Releases: apache/maven
Release list
3.10.0-rc-1
💥 Breaking changes
- Remove release-profile from super POM (#11999) @slawekjaranowski
- Remove deprecated plugin management from super POM (#11986) @slawekjaranowski
🚀 New features and improvements
- Feat: Align Maven 3.10.x and 4.0.x (#12442) @cstamas
- Feat: Align CP ordering with Maven 4 (#12327) @cstamas
- Feat: Apply latest Resolver 2.0.19 changes (#12246) @cstamas
- Feat: Maven 3.10.x super POM (#12032) @cstamas
- In failed build limit reactor summary to only failed modules (#11977) @slawekjaranowski
- Add time zone to Maven startup banner (#11972) @slawekjaranowski
- Feat: Version range filters plus (#11955) @cstamas
- Feat: Ability to disable site lifecycle (#11970) @cstamas
- Optimize log level rendering in MavenSimpleLogger (#11969) @slawekjaranowski
- Feat: Resolver 2.x update policy control via CLI (#11948) @cstamas
- Promote java version in JavaToolchain (#11968) @slawekjaranowski
- Feat: Transitive dep manager (#11939) @cstamas
- 3.10.x Upgrade slf4j to 2.0.17 (#11880) @olamy
- Do not force md download always (#11908) @cstamas
- Feat: user relocations backport (#11937) @cstamas
- Feat: Version range filtering (#11936) @cstamas
- Promote
project.rootDirectoryfor interpolation and profile activation (#11930) @slawekjaranowski - Feat: new artifact handler: fatjar (#11928) @cstamas
- Feat: migrate core to JSR330 (#11916) @cstamas
- Migrate from JAnsi to JLine, introduce MessageBuilderFactory (#11874) @slawekjaranowski
- Feat: Promote session.topDirectory and session.rootDirectory (#11779) @cstamas
- Feat: Maven 3.x with Resolver 2.x (#11778) @cstamas
- Feat: Generalize Maven 3.x extension handling (#11777) @cstamas
🐛 Bug Fixes
- [#12288] Backport: settings.xml activeByDefault profile props to LRM (#12333) @ascheman
- Fix illegal reflective access warning on JDK 11 (fixes #12167) (#12339) @gnodet
- Issue #12188 redirection of log output to a file does not redirect everything (#12189) @olamy
- Update binary distribution LICENSE with complete Apache License 2.0 text (#12063) @slawekjaranowski
- Bug: RSS was seeded but not exposed (#12033) @cstamas
- Export scope package from resolver-api 2.x (#12023) @slawekjaranowski
- Ensure
MavenProject#getPluginManagementnever returns null (#12010) @slawekjaranowski - Remove redundant required attributes from Settings model (#12005) @slawekjaranowski
- Remove redundant required attributes from Maven model (#11985) @slawekjaranowski
- Bug: Settings interpolation and strict parsing (#11776) @cstamas
- Trim
threadConfigurationto accept input surrounded with spaces (#11851) @pzygielo
📝 Documentation updates
- Add AGENTS.md + SECURITY.md security-model pointer for scanner discoverability (#12444) @potiuk
- document default plugin versions (#12382) @hboutemy
- Maven 3.10.x site (#12370) @cstamas
- [[ISSUE-10329] - ](https://issues.apache.org/jira/browse/ISSUE-10329) - Document behaviour of UrlNormalizer (backport) (#12294) @gnodet
- Update Maven deps diagram for maven-jline (#12068) @Will-thom
- document the only supported value: 4.0.0 (#11859) @slawekjaranowski
👻 Maintenance
- push-to-atr profile for source+binaries in apache-maven subproject (#12450) @hboutemy
- Add AGENTS.md + SECURITY.md security-model pointer for scanner discoverability (#12444) @potiuk
- Remove deprecated methods use (#12328) @cstamas
- Make def session builder have interface (#11967) @cstamas
- Feat: Add Automatic Module Names to Maven JAR Manifests (#11921) @cstamas
- Configure CI for 3.10.x branch (#11834) @slawekjaranowski
📦 Dependency updates
- Bump resolverVersion from 2.0.20-SNAPSHOT to 2.0.20 (#12426) @dependabot[bot]
- Bump jlineVersion from 3.30.14 to 3.30.15 (#12409) @dependabot[bot]
- Bump jlineVersion from 3.30.13 to 3.30.14 (#12400) @dependabot[bot]
