Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: vaadin/flow

Vaadin Flow 25.0.0-beta1

15 Oct 08:00
@mshabarov mshabarov
25.0.0-beta1
b091938
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 25.0.0-beta1 Pre-release
Pre-release

This is a Vaadin Flow 25.0 beta pre-release for Vaadin 25.0.

Vaadin Flow 25.0 is based on Jakarta EE 11, uses Spring Framework 7.0 / Spring Boot 4.0 and requires JDK 21+.

See Vaadin Flow V24-V25 upgrade instructions (in draft so far) for help.

Breaking changes

  • Set Java 21 as a baseline
    Commit · Pull request

  • Spring Framework 7.0 and Spring-boot 4.0 support (vaadin/platform#7327)
    Spring Framework 6 and Spring-boot 3 are no longer supported, mainly because of deprecated API removal in Spring Boot.

    See the Spring Boot Migration Guide for help.

  • Jakarta 11 EE support (vaadin/platform#7326)
    This requires upgrade to the new specification versions and later versions of servlet containers/app servers compatible with Jakarta EE 11.

  • Flow Gradle plugin uses Gradle 8.14 as a baseline

  • Set minimum Node version to 24
    Commit · Pull request

    Node 24 becomes the active LTS before 25.0.0 - guaranteeing the longest possible support.

  • Use React 19 by default and remove feature flag for it (#21523)

  • Upgrade Jackson 2 to 3 (#22205)

  • Deprecated API removal (#21396)
    See the list of removed classes/methods in the referenced ticket.

  • @polymer/polymer dependency is not installed and included by default (#22022)
    Use @NpmPackage(value = "@polymer/polymer", version = "3.5.2") if this is needed for your project or add-on.

  • Replace Elemental with Jackson in public API and internally (#21060)

  • Remove VaadinWebSecurity
    Commit · Pull request · Issue

    Removes deprecated VaadinWebSecurity. This leaves VaadinSecurityConfigurer the only supported build-in API to secure Vaadin application integrated with Spring Security. Follow the instructions in V24-V25 upgrade guide above to start using it.

  • Restrict access by default for url-based security (#21831)
    URLs not explicitly specified in security configuration changed from being allowed for authenticated users to restricted by default. This requires extra security rules (path matchers) for URLs that were allowed only for authentication users.

  • Deny access if Flow layout has no security annotation (#21832)
    Flow layouts now require access annotation (e.g. RolesAllowed) on layout classes. This was added to align with auto-layout default security rules.

  • Make server-side modality less strict by default (#22279)
    Makes Dialog be less strict and allow background requests to server. Also allows to change this behavior if needed.

  • Centralize hierarchy management server-side
    Commit · Pull request · Issues 21876, 21877

    HierarchyMapper and HierarchicalCommunicationController have been replaced with the new concept - Cache. This new class provides a system for storing data in a hierarchical structure while enabling access in a flattened format for client-side consumption. setRequestedRange and setParentRequestedRange have been replaced with a single setViewportRange which spans all hierarchy levels.

  • Changes for Binder.validate()
    Binder.validate() implementation has been changed to behave as its javadoc states. In other words, Binder.validate() no longer fails when bean level validators have been configured but no bean is currently set (i.e. Binder is used in buffered mode).

  • Remove construct-style-sheets-polyfil (#21675)

  • Move component theme behind feature flag
    Commit · Pull request

    Add feature flag for component theme files in themes/themename/components Closes #21608 Overwrite any autoInjectComponents property with the feature flag state.

  • Remove theme url translation
    Commit · Pull request

    Drop translation of url for theme files.

  • No default theme loaded
    Commit · Pull request · Issue

    Do not load Lumo as the default theme if not defined.

  • Remove setConfiguration from VaadinSession
    Commit · Pull request

New features

  • Improvements for new theming system

    • Allow StyleSheet on AppShellConfigurator class
      Commit · Pull request · Issue

      Allows StyleSheet annotation on top of AppShellConfigurator extending class. This allows to load stylesheets globally and also import Vaadin themes in V25 as they are shipped as single CSS files.

    • Css import to web-component and font-face imports to body
      Commit · Pull request · Issue

      Only add css from CssImport annotation to exported web component, but add any font-face to document.

  • Use Jackson to make public API with Bean/List/Map to replace the current JsonValue API

    Lets Component and Element public API to support beans, lists and maps. Includes:

    • Add TypeReference support for generic type deserialization across all JSON APIs
      Commit · Pull request

      Add TypeReference<T> parameter overloads to enable proper deserialization of generic collections like List<Bean> and Map<String, Bean> across all Flow JSON APIs. This eliminates the need for unsafe casting when working with generic return types from JavaScript execution, property access, and event data handling.

    • Extend @ClientCallable to support beans and collections for all RPC calls
      Commit · Pull request

      Extend @ClientCallable to support custom beans and generic collections.

