Releases: apache/maven-gpg-plugin
Releases · apache/maven-gpg-plugin
3.2.4
Release Notes - Maven GPG Plugin - Version 3.2.4
Bug
- [MGPG-125] - Due to default value of gpg.passphraseServerId, bestPractices=true will always fail
Dependency upgrade
- [MGPG-126] - Commons IO 2.16.1 (test dependency)
- [MGPG-125] - Fix "bestPractices" (#95) @cstamas
📦 Dependency updates
- Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94) @dependabot
Contributors
cstamas and dependabot
Assets 2
3.2.3
Release Notes - Maven GPG Plugin - Version 3.2.3
Bug
- [MGPG-121] - Signing fails with 3.2.2: "/Users/stevenobelia/.settings-security.xml (No such file or directory)"
New Feature
- [MGPG-120] - Add new mojo: sign-deployed
Improvement
Dependency upgrade
- [MGPG-118] - Update to Commons IO 2.16.0
- [MGPG-122] - Update build dependency m-invoker-p to 3.6.1
- [MGPG-123] - Update to Bouncycastle 1.78
- [MGPG-124] - Update to junixsocket 2.9.1
- [MGPG-123][MGPG-124] - Dependency upgrades (#93) @cstamas
- [MGPG-120] - New mojo sign-deployed (#88) @cstamas
- [MGPG-121] - Return the workaround for pseudo security (#90) @cstamas
- [MGPG-117] - Improve passphrase handling (#86) @cstamas
- [MGPG-116] - Up max key file size to 64K (#85) @cstamas
📦 Dependency updates
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3.6.1 (#89) @dependabot
- Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#87) @dependabot
Contributors
cstamas and dependabot
Assets 2
3.2.2
Release Notes - Maven GPG Plugin - Version 3.2.2
Bug
- [MGPG-113] - Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
Improvement
- [MGPG-114] - BC Allow key size greater than 5KB from file
- [MGPG-115] - Show more information about key used to sign
What's Changed
- [MGPG-113] SignAndDeployFileMojo results in 401 by @cstamas in #82
- [MGPG-114] Allow max key size of 16KB by @cstamas in #83
- [MGPG-115] Show more info about key used to sign by @cstamas in #84
Full Changelog: maven-gpg-plugin-3.2.1...maven-gpg-plugin-3.2.2
Contributors
cstamas
Assets 2
3.2.1
Release Notes - Maven GPG Plugin - Version 3.2.1
Bug
- [MGPG-112] - Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"
Dependency upgrade
- [MGPG-111] - Clean up dependency declarations
What's Changed
- [MGPG-112] serverId def value was unintentionally dropped by @cstamas in #80
- [MGPG-111] Fix dependencies by @cstamas in #81
Full Changelog: maven-gpg-plugin-3.2.0...maven-gpg-plugin-3.2.1
Contributors
cstamas
Assets 2
3.2.0
Release Notes - Maven GPG Plugin - Version 3.2.0
Bug
- [MGPG-85] - Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
- [MGPG-98] - non-reproducible pom.xml
- [MGPG-99] - Passcode byte array provided to gpg executable on stdin is not terminated
- [MGPG-100] - Fix Temporary File Information Disclosure Vulnerability
New Feature
- [MGPG-106] - Introduce second signer implementation based on Bouncy Castle
Improvement
- [MGPG-101] - Switch to Junit5
- [MGPG-102] - Drop maven-artifact-transfer used by sign-and-deploy-file
- [MGPG-105] - Stop propagating bad practices; but allow for "compat mode"
- [MGPG-110] - The sign-and-deploy-file mojo POM validation is off
Task
- [MGPG-103] - Fix Windows CI
- [MGPG-107] - Settle on JUnit 5 assertions
- [MGPG-108] - Update plugin site doco
Dependency upgrade
- [MGPG-104] - Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5
What's Changed
- javadoc nits by @elharo in #51
- [MNG-6829] Replace StringUtils#isEmpty(String) and #isNotEmpty(String) by @timtebeek in #50
- Bump plexus-utils from 3.4.2 to 3.5.1 by @dependabot in #39
- [MGPG-101] Switch to JUnit 5 by @slachiewicz in #52
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 by @dependabot in #53
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.0 by @dependabot in #57
- Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 by @dependabot in #55
- Bump org.apache.maven.plugins:maven-plugins from 39 to 41 by @dependabot in #56
- Bump org.assertj:assertj-core from 3.24.2 to 3.25.2 by @dependabot in #62
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 by @dependabot in #63
- [MGPG-103] Fix Windows CI by @cstamas in #67
- [MGPG-104] Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5 by @cstamas in #68
- [MGPG-102] Drop MAT used in sign-and-deploy-file by @cstamas in #69
- [MGPG-107] Settle on JUnit 5 by @cstamas in #70
- [MGPG-105] Stop propagating bad practices by @cstamas in #71
- [MGPG-106] Introduce new signer: BC by @cstamas in #72
- Bump apache/maven-gh-actions-shared from 3 to 4 by @dependabot in #75
- [MGPG-105] Make possible backward compatibility by @cstamas in #74
- [MGPG-99] Make sure newline is added to input stream by @cstamas in #76
- [MGPG-110] SignAndDeployFileMojo validation is off by @cstamas in #78
- [MGPG-105] [MGPG-108] Make plugin backward compat and update site and doco by @cstamas in #77
New Contributors
- @timtebeek made their first contribution in #50
- @cstamas made their first contribution in #67
Full Changelog: maven-gpg-plugin-3.1.0...maven-gpg-plugin-3.2.0
Contributors
cstamas, elharo, and 3 other contributors