Thank you for the new release. Should we expect a wicketstuff 10.9 soon ?
——————- Eric Hamel Solutions Architect / Senior Project Manager AlbanyITG P. 518-698-4503 > On May 6, 2026, at 11:22 AM, Mihir Chhaya <[email protected]> wrote: > > Thank you, Apache Wicket team for having the fixed version in 10.x > available soon. > > Could you please share possible release schedule with fix for the 8.x and > 9.x branches? > > Thank you, > -Mihir > >> On Tue, May 5, 2026, 4:42 AM Andrea Del Bene <[email protected]> wrote: >> >> The Apache Wicket PMC is proud to announce Apache Wicket 10.9.0! >> >> Apache Wicket is an open source Java component oriented web application >> framework that powers thousands of web applications and web sites for >> governments, stores, universities, cities, banks, email providers, and >> more. You can find more about Apache Wicket at https://wicket.apache.org >> >> This release marks another minor release of Wicket 10. We >> use semantic versioning for the development of Wicket, and as such no >> API breaks are present in this release compared to 10.0.0. >> >> New and noteworthy >> ------------------ >> >> This release fixes the following security issue: >> >> * CVE-2026-43646 crafted URLs can bypass PackageResourceGuard >> * CVE-2026-42509 crafted strings can break out of the JavaScript sequence >> * CVE-2026-40010 possible session fixation using AuthenticatedWebSession >> * CVE-2026-43975 Possible malicious path traversal in >> FolderUploadsFileManager >> >> >> Using this release >> ------------------ >> >> With Apache Maven update your dependency to (and don't forget to >> update any other dependencies on Wicket projects to the same version): >> >> <dependency> >> <groupId>org.apache.wicket</groupId> >> <artifactId>wicket-core</artifactId> >> <version>10.9.0</version> >> </dependency> >> >> Or download and build the distribution yourself, or use our >> convenience binary package you can find here: >> >> * Download: http://wicket.apache.org/start/wicket-10.x.html#manually >> >> Upgrading from earlier versions >> ------------------------------- >> >> If you upgrade from 10.y.z this release is a drop in replacement. If >> you come from a version prior to 10.0.0, please read our Wicket 10 >> migration guide found at >> >> * http://s.apache.org/wicket10migrate >> >> Have fun! >> >> — The Wicket team >> >> >> ======================================================================== >> >> CHANGELOG for 10.9.0: >> >> ** Bug >> >> * [WICKET-7174] - DefaultSecureRandomSupplier does not work for FIPS >> >> ** New Feature >> >> * [WICKET-7169] - Make partHeaderSizeMax in AbstractFileUpload >> configurable >> >> ** Improvement >> >> * [WICKET-7172] - Support new CSP style, script directives >> * [WICKET-7179] - add support for jQuery 4.0.0 >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
