How do you feel/what would you recommend about the EOL of Vaadin 8?

Support
#1

This is kind of an open question, but I assume there will be a lot of Jmix applications that won’t be migrated to the new Flow UI anytime soon. Nevertheless Vaadin 8 is end-of-life this year, so no patches (security?) will be released anymore.

  1. How do you see this issue?

  2. Is it an issue?

  3. How will Haulmont proceed with its applications and this topic? Until Flow UI is more mature I guess there won’t be a recommendation to migrate applications to it.

1 Like
#2

Of course it’s an issue and we are working on it by implementing a new UI based on the modern Vaadin Flow. We expect it to be fully-fledged by mid-2023.

In general, I think the probability of a real security problem due to outdated Vaadin in Jmix applications is quite low:

  • Most applications require authentication, which narrows the attack surface by the login screen.
  • Most applications are backoffice applications available only within the intranet.
  • Vaadin has proven to be safe in the past with very low number of known CVEs.
1 Like