Apache Wicket 9.9.1 released

08 Apr 2022

The Apache Wicket PMC is proud to announce Apache Wicket 9.9.1!

Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 9. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 9.0.0.

New and noteworthy

This hotfix reverts WICKET-6963 which causes MarkupException in some particular cases. (see https://lists.apache.org/thread/y0zthfw2on04sm9wpn60my3x53b8cb3n). In addition, this release updates Spring Core dependency to version 5.3.18 which provides a fix for Spring4shell vulnerability (CVE-2022-22965).

NOTE: Wicket is NOT directly impacted by Spring4shell. Your application might be exposed to this vulnerability only if you use Spring web frameworks (i.e. Spring MVC and Spring WebFlux).

Using this release

With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):


Or download and build the distribution yourself, or use our convenience binary package you can find here:

  • Download: http://wicket.apache.org/start/wicket-9.x.html#manually

Upgrading from earlier versions

If you upgrade from 9.y.z this release is a drop in replacement. If you come from a version prior to 9.0.0, please read our Wicket 9 migration guide found at

  • http://s.apache.org/wicket9migrate

Have fun!

— The Wicket team


This Release

CHANGELOG for 9.9.1:

  • [WICKET-6966] - IndexOutOfBounds in InSessionPageStore
  • [WICKET-6965] - Memory leak in WicketEndpoint
  • [WICKET-6963] - (REVERTED) Use singletons for PanelMarkupSourcingStrategy