ZK 9.6.4 release notes

PE/EE released on May 16, 2023

ZK 9.6.4 is an updated release bring in security enhancements along with other 30+ improvements. Highlights include 3rd-party (moment-js, commons fileupload, JRuby) dependency updated for enhanced security, addressing reflected XSS vulnerability, multiple improvements on tabboxes, and on the use of mobile/hybrid devices.

Please note that this version is released for PE/EE customers & ZOL users.

ZK 9.6 is a major release providing two packages, supporting developers to either stay with Java EE or migrate to Jakarta EE. In addition, major improvements were made on ZK Embedded and WCAG support. Learn more here.

What's New

  • New Feature
    • ZK-5425 - pdfviewer can display a digital signature

  • Bugs Fixed
    • ZK-5445 - avoid reflected cross site scripting (XSS) attacks
    • ZK-5238 - upgrade moment.js to eliminate the security vulnerabilities
    • ZK-5419 - Security upgrade commons fileupload
    • ZK-2297 - @ContextParam TRIGGER_EVENT not sent for global commands
    • ZK-2658 - Listbox: multiple="true" checkmark="true" issue
    • ZK-3246 - File download doesn't work with Chrome in iOS
    • ZK-4194 - ZK cannot clear disconnected desktops reliably by remove-desktop requests
    • ZK-4955 - Combobox fires a duplicate onChange event
    • ZK-5061 - ZK Embedded loading default ZK styles causes style changes to the outer page
    • ZK-5067 - update internal timezone file
    • ZK-5133 - Radio onPageAttached condition causes onPageAttach to not fix index on parent radiogroup
    • ZK-5224 - hflex and vflex doesn't consider a component's margin
    • ZK-5251 - listbox select mold produces js error in a mobile browser
    • ZK-5252 - a modal window doesn't focus on its first focusable child
    • ZK-5258 - setFocus() doesn't work on a textbox in a modal window
    • ZK-5260 - chosenbox options don't escape HTML characters
    • ZK-5353 - Insertion [] of the shadow [] cannot be orphan in 9.6.3
    • ZK-5368 - Tree with client-ROD fails to replace treerow if parent is currently not rendered
    • ZK-5374 - Elements with an treegrid(role) that require children to contain a specific role are missing some or all of those required children
    • ZK-5377 - Upgrade GA code
    • ZK-5378 - Add safety check to DesktopEventQueue$QueueListener#onEvent
    • ZK-5379 - Floating scrollbar prevent anchornav from scrolling
    • ZK-5382 - Wrong shadow insertions after shadow tree merged
    • ZK-5399 - Number of NoDOM increases unexpectedly
    • ZK-5414 - onTimer event causes a cascader to close its next level items
    • ZK-5423 - select a date causes an invalid result under locale pt
    • ZK-5426 - pdfviewer cannot display some texts
    • ZK-5427 - missing context menu after ZK-4835 on hybrid mouse / touch devices
    • ZK-5429 - tabbox scroll unsynced when resizing with toolbar
    • ZK-5434 - Datebox show different time when running with -Duser.timezone="America/Mexico_City"
    • ZK-5439 - Remove outdated GA info in Eval version

  • Upgrade Notes
    • Upgraded JRuby dependency from 1.1.2 to 1.7.27 for avoiding security vulnerabilities