- Bump org.apache.maven:maven-parent from 48 to 49 (#12399) @dependabot[bot]
- Bump actions/cache from 5.0.5 to 6.1.0 (#12362) @dependabot[bot]
- Bump actions/setup-java from 5.3.0 to 5.4.0 (#12374) @dependabot[bot]
- Bump version.sisu-maven-plugin from 1.0.0 to 1.0.1 (#12366) @dependabot[bot]
- Bump actions/checkout from 6.0.3 to 7.0.0 (#12321) @dependabot[bot]
- Bump actions/setup-java from 5.2.0 to 5.3.0 (#12283) @dependabot[bot]
- Bump xmlunitVersion from 2.11.0 to 2.12.0 (#12198) @dependabot[bot]
- Bump actions/checkout from 6.0.2 to 6.0.3 (#12212) @dependabot[bot]
- Bump org.ow2.asm:asm from 9.10 to 9.10.1 (#12153) @dependabot[bot]
- Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 (#12127) @dependabot[bot]
- Bump org.ow2.asm:asm from 9.9.1 to 9.10 (#12060) @dependabot[bot]
- Deps: Resolver 2.0.18 and drop unused stuff (#12036) @cstamas
- Bump resolverVersion from 2.0.17 to 2.0.18 (#12104) @dependabot[bot]
- Deps: Bump Slf4j to 2.0.18 (#12048) @cstamas
- Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12041) @dependabot[bot]
- [3.10.x] Bump to parent POM 48 (#12025) @cstamas
- Bump jlineVersion from 3.30.12 to 3.30.13 (#12013) @dependabot[bot]
- Bump jlineVersion from 3.30.11 to 3.30.12 (#12003) @dependabot[bot]
- Bump resolverVersion from 2.0.17-SNAPSHOT to 2.0.17 (#12008) @dependabot[bot]
- Bump jlineVersion from 3.30.9 to 3.30.11 (#11996) @dependabot[bot]
- Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11982) @dependabot[bot]
- Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11964) @dependabot[bot]
- Bump org.codehaus.modello:modello-maven-plugin from 2.6.0 to 2.7.0 (#11935) @dependabot[bot]
- Bump actions/cache from 5.0.4 to 5.0.5 ([#11946](https://gi...
3.9.16
🐛 Bug Fixes
- Trim
threadConfigurationto accept input surrounded with spaces (#12042) @slawekjaranowski - Backport: Maven 3.10.x fixed plugin resolution (#12022) @cstamas
📦 Dependency updates
- Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039) @dependabot[bot]
- [3.9.x] Bump to parent POM 48 (#12024) @cstamas
- Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980) @dependabot[bot]
- Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951) @dependabot[bot]
- Bump actions/cache from 5.0.4 to 5.0.5 (#11943) @dependabot[bot]
3.9.15
📝 Documentation updates
- Use new Maven logos in documentation (#11938) @slawekjaranowski
- document modelVersion only supported value: 4.0.0 (#11809) @hboutemy
📦 Dependency updates
- Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#11932) @dependabot[bot]
- Bump org.codehaus.plexus:plexus-utils from 3.6.0 to 3.6.1 (#11876) @dependabot[bot]
- Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#11865) @dependabot[bot]
- Bump actions/cache from 5.0.3 to 5.0.4 (#11813) @dependabot[bot]
- Bump actions/download-artifact from 8.0.0 to 8.0.1 (#11790) @dependabot[bot]
3.9.14
🐛 Bug Fixes
- plexus-testing dependencies should be use in test scope (#11761) @slawekjaranowski
📦 Dependency updates
- Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#11747) @dependabot[bot]
- Bump actions/download-artifact from 7.0.0 to 8.0.0 (#11748) @dependabot[bot]
3.9.13
🐛 Bug Fixes
- Bug: SecDispatcher is managed by legacy Plexus DI (#11711) @cstamas
- [3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well (#11577) @cstamas
👻 Maintenance
- Update Maven plugin versions in default-bindings.xml (#11721) @slachiewicz
- Migrate to JUnit 5 - avoid using TestCase (#11547) @slawekjaranowski
📦 Dependency updates
- Maven Resolver 1.9.27 (#11732) @cstamas
- Bump resolverVersion from 1.9.25 to 1.9.26 (#11725) @dependabot[bot]
- Update Maven plugin versions in default-bindings.xml (#11721) @slachiewicz
- Bump version.sisu-maven-plugin from 0.9.0.M4 to 1.0.0 (#11706) @dependabot[bot]
- Bump actions/cache from 5.0.2 to 5.0.3 (#11688) @dependabot[bot]
