Apache Wicket 9.17.0 released
The Apache Wicket PMC is proud to announce Apache Wicket 9.17.0!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org
This release marks another minor release of Wicket 9. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 9.0.0.
New and noteworthy
This release fixes the following security issue:
- CVE-2024-27439 - ‘Possible bypass of CSRF protection’ Reported by Jo Theunis.
Using this release
With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):
Or download and build the distribution yourself, or use our convenience binary package you can find here:
- Download: http://wicket.apache.org/start/wicket-9.x.html#manually
Upgrading from earlier versions
If you upgrade from 9.y.z this release is a drop in replacement. If you come from a version prior to 9.0.0, please read our Wicket 9 migration guide found at
- http://s.apache.org/wicket9migrate
Have fun!
— The Wicket team
========================================================================
This Release
CHANGELOG for 9.17.0:
Bug
- [WICKET-7086] - Injecting Spring bean may cause ClassCastException
- [WICKET-7091] - FilePageStore throws NPE
- [WICKET-7096] - stylesheets referenced via automatic linking miss nonce attribute
- [WICKET-7097] - ServletWebResponse allows writing headers to committed HttpServletResponse
Improvement
- [WICKET-7093] - Add support for missing CSP directives
- [WICKET-7094] - Make all CSP schemes configurable
- [WICKET-7099] - Validate FormTester constructor parameter workingForm