/disabling multisect multiple times broke sorting.
- Fixed broken keyboard navigation with Firefox 65+ in MenuBar, Slider, DateField, Tree, and Table.
How to access the releases
Maven accessStarting with 7.7.23, the extended maintenance releases are deployed to Maven Central. You will need a license to use the extended support releases - the license file and the instructions on how to use it can be found here: https://vaadin.com/pro/validate-license
List of supported technologiesVaadin 7 is compatible with Java 6 and newer up to Java 8. Java 9 and above are explicitly not supported. Vaadin 7 is especially supported on the following operating systems:
- Mac OS X
- Apache Tomcat 5-8.5
- Apache TomEE 1.7 and 7.0
- Oracle WebLogic Server 10.3-12.2
- IBM WebSphere Application Server 7-9
- JBoss Application Server 4-7
- Wildfly 8-13
- Jetty 5-9
- Glassfish 2-4
- Liferay Portal 5.2-6.2
- GateIn Portal 3
- eXo Platform 3
- IBM WebSphere Portal 8
- Mozilla Firefox: latest
- Mozilla Firefox ESR: latest 3 ESR releases
- Internet Explorer 11: latest
- EdgeHTML: latest
- Chromium Edge: latest
- Safari on Mac: latest
- Google Chrome: latest
- iOS: latest 3 iOS releases
- Android: latest 3 Android releases with Chrome
- Vaadin SQL Container supports the following databases: