No matching documents found.
No matching documents found.
Please be aware that there is newer version of documentation available for Webswing. Documentation 24.1

Release Notes

The Webswing version 23.2 comes with Jakarta EE support, Component migration, Drop-in deployments, Session inactivity and lock screen, Configurable file viewers and many other improvements and bug fixes. In this page we will list also other changes for minor releases.

23.2.7 LTS

Release date: April 4th 2024

  • Sanitize locale and timezone strings from browser (#977)
  • Fixed calling printDataTransferCompleted listener from print job (#975)
  • File chooser provider interface improvements (#944)
  • Check Origin in Websocket connection for http/2 (#952)
  • Removed com.sun.java.swing.plaf.gtk.GTKLookAndFeel from add-exports

23.2.6 LTS

Release date: March 22nd 2024

  • Added option to create focusable HW popups (#974)
  • Sync clipboard not working after app start (#971)
  • Java 21 support (#914)


Release date: March 7th 2024

  • File chooser provider interface (#944)
  • Enforce max clients configuration for all connections from browser including reconnects (#955)
  • Support locking key state (CAPS_LOCK, SCROLL_LOCK, NUM_LOCK) (#959)
  • Fixed IME input (#964)
  • Check Origin header in Websocket connection (#952)
  • OIDC: fixed default config value (#949)
  • Support for Keycloak 18+ (#956)
  • Authentication retry issue with Keycloak (#957)
  • Fixed EditLive freezing issue (#958)
  • File upload failed error handling (#962)
  • Fixed OS dependent flag --add-exports (#965)
  • Migration toolkit improvements (#905)

Fixed 3rd party vulnerabilities


  • Loop with Unreachable Exit Condition ('Infinite Loop') CVE-2024-25710 [High Severity]


Release date: February 6th 2024

  • Java FX 17 support (#951)
  • Direct drag'n'drop - API method to unregister drop component, show drop component overlay for visible rect bounds only (#950)
  • OIDC security module - add option to url-encode redirect_uri (#949)
  • Fixed issue when downloading file without extension (#948)
  • Fixed invokeAndWait exception when processing keyboard events (#941)
  • Fixed synchronization of URL reloading in Admin Console (#931)

Known issue: Version 23.2.4 introduces a problem with starting OIDC/Keycloak security module (Change #949 is missing default configuration value). Solution: To prevent NullPointerException (NPE), users must manually add "forceUrlEncodeCallbackUrl": false to the security module configuration or re-save the configuration in admin console.


Release date: January 4th 2024

  • Websocket not disconnected after network killed (#939)
  • JDialog should not be maximized by double-clicking its title bar (#942)
  • Possible to undock window to a new tab (#937)
  • Fixed drag and drop issue with JWindow (#934)
  • Fixed processing order of keyboard triggered focus events (#941)
  • CRLF should be replaced by LF when geting the text from clipboard (#938)
  • OIDC: use Apache HTTP client v2 for more robust DNS resolution (#920)

Fixed 3rd party vulnerabilities

Test Tool

Shiro Security module

  • URL Redirection to Untrusted Site ('Open Redirect') CVE-2023-46750 [Medium Severity]


Release date: December 6th 2023

  • Fixed drag'n'drop between 2 Swing windows (#934)
  • Fixed windowClosing event preventDefault for iframes inside HtmlPanel (#935)
  • Fixed race condition when reloading Admin Console server connection URLs while initializing (#931)
  • Shift + mouse wheel does not scroll horizontally (#933)
  • Configurable session logging in webswing server (#929)
  • autoLogout does not work if shutdown triggered by user inactivity (#927)
  • Fixed sessionpool.close.with.session not working (#932)
  • Handshake sent before application start (#930)
  • Fixed pasting plain text to HTML JEditorpane (#928)
  • Migration toolkit improvements (#905)

Fixed 3rd party vulnerabilities

Test Tool


Release date: November 9th 2023

  • Synchronized Admin Console endpoints - createApp, removeApp, startApp, stopApp (#924)
  • Session lock improvements (#875)
  • Use Apache HTTP client for more robust DNS resolution in OIDC
  • Component migration improvements (#905)
  • DirectDraw fix for custom paints (#858)
  • Netbeans splash screen image misplaced (#919)
  • Gracefully shutdown Jetty server (#909)
  • Fixed issues with password manager (#915)
  • Improved instance reconnect after network disconnect (#918)
  • Show log tab in session detail view in Admin Console for resilient instances (#901)
  • Fixed font field in Admin Console config in cluster (#901)
  • Do not allow to scroll view in touch mode when offscreen input is focused (#901)
  • Fixed synchronization in event handling of Test Tool (#901)
  • Reset mirror when session changes with session switcher (#901)
  • Mirror and shutdown not working when instance reconnects to another server in cluster (#916)
  • Idle sessions not cleared when session pool dies (#865)
  • Improve throughput of SwingInstanceSet.findByInstanceId (#912)
  • Auto-scaler config change leaks a thread (#901)
  • Fixed recording playback for webkit browsers (#901)

Fixed 3rd party vulnerabilities

Test Tool

SAML2 Security module

  • Apache Santuario: Private Key disclosure in debug-log output CVE-2023-44483



Release date: October 10th 2023

New Features and Major Changes:

  • Jakarta EE: Support for Jakarta servlet containers, while keeping backward compatibility so Webswing can run on both Tomcat 9 and 10.
  • Component migration (beta): Less invasive way to render your swing components as native web components
  • Drop-in deployments: Create self-contained application packages includeing Webswing configurations for easy distribution and deployment
  • Session inactivity and lock screen: User inactivity can now result in locking, disconnecting or terminating the session
  • Configurable file viewers: Customize how specific file types are handled when open, print, or edit methods are used (see java.awt.Desktop)

Minor improvements:

  • Vaadin integration
  • Input mode support for touch devices
  • Embedding fonts in PDF
  • 3rd party vulnerability updates

Breaking change - custom security modules need to be rebuilt due to Jakarta EE support.