adin-theme-compiler.7.1.15.source-code.release-notes.html Maven / Gradle / Ivy
Vaadin Framework 7.1.15
Vaadin – thinking of U and I
Version 7.1.15
Version 7.1.15 built on 2014-04-30.
Release Notes for Vaadin Framework
7.1.15
- Overview of Vaadin
7.1.15 Release
- Security fixes
- Change log for Vaadin
7.1.15
- Enhancements in Vaadin
7.1
- Limitations in
7.1
- Vaadin Installation
- Package Contents
- Migrating from Vaadin 6 to
Vaadin 7
- Vaadin 7.1.15
dependencies
- Upgrading to Vaadin
7.1
- Supported
technologies
- Vaadin on the Web
Overview of Vaadin 7.1.15 Release
Vaadin 7.1.15 is a maintenance release that includes a
number of important bug fixes, as listed in the change log below.
For a list of enhancements in the last feature release, see
Enhancements in Vaadin
7.1 and the Release
Notes for Vaadin 7.1.0.
Security fixes in Vaadin Framework 7.1.11
Vaadin 7.1.11 fixes two security issues discovered during internal review.
Escaping of OptionGroup item icon URLs
The issue affects OptionGroup with item icons. Proper escaping of the
src-attribute on the client side was not ensured when using icons for
OptionGroup items. This could potentially, in certain situations, allow
a malicious user to inject content, such as javascript, in order to
perform a cross-site scripting (XSS) attack.
In order for an application to be vulnerable, user provided input must
be used to form a URL used to display an icon for an OptionGroup item,
when showing that Option Group to other users.
The vulnerability has been classified as moderate, due to it's limited
application.
Escaping of URLs in Util.getAbsoluteUrl()
The client side Util.getAbsoluteUrl() did not ensure proper escaping
of the given URL. This could potentially, in certain situations, allow
a malicious user to inject content, such as javascript, in order to
perform a cross-site scripting (XSS) attack.
The method is used internally by the framework in such a manner that it
is unlikely this attack vector can be utilized in practice. However,
third party components, or future use of the method, could make an
attack viable.
The vulnerability has been classified as moderate, due to it's limited
application.
Change log for Vaadin 7.1.15
This release includes the following closed issues:
- #8978: Table.sort(…) does not update the sort indicator
- #11366: Vaadin 7 Accordion - Problem - 1
- #12424: Enter as shortcut prevents textarea newline enter
- #12989: Treetable column lines missing in IE8
- #13188: Modal Window is not always closed properly
- #13386: Changing the visibility of Components in a GridLayout that is inside a Panel causes scroll position to unexpectedly jump upwards
- #13413: Clearing combobox selection after selecting in newItemsAllowed-mode
- #13423: Accordion is not correctly updated when adding or removing tabs
- #13438: Possible TransactionalPropertyWrapper memory leak
- #13488: Combobox popup is broken when scrolling with pagelength 0 (paging disabled)
- #13503: PopupViewConnector's onConnectorHierarchyChange using wrong child list
- #13571: session.getBrowser() not updated when UnsupportedBrowserHandler is run
- #13574: Caching does not work correctly for loading ressources on clientside and serverside
- #13592: Table width recalculated using undefined column width instead of defined widths when removing all items then add 1 item
- #13635: ComboBox dropdown list breaks on window refocus if itemset changed on focus
You can also view the list
of the closed issues at the Vaadin developer's site. .
Enhancements in Vaadin
7.1
The 7.1 includes many major and minor
enhancements. Below is a list of the most notable changes:
- Server push (Use the @Push annotation to
enable push for a UI)
- Server polling using UI.setPollInterval()
- Enhanced debug window
- Internet Explorer 10 support
- Sass compiler improvements: arithmetics, @content
- Dynamic CSS injection
- Support for SCSS/CSS files in all add-ons (Use Vaadin-Stylesheet
in the manifest)
- Calendar is included in the core framework
- ProgressBar provides progress indication
without polling (separated from ProgressIndicator)
- Tooltip and loading indicator delays configurable
on server side
- The range of a DateField can be limited
- Window has maximize/restore controls
- UI and VaadinSession provide access()
to access the UI and session while holding the needed
lock
- A new @VaadinServletConfiguration annotation
for configuring servlet parameters
- WAI-ARIA support for form fields, Button,
and Tree
- The behavior of Property.toString() can be
toggled using the legacyPropertyToString init
parameter
- Default alignment can be set for layout components
- FieldGroup supports SQL date fields and date
field creation
- Converter.convertToModel/convertFromModel
now gets an additional parameter describing the target
type
- The browser page can be reloaded programmatically
using Page.reload()
- The VaadinServlet/VaadinPortlet and VaadinService
classes have been refactored
- Several locking related fixes
- Client compiler dependencies are packaged as a
separate jar
- DefaultWidgetSet is even more optimized (using
compiler parameter -XenableClosureCompiler)
- Java assert statements have been added to
critical code sections. Start JVM with -ea to
use.