    • Add Jackson serializers for Component and Node types
      Commit · Pull request

    • Replace array-based type encoding with @v object format
      Commit · Pull request

    • Add bean deserialization support for executeJs return values
      Commit · Pull request

      Extends JacksonCodec.decodeAs() to deserialize JSON objects into Java beans using Jackson.

    • Add bean serialization support
      Commit · Pull request

      Implements bean-only serialization using Jackson. Beans are serialized on server and handled as standard JS objects on client.

    • Add support for event.detail in DOM events
      Commit · Pull request

      Add convenience methods to capture and deserialize event.detail from custom DOM events.

  • Signals

  • Improvements for TreeGrid

    • Introduce flattened hierarchy format
      Commit · Pull request

      The PR introduces a new getHierarchyFormat() method to HierarchicalDataProvider. It can be configured to return either HierarchyFormat#NESTED (default) or HierarchyFormat#FLATTENED (new). The selected format de...

Read more
Loading

Vaadin Flow 24.9.3

17 Oct 08:56
@vaadin-bot vaadin-bot
24.9.3
a90e8d7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 24.9.3 Latest
Latest

Changes since 24.9.2

All changes

Fixes

  • Always wait for navigated event for title (#22494)
    Commit · Pull request · Issue

    When running with react-router always wait for vaadin-navigated event before updating the title.

  • Update old override (#22429)
    Commit · Pull request · Issue

    Update old platform version override when a dependency is added for the override. # Conflicts: # flow-server/src/test/java/com/vaadin/flow/server/frontend/TaskUpdatePackagesNpmTest.java

  • Apply preventDefault only to filtered events (#22294) (#22298)
    Commit · Pull request

    When preventDefault() or stopPropagation() is used with setFilter(), it now only prevents default behavior for events that match the filter. This allows for more granular control, e.g., preventing default only for space key while allowing tab key to function normally. The fix modifies ElementListenerMap to check for preventDefault and stopPropagation expressions and make them conditional when a filter is present.

Assets 2
Loading

Vaadin Flow 24.8.10

17 Oct 08:56
@vaadin-bot vaadin-bot
24.8.10
578c406
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 24.8.10

Changes since 24.8.9

All changes

Fixes

  • Always wait for navigated event for title (#22494)
    Commit · Pull request · Issue

    When running with react-router always wait for vaadin-navigated event before updating the title.

  • Update old override (#22429) (#22435)
    Commit · Pull request · Issue

    Update old platform version override when a dependency is added for the override. # Conflicts: # flow-server/src/test/java/com/vaadin/flow/server/frontend/TaskUpdatePackagesNpmTest.java

  • Apply preventDefault only to filtered events (#22294) (#22298)
    Commit · Pull request

    When preventDefault() or stopPropagation() is used with setFilter(), it now only prevents default behavior for events that match the filter. This allows for more granular control, e.g., preventing default only for space key while allowing tab key to function normally. The fix modifies ElementListenerMap to check for preventDefault and stopPropagation expressions and make them conditional when a filter is present.

Loading

Vaadin Flow 25.0.0-alpha20

09 Oct 06:20
@vaadin-bot vaadin-bot
25.0.0-alpha20
15206d1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 25.0.0-alpha20 Pre-release
Pre-release

Changes since 25.0.0-alpha19

All changes

Fixes

Loading

Vaadin Flow 25.0.0-alpha19

08 Oct 11:17
@vaadin-bot vaadin-bot
25.0.0-alpha19
6aadc0c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 25.0.0-alpha19 Pre-release
Pre-release

Changes since 25.0.0-alpha18

All changes

Breaking changes

  • Set minimum Node version to 24
    Commit · Pull request

    Node 24 becomes the active LTS before 25.0.0 - guaranteeing the longest possible support

  • Use Jackson for all JSON deserialization in codecs
    Commit · Pull request

    Simplify JacksonCodec and JsonCodec by using Jackson for all type deserialization instead of custom primitive type handling. This provides consistent behavior and better error messages but removes lenient type conversions (e.g., boolean to integer).

  • Set Java 21 as baseline
    Commit · Pull request

New features

  • Make RequestUtil#getUrlMapping public for manual security configuration
    Commit · Pull request

  • Add TypeReference support for generic type deserialization across all JSON APIs
    Commit · Pull request

    Add TypeReference parameter overloads to enable proper deserialization of generic collections like List and Map<String, Bean> across all Flow JSON APIs. This eliminates the need for unsafe casting when working with generic return types from JavaScript execution, property access, and event data handling. Key changes: - Add JacksonCodec.decodeAs(JsonNode, TypeReference) for core deserialization with full generic type information preservation - Add PendingJavaScriptResult.then/toCompletableFuture TypeReference overloads for executeJs() return value handling - Add Element.getProperty(String, TypeReference) for typed property access with generic collections - Add DomEvent.getEventData(TypeReference) for typed event data extraction - Add DomListenerRegistration.addEventData(Class/TypeReference) overloads that automatically introspect bean/record structures and register all properties - Add BeanUtil.getBeanPropertyPaths() utility for extracting property paths from beans/records using Java Bean introspection - Update @EventData javadoc to document existing bean/record support

