4.0.0-rc-5

Notes

This new release candidate of Maven 4 is released to get feedback from users.
Maven 4 has a restrained a few things comparent to Maven 3, so make sure to run the mvnup tool before trying to project with Maven 4.

Bean configuration bug

A bug has been found in the bean configuration system where field accessibility state is cached globally. This can cause plugin configuration injection to fail when the same configuration field is accessed multiple times or in different contexts during a build. This particularly affects the plugin unit tests.

This will be fixed by #11433 in the next release.

Concurrency issue in the v4 API

A concurrency issue has been found in the Maven 4 API (still in preview mode) and will be fixed by #11428 in the next release.

BOM packaging

Another bug has been found in how BOM projects are processed. When a project uses BOM packaging, the consumer POM is not being properly converted to standard POM packaging, and dependency versions could be lost in some cases.

This will be fixed by #11427 in the next release.

macOS: JLine native library may be blocked by Gatekeeper on first use

On macOS (especially Apple Silicon), the first invocation of mvn may fail to load the JLine native terminal library with an error such as:

java.lang.UnsatisfiedLinkError: .../libjline-native/Mac/arm64/libjlinenative.jnilib: dlopen(...): code signature ... not valid for use in process: library load disallowed by system policy

This occurs when the binary distribution is downloaded via a web browser, which applies the com.apple.quarantine extended attribute.

Workaround (one-time fix):

xattr -r -d com.apple.quarantine /path/to/apache-maven-4.0.0-rc-5/lib/jline-native

Recommended download method (avoids the issue entirely):

curl -L -O https://archive.apache.org/dist/maven/maven-4/4.0.0-rc-5/binaries/apache-maven-4.0.0-rc-5-bin.tar.gz
tar -xzf apache-maven-4.0.0-rc-5-bin.tar.gz

This is a known issue #10747 and will be addressed in a future release.

💥 Breaking changes

• Disable consumer POM flattening by default and add an opt-in feature (#11347) (#11370) @gnodet

🚀 New features and improvements

• Disable consumer POM flattening by default and add an opt-in feature (#11347) (#11370) @gnodet
• Make config files use UTF8 (#11263) (#11265) @cstamas
• Simplify prefix resolution (#11072) (#11073) @cstamas
• Add PathMatcherFactory.includesAll() (#11008) @desruisseaux
• Add skipMavenRc to ExecutorRequest and use it in ITs (#10944) @slawekjaranowski
• Add PathMatcherFactory service with directory filtering optimization (#10923) (#10926) @gnodet
• Allow configurable repository selection for version range resolution (backport) (#10890) @cstamas
• Switch resolver to use rwlock-local locks (#2546) (#2555) @gnodet

