vaadin-bot
commented
1 year ago Thanks for using Vaadin! We appreciate your help and we’ll take care of this as soon as possible.
Closed benstpierre closed 1 year ago
vaadin-bot
commented
1 year ago Thanks for using Vaadin! We appreciate your help and we’ll take care of this as soon as possible.
knoobie
commented
1 year ago The new jsoup version can be used with 23.2 by default. In 23.1 you have to do some more work to get it to work without breaking stuff.
ZheSun88
commented
1 year ago we are working on a fix to make the new jsoup version working with V23.1 and older vaadin versions
nittka
commented
1 year ago Timely fixes for Vaadin 8 and Vaadin 14 would be quite important as well. Do I understand correctly, that you may not update the dependency directly, but will make sure that your code will be compatible with 1.15.X, so that we can package an updated version safely?
knoobie
commented
1 year ago Vaadin (flow) releases 14-23.2 with a fix including the transitive dependency are already on the way. An update for v8 (8.17) as extended maintenance release is prepared by Tatu as well.
ZheSun88
commented
1 year ago All affected Vaadin versions, 23.2.0, 23.1.9, 23.0.16, 22.0.22, 14.8.17, 10.0.21, 8.17.0 and 7.7.34 have been released with the Jsoup version updates.
Describe the bug
It appears that as of 23.1.6 Vaadin uses JSOUP 1.14.3. In JSOUP 1.15.3 There was a breaking change where Whitelist was replaced with Safelist as the term "Whitelist" is considered racist. https://jsoup.org/news/release-1.15.1
We cannot use the new version of JSOUP because vaadin depends on the old version and uses the Whitelist class.
This should be a pretty small fix for Vaadin.
Expected-behavior
No response
Reproduction
Try to uses JSOUP 1.15.1 in a Vaadin 23 app and it will break.
System Info
Happens on all systems.