Login
We use cookies to ensure that we give you the best experience on our website.

ZK 10.1.0 release notes

PE/EE released on Nov 12, 2024


ZK 10.1.0 is the latest update in the ZK 10 series, addressing potential DoS and template injection vulnerabilities and resolving multiple Client MVVM issues. This release also includes enhanced compatibility with Quarkus.

We highly recommend upgrading to ZK 10.1.0 to benefit from improved security and stability. For a full list of fixes and new features, please refer to the details below.

Please note that this version is released for PE/EE customers & ZOL users.

ZK 10 is a major release that empowers developers to build cloud-native, scalable, and efficient applications. ZK 10 introduces several key features, including Stateless Components, Client MVVM, and TypeScript Integration. Additionally, our CI/CD process now includes an improved security framework to further protect your applications.



What's New

  • New Feature
    • ZK-5561 - ZK Websocket Quarkus compatibility
    • ZK-5716 - Eliminate various inline script
    • ZK-5775 - Improve ZK-5393 by caching FileUpload classes
    • ZK-5782 - Upgrade WCAG with the lighthouse 12.x detection tools

  • Bugs Fixed
    • ZK-3729 - getDesktop() sometimes returns NULL causing NPE
    • ZK-4785 - z-errorbox doesn't show in Safari
    • ZK-4960 - Listbox doesn't keep scrollbar position when applying hflex="min" on a listheader in mobile
    • ZK-4962 - ZK-3975 regressions in mobile
    • ZK-4964 - combobox input should be focused while clicking the drop-down button in Android
    • ZK-5455 - Popup causes error if parent is removed during popup opening animation
    • ZK-5470 - bandbox closes its popup when switching active page
    • ZK-5475 - select a date with time produces an invalid result under locale pt
    • ZK-5546 - Websocket endpoint doesn't trigger timeout-uri redirect after desktop timeout
    • ZK-5551 - Shadow Component ForEach adds fullfil listeners everytime the syncModel method is called, doesn't clear them if component is removed
    • ZK-5580 - Looping for scheduled events
    • ZK-5589 - a checkmark of a checkbox inside a caption is shifted unexpectedly
    • ZK-5594 - ListboxDataLoader doGroupsDataChange finds incorrect offset, causes class cast exception
    • ZK-5613 - collapse a group causes ClassCastException
    • ZK-5657 - Missing zk-bom version since 10.0.0
    • ZK-5659 - Tree only renders 50 nodes in client mvvm
    • ZK-5677 - Executions.schedule cause infinite loop if async event causes exception
    • ZK-5696 - Nested Shadow element fails in ZK 10
    • ZK-5703 - Debug messages shouldn't be created if debug is disabled, may cause side effects
    • ZK-5707 - avoid invoking an event listener after a session expired
    • ZK-5730 - Harden smartUpdate to check for null desktop or null webapp
    • ZK-5743 - clicking menuitem fires 2 onClick events in mobile browser
    • ZK-5756 - a MatchMedia request causes java.lang.IllegalArgumentException
    • ZK-5764 - Unable to call original method when using custom ViewModelAnnotationResolver
    • ZK-5766 - DomPurify fails with partial html content
    • ZK-5777 - sendRedirect() doesn't work because of the encoded &
    • ZK-5780 - dompurify Template Injection vulnerability
    • ZK-5784 - a fontawesome bug causes zk to lose all styles in Chrome and Edge
    • ZK-5787 - aria-hidden elements do not contain focusable elements
    • ZK-5789 - overriding js in a jar doesn't work
    • ZK-5792 - fullfill doesn't create all components in a forEach
    • ZK-5793 - upload doesn't show a progressbox
    • ZK-5797 - Client MVVM Children binding shall ignore null value
    • ZK-5798 - Client MVVM: Content missing in Include
    • ZK-5799 - Javascript error when using Pdfviewer in Client MVVM
    • ZK-5801 - Client MVVM: switching apply template causing javascript error
    • ZK-5807 - A side-effect of ZK-5582 for the testSelectRange of B70_ZK_2534_groupTest
    • ZK-5810 - Client MVVM: XEL Methods in include
    • ZK-5813 - a side effect of ZK-5476 for BookCRUD2Test and BookCRUDTest
    • ZK-5814 - a side effect of ZK-5582 for F02545ChildrenBindingSupportListModelTest
    • ZK-5819 - [CodeQL] Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReade
    • ZK-5820 - a side effect of ZK-5018 for F95_ZK_4552Test
    • ZK-5825 - Clicking bandbox button on Android does not focus input
    • ZK-5833 - ZK-423 regression on Android

Release History