The Apache Maven team is pleased to announce the release of the Apache Maven 3.8.1

Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project’s build, reporting and documentation from a central piece of information.

Maven 3.8.1 is available via https://maven.apache.org/download.cgi

The core release is independent of plugin releases. Further releases of plugins will be made separately.

If you have any questions, please consult:

• the web site: https://maven.apache.org/
• the maven-user mailing list: https://maven.apache.org/mailing-lists.html
• the reference documentation: https://maven.apache.org/ref/3.8.1/

RELEASE DETAILS

This release with CVE fixes is a result based on the findings and feedback of Jonathan Leitschuh and Olaf Flebbe.

One of the changes that might impact your builds is the way custom repositories defined in dependency POMs will be handled. By default external insecure repositories will now be blocked (localhost over HTTP will still work). Configuration can be adjusted via the conf/settings.xml.

Release Notes – Maven – Version 3.8.1

• Bug:

  • MNG-7128 – improve error message when blocked repository defined in build POM

• New Features:

  • MNG-7116 – Add support for mirror selector on external:http:*
  • MNG-7117 – Add support for blocking mirrors
  • MNG-7118 – Block external HTTP repositories by default

• Dependency upgrades:

  • MNG-7119 – Upgrade Maven Wagon to 3.4.3
  • MNG-7123 – Upgrade Maven Resolver to 1.6.2

For more information read https://maven.apache.org/docs/3.8.1/release-notes.html

Enjoy!

• The Maven Team

The Apache Maven team is pleased to announce the release of the Apache Shared Component: Apache Maven Artifact Transfer Version 0.13.1

An API to install, deploy and resolving artifacts with Maven3

1
2
3
4
5

<dependency>
  <groupId>org.apache.maven.shared</groupId>
  <artifactId>maven-artifact-transfer</artifactId>
  <version>0.13.1</version>
</dependency>

Release Notes Apache Shared Componet Maven Artifact Transfer 0.13.1

• Bugs:

  • MSHARED-863 – Possible NPEx in Maven30DependencyResolver.resolveDependencies
  • MSHARED-874 – NPE with maven-dependency-plugin
  • MSHARED-913 – Missing component annotations for maven3 and maven31 dependency collectors
  • MSHARED-920 – NPE in DefaultArtifactInstaller.install – missing injection of RepositoryManager

• New Feature:

  • MSHARED-843 – Provide artifacts in CollectorResult when collectDependencies

• Improvements:

  • MSHARED-864 – Refactor and simplify code
  • MSHARED-865 – Line up all IT’s with Maven versions
  • MSHARED-869 – Reduce duplication in DefaultDependencyCollector-s
  • MSHARED-875 – Remove enforcer for bytecode enforcement
  • MSHARED-879 – make build Reproducible
  • MSHARED-889 – Remove explicit version for maven-shade-plugin
  • MSHARED-922 – Remove checksum creation from DefaultProjectDeployer

• Tasks:

  • MSHARED-877 – Remove hard coded version for maven-invoker-plugin
  • MSHARED-878 – Add automatic module name

• Dependency upgrades:

  • MSHARED-845 – Upgrade plexus-utils 3.3.0
  • MSHARED-846 – Upgrade commons-codec – 1.13
  • MSHARED-857 – Upgrade commons-codec 1.14
  • MSHARED-858 – Upgrade maven-shared-component parent to 34
  • MSHARED-859 – Upgrade maven-common-artifact-filters 3.1.0
  • MSHARED-876 – Upgrade in IT all maven-plugin parents to version 34
  • MSHARED-883 – Upgrade groovy from 2.4.10 to 3.0.3 for maven-invoker-plugin

Enjoy,

-The Maven team

The Apache Maven team is pleased to announce the release of Apache Maven Wagon 3.4.2.

Apache Maven Wagon is a transport abstraction that is used in Mavens artifact and repository handling code.

You can download the appropriate sources etc. from the download page.

