Release Notes
The Webswing version 22.1 comes with Java 17 support, window shape and transparency support, high latency and low connection speed optimizations and many other improvements and bug fixes. In this page we list also other changes for minor releases.
Long term support till 31.3.2025
22.1.26 LTS
Release date: November 4th 2024
- #1066 Added debug logs for OIDC attributes
Fixed 3rd party CVEs
- Uncontrolled Resource Consumption - Medium Severity CVE-2024-47554
- Denial of Service (DoS) - High Severity CVE-2024-8184
22.1.25 LTS
Release date: September 27th 2024
- Updated log4j 2.23.1 and slf4j 1.7.36
Fixed 3rd party CVEs
- Denial of Service (DoS) High Severity
- Stack-based Buffer Overflow High Severity
- Information Exposure Low Severity
22.1.24 LTS
Release date: July 17th 2024
- #1019 admin disconnect due to NegativeArraySizeException
22.1.23 LTS
Release date: June 11th 2024
- #1002 Custom page for HTTP Response 404 Not found
- #981 Upload files outside of the upload directory, High Severity Vulnerability CVE-2024-39332
- #851 Webswing Deadlock Issue
22.1.22 LTS
Release date: April 2nd 2024
- #964: Double-byte characters fix to show during typing (Chinese, Japanese, Korean, ...)
- #949: OIDC: fix default config value
22.1.21 LTS
Release date: February 7th 2024
- 3rd party vulnerability fix (shiro-security: CVE-2023-46750)
- #949 OIDC: add option to url-encode redirect_uri
- #931: WebSocketUrlLoader and Admin console crash
Known issue: Version 22.1.21 introduces a problem with starting OIDC/Keycloak security module (Change #949 is missing default configuration value).
Solution: To prevent NullPointerException (NPE), users must manually add "forceUrlEncodeCallbackUrl": false
to the security module configuration or re-save the configuration in admin console.
22.1.20 LTS
Release date: December 7th 2023
- 3rd party vulnerability fix (saml2)
- #931: WebSocketUrlLoader and Admin console crash
22.1.19 LTS
Release date: November 2nd 2023
- 3rd party vulnerability fix (jetty: CVE-2023-26048)
- #919: Netbeans splash screen image misplaced
- #912 improve throughput of SwingInstanceSet.findByInstanceId
22.1.18 LTS
Release date: September 25th 2023
- 3rd party vulnerability fix (jetty: CVE-2023-40167)
- #893 fix Per-session LoggerContext to fix memory leak
- #891 fix too many open files error on http HEAD method requests
- Hide internal paths in WebDesktopPeer INFO logs
22.1.17 LTS
Release date: August 17th 2023
- 3rd party vulnerability fix (CVE-2023-36665, SHIRO SM: CVE-2023-34478, SAML2:CVE-2023-2976)
- #868 fix logging failure, increase sp hb timeout to 60s
- #861 expose chain of proxies from x-forwarded-for as ${clientIps} var
- #856: PNG rendering not pixel perfect with DPR > 1
- #855: Accessibility support for tables issue
22.1.16 LTS
Release date: July 11th 2023
- 3rd party vulnerability fix CVE-2023-2976
- #853 #854 fix createRobot method in WebToolkit, fix ConcurrentModificationException in findByOwner
22.1.15 LTS
Release date: June 13th 2023
- #803 Java8 jaccess jar resolution
- #821 Improve websocket disposal
- #820 File Upload Limit File Types in Javascript client
- #839 #840 exit timer thread finish, session log log4j memory leak
22.1.14 LTS
Release date: May 10th 2023
- Additional logging for troubleshooting
Updated 3rd party vulnerabilities
- Server: CVE-2023-20863, CVE-2023-20861, CVE-2023-20860
- Test Tool: CVE-2023-26049, CVE-2023-26049, CVE-2023-26048
- SAML2: CVE-2022-34169
22.1.13 LTS
Release date: April 11th 2023
Updated 3rd party vulnerabilities
- #804 Fixed rare deadlock when mutual websocket disconnect
- #631 Removed dependecies from security-api in webswing-server.war
- #783 Firefox 110 rendering issues - reverted all workarounds to original state
- #791 Fixed leaking threads from FileSystemDataStoreModule
- #785 Progress bar was not shown in progress when uploaded a small size file (about 10KB) using Direct Transfer
22.1.12 LTS
Release date: February 28th 2023
- #769 Updated startup script PID exception
- #783 Firefox 110 rendering issues with globalCompositeOperation
- #780 Extended DataStoreService to enable verification of uploaded file
22.1.11 LTS
Release date: February 10th 2023
- Add monitoring of process handler thread; move appender.stop call to onClose thread (#757)
- Fixed endless focus cycle in Swing table (#775)
- Fixed CORS vulnerability: Using User Supplied Values (#764)
- PrintAll does not print window decoration (#760)
- Download triggered by pointing to directories under webswing-server - space in path fix (#457)
22.1.10 LTS
Release date: January 9th 2023
- Optimized session stats querying (#755)
- Fixed session drop when many sessions logging to slow disk (#757)
- Fixed deadlock when querying session counts (#755)
- Fixed black blocks in printouts (#752)
- Added configuration for Authorization Header (#729)
- Fixed 3rd party vulnerabilities - Test Tool: CVE-2022-4065
22.1.9 LTS
Release date: December 16th 2022
- Cookie-per-tab to support smaller cookie when using securityContextPerTab (#744)
22.1.8 LTS
Release date: December 5th 2022
- Fixed 3rd party vulnerabilities (CVE-2022-42920)