- Bump org.apache.maven:maven-parent from 45 to 47 (#11647) @dependabot[bot]
- Bump actions/checkout from 6.0.1 to 6.0.2 (#11666) @dependabot[bot]
- Bump actions/setup-java from 5.1.0 to 5.2.0 (#11667) @dependabot[bot]
- Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#11658) @dependabot[bot]
- Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.1 to 3.3.0 (#11657) @dependabot[bot]
- Bump actions/cache from 5.0.1 to 5.0.2 (#11659) @dependabot[bot]
- Bump org.codehaus.plexus:plexus-testing from 2.0.2 to 2.1.0 (#11620) @dependabot[bot]
- Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#11585) @slachiewicz
- Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#11557) @dependabot[bot]
- Bump actions/download-artifact from 6.0.0 to 7.0.0 (#11556) @dependabot[bot]
- Bump actions/cache from 5.0.0 to 5.0.1 (#11558) @dependabot[bot]
3.9.12
🚀 New features and improvements
- [3.9.x] Apply resolver changes and improvements (#11536) @cstamas
- Update formatting of prerequisites-requirements error to improve readability (#11523) @slawekjaranowski
- Allow a Maven plugin to require a Java version (#11479) @slawekjaranowski
- Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem (#11358) @slawekjaranowski
- Make maven.config use UTF8 (#11264) @cstamas
- Simplify prefix resolution (#11197) @slawekjaranowski
🐛 Bug Fixes
- Add default implementation for new method in MavenPluginManager (#11522) @slawekjaranowski
- Repository layout should be used in MavenRepositorySystem (#11495) @slawekjaranowski
- Fix plugin prefix resolution when metadata is not available from repository (#11290) @slawekjaranowski
- Improve source root modification warning message (#11105) @gnodet
- Bug: bad cache isolation between two sessions (#11082) @cstamas
- Set Guice class loading to CHILD - avoid using terminally deprecated methods (#11003) @slawekjaranowski
- Avoid parsing MAVEN_OPTS (3.9.x) (#10969) @BobVul
📝 Documentation updates
- clarify repository vs deployment repository (#11492) @hboutemy
- add maintained branches (#11448) @hboutemy
👻 Maintenance
- Add IntelliJ icon (#11408) @Bukama
- Build by JDK 25 (#11187) @slawekjaranowski
- Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x (#11096) @slawekjaranowski
🔧 Build
- Bump actions/download-artifact from 5.0.0 to 6.0.0 (#11335) @dependabot[bot]
- Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#11336) @dependabot[bot]
📦 Dependency updates
- Bump actions/cache from 4.3.0 to 5.0.0 (#11542) @dependabot[bot]
- Bump resolverVersion from 1.9.24 to 1.9.25 (#11533) @dependabot[bot]
- Bump actions/checkout from 6.0.0 to 6.0.1 (#11512) @dependabot[bot]
- Bump actions/setup-java from 5.0.0 to 5.1.0 (#11519) @dependabot[bot]
- Bump actions/checkout from 5.0.1 to 6.0.0 (#11476) @dependabot[bot]
- Bump actions/checkout from 5.0.0 to 5.0.1 (#11458) @dependabot[bot]
- Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 (#11438) @dependabot[bot]
- Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#11416) @dependabot[bot]
- Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#11417) @dependabot[bot]
- Bump xmlunitVersion from 2.10.4 to 2.11.0 (#11331) @dependabot[bot]
- Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 (#11231) @dependabot[bot]
- Bump org.ow2.asm:asm from 9.8 to 9.9 (#11203) @dependabot[bot]
- Bump actions/cache from 4.2.4 to 4.3.0 (#11172) @dependabot[bot]
- Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre (#11143) @dependabot[bot]
- Bump xmlunitVersion from 2.10.3 to 2.10.4 (#11121) @dependabot[bot]
- Bump actions/cache from 4.2.3 to 4.2.4 (#11032) @dependabot[bot]
- Bump commons-cli:commons-cli from 1.9.0 to 1.10.0 (#11018) @dependabot[bot]
- Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#10966) @dependabot[bot]
4.0.0-rc-5
Notes
This new release candidate of Maven 4 is released to get feedback from users.