Release Notes – Maven Wagon – Version 3.4.2

• Bug:

  • WAGON-597 – AbstractHttpClientWagon.setPersistentPool has no effect due to parameter assigned to itself

• Dependency upgrades:

  • WAGON-601 – Use latest JUnit version 4.13.1

Enjoy,

• The Apache Maven team

The Apache Maven team is pleased to announce the release of the Maven Project Info Reports Plugin version 3.1.1

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-project-info-reports-plugin</artifactId>
  <version>3.1.1</version>
</plugin>

You can download the appropriate sources etc. from the download page.

Release Notes – Maven Project Info Reports Plugin – Version 3.1.1

• Bugs:

  • MPIR-374 – Unknown packaging: bundle when creating report
  • MPIR-398 – Nonsense links created for mailing lists when mailto is empty

• Improvements:

  • MPIR-393 – MailiingListReport.getArchiveServer is weird
  • MPIR-394 – Link for Jenkins introduction should be updated to jenkins.io

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Archetype Plugin, version 3.2.0.

In short, Archetype is a Maven project templating toolkit. An archetype is defined as an original pattern or model from which all other things of the same kind are made. The names fits as we are trying to provide a system that provides a consistent means of generating Maven projects. Archetype will help authors create Maven project templates for users, and provides users with the means to generate parameterized versions of those project templates.

https://maven.apache.org/archetype/maven-archetype-plugin/index.html

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-archetype-plugin</artifactId>
  <version>3.2.0</version>
</plugin>

You can download the appropriate sources etc. from the download page.

Release Notes – Maven Archetype Plugin – Version 3.2.0

• Bug:

  • ARCHETYPE-585 – Missing null check causes NullPointerException

• New Feature:

  • ARCHETYPE-590 – support Reproducible Builds for archetype:jar

• Improvements:

  • ARCHETYPE-583 – Skip parent non-archetype project when updating local catalog
  • ARCHETYPE-586 – make build Reproducible

• Dependency upgrades:

  • ARCHETYPE-594 – Update easymock
  • ARCHETYPE-596 – Update xmlunit

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven WAR Plugin, version 3.3.1.

The WAR Plugin is responsible for collecting all artifact dependencies, classes and resources of the web application and packaging them into a web application archive.

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-war-plugin</artifactId>
  <version>3.3.1</version>
</plugin>

You can download the appropriate sources etc. from the download page.

Release Notes – Maven WAR Plugin – Version 3.3.1

• Bugs:

  • MWAR-436 – Jar file created by archiveClasses option is not reproducible
  • MWAR-435 – Maven WAR Plugin 3.3.0 with minify-maven-plugin does not work correctly anymore
  • MWAR-434 – archiveClasses Jar file is not created in WEB-INF/lib
  • MWAR-433 – Maven WAR plugin is deleting files generated by other plugins after upgrading to 3.3.0

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Site Plugin, version 3.9.1.

The Site Plugin is used to generate a site for the project. The generated site also includes the project’s reports that were configured in the POM.

You can download the appropriate sources etc. from the download page:

https://maven.apache.org/plugins/maven-site-plugin/download.cgi

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-site-plugin</artifactId>
  <version>3.9.1</version>
</plugin>

Release Notes – Maven Site Plugin – Version 3.9.1

• Bugs:

  • MSITE-856 – NullPointer on org.apache.maven.plugins.site.render.SiteMap.relativePath
  • MSITE-863 – NoSuchMethodError: ‘Xpp3Dom.getInputLocation()’ when running reports with Maven versions < 3.6.1

• Improvements:

  • MSITE-845 – Drop Maven 2 support
  • MSITE-862 – log Doxia source when rendering with site:run

• Task:

  • MSITE-757 – drop Maven 2 support

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Shared Component: Maven Reporting Exec Version 1.5.1.

Classes to prepare report plugins execution with Maven 3, through MavenReportExecutor (implementation).

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<dependency>
  <groupId>org.apache.maven.reporting</groupId>
  <artifactId>maven-reporting-exec</artifactId>
  <version>1.5.1</version>
</plugin>

You can download the appropriate sources etc. from the download page.