- Fix for redirect-based security modules and multiple sessions per browser (#733)
- Printing improvements - pagination, cancellation, page ranges (#710)
22.1.7 LTS
Release date: November 4th 2022
- Fixed 3rd party vulnerabilities (CVE-2022-3171, TT: CVE-2022-42889, SM: CVE-2022-40664)
- SecurityContextPerTab with OIDC causes infinite redirect loop after login
- Applet resizing causing deadlock
- Fixed re-rendering of tabbed pane in JavaFX
- Applet object not exposed in Javascript
- Fixed keyboard focus handling on iPad
- Failure at servlet startup should not trigger System.exit()
- Restart app if app not responding
- ClientIP is blank with Chrome
- Fixed JavaFX FileChooser file extension filter
- Do not overwrite property webswing.tempDirBase if already set
- Fixed Webswing root redirect in Websphere Liberty
- LogReaderUtil does not close files
- SessionPool reloadWebsocketUrls request should be targeted through a connected server
- Fixed error page of OIDC security module
- Custom args - Tomcat doesn't allow null values in user properties map
22.1.6 LTS
Release date: October 4th 2022
- Fixed 3rd party vulnerabilities (CVE-2022-42003, CVE-2022-42004, CVE-2022-32532)
- Fixed resizing applet after undocked dialog
- EDT monitor busy dialog does not hide automatically
- Error handling of invalid URL parameters
- Send custom parameters in WS message instead of WS URL parameter
- Fixed reconnect issues in cluster after proxy restart and NPE
- Fixed Tomcat memory leak warnings
- Ping timer deadlock fix
- Fixed SAML2 login when missing single-logout URL
- Fixed warning: package sun.awt.windows not in java.desktop
- Fixed loading class with default package
- OIDC flow init issue
- REST endpoint to force reload websocket URLs in AC
22.1.5
Release date: September 2nd 2022
- Fixed 3rd party vulnerabilities (CVE-2022-36033 - TT)
- Fixed webpack packaging for IE 11
- Fixed Tyrus properties type
- Fixed Admin Console properties initialization on Tomcat
- Load jar manifest attributes to package definition in Webswing class loader
- JScrollBar knob position appear wrongly computed - fixed handling of dragging
- Improved steal session in cluster
- Directdraw image rendering performance improvement
- REST endpoint to force reload websocket URLs in SP
22.1.4
Release date: August 3rd 2022
- Fixed 3rd party vulnerabilities (CVE-2022-2047, CVE-2021-42550 - SAML2 logback)
- Decoration buttons not working in undecorated windows with LaF decoration
- Customization to enable function keys in browser
- Fix of submit form from security module
- Fixed dirty component map cleanup
- Print margins fix for landscape orientation
- Generate key_typed event for CTRL + [a-Z] events
- Add support for Access-Control-Allow-Private-Network header
- Incorrect usage of custom headers syntax in webswing-security.js file
- ClassNotFoundException in PdfService
22.1.3
Release date: July 7th 2022
- Fixed 3rd party vulnerabilities (CWE-611 - SAML2)
- CVE-2022-34914 fix: variable ${clientIp} not sanitized
- Different interval for reconnect SP websocket when disconnected
- NPE fix in AccessibilityUtil
- NPE fix in JavaFx focus manager
- fix IBM WAS 9 websocket handling
22.1.2
Release date: June 3rd 2022
- Fixed 3rd party vulnerabilities (CVE-2022-25878 - JS, CVE-2022-22970 - SAML2 & TT, CWE-310)
- Copy/paste not working from HTML elements in embedded mode
- Issue when connecting multiple admin console servers
- Reintroduce deprecated -noverify flag (JSlink broken), will be fixed in next major release
- Fixed ClassFormatError: LVTT entry does not match any LVT entry
- OIDC frontchannel SLO with keycloak
- Fixed Java 8 support module resolution if space is in path
- Dialog to inherit decoration icon from parent
- Fixed jreExecutable with space if quoted
- HtmlPanel focus traversal issue with accessibility
- Fixed robot action keys handling
22.1.1
Release date: May 6th 2022
- Fixed 3rd party vulnerabilities (CVE-2021-22573 - OIDC, CVE-2022-22968 - TT)
- Simplify Admin Console REST API authentication flow with HTTP Basic authentication
- Rendering glitches when resizing webswing-element on Java 8
- Disable DPR scaling when -Dsun.java2d.uiScale.enabled=false
- Fixed paste from history
- Fixed failing start on Linux when Java path contains blank space
- Fixed multipage print format and margins
- Added latency and primary user IP address to WebswingApi
- Fixed internal frames rendering glitches
- Files saved with _ in its name are cut off
- Fixed font config initialization
- Undocked window in FF sometimes not rendered after load
- Fixed z-index of components in Test Tool
- Possible to mark Session Pool as non-configurable
- Removed deprecated -noverify flag
22.1
Release date: April 13th 2022
Changes:
- Java 17 support
- Java 8 support moved to separate package
- Window shape and transparency support
- Optimizations for high latency and low speed connections
- Using Clipboard API as default
- Admin Console improvements
- Touch improvements
- Recording and mirroring improvements
- JIDE docking framework support
- HtmlPanel focus traversal
- TestTool improvements