Project

General

Profile

Actions
Copy link

task #9837

open

updadte vaadin to latets 7.* version

Added by Andreas Kohlbecker over 2 years ago. Updated about 2 years ago.

Status:
In Progress
Priority:
Highest
Assignee:
Andreas Müller
Category:
cdm-vaadin
Target version:
Release 5.45
Start date:
Due date:
% Done:

10%

Estimated time:
Severity:
major
Tags:
security

Description

due to https://vaadin.com/security/2021-10-27 we needed to update vaadin.server quickly.

Updating of vaadin-client or vaadin-spring would be much better but needs some more testing.

Related issues

Related to EDIT - task #9359: Update cdmlib, taxeditor, cdmserver etc. dependenciesClosedAndreas Müller

Actions
Related to EDIT - task #9955: Upgrade vaadin to latest versionNewAndreas Müller

Actions
Related to EDIT - task #10055: Updates, upgrades and cleanup 2023NewAndreas Müller

Actions
Actions
Copy link
 #1

Updated by Andreas Kohlbecker over 2 years ago

updating any component to the latest vaadin 7 release requires the pro license:

Vaadin 7.7.17 was the last public open-source version of the Vaadin 7 framework. Vaadin guarantees 5 years of maintenance from the release date of long-term release (LTS) versions. Official support for Vaadin 7 ended in February 2019. (see https://vaadin.com/support/vaadin-7-extended-maintenance)

The release 7.7.28 of vaadin-server actually updates jsoup from 1.8.3 to 1.14.3 (see https://mvnrepository.com/artifact/com.vaadin/vaadin-server/7.7.27)

Actions
Copy link
 #2

Updated by Andreas Kohlbecker over 2 years ago

instead of updating vaadin itself it should be sufficient to upgrade the vulnerable jsoup dependency

Actions
Copy link
 #3

Updated by Andreas Kohlbecker over 2 years ago

  • Status changed from New to Resolved
  • Target version changed from Release 5.45 to Release 5.28
  • % Done changed from 0 to 50
Actions
Copy link
 #4

Updated by Andreas Müller over 2 years ago

  • Related to task #9359: Update cdmlib, taxeditor, cdmserver etc. dependencies added
Actions
Copy link
 #5

Updated by Andreas Kohlbecker over 2 years ago

  • Status changed from Resolved to In Progress
  • Target version changed from Release 5.28 to Release 5.45
  • % Done changed from 50 to 10
Actions
Copy link
 #6

Updated by Andreas Kohlbecker about 2 years ago

  1. vaadin has been updated to latest open source version (=7.7.17)
  2. updading jsoup to fix https://vaadin.com/security/2021-10-27 was not easily possible due to code incompatibility

--> Problem not yet solved

Actions
Copy link
 #7

Updated by Andreas Kohlbecker about 2 years ago

  • Tags set to security
Actions
Copy link
 #8

Updated by Andreas Kohlbecker about 2 years ago

  • Assignee changed from Andreas Kohlbecker to Andreas Müller
Actions
Copy link
 #9

Updated by Andreas Müller about 2 years ago

  • Related to task #9955: Upgrade vaadin to latest version added
Actions
Copy link
 #10

Updated by Andreas Müller almost 2 years ago

  • Related to task #10055: Updates, upgrades and cleanup 2023 added
Actions
Copy link

Also available in: Atom PDF