  • Extend @ClientCallable to support beans and collections for all RPC calls
    Commit · Pull request

    Extend @ClientCallable to support custom beans and generic collections

  • Watch the CSS files in the project's public static resources folder
    Commit · Pull request

    Watches files in src/main/resources/META-INF/resources/ and other public static resources folders to support HMR for StyleSheet("foo.css"). ---------

  • Add Jackson serializers for Component and Node types
    Commit · Pull request

    • Add custom Jackson serializers to handle @v-node serialization for Components and Nodes in collections - Remove duplicate component handling from JacksonCodec.encodeWithTypeInfo() - ComponentSerializer delegates to NodeSerializer to eliminate code duplication - NodeSerializer handles all Node types (Element, ShadowRoot) with consistent @v-node logic - Prevents infinite recursion when serializing Components in collections - Maintains existing @v-node serialization format for client compatibility

  • Replace array-based type encoding with @v object format
    Commit · Pull request

    Replaces the array-based type encoding system [typeId, ...data] with - Nodes: {"@v": "node", "id": nodeId} → {"@v-node": nodeId} - Return channels: {"@v": "return", "nodeId": x, "channelId": y} → {"@v-return": [x, y]} - Removed legacy NODE_TYPE, ARRAY_TYPE, RETURN_CHANNEL_TYPE constants Reject objects with unknown @v- prefixed properties to maintain forward compatibility. This ensures that if new types are added in the future, older clients will fail cleanly rather than misinterpreting the data.

  • Add ComponentEffect.bindChildren
    Commit · Pull request · Issue

    Adds helper API ComponentEffect for binding ListSignal to any parent component or element.

  • Modular feature flag system using Service Provider Interface
    Commit · Pull request · Issue

    Refactored feature flags to use Service Provider Interface (SPI) pattern, allowing each module to define its own feature flags that are dynamically loaded at runtime. This eliminates the need to hardcode all feature flags in the FeatureFlags class. Changes: - Added FeatureFlagProvider interface for modules to implement - Split feature flags into domain-specific providers: - CoreFeatureFlagProvider: Core Flow framework features - CopilotFeatureFlagProvider: Copilot-related features (placeholder) - HillaFeatureFlagProvider: Hilla-related features - FlowComponentsFeatureFlagProvider: Flow Components features - TestFeatureFlagProvider: Test-only features (in test sources) - Updated FeatureFlags to load features dynamically via ServiceLoader - Removed static feature flag definitions from FeatureFlags - Maintained backward compatibility with public static references for commonly used flags - Updated debug window to no longer filter EXAMPLE feature (now only in tests) - Fixed Maven plugin's CombinedClassLoader to properly combine resources from all classloaders, allowing ServiceLoader to find all service provider files The CombinedClassLoader fix ensures that the build-dev-bundle plugin can properly load feature flag providers by combining META-INF/services resources from all classloaders instead of returning resources from only the first classloader. This design provides better modularity and extensibility, allowing new modules to easily add their own feature flags without modifying core classes. 🤖 Generated with Claude Code

  • Add bean deserialization support for executeJs return values
    Commit · Pull request

    • Extend JacksonCodec.decodeAs() to deserialize JSON objects into Java beans using Jackson - Extend JsonCodec.decodeAs() with similar bean deserialization support for consistency - Add comprehensive unit tests for simple beans, nested beans, null handling, and error cases - Add default constructors to test bean classes for Jackson compatibility - Add integration tests with new buttons for testing bean return values from client - Add ExecJavaScriptIT tests to verify complete client-to-server bean deserialization flow - Maintain full backward compatibility for existing primitive type decoding - Support both simple and complex nested bean structures returned from JavaScript This enables JavaScript code to return complex objects that are automatically deserialized into typed Java beans on the server side.

  • Add bean serialization support
    Commit · Pull request

    Implements bean-only serialization using Jackson. Beans are serialized on server and handled as standard JS objects on client.

Fixes

  • Make StyleSheet for AppShell support non-root context path
    Commit · Pull request

  • Update old override
    Commit · Pull request · Issue

    Update old platform version override when a dependency is added for the override.

  • I18NProvider.translate return same as Component.translate
    Commit · Pull request · Issue

    The I18NProvider.translate should return the same as Component.translate when no provider can be found.

