Five years after its initial release, Vaadin 8 reached the end of free support on February 21, 2022. However, Vaadin Prime and Enterprise subscribers may access extended maintenance releases to keep their V8 applications running.
Which Products are IncludedExtended Maintenance covers the Vaadin 8 Core framework, Pro add-ons and official Core add-ons. For example, the Spring and ContextMenu add-ons. You may also use Expert Chat for Vaadin 8-related support.
When to Use Extended Maintenance
Extended Maintenance keeps Vaadin 8 data secure, bug free, and compatible with major browsers. A common use-case is to keep your Vaadin 8 application running while you’re upgrading to the latest Vaadin version. It’s also useful when you have a binding support agreement with your customer for a Vaadin 8 application.
Sometimes upgrading isn’t an option in the near term, for example, if your internal business-critical application is built on Vaadin 8. With Extended Maintenance, you can keep using your Vaadin 8 application until 2032.
Types of Maintenance Tasks
The Vaadin support team performs two types of maintenance tasks to keep Vaadin 8 secure and up-to-date:
1. Proactive Tasks
- Ensuring browser compatibility with integration testing on Vaadin 8-supported browsers.
- Monitoring third-party libraries for security alerts, etc.
- Monitoring the security impact of new features added to Vaadin 8 by request, such as through Expert on Demand hours. Security impact is reviewed by the normal review processes
2. Reactive Maintenance Tasks
- Responding to bug fix and warranty priorities for Vaadin 8.
- Responding to Expert Chat requests for Vaadin 8-related issues.
Communicating Security Vulnerabilities
If the Vaadin team receives a report for a security flaw, they fix the issue and communicate the incident to all affected customers through a private mailing list.
Accessing the Releases
Starting with 8.21.0, the extended maintenance releases are deployed to a private Maven repository. You need to add a new repository definition with a personal URL to the
pom.xml file in your project. You also need a license to use the extended support files. Our experts are on-hand to help you, and you can find instructions in your profile:
NOTE: Releases used to be deployed to Maven Central. 8.21.0 is deployed in both the public and private repositories to help customers transition to the new distribution model.
Bug Fixes and Feature Releases in the Framework Since Version 8.14.3
Version 8.14.3 was the last free version released under Apache 2 license. Under the extended maintenance service, Vaadin has already released the following versions to our customers under commercial VCL-1 terms:
Implemented eager UI cleanup through the Beacon API. Previously UIs would be cleaned up after several consecutive missed heartbeats. Now, closing the browser or tab or navigating away from the page sends a message to the server to notify it of such, allowing the UI to be destroyed immediately.
This should result in lower server resource usage without any modifications to the software. However, this feature does come with some caveats:
- This feature is not available for Internet Explorer clients. Our testing showed that Internet Explorer will report compatibility with the API, but fail to function as expected. As such, the feature is disabled for IE.
Vaadin 8 included a
LegacyApplicationclass for Vaadin 6 compatibility that was a holdover from Vaadin 7 and should have been removed with the release of Vaadin 8. This feature may cause systems extending the
LegacyApplicationclass to close and not reopen when the first client closes their window.
If this is a problem for your application, please contact Vaadin Support.
- In general, should you experience ANY abnormal behavior as it pertains to UI instance availability with this version of Vaadin but not with 8.22.0, please let us know by creating a support ticket.
- Improved stability of internal tests and build.
- Fixed JavaDoc generation and deployment to vaadin.com/API.
- Added Read-Only mode support to Grid and Compatibility Grid. The Read-Only mode can be engaged using the existing API call
grid.setReadOnly(true). This mode disallows editing of the Grid, while still allowing scrolling. This was added as the previous way to disallow editing in an otherwise editable grid was to call
grid.setDisabled(true), but that would also stop users from scrolling through data.
- Added missing style class name strings in ValoTheme, to allow cleaner access to menu and navigation elements in the style.
- The new fields are
- Fixed an issue with DateField event propagation when the backend doesn't immediately service the request. Events would get queued and then sent stale and out of order, resulting in the server side getting false user interaction events from the DateField.
- Updated jetty dependency to address CVE-2023-36479.
- Miscellaneous internal fixes to build and unit tests.
Framework 8 builds are now made on Java 11. The resulting JARs are still fully compatible with Java 1.8 runtimes, but only Java 11 SDKs are supported for building Framework 8 for the 8.21 series.
Build-time compatibility with Java 17 SDKs is being investigated, but is not yet available.
If you wish to run Vaadin 8 on Java 9+ JREs, you must set the Java environment value
java.locale.providers=COMPAT, otherwise locale dependent conversions (country code, currency, etc) WILL be inconsistent with Java 8 behavior, potentially leading to data loss.
Minimum Maven version to build Vaadin 8 is now 3.6.2.
