Important: This news article covers an old version of Javalin (v3.10.1).
The current version is v6.4.0.
See the documentation page for up-to-date information.
See the documentation page for up-to-date information.
JavalinVue security patch
The JavalinVue plugin includes query-parameters in the DOM, which made it possible to do XSS injection. If you are using JavalinVue you should update to 3.10.1 as soon as possible.
If you are not using JavalinVue, then you can skip upgrading to 3.10.1, as there are no other fixes.