(J)Wt 4.11.4 is a bigger patch release that fixes a couple of issues, and also introduces some improvements. Check the release notes for more info.
The main points of attention are:
some additional improvements to MFA/TOTP
some href/internal path fixes and a "final" CSP correction
a WQrCode class to generate and display QR codes
Here are the links:
Wt 4.11.4 (C++): download wt-4.11.4.tar.gz (release notes)
JWt 4.11.4 (Java): download jwt-4.11.4.zip (release notes)
Binary builds for Windows are available on the GitHub releases page.
(J)Wt 4.11.3 is a bigger patch release that fixes a couple of issues, and also introduces some improvements. Check the release notes for more info.
The main points of attention are:
some improvements to MFA/TOTP
allowing custom MIME types, and extending the default list
resolve Wt’s own CSP violations, when using the default CSP (with use-script-nonce enabled)
allow compilation with Boost 1.87.0
Here are the links:
Wt 4.11.3 (C++): download wt-4.11.3.tar.gz (release notes)
JWt 4.11.3 (Java): download jwt-4.11.3.zip (release notes)
Binary builds for Windows are available on the GitHub releases page.
(J)Wt 4.11.2 is a bigger patch release that fixes a couple of issues, and also introduces some improvements. Check the release notes for more info.
The main points of attention are:
allowing developers to provide custom headers! The configuration is now allowed to set headers you always wish to send to clients. This can be used to improve security.
make the (CSP) usable, and configurable. This can be done with the above, or simply by allowing (script nonces), see use-script-nonce
quite a few improvements on the JavaScript side.
Here are the links:
Wt 4.11.2 (C++): download wt-4.11.2.tar.gz (release notes)
JWt 4.11.2 (Java): download jwt-4.11.2.zip (release notes)
Binary builds for Windows are available on the GitHub releases page.
(J)Wt 4.11.1 is a small patch release that fixes a couple of issues. Check the release notes for more info.
The main points of attention are:
the default increase in iterations when using bcrypt to generate and verify passwords. This has been bumped to 12 (to adhere to the minimum of 10 advised by [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)).
built-in support for Wt types (WDate, WString, and the like) when serializing JSON.
quite a few improvements on the JavaScript side.
Here are the links:
Wt 4.11.1 (C++): download wt-4.11.1.tar.gz (release notes)
JWt 4.11.1 (Java): download jwt-4.11.1.zip (release notes)
Binary builds for Windows are available on the GitHub releases page.