Releases: apache/maven-gpg-plugin
Releases · apache/maven-gpg-plugin
3.2.7
Fixes a lingering issue affecting whole 3.2.x lineage, that resulted in "bad passphrase" on Windows OS with GPG signer (see MGPG-136 for details).
What's Changed
- [MGPG-136] Windows passphrase corruption by @cstamas in #120
- Bump com.kohlschutter.junixsocket:junixsocket-core from 2.10.0 to 2.10.1 by @dependabot in #121
- Bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in #119
Full Changelog: maven-gpg-plugin-3.2.6...maven-gpg-plugin-3.2.7
Contributors
cstamas and dependabot
Assets 2
3.2.6
Release Notes - Maven GPG Plugin - Version 3.2.6
Improvement
- [MGPG-135] - Support Overriding / Enhance the signer in AbstractGpgMojo
- [MGPG-138] - Drop use of plexus-cipher and sec dispatcher, use proper API
- [MGPG-141] - Move off deprecated classes
Dependency upgrade
- [MGPG-139] - (build) Bump org.apache.maven.plugins:maven-invoker-plugin from 3.7.0 to 3.8.0
- [MGPG-140] - Update to Maven 3.9.9
- [MGPG-142] - Move to plexus-utils 4.0.1 and plexus-xml 3.0.1
What's Changed
- [MGPG-135] Support Overriding / Enhance the signer in AbstractGpgMojo by @laeubi in #112
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.7.0 to 3.8.0 by @dependabot in #114
- [MGPG-140] Update Maven to 3.9.9 by @cstamas in #116
- [MGPG-138] Drop direct use of plexus-cipher and secdispatcher by @cstamas in #115
- [MGPG-141] Remove use of deprecated classes by @cstamas in #117
- Add FAQ for "no pinentry" issue by @cstamas in #118
New Contributors
Full Changelog: maven-gpg-plugin-3.2.5...maven-gpg-plugin-3.2.6
Contributors
cstamas, laeubi, and dependabot
Assets 2
3.2.5
Release Notes - Maven GPG Plugin - Version 3.2.5
Sub-task
- [MGPG-130] - Update sigstore extension to ".sigstore.json"
Dependency upgrade
- [MGPG-127] - Bump bouncycastleVersion from 1.78 to 1.78.1
- [MGPG-128] - Update to parent POM 42, prerequisite 3.6.3
- [MGPG-131] - (build) Bump org.apache.maven.plugins:maven-plugins from 42 to 43
- [MGPG-132] - Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0
- [MGPG-133] - (build) Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2
- [MGPG-134] - (build) Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
- [MGPG-134] - Update maven-invoker (#110) @cstamas
- [MGPG-130] - Update sigstore extension to ".sigstore.json" (#109) @loosebazooka
- [MGPG-128] - Parent POM 42, prerequisite 3.6.3 (#100) @cstamas
📦 Dependency updates
- Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2 (#105) @dependabot
- Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0 (#107) @dependabot
- Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108) @dependabot
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#103) @dependabot
- Bump bouncycastleVersion from 1.78 to 1.78.1 (#98) @dependabot
Contributors
cstamas, loosebazooka, and dependabot
Assets 2
3.2.4
Release Notes - Maven GPG Plugin - Version 3.2.4
Bug
- [MGPG-125] - Due to default value of gpg.passphraseServerId, bestPractices=true will always fail
Dependency upgrade
- [MGPG-126] - Commons IO 2.16.1 (test dependency)
- [MGPG-125] - Fix "bestPractices" (#95) @cstamas
📦 Dependency updates
- Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94) @dependabot
Contributors
cstamas and dependabot
Assets 2
3.2.3
Release Notes - Maven GPG Plugin - Version 3.2.3
Bug
- [MGPG-121] - Signing fails with 3.2.2: "/Users/stevenobelia/.settings-security.xml (No such file or directory)"
New Feature
- [MGPG-120] - Add new mojo: sign-deployed
Improvement
Dependency upgrade
- [MGPG-118] - Update to Commons IO 2.16.0
- [MGPG-122] - Update build dependency m-invoker-p to 3.6.1
- [MGPG-123] - Update to Bouncycastle 1.78
- [MGPG-124] - Update to junixsocket 2.9.1
- [MGPG-123][MGPG-124] - Dependency upgrades (#93) @cstamas
- [MGPG-120] - New mojo sign-deployed (#88) @cstamas
- [MGPG-121] - Return the workaround for pseudo security (#90) @cstamas