🐛 Bug Fixes

• Fix resource targetPath resolution to be relative to output directory (fixes #11381) (#11394) (#11406) @gnodet
• Fix MavenStaxReader location reporting for properties (#11402) (#11404) @gnodet
• Fix false parent cycle detection with flatten-maven-plugin (#11400) @gnodet
• Resolve property before model reflection to avoid recursion (#11385, fixes #11384) (#11390) @gnodet
• Explicitly register jdk ToolchainFactory for Maven 3 plugins (#11318) (#11369) @gnodet
• Fix -itr option not honored (#11359) (#11361) @gnodet
• Do not include invalid transitive repositories (#11357) (#11362) @gnodet
• Prevent infinite loop in RootLocator when .mvn directory exists in subdirectory (fixes #11321) (#11323) (#11350) @gnodet
• Fix [unknown project] messages in error output (#11324) (#11349) @gnodet
• Restore compatibility in maven-embedder (#11320) (#11340) @gnodet
• Add backward compatibility dependencies to maven-compat (#11301) (#11339) @gnodet
• Relative are resolved against the wrong directory (#11325) @desruisseaux
• Bug: when raw-streams are used, ensure system streams are set up (#11303) (#11310) @cstamas
• Fix plugin prefix resolution when metadata is not available from repository (#11287) (#11288) @gnodet
• Maven model 4.1.0 should not allow non-pom packaging for aggregators (#11279) (#11285) @gnodet
• Fix exception caused by duplicate dependencies in consumer pom (#11283) (#11286) @gnodet
• Remove use of toRealPath (#11250) (#11257) @cstamas
• Bugfix: fix CLI graceful death (#11239) (#11246) @cstamas
• Introduce RepositoryAwareRequest interface to consolidate repository handling (#11238) (#11244) @gnodet
• Fix repository ID interpolation in Maven 4 (#11224) (#11241) @gnodet
• Fix dependency groupId inference for Maven 4.1.0 model version (#11228) (#11240) @gnodet
• Consumer POM should keep only transitive dependencies, fixes #11162 (#11163) (#11235) @gnodet
• Fix StackOverflowError in parent POM resolution (backport #11106) (#11234) @gnodet
• Fix CI-friendly version processing with profile properties (fix #11196) (#11225) @gnodet
• Add phase upgrade support for Maven 4.1.0 model upgrades (#11226) @gnodet
• Fix GH-11199: Maven 4.0.0-rc-4 ignores defaultLogLevel (#11227) @gnodet
• Validate metaversions and detect extension conflicts (fixes #11181) (#11216) @cstamas
• Allow repository URL interpolation with improved validation (#11140) (#11210) @gnodet
• Improve mvn usage message (#11211) (#11213) @gnodet
• Enable the search for module-info.class file in the META-INF/versions/ sub-directories of a JAR file. (#11153) (#11206) @gnodet
• Fix #10939: DefaultModelXmlFactory: make location tracking opt-in—disabled by def… (#11092) @arturobernalg
• Fix #11000: fix help default text (#11099) @arturobernalg
• GH-10210: fix too eager decrypt of legacy passwords (#11138) (#11158) @cstamas
• #11055: Inject all services into mojos and enable easy real-session mojo testing (#11103) (#11139) @gnodet
• Fix ReactorReader to prefer consumer POMs over build POMs (#11107) (#11131) @gnodet
• model-builder: simplify subproject auto-discovery decision (#11124) (#11132) @gnodet
• Add missing equals and hashCode methods in modular Java path type. (#11130) @desruisseaux
• fix: include extension in equals/hashCode of DefaultArtifactCoordinates (#11101) @arturobernalg
• Fix #11127: enforce non-null keys for InputLocation lookups and document behavior (#11128) @gnodet
• Bug: bad cache isolation between two sessions (#11083) (#11085) @cstamas
• Fix targetPath parameter ignored in resource bundles (fixes #11062) (#11063) (#11080) @gnodet
• Maven Upgrade Tool: remove unused --force and --yes options (Fixes #11001) (#11066) (#11079) @gnodet
• Fix XMLReader#getURL and enable the unit test (#11069) (#11078) @gnodet
• [#11048] Fix race condition in MessageUtils (#11049) (#11077) @gnodet
• Uninterpolated repositories from parent POMs during model building (backport) (#11039) @cstamas
• Fix maven.mainClass property missing for external tools (#10998) (#11007) @gnodet
• Set Guice class loading to CHILD - avoid using terminally deprecated methods (#11002) @slawekjaranowski
• Avoid parsing MAVEN_OPTS (master/4.x) (#10970) (#10993) @gnodet
• Port the bug fixes identified when using that class in Maven clean and compiler plugin (#10935) ([#10936](https:...

3.9.11

🚀 New features and improvements

• Augment version range resolution used repositories (#2574) @cstamas

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#2489) @alzimmermsft
• Move ensure in boundaries of project lock (#2470) @cstamas

👻 Maintenance

• [MNGSITE-393] - remove references to Maven 2 (#2438) @elharo
• Update CONTRIBUTING after GitHub issues enabled (#2449) @slawekjaranowski
• Enable Github Issues (3.9.x) (#2414) @Bukama
• [MNG-8763] - Remove name from site bannerLeft (#2419) @slawekjaranowski

🔧 Build

• Pin GitHub action versions by hash (#10898) @slawekjaranowski
• Build the project by JDK 21 as default (#10896) @slawekjaranowski
• Use Maven 3.9.10 for build on GitHub (#2452) @slawekjaranowski

