Skip to content

1.0.14 - Maintenance release

Choose a tag to compare

View all tags
@tanbt tanbt released this 08 Feb 06:58
· 31 commits to 1.0 since this release
1.0.14
3a0bec8

Vaadin Flow 1.0.14 is a maintenance version with the following notable changes:

  • Fixes:

    • Use time-constant comparison for security tokens. PR:9896 Thanks to Xhelal Likaj for reporting this

      This is the same as #9875, but also applied for the upload security key and the push id since both of those are also used to protect against cross-site attacks. In addition, documentation for the push id is clarified to point out its role.

    • Use time-constant comparison for CSRF tokens. PR:9875 Thanks to Xhelal Likaj for reporting this

      This hardens the framework against a theoretical timing attack based on comparing how quickly a request with an invalid CSRF token is rejected.

For all changes, see changes since 1.0.13
For what is new in 1.0, see 1.0.0 release notes

Assets 2
Loading