- [MGPG-117] - Improve passphrase handling (#86) @cstamas
- [MGPG-116] - Up max key file size to 64K (#85) @cstamas
📦 Dependency updates
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3.6.1 (#89) @dependabot
- Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#87) @dependabot
Contributors
cstamas and dependabot
Assets 2
3.2.2
Release Notes - Maven GPG Plugin - Version 3.2.2
Bug
- [MGPG-113] - Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
Improvement
- [MGPG-114] - BC Allow key size greater than 5KB from file
- [MGPG-115] - Show more information about key used to sign
What's Changed
- [MGPG-113] SignAndDeployFileMojo results in 401 by @cstamas in #82
- [MGPG-114] Allow max key size of 16KB by @cstamas in #83
- [MGPG-115] Show more info about key used to sign by @cstamas in #84
Full Changelog: maven-gpg-plugin-3.2.1...maven-gpg-plugin-3.2.2
Contributors
cstamas
Assets 2
3.2.1
Release Notes - Maven GPG Plugin - Version 3.2.1
Bug
- [MGPG-112] - Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"
Dependency upgrade
- [MGPG-111] - Clean up dependency declarations
What's Changed
- [MGPG-112] serverId def value was unintentionally dropped by @cstamas in #80
- [MGPG-111] Fix dependencies by @cstamas in #81
Full Changelog: maven-gpg-plugin-3.2.0...maven-gpg-plugin-3.2.1
Contributors
cstamas
Assets 2
3.2.0
Release Notes - Maven GPG Plugin - Version 3.2.0
Bug
- [MGPG-85] - Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
- [MGPG-98] - non-reproducible pom.xml
- [MGPG-99] - Passcode byte array provided to gpg executable on stdin is not terminated
- [MGPG-100] - Fix Temporary File Information Disclosure Vulnerability
New Feature
- [MGPG-106] - Introduce second signer implementation based on Bouncy Castle
Improvement
- [MGPG-101] - Switch to Junit5
- [MGPG-102] - Drop maven-artifact-transfer used by sign-and-deploy-file
- [MGPG-105] - Stop propagating bad practices; but allow for "compat mode"
- [MGPG-110] - The sign-and-deploy-file mojo POM validation is off
Task
- [MGPG-103] - Fix Windows CI
- [MGPG-107] - Settle on JUnit 5 assertions
- [MGPG-108] - Update plugin site doco
Dependency upgrade
- [MGPG-104] - Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5
What's Changed
- javadoc nits by @elharo in #51
- [MNG-6829] Replace StringUtils#isEmpty(String) and #isNotEmpty(String) by @timtebeek in #50
- Bump plexus-utils from 3.4.2 to 3.5.1 by @dependabot in #39
- [MGPG-101] Switch to JUnit 5 by @slachiewicz in #52
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 by @dependabot in #53
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.0 by @dependabot in #57
- Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 by @dependabot in #55
- Bump org.apache.maven.plugins:maven-plugins from 39 to 41 by @dependabot in #56
- Bump org.assertj:assertj-core from 3.24.2 to 3.25.2 by @dependabot in #62
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 by @dependabot in #63
- [MGPG-103] Fix Windows CI by @cstamas in #67
- [MGPG-104] Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5 by @cstamas in #68
- [MGPG-102] Drop MAT used in sign-and-deploy-file by @cstamas in #69
- [MGPG-107] Settle on JUnit 5 by @cstamas in #70
- [MGPG-105] Stop propagating bad practices by @cstamas in #71
- [MGPG-106] Introduce new signer: BC by @cstamas in #72
- Bump apache/maven-gh-actions-shared from 3 to 4 by @dependabot in #75
- [MGPG-105] Make possible backward compatibility by @cstamas in #74
- [MGPG-99] Make sure newline is added to input stream by @cstamas in #76
- [MGPG-110] SignAndDeployFileMojo validation is off by @cstamas in #78
- [MGPG-105] [MGPG-108] Make plugin backward compat and update site and doco by @cstamas in #77
New Contributors
- @timtebeek made their first contribution in #50
- @cstamas made their first contribution in #67
Full Changelog: maven-gpg-plugin-3.1.0...maven-gpg-plugin-3.2.0
Contributors
cstamas, elharo, and 3 other contributors