Included new dependencies:
Updated supporting Maven plugins:
maven-clean-pluginfrom 3.0.0 to 3.2.0
maven-compiler-pluginfrom 3.5.1 to 3.11.0
maven-site-pluginfrom 3.5 to 3.12.1
maven-jar-pluginfrom 2.6 to 3.2.2
maven-surefire-pluginfrom 2.19.1 to 2.22.2
maven-failsafe-pluginfrom 2.19.1 to 2.22.2
maven-dependency-pluginfrom 3.0.1 to 3.5.0
exec-maven-pluginfrom 1.6.0 to 3.1.0
versions-maven-pluginfrom 2.3 to 2.15.0
build-helper-maven-plugin 1.10 to 1.12
maven-source-plugin3.0.1 to 3.2.1
maven-checkstyle-pluginfrom 3.2.0 to 3.2.2
Upgraded GWT dependency to 2.9.0 in order to make Framework 8 more compatible with other Vaadin products and modern build environments, as well as to improve compatibility with modern browsers.
Fixed all JavaDoc generation errors and cleaned up some API documentation along the way, resulting in better IDE compatibility and cleaner formatting of the resulting documentation.
Fixed a bug in the long polling push transport when the sync id check is disabled, leading to the server continuously pushing.
This is a backported fix from Flow, see issue #17237 and pull request #17238.
Added new API in
VaadinSession.javawhich allows setting priority of UIProviders. The function
VaadinSession.addUIProvidernow takes an extra integer parameter, which makes it possible to explicitly set priority of the UI providers as they're added.
Additionally, the functions
VaadinSession.setUIProviderPrioritywere added, which can be used together with
VaadinSession.getUIProvidersto alter the ordering of all UI providers added to the Session.
It is also possible to specify the priority of the default UI providers by setting the
UIPriorityvalue as part of the
This does not alter default behavior. The default
UIProviderpriority is 0; higher values get processed first. Providers with the same priority will be processed in the order they were added.
See the VaadinSession JavaDoc for more information.
Updated internal Jetty depdency from version
9.4.51.v20230217to avoid a false positive security alert. The internal Jetty server is only used for running tests at build time.
Updated plexus-archiver version in vaadin-maven-plugin to
4.8.0in order to fix a potential security vulnerability.
- Fixed an issue where compile-time license checking would fail on CI servers with release-only license files.
- Pinned nimbus-jose-jwt version in order to ensure that apps can still run under included Jetty on Java 8 VMs. Newer versions of nimbus-jose-jwt include a meta-info class that JVM 8 implementations cannot load. nimbus-jose-jwt was included as a transitive dependency.
- Removed mentions of NetBeans Plugin, since it has not been maintained and is no longer usable in modern versions of NetBeans.
- Improved build system; maven-flatten-plugin is now correctly invoked and build system related version numbers were bumped. This change should not affect users.
- Fixed a bug in TwinColSelect, which caused incorrect layouting on Firefox on some platforms. The issue was similar to the problem discussed in #9175
license-checkerto the latest available version for better user experience and MPR compatibility.
- Mitigated false positive reports of security vulnerabilities by adding maven-flatten-plugin to the build process. This strips out testing artifacts from the released POMs so that the released artifacts are not marked as vulnerable.
- Moved vaadin-portlet package contents from com.vaadin.server to com.vaadin.portlet namespace. This is a BREAKING CHANGE and will require you to update your imports. This is a necessary change in order to be able to support OSGi deployments (specifically under the latest Liferay 7 releases..
- Improved OSGi packaging for vaadin-portlet. See issue #12575.
- Fixed an issue where push connections could get stuck when using
@PreserveOnRefreshas requests intended for a new push connection would instead be queued on an old one. Now old connections are closed immediately on reconnect. See issue #12577.
- Fixed Push connection operations synchronization so that a connection won't be disconnected while there are messages pending. This would result in NullPointerExceptions being thrown. Makes the isConnected() call correctly reflect current state. This is a backported fix from Flow. See Flow issue #15571.
- Fixed an issue where undelivered push messages would get lost, resulting in a need for UI resynchronization. Push messages are now kept in cache until a client acknowledges receipt. This is a backported fix from Flow. See Flow issue #15205.
- Improved performance in UIs with assertions enabled. Some assertions would check for the presence of MPR on every run. MPR is now only detected once and the check result is cached. See issue #12572.
- Changed license from Commercial Vaadin Developer License 4.0 to Vaadin Commercial License version 1. This change does not affect active subscribers, but it does mean that future releases of Vaadin Framework may move from dev- and build-time license checking to runtime license checking. Version 8.19.0 does not do that yet. See LICENSE file in the downloadable package or the Vaadin Commercial License and service terms document for more information.
- Fixed issue #12562. The internal state of ComboBox got confused when adding new items after calling
- Improved the
vaadin-compatibility-server-mpr-jakartaPOM dependency definitions such that these packages do not pull in
vaadin-compatibility-serveras unwanted dependencies, respectively.
- Fixed a number of assertion functions which would fail when MPR was in use. Improves testability of the framework and should allow running with assertions enabled in MPR configurations.
- Removed logging of Atmosphere version while MPR is in use. This fixes runtime failures under some configurations.