- StateChangeEvent.isInitialState()
indicates if event is the first for a connector
- ClientConnector.isAttached()
indicates if connector is attached
- Container.Filterable now contains a getContainerFilters()
method
- TableQuery now supports schemas and catalogs
Tools have been updated for Vaadin 7.1 with
the following changes:
- Maven
- Theme compilation support using vaadin:update-theme
and vaadin:compile-theme
- Eclipse
- Theme compilation support using the
provided button
- New projects are by default generated using
Servlet 3.0 API
- Additional GWT compiler parameters can be
specified
For enchancements introduced in Vaadin 7, see the Release
Notes for Vaadin 7.0.0.
Limitations
- It is currently not possible to specify font-size
as em or %, or layout component sizes
with em (#10634)
- Push is currently not supported in portals (See #11493)
- HTTP session can not be invalidated while using
push (#11721)
- Cookies are not available while using push (#11808)
- Not all proxies are compatible with websockets. If
you are using push with an incompatible proxy you might
have to force the transport mode to streaming. Some
proxies have problems with streaming also - you need to
ensure that the proxy does not buffer responses for HTTP
streaming to work.
Vaadin Installation
Vaadin is a Java framework for building modern web
applications that look great, perform well and make you and
your users happy. Vaadin is available under the
Apache License, Version 2.0 (see the
license.html
in the Vaadin ZIP or JAR package).
The easiest ways to install Vaadin are:
- If using Maven, define it as a dependency or use
any of the available archetypes (only vaadin-application
is available for Vaadin 7 at the time of this release)
to create a new project
- If using Eclipse, use the Vaadin Plugin for
Eclipse, which automatically downloads the Vaadin
libraries. To use this prerelease version, the plugin
should be installed from the experimental update site (http://vaadin.com/eclipse/experimental).
It is also available as a ZIP package downloadable from Vaadin Download
page.
Package Contents
Inside the ZIP installation package you will find:
- Separate server-side (vaadin-server) and
client-side (vaadin-client, vaadin-client-compiler)
development libraries
- Precompiled widget set (vaadin-client-compiled)
for server-side development
- Shared library (vaadin-shared) for both
server- and client-side libraries
- Built-in themes (vaadin-themes) and the
theme compiler (vaadin-theme-compiler)
- Dependency libraries provided under the lib/
folder
See the
README.TXT
in the installation package for detailed information about
the package contents. Book
of Vaadin (for Vaadin 7) gives more detailed
instructions.
For server-side development, copy the
vaadin-server
,
vaadin-client-compiled
,
vaadin-shared
,
vaadin-theme-compiler
, and
vaadin-themes
from the main folder and the dependencies from the
lib
folder to the
WEB-INF/lib
folder of your Vaadin project. (The
vaadin-client-compiled
is necessary if you do not wish to compile the widget set by
your own, which you need to do if you use almost any add-on
components.)
For pure client-side development, you only need the
vaadin-client
and
vaadin-client-compiler
JARs, which should be put to a non-deployed project library
folder, such as
lib
. You also need them if you compile the widget set for any
reason, such as using Vaadin add-ons, or create new
server-side components integrated with client-side widgets.
Migrating from Vaadin 6
All Vaadin 6 applications need some changes when migrating
to Vaadin 7. The most obvious changes are in the
application/window API and require extending either UI
or UI.LegacyApplication instead of Application.
A detailed list of migration changes are given in the Vaadin
7 Migration Guide.
Any custom client-side widgets need to be ported to use
the new client-server communication API, or the Vaadin 6
compatibility API.
Vaadin 6 add-ons (ones that contain widgets) do not work in
Vaadin 7 - please check the add-ons in Vaadin Directory
for Vaadin 7 support.
Vaadin 7.1.15 Dependencies
When using Maven, Ivy, Gradle, or other dependency
management system, all Vaadin dependencies are downloaded
automatically. This is also the case when using the Vaadin
Plugin for Eclipse.
The Vaadin ZIP installation package includes the
dependencies in the
lib
subfolder. These need to be copied to the
WEB-INF/lib
folder of the web application that uses Vaadin.
The dependencies are listed in the Licensing
description. Some are explicit dependencies packaged and
distributed as separate JARs, while some are included inside
other libraries.
Bean Validation
If you use the bean validation feature in Vaadin 7, you need
a Bean Validation API implementation. You need to install
the implementation JAR in the
WEB-INF/lib
directory of the web application that uses validation.