Maven 4 has a restrained a few things comparent to Maven 3, so make sure to run the mvnup tool before trying to project with Maven 4.
Bean configuration bug
A bug has been found in the bean configuration system where field accessibility state is cached globally. This can cause plugin configuration injection to fail when the same configuration field is accessed multiple times or in different contexts during a build. This particularly affects the plugin unit tests.
This will be fixed by #11433 in the next release.
Concurrency issue in the v4 API
A concurrency issue has been found in the Maven 4 API (still in preview mode) and will be fixed by #11428 in the next release.
BOM packaging
Another bug has been found in how BOM projects are processed. When a project uses BOM packaging, the consumer POM is not being properly converted to standard POM packaging, and dependency versions could be lost in some cases.
This will be fixed by #11427 in the next release.
macOS: JLine native library may be blocked by Gatekeeper on first use
On macOS (especially Apple Silicon), the first invocation of mvn may fail to load the JLine native terminal library with an error such as:
java.lang.UnsatisfiedLinkError: .../libjline-native/Mac/arm64/libjlinenative.jnilib: dlopen(...): code signature ... not valid for use in process: library load disallowed by system policy
This occurs when the binary distribution is downloaded via a web browser, which applies the com.apple.quarantine extended attribute.
Workaround (one-time fix):
xattr -r -d com.apple.quarantine /path/to/apache-maven-4.0.0-rc-5/lib/jline-nativeRecommended download method (avoids the issue entirely):
curl -L -O https://archive.apache.org/dist/maven/maven-4/4.0.0-rc-5/binaries/apache-maven-4.0.0-rc-5-bin.tar.gz
tar -xzf apache-maven-4.0.0-rc-5-bin.tar.gzThis is a known issue #10747 and will be addressed in a future release.
💥 Breaking changes
🚀 New features and improvements
- Disable consumer POM flattening by default and add an opt-in feature (#11347) (#11370) @gnodet
- Make config files use UTF8 (#11263) (#11265) @cstamas
- Simplify prefix resolution (#11072) (#11073) @cstamas
- Add PathMatcherFactory.includesAll() (#11008) @desruisseaux
- Add skipMavenRc to ExecutorRequest and use it in ITs (#10944) @slawekjaranowski
- Add PathMatcherFactory service with directory filtering optimization (#10923) (#10926) @gnodet
- Allow configurable repository selection for version range resolution (backport) (#10890) @cstamas
- Switch resolver to use rwlock-local locks (#2546) (#2555) @gnodet
🐛 Bug Fixes
- Fix resource targetPath resolution to be relative to output directory (fixes #11381) (#11394) (#11406) @gnodet
- Fix MavenStaxReader location reporting for properties (#11402) (#11404) @gnodet
- Fix false parent cycle detection with flatten-maven-plugin (#11400) @gnodet
- Resolve property before model reflection to avoid recursion (#11385, fixes #11384) (#11390) @gnodet
- Explicitly register jdk ToolchainFactory for Maven 3 plugins (#11318) (#11369) @gnodet
- Fix -itr option not honored (#11359) (#11361) @gnodet
- Do not include invalid transitive repositories (#11357) (#11362) @gnodet
- Prevent infinite loop in RootLocator when .mvn directory exists in subdirectory (fixes #11321) (#11323) (#11350) @gnodet
- Fix [unknown project] messages in error output (#11324) (#11349) @gnodet
- Restore compatibility in maven-embedder (#11320) (#11340) @gnodet
- Add backward compatibility dependencies to maven-compat (#11301) (#11339) @gnodet
- Relative are resolved against the wrong directory (#11325) @desruisseaux
- Bug: when raw-streams are used, ensure system streams are set up (#11303) (#11310) @cstamas
- Fix plugin prefix resolution when metadata is not available from repository (#11287) (#11288) @gnodet
- Maven model 4.1.0 should not allow non-pom packaging for aggregators (#11279) (#11285) @gnodet
- Fix exception caused by duplicate dependencies in consumer pom (#11283) (#11286) @gnodet
