Blog from October, 2012

Apache Tapestry 5.3.6: improves security and stability.

Tapestry is primarily available for download via Maven, from the Maven central repository:

Maven Dependency
 
<dependency> 
<groupId>org.apache.tapestry</groupId> 
<artifactId>tapestry-core</artifactId> 
<version>5.3.6</version> 
</dependency> 

You can also download the binary, source, or JavaDoc archives.

Tapestry 5.3.6 is the latest maintenance release from the stable 5.3 release branch. Full details are in the release notes.

This release adds hash-based message authentication to serialized object data stored on the client; this
improves security, and eliminates a potential denial-of-service attack. It also downgrades the included version of the Prototype JavaScript library back down to version 1.7 from 1.7.1; the newer version appears to have been causing compatibility issues with some versions of Internet Explorer.

As usual for each Tapestry 5 release we've made great efforts to ensure an easy upgrade path; but be sure to read the upgrade notes carefully as some interfaces and methods that were deprecated in earlier major releases may have been removed: you should recompile and retest your application after upgrading your dependency. If you still have problems, use the Tapestry user mailing list to get support.