The Apache Wicket PMC is proud to announce Apache Wicket 9.9.1!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org
This release marks another minor release of Wicket 9. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 9.0.0.
New and noteworthy
This hotfix reverts WICKET-6963 which causes MarkupException in some particular cases. (see https://lists.apache.org/thread/y0zthfw2on04sm9wpn60my3x53b8cb3n). In addition, this release updates Spring Core dependency to version 5.3.18 which provides a fix for Spring4shell vulnerability (CVE-2022-22965).
NOTE: Wicket is NOT directly impacted by Spring4shell. Your application might be exposed to this vulnerability only if you use Spring web frameworks (i.e. Spring MVC and Spring WebFlux).
Using this release
With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):
Or download and build the distribution yourself, or use our convenience binary package you can find here:
- Download: http://wicket.apache.org/start/wicket-9.x.html#manually
Upgrading from earlier versions
If you upgrade from 9.y.z this release is a drop in replacement. If you come from a version prior to 9.0.0, please read our Wicket 9 migration guide found at
— The Wicket team
CHANGELOG for 9.9.1:
- [WICKET-6966] - IndexOutOfBounds in InSessionPageStore
- [WICKET-6965] - Memory leak in WicketEndpoint
- [WICKET-6963] - (REVERTED) Use singletons for PanelMarkupSourcingStrategy