- Remove use of toRealPath (#11250) (#11257) @cstamas
- Bugfix: fix CLI graceful death (#11239) (#11246) @cstamas
- Introduce RepositoryAwareRequest interface to consolidate repository handling (#11238) (#11244) @gnodet
- Fix repository ID interpolation in Maven 4 (#11224) (#11241) @gnodet
- Fix dependency groupId inference for Maven 4.1.0 model version (#11228) (#11240) @gnodet
- Consumer POM should keep only transitive dependencies, fixes #11162 (#11163) (#11235) @gnodet
- Fix StackOverflowError in parent POM resolution (backport #11106) (#11234) @gnodet
- Fix CI-friendly version processing with profile properties (fix #11196) (#11225) @gnodet
- Add phase upgrade support for Maven 4.1.0 model upgrades (#11226) @gnodet
- Fix GH-11199: Maven 4.0.0-rc-4 ignores defaultLogLevel (#11227) @gnodet
- Validate metaversions and detect extension conflicts (fixes #11181) (#11216) @cstamas
- Allow repository URL interpolation with improved validation (#11140) (#11210) @gnodet
- Improve mvn usage message (#11211) (#11213) @gnodet
- Enable the search for
module-info.classfile in theMETA-INF/versions/sub-directories of a JAR file. (#11153) (#11206) @gnodet - Fix #10939: DefaultModelXmlFactory: make location tracking opt-in—disabled by def… (#11092) @arturobernalg
- Fix #11000: fix help default text (#11099) @arturobernalg
- GH-10210: fix too eager decrypt of legacy passwords (#11138) (#11158) @cstamas
- #11055: Inject all services into mojos and enable easy real-session mojo testing (#11103) (#11139) @gnodet
- Fix ReactorReader to prefer consumer POMs over build POMs (#11107) (#11131) @gnodet
- model-builder: simplify subproject auto-discovery decision (#11124) (#11132) @gnodet
- Add missing equals and hashCode methods in modular Java path type. (#11130) @desruisseaux
- fix: include extension in equals/hashCode of DefaultArtifactCoordinates (#11101) @arturobernalg
- Fix #11127: enforce non-null keys for InputLocation lookups and document behavior (#11128) @gnodet
- Bug: bad cache isolation between two sessions (#11083) (#11085) @cstamas
- Fix targetPath parameter ignored in resource bundles (fixes #11062) (#11063) (#11080) @gnodet
- Maven Upgrade Tool: remove unused --force and --yes options (Fixes #11001) (#11066) (#11079) @gnodet
- Fix XMLReader#getURL and enable the unit test (#11069) (#11078) @gnodet
- [#11048] Fix race condition in MessageUtils (#11049) (#11077) @gnodet
- Uninterpolated repositories from parent POMs during model building (backport) (#11039) @cstamas
- Fix maven.mainClass property missing for external tools (#10998) (#11007) @gnodet
- Set Guice class loading to CHILD - avoid using terminally deprecated methods (#11002) @slawekjaranowski
- Avoid parsing MAVEN_OPTS (master/4.x) (#10970) (#10993) @gnodet
- Port the bug fixes identified when using that class in Maven clean and compiler plugin (#10935) ([#10936](https:...
3.9.11
🚀 New features and improvements
🐛 Bug Fixes
- Deduplicate filtered dependency graph (#2489) @alzimmermsft
- Move ensure in boundaries of project lock (#2470) @cstamas
👻 Maintenance
- [MNGSITE-393] - remove references to Maven 2 (#2438) @elharo
- Update CONTRIBUTING after GitHub issues enabled (#2449) @slawekjaranowski
- Enable Github Issues (3.9.x) (#2414) @Bukama
- [MNG-8763] - Remove name from site bannerLeft (#2419) @slawekjaranowski
🔧 Build
- Pin GitHub action versions by hash (#10898) @slawekjaranowski
- Build the project by JDK 21 as default (#10896) @slawekjaranowski
- Use Maven 3.9.10 for build on GitHub (#2452) @slawekjaranowski
📦 Dependency updates
- Bump resolverVersion from 1.9.23 to 1.9.24 (#2540) @dependabot[bot]
- Bump xmlunitVersion from 2.10.2 to 2.10.3 (#2500) @dependabot[bot]
- Bump org.apache.maven:maven-parent from 44 to 45 (#2491) @dependabot[bot]
- Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#2432) @dependabot[bot]
4.0.0-rc-4
Maven 4.0.0-rc-4 aims at being the last release candidate before Maven 4.0.0 GA. We'll focus on fixing critical bugs raised before GA.
