Skip to content

Releases: apache/maven-gpg-plugin

3.2.7

27 Sep 14:05
Compare
Choose a tag to compare

Fixes a lingering issue affecting whole 3.2.x lineage, that resulted in "bad passphrase" on Windows OS with GPG signer (see MGPG-136 for details).

What's Changed

Full Changelog: maven-gpg-plugin-3.2.6...maven-gpg-plugin-3.2.7

3.2.6

14 Sep 15:37
Compare
Choose a tag to compare

Release Notes - Maven GPG Plugin - Version 3.2.6

Improvement

  • [MGPG-135] - Support Overriding / Enhance the signer in AbstractGpgMojo
  • [MGPG-138] - Drop use of plexus-cipher and sec dispatcher, use proper API
  • [MGPG-141] - Move off deprecated classes

Dependency upgrade

  • [MGPG-139] - (build) Bump org.apache.maven.plugins:maven-invoker-plugin from 3.7.0 to 3.8.0
  • [MGPG-140] - Update to Maven 3.9.9
  • [MGPG-142] - Move to plexus-utils 4.0.1 and plexus-xml 3.0.1

What's Changed

New Contributors

Full Changelog: maven-gpg-plugin-3.2.5...maven-gpg-plugin-3.2.6

3.2.5

12 Aug 08:38
Compare
Choose a tag to compare

Release Notes - Maven GPG Plugin - Version 3.2.5

Sub-task

  • [MGPG-130] - Update sigstore extension to ".sigstore.json"

Dependency upgrade

  • [MGPG-127] - Bump bouncycastleVersion from 1.78 to 1.78.1
  • [MGPG-128] - Update to parent POM 42, prerequisite 3.6.3
  • [MGPG-131] - (build) Bump org.apache.maven.plugins:maven-plugins from 42 to 43
  • [MGPG-132] - Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0
  • [MGPG-133] - (build) Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2
  • [MGPG-134] - (build) Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0

📦 Dependency updates

  • Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2 (#105) @dependabot
  • Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0 (#107) @dependabot
  • Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108) @dependabot
  • Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#103) @dependabot
  • Bump bouncycastleVersion from 1.78 to 1.78.1 (#98) @dependabot

3.2.4

19 Apr 08:32
Compare
Choose a tag to compare

Release Notes - Maven GPG Plugin - Version 3.2.4

Bug

  • [MGPG-125] - Due to default value of gpg.passphraseServerId, bestPractices=true will always fail

Dependency upgrade

  • [MGPG-126] - Commons IO 2.16.1 (test dependency)

📦 Dependency updates

3.2.3

11 Apr 06:59
Compare
Choose a tag to compare

Release Notes - Maven GPG Plugin - Version 3.2.3

Bug

  • [MGPG-121] - Signing fails with 3.2.2: "/Users/stevenobelia/.settings-security.xml (No such file or directory)"

New Feature

  • [MGPG-120] - Add new mojo: sign-deployed

Improvement

  • [MGPG-116] - Up the file size limit to 64K
  • [MGPG-117] - Better handling of passphrase

Dependency upgrade

  • [MGPG-118] - Update to Commons IO 2.16.0
  • [MGPG-122] - Update build dependency m-invoker-p to 3.6.1
  • [MGPG-123] - Update to Bouncycastle 1.78
  • [MGPG-124] - Update to junixsocket 2.9.1

📦 Dependency updates

  • Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3.6.1 (#89) @dependabot
  • Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#87) @dependabot

3.2.2

26 Mar 08:49
Compare
Choose a tag to compare

JiRA link

Release Notes - Maven GPG Plugin - Version 3.2.2

Bug

  • [MGPG-113] - Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized

Improvement

  • [MGPG-114] - BC Allow key size greater than 5KB from file
  • [MGPG-115] - Show more information about key used to sign

What's Changed

Full Changelog: maven-gpg-plugin-3.2.1...maven-gpg-plugin-3.2.2

3.2.1

18 Mar 08:46
Compare
Choose a tag to compare

JIRA link

Release Notes - Maven GPG Plugin - Version 3.2.1

Bug

  • [MGPG-112] - Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"

Dependency upgrade

  • [MGPG-111] - Clean up dependency declarations

What's Changed

Full Changelog: maven-gpg-plugin-3.2.0...maven-gpg-plugin-3.2.1

3.2.0

11 Mar 08:12
Compare
Choose a tag to compare

Release Notes - Maven GPG Plugin - Version 3.2.0

Bug

  • [MGPG-85] - Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
  • [MGPG-98] - non-reproducible pom.xml
  • [MGPG-99] - Passcode byte array provided to gpg executable on stdin is not terminated
  • [MGPG-100] - Fix Temporary File Information Disclosure Vulnerability

New Feature

  • [MGPG-106] - Introduce second signer implementation based on Bouncy Castle

Improvement

  • [MGPG-101] - Switch to Junit5
  • [MGPG-102] - Drop maven-artifact-transfer used by sign-and-deploy-file
  • [MGPG-105] - Stop propagating bad practices; but allow for "compat mode"
  • [MGPG-110] - The sign-and-deploy-file mojo POM validation is off

Task

Dependency upgrade

  • [MGPG-104] - Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5

What's Changed

New Contributors

Full Changelog: maven-gpg-plugin-3.1.0...maven-gpg-plugin-3.2.0