ZK 10.0.1 release notes

PE/EE released on Jun 14, 2024

ZK 10.0.1 is released to address the latest security vulnerabilities. We recommend you upgrade to this new version to ensure enhanced security.

Please note that this version is released for PE/EE customers & ZOL users.

ZK 10 is a major release that empowers developers to build cloud-native, scalable, and efficient applications. ZK 10 introduces several key features, including Stateless Components, Client MVVM, and TypeScript Integration. Additionally, our CI/CD process now includes an improved security framework to further protect your applications.

Upgrade to ZK 10.0.1 today to take advantage of these enhancements and ensure your applications remain secure and robust.

What's New

  • Bugs Fixed
    • ZK-5679 - RichletMapping with "/" on Class does not work on StatelessRichlet class
    • ZK-5715 - PDFjs cve-2024-4367 arbitrary code execution from pdf document
    • ZK-5722 - DomPurify doesn't neutralize double quotes in attribute string, can be used for XSS attacks
    • ZK-5726 - Review SonarCube Report
    • ZK-5729 - JNDI-Injection detected in JndiVariableResolver.java
    • ZK-5733 - URIBuilder causes warnings for resources from jar with "!" in url