Apache Wicket v7.0 released

The Apache Software Foundation announces Apache Wicket™ v7.0 Open Source Java web framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more.

The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of nearly 150 Open Source projects and initiatives, today announced Apache™ Wicket™ v7.0, the Open Source Java web framework for high performance, scalable, component oriented web applications. This marks the seventh major release of the project that celebrated its 10 year anniversary last year.

This framework allows Java developers to write web applications using components. This way developers can reason about the user interface in user interface building blocks, making it easier to link specific user interactions to server-side code. Wicket is a high performance framework processing billions of requests daily across the world.

“With this release we have added a major improvement to our framework, making development with Wicket even easier.”, said Martijn Dashorst, Vice President of Apache Wicket. “By adding ‘Component Queuing’ we have divorced the strict relationship between the Java component classes and the markup. This has been a headache for many users and sparked one of the longest discussions on our community lists. We finally put this issue to bed.”

“Other major improvements are the move towards Java 7, newer Java EE standards, security features and the addition of new components. Wicket now bundles a cross site request forgery (CSRF) prevention measure, and provides support for inline images using the data: protocol,” continued Martijn Dashorst.

Apache Wicket v7.0 reflects over 2 years of development, testing and feedback from hundreds of knowledgable users, bringing a highly stable, production ready release of the popular web framework. The release consist of almost 300 features, improvements and fixes. In accordance with Semantic Versioning, this major release contains several documented API breaks. Following the Semantic Versioning standard, future minor releases of Wicket v7 will remain API compatible.

You can start using Apache Wicket v7.0 now.

Have fun!

– The Wicket Team

Read the full press release


Introducing Apache Wicket

Invented in 2004, Wicket is one of the few survivors of the Java serverside web framework wars of the mid 2000's. Wicket is an open source, component oriented, serverside, Java web application framework. With a history of over a decade, it is still going strong and has a solid future ahead. Learn why you should consider Wicket for your next web application.

Work with JavaScript and CSS

Global JavaScript libraries and CSS styling mix properly with component local JavaScript and CSS resources. You can use custom component libraries that ship with default JavaScript behaviour and CSS styling, without having to do anything yourself. Creating such self-contained component libraries is as easy as creating a JAR file.

Projects Using Apache Wicket

Many projects use Wicket but are not known for it. Below you find a list of projects that are Powered by Wicket.



This list is generated from our Tumblr feed 'Built with Wicket'. You can submit your own project to this list through this form.

News about Apache Wicket

Get the latest updates to releases, security bulletins, community news and more.

CVE-2015-7520 Apache Wicket XSS vulnerability

02 Mar 2016

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Wicket 1.5.x, 6.x and 7.x

Description:

It is possible for JavaScript statements to break out of a RadioGroup’s and CheckBoxMultipleChoice’s “value” attribute of <input> elements

This might pose a security threat if the written JavaScript contains user provided data.

Credit: This issue was reported by Canh Ngo!

Apache Wicket Team

Read more...