#Release Notes

The Webswing version 21.1 comes with improved window undocking, user consent for recording and mirror view, clustering features and stability updates, some security and bug fixes. In this page we list also other changes for minor releases.

#21.1.8 Extended Support

Release date: 8th July 2022

• Header Injection Vulnerability [Critical Severity] CVE-2022-34914

#21.1.7

Release date: 16th June 2022

• #635 Added configuration option for mutual SSL authentication

3rd party security updates:

• Arbitrary Code Execution [Medium Severity] CVE-2021-44832
• Denial of Service (DoS) [High Severity] CVE-2021-45105
• Remote Code Execution (RCE) [Critical Severity] CVE-2021-45046
• Denial of Service (DoS) [Medium Severity] SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
• Denial of Service (DoS) [High Severity] CVE-2020-36518
• Denial of Service (DoS) [High Severity] CVE-2021-22569
• Cryptographic Issues [Medium Severity] SNYK-JAVA-ORGBOUNCYCASTLE-2841508
• OIDC Security Module: Improper Verification of Cryptographic Signature [High Severity]CVE-2021-22573
• SAML2:
  • Improper Input Validation [Medium Severity]CVE-2021-40690
  • Remote Code Execution [Critical Severity]CVE-2022-22965
  • mproper Output Neutralization for Logs [Medium Severity]CVE-2021-22096
  • Improper Input Validation [Medium Severity]CVE-2021-22060

#21.1.5

Release date: 6th September 2021

• 3rd party security vulnerability (CVE-2021-28170, CVE-2021-37714)
• #428: Issues in AC with securityContextPerTab - fixed mirror and download URLs
• #424: NPE on rendering of awt Panel - fixed NPE and HW component lookup
• #426: Provide user roles list in application instance
• #348: Undock - close docked modal children together with parent window when browser closed by user
• #421: NPE when handling configuration blacklist while creating newapp
• #419 SecurityManager issue
• #418 Admin console: shell start script improvement
• #417: Improve websocket message size logging

#21.1.4

Release date: 4th August 2021

• 3rd party security vulnerability (CVE-2021-34429)
• #397: Customizable file API integration
• #330: Zooming with ctrl +/- on DE keyboard
• #139: Added blacklist, whitelist config visibility control in admin console
• #414: Issue with undock when app name contains hyphen -
• #348: Customizable selector app buttons
• #348: Configurable directDrawSupported
• #412: Send large websocket messages in chunks
• Split config provider property to Server/SessionPool

#21.1.3

Release date: 5th July 2021

• 3rd party security vulnerability (CVE-2021-34428, CVE-2021-22118, CVE-2020-15522, CVE-2020-28052)
• #376: Isolate security context per browser tab - support for admin console
• #402: Customizable fetch timeout
• Audio clip not found warning log to debug severity
• #348: Undock improvements
• #395: Tomcat memory leak
• #398: UploadMaxSize = 0 not respected
• #378: Direct transfer support
• #391: FileSystem data store module filePath issue

#21.1.2

Release date: 4th June 2021

#21.1.1

Release date: 7th May 2021

#21.1

Release date: 12th April 2021

Changes:

• New window undocking
• Added Clustering features + stability updates
• Removed most JavaScript 3rd party dependencies
• User consent for recording and mirror view
• Build speed and development effectivity improvements
• K8s based Auto-scaling prototype
• Other small changes:
  • Static fonts configuration in html
  • Auto reconnect
  • Minimize window to Taskbar
  • Logout function in Javascript API
  • Improved static scaling for touch
  • Admin console log viewer improved for cluster
  • Verbose logging mode
  • Session pool management (drain, shutdown)
  • Option to remove Logout buttons from dialogs
  • Configurable wheel event
  • Caret rendering optimization

#Versioning

Since 2020 Webswing uses a new versioning scheme. Every year there are 2 major releases. This year we have released 21.1. We will release 21.2 in Q3 and 22.1 in 2022 Q1.