File _patchinfo of Package patchinfo.36971
<?xml version="1.0"?>
<patchinfo incident="36971">
<packager>fstrba</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Recommended update for Maven</summary>
<description>This update for Maven fixes the following issues:
maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1:
- Key changes across versions:
* Bug fixes and improved support of dynamic types
* Dependency upgrades (ASM, Maven core, and notably the removal of commons-io)
* Improved error handling by logging instead of failing
* Improved dependency usage tracking
maven-dependency-plugin was updated from version 3.6.0 to 3.8.1:
- Key changes across versions:
* Dependency upgrades on maven-dependency-analyzer and Doxia
* Deprecated dependency:sources in favor of dependency:resolve-sources
* Documentation improvements
* New dependency analysis goal to check for invalid exclusions
* New JSON output option for dependency:tree
* Performance improvements
* Several bug fixes addressing:
+ The handling of silent parameters
+ The display of the optional flag in the tree
+ The clarity of some error messages
maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0:
- Key changes across versions:
* New features:
+ Passing the input filename to the parser
+ Adding a timezone field to the site descriptor
+ Configuring parsers per markup
* Improvements:
+ Clarifying site descriptor properties
+ Requiring a skin if a site descriptor (site.xml) has been provided
+ Optimization of resource handling
+ Overhauled locale support
+ Refinined menu item display
+ Use of Maven Resolver for artifact resolution
+ Enhanced Velocity context population
+ Automating anchor creation
* Internal changes:
+ Migration from Plexus to Sisu
+ Upgraded to Java 8
+ Removal of deprecated components and features (such as Maven 1.x support, Google-related properties)
+ Simplified the site model
+ Improved the DocumentRenderer interface/DocumentRenderingContext class API
* Several bug fixes addressing:
+ The Plexus to Sisu migration
+ Decoration model injection
+ Anchor creation
+ XML character escaping
+ Handling of 0-byte site descriptors
maven-doxia was updated from version 1.12.0 to 2.0.0:
- Key changes across versions:
* Improved HTML5 Support:
+ Obsolete attributes and elements were removed
+ CSS styles are now used for styling
+ XHTML5 is now the default HTML implementation, and XHTML(4) is deprecated
* Improved Markdown Support:
+ A new Markdown sink allows converting content to Markdown.
+ Support for various Markdown features like blockquotes, footnotes, and metadata has been added
* General Improvements:
+ Dependencies were updated
+ Doxia was upgraded to Java 8
+ Logging and Doxia ID generation were streamlined
+ Migration from Plexus to Sisu
+ Removed deprecated modules and code
* Several bug fixes addressing:
+ HTML5 incorrect output such as tables, styling and missing or improperly handled attributes
+ Markdown formatting issues
+ Issues with plexus migration
+ Incorrect generation of unique IDs
+ Incorrect anchor generation for document titles
+ Ignored element classes
maven-invoker-plugin was updated from version 3.2.2 to 3.8.1:
- Key changes across versions:
* Commons-lang3 was removed
* Custom Maven executables, external POM files, and more CLI options are now supported
* Deprecated code was cleaned up
* Doxia was updated, improving HTML generation and adding Markdown support
* Groovy was updated, adding support for JDK 19
* Improved Reporting and Time Handling
* Enhanced syntax support for invoker properties and Maven options
* Java 8 is now the minimum supported version
* Maven 3.6.3 is now the minimum supported version
* Several dependencies were updated or removed
* Snapshot update behavior can be controlled
* Several bug fixes addressing issues with:
+ Dependency resolution
+ Environment variables
+ File handling
+ Report generation
+ Threading
maven-invoker was updated from version 3.1.0 to 3.3.0:
- Key changes across versions:
* Added several CLI options.
* Added support to disable snapshot updates.
* Added test for inherited environment
* Custom Maven executables
* Deprecated code was removed
* External POM files
* Fixed issues with builder IDs
* Improved timeout handling
* Java 8 is now a requirement
* Tests were migrated to JUnit 5
maven-javadoc-plugin was updated from version 3.6.0 to 3.11.1:
- Key changes across versions:
* Addressed test cleanup and inconsistent default value
* Automatic release detection for older JDKs
* Clarified documentation
* Dependency upgrades of org.codehaus.plexus:plexus-java and Doxia
* Deprecated the "old" parameter
* Improvements include handling of Java 12+ links, user settings with invoker, and default author value.
* Simplified integration tests.
* Upgraded maven-plugin parent
* Various bug fixes related to:
+ Toolchains issues
+ Empty JAR creation
+ JDK 10 compatibility
+ Reactor build failures
+ Unit test issues
+ Null pointer exception
+ Issues with skipped reports
+ Stale file detection
+ Log4j dependency dowload
+ Test repository creation
maven-parent was updated from version 40 to 43:
- Key changes across versions:
* Potentially breaking changes:
+ Removed dependency on `maven-plugin-annotations` to better support Maven 4 plugins
+ Removed `checkstyle.violation.ignore`
* Improved Java 21 support
* Empty Surefire and PMD reports are now skipped
* Disabled annotation processing by compiler
* Various code cleanup and project restructuring tasks
maven-plugin-tools was updated from version 3.13.0 to 3.15.1:
- Key changes across versions:
* Doxia and Velocity Engine upgrades
* New report-no-fork goal 'report-no-fork' which
will not invoke process-classes
* Deprecation of o.a.m.plugins.annotations.Component
* Improved Maven 3 and Maven 4 support
maven-reporting-api was updated from version 3.1.1 to 4.0.0:
- Key changes across versions:
* API: Allow MavenReportRenderer.render() and MavenReport.canGenerateReport() to throw exceptions
* Require locales to be non-null
* Improve the MavenReport interface and AbstractMavenReport class
* Removed unused default-report.xml file
maven-reporting-implementation was updated from version 3.2.0 to 4.0.0:
- Key changes across versions include:
* Addressed issues with duplicate calls to canGenerateReport()
* New features such markup output support, flexible section handling and verbatim source rendering
* Numerous improvements to skinning, rendering, parameter handling, timestamp population and logging
* Upgrade to Java 8
maven-surefire was updated from version 3.2.5 to 3.5.2:
- Key changes across versions include:
* Addressed issues with JUnit5 test reporting, serialization, classpath handling
and compatibility with newer JDKs.
* Refined handling of system properties, commons-io usage, parallel test execution
and report generation.
* Updated Doxia and commons-compress dependencies
* Improved documentation, including FAQ fixes
plexus-velocity was updated to version 2.1.0:
- Upgraded Velocity Engine to 2.3
- Moved to JUnit5
velocity-engine:
- New package velocity-engine-core implemented at version 2.4
</description>
<issue id="2020-13936" tracker="cve"/></patchinfo>