Worth mentioning is the new upgrade tool which can be used to fix your pom.xml files and make them usable in Maven 4.
🚀 New features and improvements
- [MNG-8765] - Maven Upgrade Tool (#2407) @gnodet
- Maven4 "legacy" mode and more (#2380) @cstamas
- [MNG-8759] - Restore toString method in DefaultJavaToolchain (#2411) @slawekjaranowski
- [MNG-8572] - Support DI beans in build extensions (#2274) @gnodet
- [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding (#2294) @slawekjaranowski
🐛 Bug Fixes
- Deduplicate filtered dependency graph (#2493) @alzimmermsft
- User properties are not interpolated for paths (#2480) @cstamas
- Move project mutation inside project lock (#2474) @cstamas
- [MNG-8736] - Fix concurrency issue in model building with profile activation (#2378) @gnodet
- [MNG-8767] - Add suppressed exceptions to BatchRequestException in AbstractRequestCache (#2431) @gnodet
- [MNG-8746] - Preserve property insertion order in WrapperProperties (#2404) @gnodet
- [MNG-8764] - Sort injected lists by @priority annotation (#2425) @gnodet
- [MNG-8761] - Add Maven 3 MavenToolchainsXpp3Reader/Writer (#2412) @slawekjaranowski
- [MNG-8729] - Use correct
outputStreamdestination;requestinstead ofpathinDefaultPluginXmlFactory#write(#2312) @Pankraz76 - [MNG-8720] - Fix for symlinked project directory (#2289) @cstamas
- [MNG-8653] - Fix 'all' phase and add 'each' phase (#2191) @gnodet
- [MNG-5668] - Execute after:* phases when build fails (#2195) @gnodet
- [MNG-8629] - bugfix: If POM has parent and repository stanza, it is used un-interpolated (#2192) @cstamas
- [MNG-8645] - Fix dependency management section of consumer POM (#2183) @gnodet
- [MNG-8624] - Fix dependency not being set correctly for unsupported types (#2153) @gnodet
- Fix ITs referencing rc-3-SNAPSHOT (#2164) @gnodet
- [MNG-8620] - Fix links in SVG (#2152) @kwin
📝 Documentation updates
- [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors (#2341) @slawekjaranowski
👻 Maintenance
- Fix integration tests to use correct Maven version instead of hardcoded 2.1-SNAPSHOT (#2476) @gnodet
- Use local repository in tests (#2485) @slawekjaranowski
- Refactor WrapperProperties template to remove caching and simplify implementation (#2436) @gnodet
- Ban "plain" Guice; downgrade it to 5.1.0 (#2472) @cstamas
- Unfurl CLI (#2465) @cstamas
- Don't ignore SVG files (#2435) @elharo
- Update CONTRIBUTING after GitHub issues enabled (#2448) @slawekjaranowski
- Remove extra variable (#2398) @elharo
- Enable Github Issues (#2413) @Bukama
- [S1161] Add missing @OverRide to overriding and implementing methods (#2402) @Pankraz76
- use
try-with-resourcesstatement inLookupWagonMojo(#2426) @Pankraz76 - Add UT for cache in FilteredProjectDependencyGraphTest (#2394) @slawekjaranowski
- [MNG-8764] - centralize domain comparison logic
Binding#getPriorityComparator(#2428) @Pankraz76 - evolve
DisabledtoDisabledOnOs(WINDOWS)(#2423) @Pankraz76 - use
try-with-resourcesstatement inCatchMojo(#2424) @Pankraz76 - chore: resolve unused
Binding#getDisplayString(#2429) @Pankraz76 - Remove ignored method call (#2399) @elharo
- [MNG-8750] - Delete unused interface (#2388) @elharo
- chore: resolve false negative suppression
@SuppressWarnings("checkstyle:UnusedLocalVariable")(#2369) @Pankraz76 - [chore] Modernize codebase with Java improvements - Replace custom null checks with
Objects.requireNonNull(#2290) @Pankraz76 - Symbolic change (no issue) (#2383) @cstamas
- [MNG-8713] - SourceRoot.directory() default value should include the module when present (#2278) @desruisseaux
- [MNG-8727] - Prepare for Java 24 (#2328) @cstamas
- [MNG-8686] - Add
SourceRoot.matcher(boolean)method (#2236) @desruisseaux - Remove unused private methods (#2310) @Pankraz76
- Improve invoker test (#2308) @cstamas
- Pull #2282: Add project icon for
IntelliJ IDEA(#2283) @Pankraz76 - [MNG-8718] - Restore Maven 3 compat: ProjectBuilder is unusable for legacy code (#2285) @cstamas
- Test MavenITmng7587Jsr330 should be executed on every JDK (#2298) @slawekjaranowski
- [MNG-8719] - Restore Maven3 compat: model setInherited(boolean) (#2288) @cstamas
- [MNG-8614] - Maven Sisu in Maven 4 same as in Maven 3 (#2284) @cstamas
- [MNG-8712] - dependency version is a requirement, not effective (#2286) @hboutemy
- [MNG-8670] - Fix concurrent builder missing/wrong project events (#2251) @oehme
- [MNG-8674] - Deprecate mergeId in the Maven 3 model and remove it in the new model (#2233) @gnodet
- [MNG-8694] - Fix version interpolation and ternary operator (#2272) @kamilkrzywanski
- [MNGSITE-393] - Remove Maven 1 and 2 references (#2276) @elharo
- Remove unneeded toString and valueOf calls (#2230) @elharo
- Drop unused assembly exclude (#2266) @cstamas
- aether repository system isn't used (#2237) @elharo
- remove unused field (#2238) @elharo
- Cleanup extra semicolons (#2229) @elharo
