File _patchinfo of Package patchinfo.36164
<patchinfo incident="36164">
<packager>fstrba</packager>
<rating>moderate</rating>
<category>recommended</category>
<summary>Recommended update for mojo-parent</summary>
<description>This update for mojo-parent fixes the following issues:
xalan-j2 was updated from version 2.7.2 to 2.7.3:
- Security issues fixed:
* CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets (bsc#1201684)
- Changes and Bugs fixed:
* Java 8 is now the minimum requirement
* Upgraded to Apache Commons BCEL 6.7.0
* Upgraded to Xerces-J 2.12.2
mojo-parent was updated from version 70 to 82:
- Main changes:
* Potentially Breaking Changes:
+ mojo.java.target should be set as "8", without "1."
+ spotless plugin must be executed by JDK 11 at least
+ ossrh-snapshots repository was removed from parent
* New features and improvements:
+ Removed SHA-512 checksum for source release artifact
+ Use only project version as tag for release
+ Added space before close empty elements in poms by spotless
+ Using Checkstyle together with Spotless
+ Introduce spotless for automatic code formatting
+ Introduce enforcer rule for minimal version of Java and Maven
+ Use new Plugin Tools report - maven-plugin-report-plugin
+ Added sisu-maven-plugin
+ Introduced maven.version property
+ Execute spotless by JDK 11 at least
+ Use release options for m-compiler-p with newer JDKs
+ Allow override of invoker.streamLogsOnFailures
+ Require Maven 3.9.x at least for releases
+ Added maven-wrapper-plugin to pluginManagement
+ Removed ossrh-snapshots repository from MojoHaus parent
+ Added build-helper-maven-plugin to pluginManagement
+ Require Maven 3.6.3+
+ Updated palantirJavaFormat for spotless - JDK 21 compatible
+ Added dependencyManagement for maven-shade-plugin
+ Dropped recommendedJavaBuildVersion property
+ Format Markdown files with Spotless Plugin
* Bugs fixed:
+ Restore source release distribution in child projects
+ Rename property maven.version to mavenVersion
+ minimalMavenBuildVersion should not be overriding by
mavenVersion
+ Use simple checkstyle rules since spotless is executed by
default
+ Use old spotless version only for JDK < 11
+ Fixed spotless configuration for markdown
- Other changes:
* Removed Google search box due to privacy
* Put version for mrm-maven-plugin in property
* Added streamLogsOnFailures to m-invoker-p
* Added property for maven-fluido-skin version
* Setup Apache Matomo analytics
* Require Maven 3.2.5
* Added SHA-512 hashes
* Extract plugin version as variable so child pom can override if needed
* Removed issue-tracking as no longer exists
* Removed cim report as no longer exists
bcel was updated from version 5.2 to 6.10:
- Many APIs have been extended
- Added riscv64 support
- Various bugs were fixed
apache-commons-lang3 was updated to version 3.12.0 to 3.16.0:
- Included new APIs that are needed by bcel 6.x
- Various minor bugs were fixed
xerces-j2:
- Improved RPM packaging build instructions
netty3:
- Generate sources with protobuf instead of using pre-generated ones
</description>
</patchinfo>
