Release Notes
The Webswing version 24.2 comes with support for SWT applications, security features like LDAP security module, full CSP support and other improvements and bug fixes.
24.2.5
Release date: March 7th 2025
- #1097 Jetty 12 upgrade + Tomcat fallback
- #1103 Fixed potential memory leak when stopping webswing servlet
- #1088 Fixed ordering of alwaysOnTop windows
- #1105 Fixed NPE security module
- #1104 Do not try to clean thread dumps and recordings for root path
- #1076 Fixed handling of 'allowServerAdminAccess' flag
- #925 Custom rendering optimizations for very slow network connections
Fixed 3rd party vulnerabilities
- Improper Input Validation - Medium Severity CVE-2024-55565
NOTICE: Webswing now uses Jetty 12 as its default embedded server.
In response to Jetty 9.4 reaching End of Life (EOL) and no longer receiving security patches, Webswing has upgraded its default embedded server to Jetty 12. However, Jetty 12 now requires Java 17 or higher. When running Java < 17, Jetty 12 cannot be used. There is an automatic fallback to an embedded Tomcat server to maintain compatibility.
24.2.4
Release date: February 6th 2025
- #1069 Support OIDC security module with multiple proxies
- #1092 Add possibility to obfuscate values in webswing.properties
- #1099 Cannot copy both plain text and html text to clipboard
- #1093 Cannot paste filename to the save dialog
- #1090 Option to hide undock/dock buttons in window decoration
- #1068 Fixed scaling config update
Fixed 3rd party vulnerabilities
- Improper Validation of Syntactic Correctness of Input - Medium Severity CVE-2024-6763
- Regular Expression Denial of Service (ReDoS) - Medium Severity CVE-2024-45296
24.2.3
Release date: January 10th 2025
- #1089 Files listener improvements, app lifecycle callbacks in JS - onShutdown, onDisconnected
- #1050 Show error dialog when application fails to startup
- #1077 App process does not exit after all windows are disposed
- #496 Undock issue when embedded on page with different domain
- #1083 Reduce the race condition when closing undocked window
- #1088 Fixed tooltip hidden behind menu
- #1079 App deadlock fix
- #1080 Window tab activation not working when initiated from HtmlPanel iframe
- #1068 Fixed config issue in Admin Console with App Config in Cluster
- #1055 Cannot login on first submit of login form when using onReady callback with autoStart
- #1091 Logout issues with Keycloak - force disconnect on tab logout, fixed loading assets
- #1071 Some keys not working with physical keyboard and touch
- #1076 RefreshToken call should only refresh current security context
- #1086 Fixed NPE in Admin Console REST API
- #1087 Fixed IP bound JWT cookie validation
- #1085 Hide truststore password as plain text in logs
- #1081 Empty undocked window does not close
- #1082 Window iconified events not firing
24.2.2
Release date: December 6th 2024
- #1063 Expire unused refresh token cookies
- #1074 Font issue with fast serialization and TextLayout
- #1071 Some keys not working with physical keyboard and touch
- #1070 Javascript error when clicking "New Session" button after session ends
- #786 Register LDAP security module provider service
24.2.1
Release date: November 6th 2024
- #976 Admin console cluster config synchronization fix
- #1052 Allow all valid characters in the download file name
- #1055 Fixed upload of a test suite
- #1055 Added SWT to quickstart
- #1055 Fixed log links in cluster overview
- #1055 Fixed Java 8 compilation issue
- #1062 Ability to skip idle session based on user attribute
- #1066 Added debug logs for OIDC attributes
- #1067 Fix error handling when loading non-image icon file
Fixed 3rd party vulnerabilities
- Uncontrolled Resource Consumption - Medium Severity CVE-2024-47554
- Denial of Service (DoS) - High Severity CVE-2024-8184
24.2
Release date: October 14th 2024
- SWT support
- LDAP Security Module
- Full Content-Security-Policy support
- XHeadless - new Webswing XVFB alternative
- Admin Console data loading optimizations
- Improved process diagnostics
- Custom server error pages
- Future/Promise-based messaging in JsLinkDirect