Welcome to Apache Wicket

With proper mark-up/logic separation, a POJO data model, and a refreshing lack of XML, Apache Wicket makes developing web-apps simple and enjoyable again. Swap the boilerplate, complex debugging and brittle code for powerful, reusable components written with plain Java and HTML.

Wicket is released under the Apache License, Version 2.0.

CVE-2014-0043 - Apache Wicket Information disclosure vulnerability

Vendor: The Apache Software Foundation

Versions Affected: Apache Wicket 1.5.10 and 6.13.0

Description:

By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

The application developers are recommended to upgrade to:

Credit: This issue was reported by Christian Schneider!

Apache Wicket Team

Apache Wicket 6.14.0 released

The Apache Wicket PMC is proud to announce Apache Wicket 6.14.0!

This release marks the fourteenth minor release of Wicket 6. Starting with Wicket 6 we use semantic versioning for the future development of Wicket, and as such no API breaks are present in this release compared to 6.0.0.

New and noteworthy

This release fixes 34 bugs and adds the following improvements:

  • JQuery upgraded from 1.10.2 to 1.11.0
  • Fix for CVE-2014-0043
  • Wicket Session may not be saved in the SessionStore (Http Session) under some conditions and lead to lost state
  • Update classes copied from commons-fileupload to fix CVE-2014-0050
  • Allow <script> tags to have children components to be able to use client side templating

Using this release

With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):

<dependency>
 <groupId>org.apache.wicket</groupId>
 <artifactId>wicket-core</artifactId>
 <version>6.14.0</version>
</dependency>

Or download and build the distribution yourself, or use our convenience binary package

Upgrading from earlier versions

If you upgrade from 6.y.z this release is a drop in replacement. If you come from a version prior to 6.0.0, please read our Wicket 6 migration guide found at

Have fun!

— The Wicket team

Release Notes - Wicket - Version 6.14.0

Bug

* [WICKET-4697] - Autolinking not working as soon as component gets a wicket:id
* [WICKET-5043] - Page not mounted with WebApplication#mountPackage
* [WICKET-5449] - Missing chapter 2 is causing off-by-one page names in the guides URL links
* [WICKET-5460] - onBeforeRender called too early on stateless page
* [WICKET-5462] - Ajax form-component-label repainting fails when setResponsePage() is used to navigate away from the page that has previously failed form validaiton
* [WICKET-5464] - AbstractAjaxTimerBehavior does not work in combination with Wizards
* [WICKET-5466] - ListenerInterfaceRequestHandler#respond throws ComponentNotFoundException as a side-effect
* [WICKET-5467] - NumberTextField should support "any" as valid step attribute value
* [WICKET-5468] - UrlRenderer#renderRelativeUrl potentially appends "/" after query parameters
* [WICKET-5469] - ModalWindow unload warning always displayed (even if window is closed)
* [WICKET-5472] - PackageResource#internalGetResourceStream() should return ProcessingResourceStream only when the resource is existing
* [WICKET-5473] - Wicket does not handle non in-memory Httpsessions correctly
* [WICKET-5477] - CSS class is not applied to <TD> for data filter
* [WICKET-5478] - Wrong JavaDoc for WicketTester
* [WICKET-5480] - AutoLabelResolver creates null pointer exception in 6.13
* [WICKET-5482] - Wicket-guice doesn't support @javax.inject.Named annotations
* [WICKET-5484] - WebPageRenderer must not render full page in Ajax requests
* [WICKET-5486] - WebPageRenderer should honor RedirectPolicy.ALWAYS_REDIRECT more consistently
* [WICKET-5491] - Wicket.DateTime.getViewportHeight() returning undefined on IE8, positions calendar out of viewport
* [WICKET-5492] - WebApplication ignores a SecurityException when reading the configuration type
* [WICKET-5496] - Wrong translation of RangeValidator.minimum and RangeValidator.maximum
* [WICKET-5497] - NPE in JsonUtils when the value is null
* [WICKET-5499] - Page is not touched during initialization
* [WICKET-5500] - Ignore the path parameters when reading the page class
* [WICKET-5502] - Patch FileUploadBase to fix CVE-2014-0050

Improvement

* [WICKET-5288] - Allow &lt;script&gt;-Tags act as WebMarkUpContainer to add Child-Components
* [WICKET-5439] - Allow restarting AbstractAjaxTimerBehavior without updating its hosting component
* [WICKET-5463] - RequestUtil.getCharset(HttpServletRequest request) Resilience against unsupported Charsets in Request
* [WICKET-5470] - Remove 'final' from org.apache.wicket.markup.html.form.EnumChoiceRenderer#getDisplayValue
* [WICKET-5471] - Store the page if it is known that it will be used in a following request
* [WICKET-5493] - Disable jar indexing

New Feature

* [WICKET-3491] - Introduce IComponentOnConfigureListener

Task

* [WICKET-5488] - Promote experimental modules to become stable
* [WICKET-5494] - Upgrade JQuery to latest stable - 1.11.0 and 2.1.0

Older news items

  • Wicket 1.5.11 released - 06 Feb 2014
    This is the eleventh maintenance release of the Wicket 1.5.x series. This release brings over 34 bug fixes and improvements. Git tag Changelog To use... more
  • Wicket 1.4.23 released - 06 Feb 2014
    This is twenty thirdth release of the Wicket 1.4.x series. This is a security bugfix release on the 1.4.x branch. Read CVE-2013-2055 for more information.... more
  • CVE-2013-2055 - Apache Wicket Information disclosure vulnerability - 06 Feb 2014
    Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.22, 1.5.10 and 6.7.0 Description: It is possible to make Wicket deliver the HTML templates in... more
  • Apache Wicket 6.13.0 released - 05 Jan 2014
    The Apache Wicket PMC is proud to announce Apache Wicket 6.13.0! This release marks the thirteenth minor release of Wicket 6. Starting with Wicket 6... more
  • Apache Wicket 6.12.0 released - 01 Nov 2013
    The Apache Wicket PMC is proud to announce Apache Wicket 6.12.0! This release marks the twelfth minor release of Wicket 6. Starting with Wicket 6... more
  • Apache Wicket 6.11.0 released - 20 Sep 2013
    The Apache Wicket PMC is proud to announce Apache Wicket 6.11.0! This release marks the eleventh minor release of Wicket 6. Starting with Wicket 6... more
  • Apache Wicket 6.10.0 released - 18 Aug 2013
    The Apache Wicket PMC is proud to announce Apache Wicket 6.10.0! This release marks the tenth minor release of Wicket 6. Starting with Wicket 6... more
  • Apache Wicket 6.9.1 released - 10 Jul 2013
    The Apache Wicket PMC announces Apache Wicket 6.9.1! This is a patch release for 6.9.0 where we inadvertently broke CDI injection into (amongst others) anonymous... more
  • Apache Wicket 6.9.0 released - 27 Jun 2013
    The Apache Wicket PMC is proud to announce Apache Wicket 6.9.0! This release marks the ninth minor release of Wicket 6. Starting with Wicket 6... more
  • Apache Wicket 6.8.0 released - 17 May 2013
    The Apache Wicket PMC is proud to announce Apache Wicket 6.8.0! This release marks the eighth minor release of Wicket 6. Starting with Wicket 6... more

Books about Wicket

The following books are published regarding Apache Wicket (click a cover to learn more about the book):