Release Notes Apache Maven Shared Component: Maven Reporting Exec Version 1.5.1

• Bugs:

  • MSHARED-923 – upgrade maven-shade-plugin to 3.2.4 to get Reproducible Build
  • MSHARED-924 – fix Xpp3DomUtils shading relocation
  • MSHARED-921 – NoSuchMethodError: ‘Xpp3Dom.getInputLocation()’ with Maven versions < 3.6.1

• Improvements:

  • MSHARED-814 – Require Java 7
  • MSHARED-879 – make build Reproducible

• Task:

  • MSHARED-663 – mark ReportPlugin and ReportSet package private

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven WAR Plugin, version 3.3.0.

The WAR Plugin is responsible for collecting all artifact dependencies, classes and resources of the web application and packaging them into a web application archive.

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-war-plugin</artifactId>
  <version>3.3.0</version>
</plugin>

You can download the appropriate sources etc. from the download page.

Release Notes – Maven WAR Plugin – Version 3.3.0

• Bugs:

  • MWAR-314 – failOnMissingWebXml ignored when webXml set
  • MWAR-427 – WAR plugin includes the same artifact twice if used without clean
  • MWAR-429 – Failed to execute goal org.apache.maven.plugins:maven-war-plugin:3.2.3:exploded (pre-exploded-war) on project alfresco-platform

• New Feature:

  • MWAR-432 – Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

• Improvements:

  • MWAR-375 – Remove the useCache with its implementation
  • MWAR-397 – Replace XStream with Modello to merge overlays
  • MWAR-430 – support JakartaEE namespace: remove or adapt hardcoded reference to javax.servlet package
  • MWAR-431 – make build Reproducible

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Shade Plugin, version 3.2.4.

This plugin provides the capability to package the artifact in an uber-jar, including its dependencies and to shade – i.e. rename – the packages of some of the dependencies.

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-shade-plugin</artifactId>
  <version>3.2.4</version>
</plugin>

You can download the appropriate sources etc. from the download page

Release Notes – Maven Shade Plugin – Version 3.2.4

• Bugs:

  • MSHADE-363 – Breaking change to ResourceTransformer’s API
  • MSHADE-360 – ServicesResourceTransformer.modifyOutputStream swallows IOExceptions

• Tasks:

  • MSHADE-365 – document Properties transformers available since 3.2.2 in separate table
  • MSHADE-364 – Don’t log as duplicate resource handled by a transformer

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of Apache Maven Wagon 3.4.1.

Apache Maven Wagon is a transport abstraction that is used in Mavens artifact and repository handling code.

You can download the appropriate sources etc. from the download page.

Release Notes – Maven Wagon – Version 3.4.1

• Bugs:

  • WAGON-591 – Transfer event is not restarted when request is redirected
  • WAGON-592 – Wagon fails when compiled on Java 9+ and run on Java 8 due to JDK API breakage
  • WAGON-594 – http.route.default-proxy config property never passes protocol and port of proxy server

• Improvements:

  • WAGON-595 – Add configuration property ‘http.protocol.handle-content-compression’
  • WAGON-596 – Add configuration property ‘http.protocol.handle-uri-normalization’

• Task:

  • WAGON-593 – Remove non-existent cache header

Enjoy,

• The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Assembly Plugin, version 3.3.0.

The Assembly Plugin for Maven is primarily intended to allow users to aggregate the project output along with its dependencies, modules, site documentation, and other files into a single distributable archive.

You can download the appropriate sources etc. from the download page.

You should specify the version in your project’s plugin configuration:

1
2
3
4
5

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-assembly-plugin</artifactId>
  <version>3.3.0</version>
</plugin>

Release Notes – Maven Assembly Plugin – Version 3.3.0

• Bugs:

  • MASSEMBLY-879 – useDefaultExcludes has no effect in dependencySet/unpack
  • MASSEMBLY-920 – ContainerDescriptorHandler for MetaInf-Services breaks folder structure
  • MASSEMBLY-932 – resource filtering skipped for resources in the current project

• New Features:

  • MASSEMBLY-922 – allow to override UID/GID and user name and group name for files stored in TAR (and other formats that store UID/GID)
  • MASSEMBLY-927 – Support for properties mapping on executions of maven-assembly-plugin
  • MASSEMBLY-934 – Support concatenation of files

• Improvements:

  • MASSEMBLY-765 – add property groupIdPath
  • MASSEMBLY-849 – Add nonFilteredFileExtensions to avoid filtering of binary files
  • MASSEMBLY-933 – make build Reproducible

• Dependency upgrade:

  • MASSEMBLY-924 – Upgrade commons-compress to 1.19

Enjoy,

-The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Resolver, version 1.4.2

Apache Maven Artifact Resolver is a library for working with artifact repositories and dependency resolution.

