logo
22.1
search
No matching documents found.
list
search
No matching documents found.
logo
Please be aware that there is newer version of documentation available for Webswing. Documentation 24.2

Release Notes

The Webswing version 22.1 comes with Java 17 support, window shape and transparency support, high latency and low connection speed optimizations and many other improvements and bug fixes. In this page we list also other changes for minor releases.

Long term support till 31.3.2025

22.1.26 LTS

Release date: November 4th 2024

  • #1066 Added debug logs for OIDC attributes

Fixed 3rd party CVEs

22.1.25 LTS

Release date: September 27th 2024

  • Updated log4j 2.23.1 and slf4j 1.7.36

Fixed 3rd party CVEs

22.1.24 LTS

Release date: July 17th 2024

  • #1019 admin disconnect due to NegativeArraySizeException

22.1.23 LTS

Release date: June 11th 2024

  • #1002 Custom page for HTTP Response 404 Not found
  • #981 Upload files outside of the upload directory, High Severity Vulnerability CVE-2024-39332
  • #851 Webswing Deadlock Issue

22.1.22 LTS

Release date: April 2nd 2024

  • #964: Double-byte characters fix to show during typing (Chinese, Japanese, Korean, ...)
  • #949: OIDC: fix default config value

22.1.21 LTS

Release date: February 7th 2024

  • 3rd party vulnerability fix (shiro-security: CVE-2023-46750)
  • #949 OIDC: add option to url-encode redirect_uri
  • #931: WebSocketUrlLoader and Admin console crash

Known issue: Version 22.1.21 introduces a problem with starting OIDC/Keycloak security module (Change #949 is missing default configuration value). Solution: To prevent NullPointerException (NPE), users must manually add "forceUrlEncodeCallbackUrl": false to the security module configuration or re-save the configuration in admin console.

22.1.20 LTS

Release date: December 7th 2023

  • 3rd party vulnerability fix (saml2)
  • #931: WebSocketUrlLoader and Admin console crash

22.1.19 LTS

Release date: November 2nd 2023

  • 3rd party vulnerability fix (jetty: CVE-2023-26048)
  • #919: Netbeans splash screen image misplaced
  • #912 improve throughput of SwingInstanceSet.findByInstanceId

22.1.18 LTS

Release date: September 25th 2023

  • 3rd party vulnerability fix (jetty: CVE-2023-40167)
  • #893 fix Per-session LoggerContext to fix memory leak
  • #891 fix too many open files error on http HEAD method requests
  • Hide internal paths in WebDesktopPeer INFO logs

22.1.17 LTS

Release date: August 17th 2023

  • 3rd party vulnerability fix (CVE-2023-36665, SHIRO SM: CVE-2023-34478, SAML2:CVE-2023-2976)
  • #868 fix logging failure, increase sp hb timeout to 60s
  • #861 expose chain of proxies from x-forwarded-for as ${clientIps} var
  • #856: PNG rendering not pixel perfect with DPR > 1
  • #855: Accessibility support for tables issue

22.1.16 LTS

Release date: July 11th 2023

  • 3rd party vulnerability fix CVE-2023-2976
  • #853 #854 fix createRobot method in WebToolkit, fix ConcurrentModificationException in findByOwner

22.1.15 LTS

Release date: June 13th 2023

  • #803 Java8 jaccess jar resolution
  • #821 Improve websocket disposal
  • #820 File Upload Limit File Types in Javascript client
  • #839 #840 exit timer thread finish, session log log4j memory leak

22.1.14 LTS

Release date: May 10th 2023

  • Additional logging for troubleshooting

Updated 3rd party vulnerabilities

22.1.13 LTS

Release date: April 11th 2023

Updated 3rd party vulnerabilities

  • #804 Fixed rare deadlock when mutual websocket disconnect
  • #631 Removed dependecies from security-api in webswing-server.war
  • #783 Firefox 110 rendering issues - reverted all workarounds to original state
  • #791 Fixed leaking threads from FileSystemDataStoreModule
  • #785 Progress bar was not shown in progress when uploaded a small size file (about 10KB) using Direct Transfer

22.1.12 LTS

Release date: February 28th 2023

  • #769 Updated startup script PID exception
  • #783 Firefox 110 rendering issues with globalCompositeOperation
  • #780 Extended DataStoreService to enable verification of uploaded file

22.1.11 LTS

Release date: February 10th 2023

  • Add monitoring of process handler thread; move appender.stop call to onClose thread (#757)
  • Fixed endless focus cycle in Swing table (#775)
  • Fixed CORS vulnerability: Using User Supplied Values (#764)
  • PrintAll does not print window decoration (#760)
  • Download triggered by pointing to directories under webswing-server - space in path fix (#457)

22.1.10 LTS

Release date: January 9th 2023

  • Optimized session stats querying (#755)
  • Fixed session drop when many sessions logging to slow disk (#757)
  • Fixed deadlock when querying session counts (#755)
  • Fixed black blocks in printouts (#752)
  • Added configuration for Authorization Header (#729)
  • Fixed 3rd party vulnerabilities - Test Tool: CVE-2022-4065

22.1.9 LTS

Release date: December 16th 2022

  • Cookie-per-tab to support smaller cookie when using securityContextPerTab (#744)

22.1.8 LTS

Release date: December 5th 2022

  • Fixed 3rd party vulnerabilities (CVE-2022-42920)
  • Fix for redirect-based security modules and multiple sessions per browser (#733)
  • Printing improvements - pagination, cancellation, page ranges (#710)