  • ElementRequestHandler requests are no longer blocked by Spring Security (#22055)
    Commit · Pull request · Issue

    Note! This fix was 100% made by AI and this must be taken into account when reviewing. The issue was that ElementRequestHandler requests without a URL postfix were generating URLs like /VAADIN/dynamic/resource/0// instead of /VAADIN/dynamic/resource/0//upload. These URLs were not recognized as internal framework requests by Spring Security's CSRF filter, causing them to be blocked. The fix modifies HandlerHelper.isFrameworkInternalRequest() to recognize all dynamic resource requests as internal, not just upload requests. Security is maintained by rejecting paths with directory traversal attempts. 🤖 Generated with Claude Code

  • Apply preventDefault only to filtered events (#22294)
    Commit · Pull request

    When preventDefault() or st...

Read more
Loading

Vaadin Flow 24.9.2

03 Oct 10:37
@vaadin-bot vaadin-bot
24.9.2
0e8fcde
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 24.9.2

Changes since 24.9.1

All changes

Fixes

  • Make sure request principal is available (#22368)
    Commit · Pull request · Issue

    When Spring Security request matchers are executed within SpringPathAccessChecker the request object is a stub instance that throw UnsupportedOperationException for many methods. This can cause failure when the path access checker is used in combination with request matchers that, for example, try to access the request user principal. An example is the pre-configured 'isAllowedHillaView' matcher. This change wraps the request matchers configured by Vaadin so that the request principal is taken from the Spring Security context, if not available on the request. In addition provides documentation and helper to set a global HttpServletRequestTransformer to augment all requests handled by WebInvocationPrivilegeEvaluator with the proper getUserPrincipal method override.

Loading

Vaadin Flow 24.8.9

03 Oct 10:37
@vaadin-bot vaadin-bot
24.8.9
1f655d1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 24.8.9

Changes since 24.8.8

All changes

Fixes

  • Make sure request principal is available (#22368)
    Commit · Pull request · Issue

    When Spring Security request matchers are executed within SpringPathAccessChecker the request object is a stub instance that throw UnsupportedOperationException for many methods. This can cause failure when the path access checker is used in combination with request matchers that, for example, try to access the request user principal. An example is the pre-configured 'isAllowedHillaView' matcher. This change wraps the request matchers configured by Vaadin so that the request principal is taken from the Spring Security context, if not available on the request. In addition provides documentation and helper to set a global HttpServletRequestTransformer to augment all requests handled by WebInvocationPrivilegeEvaluator with the proper getUserPrincipal method override.

Loading

Vaadin Flow 25.0.0-alpha18

30 Sep 09:47
@vaadin-bot vaadin-bot
25.0.0-alpha18
2b0d10e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 25.0.0-alpha18 Pre-release
Pre-release

No changes since 25.0.0-alpha17

Loading

Vaadin Flow 25.0.0-alpha17

29 Sep 11:22
@vaadin-bot vaadin-bot
25.0.0-alpha17
28386f2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 25.0.0-alpha17 Pre-release
Pre-release

Changes since 25.0.0-alpha16

All changes

New features

  • Conditionally load workbox dependencies only when PWA is enabled
    Commit · Pull request

    Move workbox-core and workbox-precaching from default dependencies to a new workbox folder that is only loaded when PWA is enabled. This reduces unnecessary dependencies for projects that don't use PWA functionality.

  • Allow StyleSheet on AppShellConfigurator class
    Commit · Pull request · Issue

    Allows StyleSheet annotation on top of AppShellConfigurator extending class. This allows to load stylesheets globally and also import Vaadin themes in V25 as they are shipped as single CSS files.

  • Add getItemIndex and getParent to hierarchical data providers
    Commit · Pull request

    This PR adds getItemIndex and getParent to HierarchicalDataProviders. This allows the users to define ways to provide item indexes and parents of items efficiently. This allows the TreeGrid component to implement scrollToItem functionality for any data provider without breaking existing implementations. Part of vaadin/flow-components#8076 ---------

  • Make Page.addStyleSheet() return Registration for dynamic removal
    Commit · Pull request

    Enables dynamic removal of stylesheets added via Page.addStyleSheet() methods by returning a Registration object. When Registration.remove() is called, the corresponding stylesheet is removed from the DOM on the client side.

Fixes

Loading

Vaadin Flow 25.0.0-alpha16

29 Sep 07:46
@vaadin-bot vaadin-bot
25.0.0-alpha16
0cc4514
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Vaadin Flow 25.0.0-alpha16 Pre-release
Pre-release

Changes since 25.0.0-alpha15

All changes

New features

Fixes

  • Remove client keys only after viewport update is confirmed
    Commit · Pull request · Issue

    Updates HierarchicalDataCommunicator to clean up no longer visible items, their client keys and generated data in confirmUpdate instead of flush. Removing client keys from keyMapper in flush is too early, since there may be new pending client requests (for example, item selection) that were made while the current request was in progress and they might still rely on those keys.

Loading