Apache Wicket 8.17.0 released
The Apache Wicket PMC is proud to announce Apache Wicket 8.17.0!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at https://wicket.apache.org
This release marks another minor release of Wicket 8. We use semantic versioning for the development of Wicket, and as such no API breaks are present in this release compared to 8.0.0.
New and noteworthy
This release fixes the following security issue:
- CVE-2024-53299 ‘An attacker can intentionally trigger a memory leak’ Reported by Pedro Santos.
Using this release
With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):
<dependency>
<groupId>org.apache.wicket</groupId>
<artifactId>wicket-core</artifactId>
<version>8.17.0</version>
</dependency>Or download and build the distribution yourself, or use our convenience binary package you can find here:
- Download: http://wicket.apache.org/start/wicket-8.x.html#manually
Upgrading from earlier versions
If you upgrade from 8.y.z this release is a drop in replacement. If you come from a version prior to 8.0.0, please read our Wicket 8 migration guide found at
- http://s.apache.org/wicket8migrate
Have fun!
— The Wicket team
========================================================================
The signatures for the source release artefacts:
Signature for apache-wicket-8.17.0.zip:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAmeX+qgACgkQh48B+qjT
VuEg7A/+JKbyIRRIoRMXwMcpWkmm0btNW0I9ZBftqzbPAfus853VloRTPiu5D1Ly
s8zs9rTEM76ftOnLlWexM9z8KzytDOZ68qtQz0q42A0+tCS1G3NnKgl7iHJ4kEBp
Ft1l50lCMsAoeU9YC3f+9i/sjx1PPuodVi1WANwE9oo7Lf9jPq+X0yI9Z2dzaFpf
pc5eGELaesD5nWNC3Rqwn65xSsWHBesw4xeUXbVm8Sk0wUstxaonA9umR8iQal8/
vcVMWO5eLqDyCsOq1F6+PziA/PDV/Fav8Ekxaq3RdcmA/JfrEbQI16ruUGYEhRRH
29fec0wwj11gsOSC84jg34OdN1OkhzAqc3RqGLOHMJuxZR5h0ytemhzlASfHanRa
q+CTDUw6FuNNWQSfNOxw2+9qiOoDul5tbxqA1j6VoFx8qGE3yPjdA868rV62TTmD
1JFfBLyRF5Knc+t0hX0baovNV1Uhf5P99St0ZKRzo3gch5zmVxdNDRAw6027rXTq
F2aSG/GSUoNWHKr0A3p22ahE7enj+eqV6n7hfYxvS3uQ1n7EDBqAUp1OO0ftnEfB
caujs+o0CoT1Yu11KLPfPOw4W+rMhqqQtZEa3I97ac+CFYMUfNDZdxGk33XretYS
Vn1WNRD+en1LxAtgNIzqb3JOfqaQMWxuqrm92yhG80BEZ9jf7NQ=
=+HWr
-----END PGP SIGNATURE-----
Signature for apache-wicket-8.17.0.tar.gz:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAmeX+qgACgkQh48B+qjT
VuFMKg//XEZrO5VUpcllihLXBPlAke3APED6xx7vKBbytYH4tNp6kO2X/JBRlI0E
UNbSzB09QHHkK02uoNp2dfmwiKKzqlavIy+5RaSw0XBkJas4Iz/J+7eugjExBVbu
/iekdlp6Zy+UN8kzjT0QiW6rnWxhoqBoZip6jGCiQCAZnwVuQ35RkhN19KNebBjk
upfEQ5+2Xf9xGS4EoSzgH8s122gZDADUD3WlSRd1ZXu8d1ai9d3jySao/isiMZeM
+8xb2ztbRJ8XBUDuSTL9XX9lnl+FGvXxSfLciQ0rPCEsmYZKmOymnV4hUWZw28yk
JizA1/rqiTmno65I9Hp6+Ky9VwMFM/6+DMby/20EpwKbwjr5kZ1BNJ9rTzR3wPEf
PDBc7+3JHkxP0GUrYLo3pi1zxP3xXPdohEW3ZyNchsBmUG0vha8WGQqADg9Jy4My
EPURVQX9yu280CrvT3aZWjWVtr6tVwvZ6BzZ2p9gTkyd9kiL/4z0PGe/tEolnVvM
+6VXyohFb+bzp/RU1pppYYgCP4mEpwJH2OD4Zew1PjDtLOdYbWZN7GNvxlJiahE8
jMbkfQlOUl+CxZvbUBh2MfyE+RQGCiu7oNKPuFHbShiKylaCVf0goXzWfbJWRz7y
8XggIsKla00iXwenVnW6mz2wchkj7g3fXwitB0JlrlOwd1scPS4=
=uQT+
-----END PGP SIGNATURE-----
========================================================================
This Release
CHANGELOG for 8.17.0:
Bug
- [WICKET-7024] - Wrong static resource urls when their generation is triggered by
Improvement
- [WICKET-7137] - Make resource URL sanitization extendable