#Release Notes

The Webswing version 25.1 comes with Linked View feature, configuration and deployment improvements, extended JavaFX support and other enhancements and bug fixes.

#25.1.2

Release date: June 6th 2025

• #1147 Allow configuration of JavaFX version when JavaFX is embedded in JDK
• #1138 Steal session not working if max clients limit reached
• #1146 File upload stopped after switching to another app tab
• #1128 Force embedded Tomcat to use absolute redirect URLs
• #1145 User stuck on logout screen and the "New Session" button is not working
• #1144 Application shuts down if there are no windows but main is running
• #786 Fixed LDAP technical user login flow
• #1137 SNI check config flag: disable in jetty.properties
• #1140 No thread dump creation exception when killing idle session
• #1139 OIDC: allow adding trusted aud values if IDToken contains multiple
• #1135 Linked View improvements

Fixed 3rd party vulnerabilities

• Improper Access Control - High Severity CVE-2025-48734
• Improper Handling of Case Sensitivity - Medium Severity CVE-2025-46701

#25.1.1

Release date: May 6th 2025

• #1137 SNI check jetty config flag
• #1128 Fixed Dockerfile in distributions
• #1128 Fixed missing decoration first time a JavaFX popup is opened
• #1128 Process multiscreen info even if there is only a single screen
• #1128 FileDialog stuck if JFileChooser window is closed by X button
• #1128 Improved upload/download process disposal
• #1136 InternalWindows (web components) not closed after last window is hidden
• #1132 Add all JTableCell and JTableHeader to component tree for JTables
• #1133 Exception in PNG rendering with 0 size window
• #1130 Fixed Session pool race condition when creating instance
• #1125 Mirror view broken after a while - use admin and user token to correctly authenticate mirror session
• #1131 AutoLogout with anonym SM restarts on shutdown

Fixed 3rd party vulnerabilities

• Improper Input Validation - Medium Severity CVE-2025-31672
• Improper Neutralization - Medium Severity CVE-2025-31651
• Improper Input Validation - Medium Severity CVE-2025-31650

#25.1

Release date: April 15th 2025

• Linked View
• Prometheus metrics endpoints
• Removal of Protobuf library
• Javascript client configuration in server config
• Starting of the Session Pool with Cluster Server
• Upgrade to Jetty 12 and embedded Tomcat fallback
• Improved Modernisation API
• JavaFX: HiDPI and HtmlPanel support
• Admin Console: Scalability optimisations and Web folder setup
• New default window decoration theme
• Updated Modernisation demo with examples

Other enhancements:

• Compress JWT tokens with GZIP
• App lifecycle callbacks in JS

Removal of deprecated API

• removed /rest/activeSessionsCount endpoint from Admin Console REST, replaced by /rest/activeSessionsInfo
• removed interface org.webswing.toolkit.api.component.Dockable, replaced by org.webswing.toolkit.api.component.WebswingDockableWindow
• removed method createHtmlPanelForWebContainerComponent from WebswingApi

Configuration defaults changed

• isolatedFs -> enabled by default
• allowJsLink -> disabled by default
• theme -> none by default
• fastSerialization -> removed (only fast serialization possible)

NOTICE: Webswing now uses Jetty 12 as its default embedded server.
In response to Jetty 9.4 reaching End of Life (EOL) and no longer receiving security patches, Webswing has upgraded its default embedded server to Jetty 12. However, Jetty 12 now requires Java 17 or higher. When running Java < 17, Jetty 12 cannot be used. There is an automatic fallback to an embedded Tomcat server to maintain compatibility.