November 20, 2023

OpenXava 7.2 released

In our latest version of OpenXava, we have enhanced the calendar to support dates with hours, adding a weekly view and a daily view. We also have a completely new editor for visualizing collections in a tree format, with drag-and-drop support. Furthermore, we now support Java 21 and have included many other exciting improvements.

In the realm of web security, we have made significant advancements. If your applications are accessible on the internet to the general public, they will now be even more secure against various hackers.

To update edit the pom.xml file in your project and change the value of the openxava.version property, in this way:


Then rebuild your project:

  • With OpenXava Studio:
    • Right mouse button in your project > Run As > Maven clean
    • Right mouse button in your project > Run As > Maven install
  • Or with command line: mvn clean package

Look at the migration instructions.

Calendar with week and day

If your entity has a property of Date type annotated with @DateTime or of Timestamp type, in the calendar view, the option to view the week or day will appear. The week view would look like this:

And the day view looks like this:

In both views, you can click on any hour to create a record with that pre-set date and time.

Furthermore, we have made the following improvements to the calendar:

  • Tooltips for records shown in calendar list format.
  • Explicit plus icon in each day in list calendar format to create a new record for a day.

More web security enhancements

We have continued to improve the web interface generated by OpenXava to make it more secure and challenging to hack. Here is a list of security enhancements:

  • New property turnOffWebSecurity in to disable the use of CSP in web headers.
  • Removed Content Security Policy errors in browser console.
  • All inline JavaScript events removed from OpenXava code.
  • Links with href="javascript:" removed from OpenXava code.
  • Inline events in JavaScript no longer work for custom views and editors.
  • Links with href="javascript:" no longer work for custom views and editors.
  • Minimized the use of eval() in JavaScript code.
  • Old Yahoo JavaScript libraries removed for security reasons.
  • Removed or updated all vulnerable third party JavaScript libraries.
If your application is public or runs in an environment where security is crucial, we advise you to update to version 7.2.

New editor for @Tree collections

We have updated the JavaScript library that we use when you annotate a collection with @Tree. This is how it looks:

Apart from having a more modern appearance than the previous one, it has no security vulnerabilities, and it is possible to use drag-and-drop to move elements in the tree.

Java 21

As you all know, the latest LTS version of Java, Java 21, was released last September. We are confident that some of you are eager to try it out. We have made all the necessary adaptations, such as updating the Lombok library or making adjustments to date formatting, to ensure that Java 21 works seamlessly with your OpenXava applications.

To use it, you only need to modify the pom.xml file of your project to use Java 21:


If you use OpenXava Studio, you have to register JDK 21 in Window > Preferences > Java > Installed JREs. Once that is done, configure your Maven tasks and runtime settings to use Java 21 for compiling and running your application.

You can find a detailed guide on how to use Java 21 with OpenXava in our documentation.

Upgraded libraries

We have upgraded the following third party libraries:

  • JasperReports and JasperReports Fonts upgraded to 6.20.6
  • jQuery upgraded to 3.7.1.
  • jQuery UI upgraded to 1.13.2.
  • JUnit upgraded to 4.13.2
  • Commons IO upgraded to 2.15.0
  • POI and POI OOXML upgraded to 5.2.4
  • Groovy upgraded to 4.0.15
  • JSoup upgraded to 1.16.2
  • HtmlUnit upgraded to 3.7.0
  • PdfBox upgraded to 2.0.30
  • JAXB-upgraded to 4.0.4
  • Lombok upgraded to 1.18.30
  • Embedded Tomcat used in development upgraded to 9.0.82.
  • Jersey client, hk2, media upgraded to 2.41.
  • Log4j API and core upgraded to 2.21.1.
  • Driver version in doc and new projects upgraded for MySQL, Oracle, AS/400 and Microsoft SQL Server.

Other improvements

We have done some improvements in other areas:

  • Remove and rename column icons when customizing lists are aligned to the right.
  • New method executed() in IAccessTrackerProvider so now action executions can be tracked too.
  • Removed getHrefAttribute() method from HtmlUnitUtils.

Bug fixes

Though this is not a maintenance version we have done some fixes:

  • Fix: When removing a column with a calculated property from a list a blank column is left on right.
  • Fix: Default action with takes-long=true does not show the takes long image if the user presses ENTER.
  • Fix: IForwardAction with inNewWindow() not in new window when pressing ENTER and it's the default action. 

blog comments powered by Disqus