...
Tapestry's use of the Javassist bytecode library has been completely removed, along with many related services, such as ClassFactory, that were deprecated in 5.3. Use PlasticProxyFactory instead.
No Redirect On Form Validation Errors
In prior releases of Tapestry, when a client-side form was submitted and there were server-side validation errors, Tapestry would perform a redirect-after-post to re-render the page; this meant that the ValidationTracker object that stores validation errors would, itself, need to persist to the new render request, causing a server-side session to be created. Starting in 5.4, the default behavior for server-side validation exceptions is to re-render the page within the same request; this obviates the need to use a persistent field to store the tracker.
New Features
Component field visibility
In prior versions of Tapestry, all instance fields of components had to be visibility private; starting with versions 5.3.2 and 5.4, this has been relaxed. Component fields may be protected, or package private (that is, no visibility modifier). Fields that are final, or annotated with !@Retain may even be public. In any case, this makes it easier for pages to work with other pages in the same package, and for subclasses to more easily access the fields (including parameter fields, or injections) provided by base classes. This feature should be used with care, as it can lead to designs that are more difficult to maintain.
...