Welcome to Apache Wicket

With proper mark-up/logic separation, a POJO data model, and a refreshing lack of XML, Apache Wicket makes developing web-apps simple and enjoyable again. Swap the boilerplate, complex debugging and brittle code for powerful, reusable components written with plain Java and HTML.

  • Check the feature list
  • Read some Wicket buzz, some Wicket blogs
  • Find out why you should use Wicket
  • Check out some selected examples in detail or see them and many more in live action
  • Take a look at our live component reference
  • Go and download Wicket
  • See what extras are available

Wicket is released under the Apache License, Version 2.0.

Security announcement: CVE-2011-2712

A XSS vulnerability has been found in Apache Wicket version 1.4. This is solved in Apache Wicket 1.4.18. Please upgrade your applications to this release. Wicket versions 1.3.x and 1.5.x are not affected by this vulnerability. More information

Wicket 6.0.0-beta1 released

The Wicket team is proud to announce the first beta release of the Wicket 6.x series. This release brings over many improvements over the 1.5.x series.

Check the roadmap with a list of the major goals. And the migration guide with all major and some minor changes between 1.5.x and 6.x series.

The Jira changelog of all closed ticket at Jira

To use it in Maven:

<dependency>
    <groupId>org.apache.wicket</groupId>
    <artifactId>wicket-core</artifactId>
    <version>6.0.0-beta1</version>
</dependency>

If you don’t use dependencies management build tool then you can download the full distribution (including source).

There are no more planned API breaks but if you find something that can be made better now it the time to discuss it! We will try to avoid making any API changes in the Release Candidates that will follow this beta release.

Any feedback about the new features, their implementation and their documentation is very welcome!

The Wicket team!

CVE-2012-1089 - Apache Wicket serving of hidden files vulnerability

Vendor: The Apache Software Foundation

Versions Affected: Apache Wicket 1.4.x and 1.5.x

Description: It is possible to view the content of any file of a web application by using an Url to a Wicket resource which resolves to a ‘null’ package. With such a Url the attacker can request the content of any file by specifying its relative path, i.e. the attacker must know the file name to be able to request it.

Mitigation: Setup a custom org.apache.wicket.markup.html.IPackageResourceGuard that provides a whitelist of allowed resources. Since versions 1.4.20 and 1.5.5 Apache Wicket uses by default org.apache.wicket.markup.html.SecurePackageResourceGuard with a preconfigured list of allowed file extensions. Either setup SecurePackageResourceGuard with code like:

public class MyApp extends WebApplication {
    public void init() {
        super.init();
        SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
        guard.addPattern(...);
        guard.addPattern(...);
        getResourceSettings().setPackageResourceGuard(guard);
    }
}

or upgrade Apache Wicket 1.4.20 or Apache Wicket 1.5.5

Credit: This issue was discovered by Sebastian van Erk.

Older news items

  • CVE-2012-0047 - Apache Wicket XSS vulnerability via pageMapName request parameter - 22 Mar 2012
    Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5.x are not affected Description: A Cross Site Scripting (XSS) attack... more
  • Wicket 1.5.5 released - 12 Mar 2012
    This is the fifth maintenance release of the Wicket 1.5.x series. This release brings over 50 bug fixes and improvements. Git tag Changelog To use... more
  • Wicket 1.4.20 released - 12 Mar 2012
    This is twentieth release of the Wicket 1.4.x series. This is primarily a minor bugfix release on the 1.4.x (stable) branch. Subversion tag Changelog To... more
  • Wicket 1.5.4 released - 23 Jan 2012
    This is the fourth maintenance release of the Wicket 1.5.x series. This release brings over 68 bug fixes and improvements. Git tag Changelog To use... more
  • Wicket 1.5.3 released - 14 Nov 2011
    This is the third maintenance release of the Wicket 1.5.x series. This release brings over 40 bug fixes and improvements. Subversion tag Changelog To use... more
  • Wicket 1.5.2 released - 24 Oct 2011
    This is the second maintenance release of the Wicket 1.5.x series. This release brings over 25 bug fixes and 5 improvements. Subversion tag Changelog To... more
  • Wicket 1.4.19 released - 17 Oct 2011
    This is nineteenth release of the Wicket 1.4.x series. This is primarily a minor bugfix release on the 1.4.x (stable) branch. Subversion tag Changelog To... more
  • Wicket 1.5.1 released - 29 Sep 2011
    This is the first maintenance release of the Wicket 1.5.x series. This release brings over 40 bug fixes and 15 improvements. Subversion tag Changelog To... more
  • Apache Wicket releases Wicket 1.5 - 07 Sep 2011
    The Apache Wicket team is proud to announce the immediate availability of the newest release of their component oriented open source Java web framework. Apache... more
  • Wicket 1.5-RC7 released - 28 Aug 2011
    The Wicket Team is proud to introduce the seventh Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and... more

Books about Wicket

The following books are published regarding Apache Wicket (click a cover to learn more about the book):

spacer spacer spacer spacer spacer spacer spacer
Related searches:
wicket apache release released changelog
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.