- Updated Atmosphere to version 2.4.30-vaadin5 in order to make Vaadin Framework 8 compatible with Jetty 10.
- Updated Vaadin License Checker to version 1.11.2 to support new license model.
- Fixed issue #12560 by improving Grid's horizontal scrolling scrolling logic.
- Fixed an issue in Combobox where scrolling to selection would fail if the user had typed into the input field. Possibly related to #12562.
runAfterRoundTripAPI to the UI class for improved sequence control, allowing execution of a callback after one or more client-server round trips have been completed.
- Separated portlet support code out of
vaadin-serverinto its own package,
vaadin-portlet. This will break your build if your application makes use of Portlet classes and you do not import the
- Added support for Vaadin Multiplatform Runtime version 24+ by adding packages
vaadin-compatibility-server-mpr-jakarta. This is only needed for MPR 24+, and is NOT guaranteed to work as generic Jakarta support (even though it does so at the moment) as we may add MPR specific functionality or even hard MPR dependencies in the future.
- Improved hierarchical data container handling, resulting in increased speed and correcting some potential memory leaks.
- Fixed an issue in Grid's MultiSelect mode introduced by performance improvements made to Vaadin 8.16.0 which would erroneously cause a refreshed data item to become selected.
- Fixed an issue introduced in Vaadin 8.15.1's Grid focus stealing fix where the focus stealing prevention would become overly zealous.
- Updated JSoup version from 1.14.3 to 1.15.3. This is a BREAKING CHANGE for many projects, as it requires you to find all references to
org.jsoup.safety.Whitelistand replace them with references to
org.jsoup.safety.Safelist. The API of the two classes is the same;
Safelistis a drop-in replacement for
Whitelist. This change was made to all Vaadin versions simultaneously to address CVE-2022-36033 and keep the dependencies in line for use with Vaadin MPR.
- Updated PuppyCrawl dependency from version 8.18 to 8.29 in order to avoid false positive alert in dependency check
- Updated CheckStyle dependency from version 2.17 to 3.2.0 in order to avoid false positive alert in dependency check
- Fixed a failure-to-start condition on some server configurations (e.g. Tomcat) caused by the connector map cleanup logic change in 8.16.0
- Updated Jetty version from 9.4.43.v20210629 to 9.4.48.v20220622 to fix a potential security issue
- Updated License Checker version to support Vaadin 8 together with the latest Vaadin Flow in MPR configurations
- Updated the license information provided by vaadin-root POM to correctly show CVDL-4 as the project license instead of Apache-2.0
- Introduced predefined text/html Snippets feature for the RichTextArea component
- Moved connector map cleaning logic invocation from UI.unlock() to VaadinService.requestEnd() when not using Push
- Improved Grid multi-select performance
- Backported automatic conversion support and other Binder improvements from Vaadin Flow
- Added support for Liferay kernel versions up to 49
- Changed all resources to use Object.class as interface type to support OSGi Portlets on Liferay CE 7.3.6 GA7 or later (issue #12504)
- Fixed an issue where Grid was moving the focus away from external input controls when the data source contents were updated
- Fixed an issue where manual field binding configurations might get overwritten by automatic binding logic
- Field level verification in Binder is no longer run twice
- Fix: Allow scrolling away from a Grid using touch
- Fix: Throw exception when attempting to merge BeanPropertySets with identical keys but different value types
- Added a more intuitive resynchronization error message
- Change license from Apache 2.0 to CVDLv4
Bug Fixes and feature releases in the Pro products
- Fix: Do not sanitize plain strings and do not strip table tags. See issue #633.
List of supported technologies
Vaadin 8 is compatible with Java 8 and newer up to Java 8. The framework building is not possible with newer Java versions than 8, however, it is possible to develop applications with Java 11 and Java 17 provided that client-side code conforms to Java 8. Note, that using newer JDK versions will pose limitations to application server compatibility. Vaadin 8 is especially supported on the following operating systems:
- Mac OS X
Vaadin Framework 8 requires Java Servlet API 3.0 but also supports later versions up to Servlet 4.0 and should work with any Java application server that conforms to the standard. The following application servers are supported:
- Apache Tomcat 7-9
- Apache TomEE 1.7 and 7.0
- Oracle WebLogic Server 12.2
- IBM WebSphere Application Server 9
- JBoss EAP 6
- Wildfly 8-13
- Jetty 8-9
- Glassfish 2-4
Vaadin 8 supports the JSR-286 Portlet specification and all portals that implement the specification should work. The following portals are supported:
- Liferay Portal 6.2
- Liferay Portal 7.0
Vaadin Framework 8 supports the following desktop browsers. Our automated tests cover the latest versions of Firefox and Chrome:
- Mozilla Firefox 54+
- Mozilla Firefox ESR 52+
- Internet Explorer 11: latest
- EdgeHTML: latest
- Chromium Edge: latest
- Safari on Mac: 9+, latest
- Google Chrome: 59+, latest
Additionally, Vaadin supports the built-in browsers in the following mobile operating systems:
- iOS 9+
- Android 4+ with Chrome 42+