22.1.7 LTS

Release date: November 4th 2022

  • Fixed 3rd party vulnerabilities (CVE-2022-3171, TT: CVE-2022-42889, SM: CVE-2022-40664)
  • SecurityContextPerTab with OIDC causes infinite redirect loop after login
  • Applet resizing causing deadlock
  • Fixed re-rendering of tabbed pane in JavaFX
  • Applet object not exposed in Javascript
  • Fixed keyboard focus handling on iPad
  • Failure at servlet startup should not trigger System.exit()
  • Restart app if app not responding
  • ClientIP is blank with Chrome
  • Fixed JavaFX FileChooser file extension filter
  • Do not overwrite property webswing.tempDirBase if already set
  • Fixed Webswing root redirect in Websphere Liberty
  • LogReaderUtil does not close files
  • SessionPool reloadWebsocketUrls request should be targeted through a connected server
  • Fixed error page of OIDC security module
  • Custom args - Tomcat doesn't allow null values in user properties map

22.1.6 LTS

Release date: October 4th 2022

  • Fixed 3rd party vulnerabilities (CVE-2022-42003, CVE-2022-42004, CVE-2022-32532)
  • Fixed resizing applet after undocked dialog
  • EDT monitor busy dialog does not hide automatically
  • Error handling of invalid URL parameters
  • Send custom parameters in WS message instead of WS URL parameter
  • Fixed reconnect issues in cluster after proxy restart and NPE
  • Fixed Tomcat memory leak warnings
  • Ping timer deadlock fix
  • Fixed SAML2 login when missing single-logout URL
  • Fixed warning: package sun.awt.windows not in java.desktop
  • Fixed loading class with default package
  • OIDC flow init issue
  • REST endpoint to force reload websocket URLs in AC

22.1.5

Release date: September 2nd 2022

  • Fixed 3rd party vulnerabilities (CVE-2022-36033 - TT)
  • Fixed webpack packaging for IE 11
  • Fixed Tyrus properties type
  • Fixed Admin Console properties initialization on Tomcat
  • Load jar manifest attributes to package definition in Webswing class loader
  • JScrollBar knob position appear wrongly computed - fixed handling of dragging
  • Improved steal session in cluster
  • Directdraw image rendering performance improvement
  • REST endpoint to force reload websocket URLs in SP

22.1.4

Release date: August 3rd 2022

  • Fixed 3rd party vulnerabilities (CVE-2022-2047, CVE-2021-42550 - SAML2 logback)
  • Decoration buttons not working in undecorated windows with LaF decoration
  • Customization to enable function keys in browser
  • Fix of submit form from security module
  • Fixed dirty component map cleanup
  • Print margins fix for landscape orientation
  • Generate key_typed event for CTRL + [a-Z] events
  • Add support for Access-Control-Allow-Private-Network header
  • Incorrect usage of custom headers syntax in webswing-security.js file
  • ClassNotFoundException in PdfService

22.1.3

Release date: July 7th 2022

  • Fixed 3rd party vulnerabilities (CWE-611 - SAML2)
  • CVE-2022-34914 fix: variable ${clientIp} not sanitized
  • Different interval for reconnect SP websocket when disconnected
  • NPE fix in AccessibilityUtil
  • NPE fix in JavaFx focus manager
  • fix IBM WAS 9 websocket handling

22.1.2

Release date: June 3rd 2022

  • Fixed 3rd party vulnerabilities (CVE-2022-25878 - JS, CVE-2022-22970 - SAML2 & TT, CWE-310)
  • Copy/paste not working from HTML elements in embedded mode
  • Issue when connecting multiple admin console servers
  • Reintroduce deprecated -noverify flag (JSlink broken), will be fixed in next major release
  • Fixed ClassFormatError: LVTT entry does not match any LVT entry
  • OIDC frontchannel SLO with keycloak
  • Fixed Java 8 support module resolution if space is in path
  • Dialog to inherit decoration icon from parent
  • Fixed jreExecutable with space if quoted
  • HtmlPanel focus traversal issue with accessibility
  • Fixed robot action keys handling

22.1.1

Release date: May 6th 2022

  • Fixed 3rd party vulnerabilities (CVE-2021-22573 - OIDC, CVE-2022-22968 - TT)
  • Simplify Admin Console REST API authentication flow with HTTP Basic authentication
  • Rendering glitches when resizing webswing-element on Java 8
  • Disable DPR scaling when -Dsun.java2d.uiScale.enabled=false
  • Fixed paste from history
  • Fixed failing start on Linux when Java path contains blank space
  • Fixed multipage print format and margins
  • Added latency and primary user IP address to WebswingApi
  • Fixed internal frames rendering glitches
  • Files saved with _ in its name are cut off
  • Fixed font config initialization
  • Undocked window in FF sometimes not rendered after load
  • Fixed z-index of components in Test Tool
  • Possible to mark Session Pool as non-configurable
  • Removed deprecated -noverify flag

22.1

Release date: April 13th 2022

Changes:

  • Java 17 support
  • Java 8 support moved to separate package
  • Window shape and transparency support
  • Optimizations for high latency and low speed connections
  • Using Clipboard API as default
  • Admin Console improvements
  • Touch improvements
  • Recording and mirroring improvements
  • JIDE docking framework support
  • HtmlPanel focus traversal
  • TestTool improvements