Maven Artifact Resolver deals with the specification of local repository, remote repository, developer workspaces, artifact transports and artifact resolution.

It is expected to be extended by concrete repository implementation, like Maven Artifact Resolver Provider for Maven repositories or any other provider for other repository formats.

You can download the appropriate sources etc. from the download page.

Release Notes – Maven Resolver – Version Maven Artifact Resolver 1.4.2

• Bug:

  • MRESOLVER-38 – SOE/OOME in DefaultDependencyNode.accept

• Improvements:

  • MRESOLVER-93 – PathRecordingDependencyVisitor to handle 3 cycles
  • MRESOLVER-102 – make build Reproducible

Enjoy,

• The Apache Maven team

The Apache Maven team is pleased to announce the release of Apache Maven Wagon 3.4.0.

Apache Maven Wagon is a transport abstraction that is used in Mavens artifact and repository handling code.

You can download the appropriate sources etc. from the download page.

Release Notes – Maven Wagon – Version 3.4.0

• Bugs:

  • WAGON-568 – Fail to deploy on Sonatype OSS since Maven 3.5.4
  • WAGON-573 – EntityUtils.consumeQuietly() never called on non-2xx status codes
  • WAGON-576 – Retry handler docs are possibly wrong
  • WAGON-582 – HttpMethodConfiguration#copy() performs a shallow copy only

• Improvements:

  • WAGON-570 – Use RedirectStrategy from HttpClient rather than a custom approach
  • WAGON-580 – Improve and unify exception messages by status code types throughout HTTP providers
  • WAGON-585 – maven.wagon.http.ssl features documentation is incomplete
  • WAGON-586 – make build Reproducible
  • WAGON-588 – Handle 404 and 410 consistently in HTTP-based Wagon providers

• Task:

  • WAGON-579 – Handle SC_UNAUTHORIZED and SC_PROXY_AUTHENTICATION_REQUIRED in all methods

• Dependency upgrades:

  • WAGON-577 – Upgrade HttpCore to 4.4.13
  • WAGON-578 – Upgrade HttpClient to 4.5.11
  • WAGON-581 – Upgrade HttpClient to 4.5.12
  • WAGON-589 – Upgrade Maven Shade Plugin to 3.2.3

Enjoy,

• The Apache Maven team

The Apache Maven team is pleased to announce the release of the Apache Maven Fluido Skin Version 1.9.

The Apache Maven Fluido Skin is an Apache Maven site skin built on top of Twitter’s Bootstrap 2.3.2.

Please be aware of the new location of our issue tracker which has been moved from Codehaus to Apache Software Foundation

1
2
3
4
5

<skin>
  <groupId>org.apache.maven.skins</groupId>
  <artifactId>maven-fluido-skin</artifactId>
  <version>1.9</version>
</skin>

Release Notes – Apache Maven Fluido Skin – Version 1.9

• Sub-task:

  • MSKINS-105 – Provide alt text for all images

• Bug:

  • MSKINS-157 – Fluido 1.8 has garbled footer

• Improvements:

  • MSKINS-160 – Broken links to JIRA
  • MSKINS-161 – Upgrade Facebook Like button integration
  • MSKINS-162 – Add GitHub Action to confirm PR build

• Task:

  • MSKINS-102 – Make Fluido-generated pages pass W3 HTML5 Validation Service

• Dependency upgrades:

  • MSKINS-163 – Upgrade to parent POM 34
  • MSKINS-164 – Upgrade to Maven Invoker Plugin 3.2.1

Enjoy,

-The Apache Maven team