- [MNG-8676] - Improve model builder error messages (#2257) @cstamas
- Avoid warning about unthrown exception (#2217) @elharo
- [MNG-8687] - Restore ability to run on JIMFS ([#2256](https://github.co...
3.9.10
Release Notes - Maven - Version 3.9.10
Bug
- [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
- [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
- [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
- [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
- [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
- [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
- [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
- [MNG-8396] - Maven takes forever to resume
- [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver
Improvement
- [MNG-8370] - Introduce maven.repo.local.head
- [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
- [MNG-8707] - Add methods to remove compile and test source roots
- [MNG-8712] - improve dependency version explanation: it's a requirement, not always effective version
- [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
- [MNG-8722] - Use a single standalone version of asm
- [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
- [MNG-8734] - Simplify scripting like "get project version" cases
Task
- [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI
Dependency upgrade
- [MNG-8289] - Update Plexus annotations to 2.2.0
- [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
- [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
- [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
- [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
- [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
- [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
- [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
- [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
- [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
- [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
- [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
- [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
- [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
- [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
- [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
- [MNG-8716] - Bump resolver to 1.9.23
- [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2
What's Changed
- [MNG-8211] Fail the build if CI Friendly revision used without value by @cstamas in #1656
- Add missing since by @cstamas in #1682
- [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @cstamas in #1724
- [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @fmarot in #1806
- [MNG-8289] Update Plexus Annotations to 2.2.0 by @dependabot in #1666
- [MNG-8370] Add maven.repo.local.head by @slawekjaranowski in #1915
- [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @dependabot in #1991
- [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @dependabot in #2013
- [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @dependabot in #1926
- [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @dependabot in #1699
- Add PR Automation action by @slawekjaranowski in #2113
- Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @dependabot in #2167
- Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @dependabot in #2168
- [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @dependabot in #2163
- Use Maven 3.9.9 for build maven-3.9.x branch by @slawekjaranowski in #2177
- [MNG-8248] Add enable-native-access to startup scripts by @slawekjaranowski in #2171
- [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @dependabot in #2185
- Use dedicated local repo for ITs on Jenkins by @slawekjaranowski in #2255
- [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @dependabot in #2240
- [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @dependabot in #2241
- [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @dependabot in #2258
- [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @dependabot in #2264
- [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @dependabot in #2270
- [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @dependabot in #1665
- [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @dependabot in #2280
- [MNG-8707] Add methods to remove compile and test source roots by @gnodet in #2275
- [MNG-8712] dependency version is a requirement, not effective by @hboutemy in #2279
- [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @slawekjaranowski in #2295
- [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @slawekjaranowski in #2296
- [MNG-8722] Use a single standalone version of asm by @slawekjaranowski in #2297
- [MNG-8716] Bump resolver to 1.9.23 by @slawekjaranowski in #2282
- [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @slawekjaranowski in #2343
- [MNG-8711] Fix concurrent cache acc...