Announcing Apache Wicket 10 : build modern web applications with Java!

The Apache Wicket project announces the 10th major release of the open source Java web framework servicing websites and applications across the globe since 2004. Built on top of Java 17, this version of Wicket brings web development into the modern Java world, offering a fundamental tool to write modern and robust web applications.

Use Java to build modern and mantainable web applications

Building robust and manteinable web applications is not a trivial task, especially for Java developers who might feel lost with modern web technologies. With Wicket you can use the rock-solid Java platform to reach this goal without the burden of the complexity that comes with modern JavaScript development stack.

Using Wicket and other familiar tools like Apache Maven you can finally make the most of modern UI frameworks and JavaScript libraries without leaving the Java ecosystem!

Stay up to date with the Java release cycle

Wicket 10 is built on top of Java 17 and is compatible with Java 21. In addtion Wicket takes part in the OpenJDK Quality Outreach to further improve the effort to test compatibility with both the latest OpenJDK release and the Early Access release.

Fast migration with OpenRewrite

Wicket 10 comes with a migration tool based on OpenRewrite to speed up migration from Wicket 9 and avoid repetitive and error-prone manual changes to your code. For more details on this tool see migration guide.

Protect your web apps with Content Security Policy (CSP)

As the number of security threats grows, it's crucial for web applications to adopt the latest security standards and countermeasures. CSP is a modern standard that allows applications to declare approved origins of content (such as JavaScript, CSS, images, etc...) for the browser to load. Constructing a safe and at the same time complete CSP can be challenging. You either risk leaving holes in the defense of your application or you break certain functionality. Protecting against unwanted inline scripts is the most important target to attain. In CSP this is called 'unsafe-inline' and it's the most common cause of cross-site scripting vulnerabilities.

Wicket 10 comes with full support for CSP and does not need any unsafe directives. Wicket will automatically add a nonce to every header contribution and whitelist this nonce. This allows for flexible loading of resources without the need for a complex CSP. Of course it is possible to modify and customize the CSP, add additional directives or disable it entirely. Lookup our documentation for more information.

Getting Started with Wicket 10

It is very easy to get started with Wicket: use our quick-start wizard or use one of the options below.

Migrating to Wicket 10

When you migrate from a previous Wicket version to Wicket 10, a full list of changes and migrations is available at the following page:

https://s.apache.org/wicket10migrate

Please consult this migration guide when you are moving towards Wicket 10.

Download using Apache Maven

With Apache Maven update your dependency to (and don't forget to update any other dependencies on Wicket projects to the same version):

<dependency>
    <groupId>org.apache.wicket</groupId>
    <artifactId>wicket-core</artifactId>
    <version>10.2.0</version>
</dependency>

Download sources/binaries manually

You can download and build the distribution yourself, or use our convenient binary package:


Introducing Apache Wicket

Invented in 2004, Wicket is one of the few survivors of the Java serverside web framework wars of the mid 2000's. Wicket is an open source, component oriented, serverside, Java web application framework. With a history of over a decade, it is still going strong and has a solid future ahead. Learn why you should consider Wicket for your next web application.

Work with JavaScript and CSS

Global JavaScript libraries and CSS styling mix properly with component local JavaScript and CSS resources. You can use custom component libraries that ship with default JavaScript behaviour and CSS styling, without having to do anything yourself. Creating such self-contained component libraries is as easy as creating a JAR file.


Projects Using Apache Wicket

Many projects use Wicket but are not known for it. Below you find a list of projects that are Powered by Wicket.



This list is generated from our Tumblr feed 'Built with Wicket'. You can submit your own project to this list through this form.

News about Apache Wicket

Get the latest updates to releases, security bulletins, community news and more.

Apache Wicket 10.2.0 released

24 Sep 2024

The Apache Wicket PMC is proud to announce Apache Wicket 10.2.0!

Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 10. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 10.0.0.

Using this release

With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):

<dependency>
    <groupId>org.apache.wicket</groupId>
    <artifactId>wicket-core</artifactId>
    <version>10.2.0</version>
</dependency>

Or download and build the distribution yourself, or use our convenience binary package you can find here:

  • Download: http://wicket.apache.org/start/wicket-10.x.html#manually
Read more...

Apache Wicket 8.16.0 released

17 Jun 2024

The Apache Wicket PMC is proud to announce Apache Wicket 8.16.0!

Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 8. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 8.0.0.

New and noteworthy

This version contains a fix for ‘CVE-2024-36522 - Remote code execution via XSLT injection’

Using this release

With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):

<dependency>
    <groupId>org.apache.wicket</groupId>
    <artifactId>wicket-core</artifactId>
    <version>8.16.0</version>
</dependency>

Or download and build the distribution yourself, or use our convenience binary package you can find here:

  • Download: http://wicket.apache.org/start/wicket-8.x.html#manually
Read more...