#Release Notes

The Webswing version 24.1 comes with support for Java 21 and better support for different versions of JavaFX.
Idle instances feature has been upgraded to Instant idle instances allowing almost instant startup.

#24.1.8 EXT

Release date: November 6th 2024

• #1057 Blank screen after start before window shows
• #1059 Option to dispose hidden windows
• #1062 Ability to skip idle session based on user attribute

Fixed 3rd party vulnerabilities

• Stack-based Buffer Overflow CVE-2024-7254
• Uncontrolled Resource Consumption CVE-2024-47554

#24.1.7

Release date: October 1st 2024

• #1032 Do not restore maximized JFrame if not visible

Fixed 3rd party vulnerabilities

• Improper Input Validation CVE-2024-7254 [High Severity]

#24.1.6

Release date: September 5th 2024

• #973 Session log does not capture issue during startup
• #1023 Add server-side validation of browserId and tabId to prevent accidental takeover
• #1037 Undock from WebswingApi race condition
• #1043 Timer threads blocked in EVAL
• #1044 File DnD not working
• #1046 Add a system property to disable thread dumps and recordings in Admin Console

Fixed 3rd party vulnerabilities

• Arbitrary Code Injection CVE-2023-44270 [Medium Severity]
• Information Exposure SNYK-JAVA-COMMONSCODEC-561518 [Low Severity]

#24.1.5

Release date: August 12th 2024

• #976 Fixed aggregation of nullable values in config
• #1025 Add a system property to disable session logs in Admin Console
• #1027 Workaround for webpack loader's output of css font icons
• #1028 Add getUserPrincipal into HttpServletRequest wrapper
• #1029 Automatically switch between touch mode and desktop mode
• #1031 Null source in keyboard event
• #1032 Fixed resizing maximized JFrame
• #1034 Fixed recording and thread dump file name validation before download

Fixed 3rd party vulnerabilities

• Denial of Service SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538 [High Severity]

#24.1.4

Release date: July 16th 2024

• #1016 Cookie as user attribute in OIDC + welcome page - fixed previous release
• #1019 Admin Console disconnect due to NegativeArraySizeException
• #1022 Dropped vite-plugin-svgr from dependencies in Admin Console and Test Tool
• #1024 System property to prevent auto-launching of browser in eval distribution

#24.1.3

Release date: July 8th 2024

• #1002 Custom error page for HTTP Response 404 Not found
• #1006 Max user sessions reached when opening a new tab in cluster
• #1007 Custom mouse cursor won't change back
• #1011 Fixed unknown algorithm for Azure AD OpenID
• #1012 Multi-screen permission not prompted automatically
• #1013 Password input not working in Test Tool recording
• #1016 Cookie as user attribute in OIDC + welcome page
  • Known issue - if no Cookie is provided the login fails - please use OIDC module v24.1.2
• #1018 Undocked window opened on current screen and then moved to target screen
• Fixed issue with Mac alt+key shortcuts

#24.1.2

Release date: June 7th 2024

• #957 Fixed authentication issue with Keycloak
• #968 Cannot stop session pool with running idle instances
• #969 Do not delete app config in session pool when app is deactivated in session pool
• #979 Fixed WebSocket timeout errors in Admin Console
• #987 Fixed loading jwks certs in IdTokenVerifier
• #990 Fixed multiple issues with idle instances in cluster
• #991 Handle change of window.name outside of Webswing
• #992 Applet dialog not visible during startup
• #993 Webswing JavaScript DnD handler prevents host app DnD handlers
• #994 AC auto-scaler will not run the scaling script if there is no session pool
• #997 Graphics2D.hit not working as expected
• #999 DD issue with underlined font
• #1000 Set HTTP transport factory for SSL in OIDC security module
• #1001 Calling webswingInstance0.kill() before WebSocket connects has no effect
• #1003 Launch of idle instance should automatically wait for custom pre-launch main to finish
• #1004 Make heartbeat period configurable

#24.1.1

Release date: May 3rd 2024

• #957 Authentication issue with Keycloak in OIDC module
• #976 Unable to scroll up in server/admin logs viewer in Admin Console
• #976 Updated session filtering in Admin Console
• #976 CTRL+C does not work when accessibility is turned on
• #978 Do not allow drop to component that is blocked by modal window
• #981 Fixed file upload outside of the upload directory with isolated filesystem CVE-2024-39332
• #983 Expose double click distance threshold setting
• #984 Expose webswing.mainClass as sys prop for jxbrowser detection
• #985 Added IdToken verification to OIDC module
• #986 Added rest_reloadWebsocketUrls permission to only allowing websocket URL reload action

Fixed 3rd party vulnerabilities

Test Tool

• Allocation of Resources Without Limits or Throttling CVE-2024-29025 [Medium Severity]

SAML2 Security module

• Insertion of Sensitive Information into Log File CVE-2023-44483 [Medium Severity]
• Loop with Unreachable Exit Condition CVE-2024-30172, CWE-835 [High Severity]
• Observable Discrepancy CVE-2024-30171, CWE-203 [Medium Severity]
• Allocation of Resources Without Limits or Throttling CVE-2024-29857, CWE-770 [Medium Severity]

#24.1

Release date: April 5th 2024

• Java 21 support
• Java FX 17, Java FX 21 support
• Java JDK with embedded Java FX support
• Instant idle instances
• Advanced settings in Admin console
• FileChooser provider interface
• Component migration - more components
• Undock window to a new tab
• Enhanced DTO serialization