Upgrading to Vaadin 7.1
Upgrading the Eclipse Plugin
Vaadin 7 requires that you use a compatible version of the
Vaadin Plugin for Eclipse. The stable version of the plugin
is available from the
http://vaadin.com/eclipse
update site. Please see the section
about updating the plugin in the Book of Vaadin and the
installation
instructions at the download site for more details.
You can also use the experimental Vaadin Plugin for
Eclipse. Its update site is
http://vaadin.com/eclipse/experimental
.
General Upgrading Instructions
When upgrading from an earlier Vaadin version, you must:
- Recompile your classes using the new Vaadin
version. Binary compatibility is only guaranteed for
maintenance releases of Vaadin.
- Recompile any add-ons you have created using the
new Vaadin
- Unless using the precompiled widget set, recompile
your widget set using the new Vaadin version
Remember also to refresh the project in your IDE to
ensure that the new version of everything is in use.
By using the "
?debug
" URL parameter, you can verify that the version of the
servlet, the theme, and the widget set all match.
Eclipse users should always check if there is a new
version of the Eclipse Plug-in available. The Eclipse
Plug-in can be used to update the Vaadin version in the
project (Project properties » Vaadin).
Maven users should update the Vaadin dependency
version in the
pom.xml
unless it is defined as
LATEST
. You must also ensure that the GWT dependency uses the
correct version and recompile your project and your widget
set.
Liferay and other portal users must install the
Vaadin libraries in
ROOT/WEB-INF/lib/ in the portal (and remove a
possibly obsolete older vaadin.jar). Additionally,
the contents of the vaadin-client-compiled and vaadin-themes
must be extracted to the ROOT/html/VAADIN directory
in the Liferay installation. If your portal uses custom
widgets, install the latest version of Vaadin
Control Panel for Liferay for easy widget set
compilation - when it is available - the add-on is not
compatible with Vaadin 7.1.15 at the time of this Vaadin
release.
Notes and Limitations for Google App Engine
The following instructions and limitations apply when you
run a Vaadin application under the Google App Engine.
-
Applications must use GAEVaadinServlet
instead of VaadinServlet in
web.xml
.
-
Session support must be enabled in
appengine-web.xml
:
<sessions-enabled>true</sessions-enabled>
-
Avoid using the session for storage, usual App
Engine limitations apply (no synchronization, that
is, unreliable).
-
Vaadin uses memcache for mutex, the key is of the
form
_vmutex<sessionid>
.
-
The Vaadin VaadinSession class is serialized
separately into memcache and datastore; the memcache
key is
_vac<sessionid>
and the datastore entity kind is
_vac
with identifiers of the type
_vac<sessionid>
.
-
DO NOT update application state when serving an ConnectorResource
(such as ClassResource.getStream()).
-
The application remains locked during uploads - a
progress bar is not possible
For other known problems, see open tickets at developer site
dev.vaadin.com.
Supported Technologies
Vaadin 7 is compatible with Java 6 and newer. Vaadin
7 is especially supported on the following operating
systems:
- Windows
- Linux
- Mac OS X
Vaadin 7 requires Java Servlet API 2.4 but also
supports later versions and should work with any Java
application server that conforms to the standard. The
following application servers are supported:
- Apache Tomcat 5-7
- Apache TomEE 1
- Oracle WebLogic Server 10.3-12
- IBM WebSphere Application Server 7-8
- JBoss Application Server 4-7
- Jetty 5-9
- Glassfish 2-4
Vaadin 7 supports the JSR-286 Portlet specification and all
portals that implement the specification should work. The
following portals are supported:
- Liferay Portal 5.2-6
- GateIn Portal 3
- eXo Platform 3
Vaadin also supports Google App Engine.
Vaadin supports the following desktop browsers:
- Mozilla Firefox 18-24
- Mozilla Firefox 17 ESR
- Internet Explorer 8-10
- Safari 6
- Opera 12,16
- Google Chrome 23-29
Additionally, Vaadin supports the built-in browsers in the
following mobile operating systems:
- iOS 5-7
- Android 2.3-4
Vaadin SQL Container supports the following databases:
- HSQLDB
- MySQL
- MSSQL
- Oracle
- PostgreSQL
Vaadin on the Web
- vaadin.com - The
developer portal containing everything you need to
know about Vaadin
- vaadin.com/demo
- A collection of demos for Vaadin
- vaadin.com/learn
- Getting started with Vaadin
- vaadin.com/forum
- Forums for Vaadin related discussions
- vaadin.com/book
- Book of Vaadin - everything you need to know about
Vaadin
- vaadin.com/api
- Online javadocs
- vaadin.com/directory
- Add-ons for Vaadin
- vaadin.com/pro-account
- Commercial support and tools for Vaadin
development
- vaadin.com/services
- Expert services for Vaadin
- vaadin.com/company
- Information about the company behind Vaadin
- dev.vaadin.com
- Bug tracker
- How
to get the source code of Vaadin