Vaadin Version 8.14.3-1-jmix has Known Vulnerabilities

Hi,

I’m currently using Jmix 1.5, which depends on Vaadin 8.14.3-1-jmix. This Vaadin version has several reported vulnerabilities. I need to know how to upgrade to a more secure and stable Vaadin 8 release without undertaking a migration to Vaadin Flow.

Maven URL: https://mvnrepository.com/artifact/com.vaadin/vaadin-root/8.14.3-1-jmix

Screenshot:
Screenshot from 2025-02-10 19-11-08

Thank you for your support!

Version Details :
Jmix version: 1.5.0
Jmix Studio plugin version: 2.0.0-231

Hi,

I’ve created an issue to update to the latest public Vaadin version.

Regards,
Gleb

Hi,

It’s been about a month since the issue was reported, and I haven’t seen any updates yet. There hasn’t been any movement on the created issue. Could you please let me know by when I can expect a resolution or an update on this issue?

Hi Sumant,

We’ll be able to update the Classic UI to the newer Vaadin 8.14 in Jmix 1.7 which will be released by the end of April.

Regards,
Konstantin

hi @krivopustov,

Given that Jmix 1.7 is presently an unstable release, when is its stable version anticipated?

It’s on the way. We found a regression in the final build 1.7.0 (JAXB-API has not been found on module path or classpath · Issue #4473 · jmix-framework/jmix · GitHub), so we have to release 1.7.1 and then we’ll announce it.
Will be available next week.

Regards,
Konstantin

Jmix 1.7.1 is ready: Jmix 1.7 released

Hi,

I tried updating jmix version from 1.5.0 to 1.7.1, i am getting AllRecordsExporter error is there is alternate class for this in the upgraded version

cannot find symbol
import io.jmix.gridexportui.exporter.excel.AllRecordsExporter;
                                          ^
  symbol:   class AllRecordsExporter
  location: package io.jmix.gridexportui.exporter.excel

Since i had override the class

public class CustomAllRecordsExporter extends AllRecordsExporter {

@krivopustov any document link to resolve AllRecordsExporter issue

issue resolved