九洲体育投注平台|首页

Apache Wicket 9.0.0-M5 released

06 Apr 2020

The Apache Wicket PMC is proud to announce Apache Wicket 9.0.0-M5!

Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at http://www.tuomi77.top

This release marks another minor release of Wicket 9. We use semantic versioning for the development of Wicket, and as such no API breaks are present breaks are present in this release compared to 9.0.0.

New and noteworthy

With this milestone Wicket introduces support for content security policy (CSP) which is active by default and prevents inline JavaScript and CSS code from been executed. For more details about CSP support see Wicket 9 migration guide linked below.

Using this release

With Apache Maven update your dependency to (and don’t forget to update any other dependencies on Wicket projects to the same version):

<dependency>
    <groupId>org.apache.wicket</groupId>
    <artifactId>wicket-core</artifactId>
    <version>9.0.0-M5</version>
</dependency>

Or download and build the distribution yourself, or use our convenience binary package you can find here:

  • Download: http://www.tuomi77.top/start/wicket-9.x.html#manually

Upgrading from earlier versions

If you upgrade from 9.y.z this release is a drop in replacement. If you come from a version prior to 9.0.0, please read our Wicket 9 migration guide found at

  • http://s.apache.org/wicket9migrate

Have fun!

— The Wicket team

========================================================================

The signatures for the source release artefacts:

Signature for apache-wicket-9.0.0-M5.zip:

    -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl6FsXoACgkQh48B+qjT
VuEZiA//fgy42gNrnUBO6Cbs6ZvJwzMLURlVuD/mrHZx5iLgnr7p9qgJzEZSfdF/
U0JPztMq6/crgi+aXPCjxzKdnGNlu665g3Xxyc3dr+N8psoWptGsBREBTtynQU2n
Pu9ir1THAE9qdr4MbqRZbH5wQGklPnLTfoTV6BS0HK4mmPCblK7eYBZlz7QnbOAL
MwuShMRLZ0phKZ3rwXFSJcWoZGyx6cmHPjs04VJkCdbtcOwBMNIzoU5CgbShvVt9
eXobPkOniJ2Ijr/B1ROVMrFOC7uduJilFj2dk+icZZgrO6177pDO57bX1It3Ts3J
UbOJKdtBIHMD9XNe1ANPodMMwxA5Q0hUpjsehPqZVFgYpEfHxyPENVkjlabqHOt/
8ySL79MfOGzckNPUrR16HS0RTrBjsSrLnif5bHcaFyIg6UL0RrdOlJaI6CU01V/Y
zPBtI3Dm1R4acUCrU08nScoeR+uS7F6oTSQD2X+pEsBG6euX0q1fV4HhtVQSRIFU
pSrSAavkQjUL0tl6ik8HeGOlMFXT66U0Q6gnI/KmxcHZAroWU6j2qvYOcfawIEkw
qZfgo0ZnJN4/VxAl51+On64LkaxpCCBCh8+yZ2DW7efcKDWElXpC1IOhvuFTYDgt
WouuIOaT0Hdura6SBdp6WYwwLzUP/nk1s6A6EfYtpanlWxblzLE=
=062g
-----END PGP SIGNATURE-----

Signature for apache-wicket-9.0.0-M5.tar.gz:

    -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl6FsXoACgkQh48B+qjT
VuHV3Q//QlqtUlnAtEn2KN0XdinerjOrG8Ny9M7/apRqVjij57Ye+LrIPWnd0+Bj
WqTVx/4nuJ/HcC+e1fwrSkekSZW0n2ecO9GKo/k7KyDRxsbKnPyCP3JjqJfhDf/R
6seFXrGJWLfQo844kuLJz5Ug3wjEqiOQk2HmgXTQmUdcGlTsXAioSkHttLNQjLZC
bF2LD3ZqwJw0R/7o1t4WAi1h7iriGKGrehgk6k/9h8DKTvKGduEDfWtSPu4R8Ogr
/i71FQt5w+87wKLP/viUHkIg0+KAHGmVu9Qz1AYHLc20oJv63N273ZeiIRuFWmCj
jw+1WfJUQvxFxfV1CxNCl/IBGPjD4FS3sygg867uEgShNFVNzVA+vplEDRl3i9e9
GaMgQsfVBi8eZzoGtgga0cQhgOU4hvOwv8lHNaC6XHYV18/p6j9P1tthtPsL2Krk
AzFfJ3Ym/gRf2thKop4iMn2xU16bu1D33zSPJ3C0kGlWqHQFw5+gBLNLOthv3YyV
LZGqSmsPg2sNcWDPqaUGQAVGNXmogjpbw6X9aEx2VtXfLQItRMNJq6lpoCtPQryK
UhgTTb4z4wE1dUDhyuIAVgKXgtUdKg7Q8oxmIfV4zl4OdRzBCYuHJ8md0Q7Tg0PC
BiSUhll+1igfRg1tUYItJ7TtV6uqdRZIg+YMsZ98ZKp24xcy1rI=
=GdAn
-----END PGP SIGNATURE-----

========================================================================

This Release

CHANGELOG for 9.0.0-M5:

Bug
  • [WICKET-6715] - FileUpload class should not implement IClusterable
  • [WICKET-6745] - CSP: inline JS in server and client time response filters
  • [WICKET-6746] - HttpsMapper cannot deal with resources over websockets
  • [WICKET-6752] - Some dependencies contain CVEs
  • [WICKET-6753] - res/modal.js using aria-labelledby where it should be using aria-label
  • [WICKET-6754] - Iteration stops with nested containers
  • [WICKET-6755] - MockServletContext does not decode real path
  • [WICKET-6756] - Avoid URL.getFile() when actually expecting paths.
  • [WICKET-6757] - Avoid URL.getFile during mime type detection.
  • [WICKET-6758] - NPE in AbstractWebSocketProcessor after session times out
New Feature
  • [WICKET-6727] - Configurable CSP
  • [WICKET-6729] - allow adding IHeaderResponseDecorator without replacing all others
  • [WICKET-6730] - Global access to secure random data
Improvement
  • [WICKET-6724] - CSP: Inline Javascript in AjaxLink
  • [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
  • [WICKET-6726] - CSP: inline styling and js in Form submitbutton handling
  • [WICKET-6731] - CSP: inline JS in SubmitLink
  • [WICKET-6732] - CSP: inline JS in Link and ExternalLink
  • [WICKET-6733] - CSP: enable by default
  • [WICKET-6735] - CSP: inline styling in FormComponentFeedbackBorder/Indicator
  • [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
  • [WICKET-6737] - CSP: violations in examples
  • [WICKET-6738] - CSP: inline styling in UploadProgressBar
  • [WICKET-6739] - CSP: inline JS in Palette
  • [WICKET-6740] - CSP: inline JS in Button
  • [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
  • [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
  • [WICKET-6759] - Support disabling error notification for websockets
  • [WICKET-6760] - Nested Form placeholder should preserve tag name
  • [WICKET-6761] - Support multiple connections to the same websocket resource from a single session
  • [WICKET-6762] - Support manual initialization of websocket connections
Tasks
  • [WICKET-6687] - Cleanup the code from attribute inline styles and attribute inline scripts
  • [WICKET-6747] - Document CSP in user guide and migration guide
  • [WICKET-6751] - Support creating custom page access synchronization strategies
js29金沙