task #9837
openupdadte vaadin to latets 7.* version
10%
Description
due to https://vaadin.com/security/2021-10-27 we needed to update vaadin.server quickly.
Updating of vaadin-client or vaadin-spring would be much better but needs some more testing.
Related issues
Updated by Andreas Kohlbecker over 2 years ago
updating any component to the latest vaadin 7 release requires the pro license:
Vaadin 7.7.17 was the last public open-source version of the Vaadin 7 framework. Vaadin guarantees 5 years of maintenance from the release date of long-term release (LTS) versions. Official support for Vaadin 7 ended in February 2019. (see https://vaadin.com/support/vaadin-7-extended-maintenance)
The release 7.7.28 of vaadin-server actually updates jsoup from 1.8.3
to 1.14.3
(see https://mvnrepository.com/artifact/com.vaadin/vaadin-server/7.7.27)
Updated by Andreas Kohlbecker over 2 years ago
instead of updating vaadin itself it should be sufficient to upgrade the vulnerable jsoup dependency
Updated by Andreas Kohlbecker over 2 years ago
- Status changed from New to Resolved
- Target version changed from Release 5.45 to Release 5.28
- % Done changed from 0 to 50
Updated by Andreas Müller over 2 years ago
- Related to task #9359: Update cdmlib, taxeditor, cdmserver etc. dependencies added
Updated by Andreas Kohlbecker over 2 years ago
- Status changed from Resolved to In Progress
- Target version changed from Release 5.28 to Release 5.45
- % Done changed from 50 to 10
Updated by Andreas Kohlbecker about 2 years ago
- vaadin has been updated to latest open source version (=7.7.17)
- updading jsoup to fix https://vaadin.com/security/2021-10-27 was not easily possible due to code incompatibility
--> Problem not yet solved
Updated by Andreas Kohlbecker about 2 years ago
- Assignee changed from Andreas Kohlbecker to Andreas Müller
Updated by Andreas Müller about 2 years ago
- Related to task #9955: Upgrade vaadin to latest version added
Updated by Andreas Müller almost 2 years ago
- Related to task #10055: Updates, upgrades and cleanup 2023 added