The Apache Wicket project announces the 10th major release of the open source Java web framework servicing websites and applications across the globe since 2004. Built on top of Java 17, this version of Wicket brings web development into the modern Java world, offering a fundamental tool to write modern and robust web applications.
Building robust and manteinable web applications is not a trivial task, especially for Java developers who might feel lost with modern web technologies. With Wicket you can use the rock-solid Java platform to reach this goal without the burden of the complexity that comes with modern JavaScript development stack.
Using Wicket and other familiar tools like Apache Maven you can finally make the most of modern UI frameworks and JavaScript libraries without leaving the Java ecosystem!
Wicket 10 is built on top of Java 17 and is compatible with Java 21. In addtion Wicket takes part in the OpenJDK Quality Outreach to further improve the effort to test compatibility with both the latest OpenJDK release and the Early Access release.
Wicket 10 comes with a migration tool based on OpenRewrite to speed up migration from Wicket 9 and avoid repetitive and error-prone manual changes to your code. For more details on this tool see migration guide.
As the number of security threats grows, it's crucial for web applications to adopt the latest security standards and countermeasures. CSP is a modern standard that allows applications to declare approved origins of content (such as JavaScript, CSS, images, etc...) for the browser to load. Constructing a safe and at the same time complete CSP can be challenging. You either risk leaving holes in the defense of your application or you break certain functionality. Protecting against unwanted inline scripts is the most important target to attain. In CSP this is called 'unsafe-inline' and it's the most common cause of cross-site scripting vulnerabilities.
Wicket 10 comes with full support for CSP and does not need any unsafe directives. Wicket will automatically add a nonce to every header contribution and whitelist this nonce. This allows for flexible loading of resources without the need for a complex CSP. Of course it is possible to modify and customize the CSP, add additional directives or disable it entirely. Lookup our documentation for more information.
It is very easy to get started with Wicket: use our quick-start wizard or use one of the options below.
When you migrate from a previous Wicket version to Wicket 10, a full list of changes and migrations is available at the following page:
https://s.apache.org/wicket10migrate
Please consult this migration guide when you are moving towards Wicket 10.
With Apache Maven update your dependency to (and don't forget to update any other dependencies on Wicket projects to the same version):
<dependency>
<groupId>org.apache.wicket</groupId>
<artifactId>wicket-core</artifactId>
<version>10.2.0</version>
</dependency>You can download and build the distribution yourself, or use our convenient binary package:
Invented in 2004, Wicket is one of the few survivors of the Java serverside web framework wars of the mid 2000's. Wicket is an open source, component oriented, serverside, Java web application framework. With a history of over a decade, it is still going strong and has a solid future ahead. Learn why you should consider Wicket for your next web application.
Leverage what you know about Java or your favourite HTML editor to write Wicket applications. With pure Java code and HTML markup Wicket is the go-to web framework for purists.
URLs do not expose sensitive information and all component paths are session-relative. Wicket keeps your model private except those parts you explicitly expose.
Write Ajax applications without having to write a single line of JavaScript code. Wicket's Ajax functionality makes it trivial to update selected parts of a UI, and comes with a great selection of basic Ajax components.
Since its inception in 2004 Wicket has been an open source project and remains available under one of the most permissive licenses: the Apache Software License.
Pages and Components in Wicket are real Java objects that support encapsulation, inheritance and events. Create high level components with ease and bundle its stylesheets, JavaScript and other resources into one reusable package.
With support of over 25 languages out-of-the-box, Wicket let's you get started in your own language, or a second language with no effort. You can provide alternative languages on the application, page, or even component level.
No more pain while keeping tabs on multiple tabs and windows. Wicket's automatic state storage ensures that your users can open pages in new tabs and windows without causing problems.
Global JavaScript libraries and CSS styling mix properly with component local JavaScript and CSS resources. You can use custom component libraries that ship with default JavaScript behaviour and CSS styling, without having to do anything yourself. Creating such self-contained component libraries is as easy as creating a JAR file.
With WicketTester you can achieve testing coverage your QA department can only dream of. Test your pages without having to run inside a browser, or start a container. Test your components directly, check their rendered markup tags, attributes and contents with ease.
Inject your services into your pages and components with the technology of your choosing: Wicket provides integration with CDI (JSR-305), Spring and Guice.
If you are using the Jakarta EE, you can leverage JPA, EJBs, Bean Validation and CDI with Wicket's integrations for these specifications.
Many projects use Wicket but are not known for it. Below you find a list of projects that are Powered by Wicket.
This list is generated from our Tumblr feed 'Built with Wicket'. You can submit your own project to this list through this form.
Get the latest updates to releases, security bulletins, community news and more.
The Apache Wicket PMC is proud to announce Apache Wicket 10.2.0!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org
This release marks another minor release of Wicket 10. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 10.0.0.
With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):
<dependency>
<groupId>org.apache.wicket</groupId>
<artifactId>wicket-core</artifactId>
<version>10.2.0</version>
</dependency>Or download and build the distribution yourself, or use our convenience binary package you can find here:
The Apache Wicket PMC is proud to announce Apache Wicket 8.16.0!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org
This release marks another minor release of Wicket 8. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 8.0.0.
This version contains a fix for ‘CVE-2024-36522 - Remote code execution via XSLT injection’
With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):
<dependency>
<groupId>org.apache.wicket</groupId>
<artifactId>wicket-core</artifactId>
<version>8.16.0</version>
</dependency>Or download and build the distribution yourself, or use our convenience binary package you can find here:
See the archives for all news articles concerning release, security and community updates.
Note that you can subscribe to our RSS feed to get updates in your favorite RSS reader the moment they happen.