📦 Dependency updates

• Bump resolverVersion from 1.9.23 to 1.9.24 (#2540) @dependabot[bot]
• Bump xmlunitVersion from 2.10.2 to 2.10.3 (#2500) @dependabot[bot]
• Bump org.apache.maven:maven-parent from 44 to 45 (#2491) @dependabot[bot]
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#2432) @dependabot[bot]

4.0.0-rc-4

Maven 4.0.0-rc-4 aims at being the last release candidate before Maven 4.0.0 GA. We'll focus on fixing critical bugs raised before GA.
Worth mentioning is the new upgrade tool which can be used to fix your pom.xml files and make them usable in Maven 4.

🚀 New features and improvements

• [MNG-8765] - Maven Upgrade Tool (#2407) @gnodet
• Maven4 "legacy" mode and more (#2380) @cstamas
• [MNG-8759] - Restore toString method in DefaultJavaToolchain (#2411) @slawekjaranowski
• [MNG-8572] - Support DI beans in build extensions (#2274) @gnodet
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding (#2294) @slawekjaranowski

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#2493) @alzimmermsft
• User properties are not interpolated for paths (#2480) @cstamas
• Move project mutation inside project lock (#2474) @cstamas
• [MNG-8736] - Fix concurrency issue in model building with profile activation (#2378) @gnodet
• [MNG-8767] - Add suppressed exceptions to BatchRequestException in AbstractRequestCache (#2431) @gnodet
• [MNG-8746] - Preserve property insertion order in WrapperProperties (#2404) @gnodet
• [MNG-8764] - Sort injected lists by @priority annotation (#2425) @gnodet
• [MNG-8761] - Add Maven 3 MavenToolchainsXpp3Reader/Writer (#2412) @slawekjaranowski
• [MNG-8729] - Use correct outputStream destination; request instead of path in DefaultPluginXmlFactory#write (#2312) @Pankraz76
• [MNG-8720] - Fix for symlinked project directory (#2289) @cstamas
• [MNG-8653] - Fix 'all' phase and add 'each' phase (#2191) @gnodet
• [MNG-5668] - Execute after:* phases when build fails (#2195) @gnodet
• [MNG-8629] - bugfix: If POM has parent and repository stanza, it is used un-interpolated (#2192) @cstamas
• [MNG-8645] - Fix dependency management section of consumer POM (#2183) @gnodet
• [MNG-8624] - Fix dependency not being set correctly for unsupported types (#2153) @gnodet
• Fix ITs referencing rc-3-SNAPSHOT (#2164) @gnodet
• [MNG-8620] - Fix links in SVG (#2152) @kwin

📝 Documentation updates

• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors (#2341) @slawekjaranowski

👻 Maintenance

• Fix integration tests to use correct Maven version instead of hardcoded 2.1-SNAPSHOT (#2476) @gnodet
• Use local repository in tests (#2485) @slawekjaranowski
• Refactor WrapperProperties template to remove caching and simplify implementation (#2436) @gnodet
• Ban "plain" Guice; downgrade it to 5.1.0 (#2472) @cstamas
• Unfurl CLI (#2465) @cstamas
• Don't ignore SVG files (#2435) @elharo
• Update CONTRIBUTING after GitHub issues enabled (#2448) @slawekjaranowski
• Remove extra variable (#2398) @elharo
• Enable Github Issues (#2413) @Bukama
• [S1161] Add missing @OverRide to overriding and implementing methods (#2402) @Pankraz76
• use try-with-resources statement in LookupWagonMojo (#2426) @Pankraz76
• Add UT for cache in FilteredProjectDependencyGraphTest (#2394) @slawekjaranowski
• [MNG-8764] - centralize domain comparison logic Binding#getPriorityComparator (#2428) @Pankraz76
• evolve Disabled to DisabledOnOs(WINDOWS) (#2423) @Pankraz76
• use try-with-resources statement in CatchMojo (#2424) @Pankraz76
• chore: resolve unused Binding#getDisplayString (#2429) @Pankraz76
• Remove ignored method call (#2399) @elharo
• [MNG-8750] - Delete unused interface (#2388) @elharo
• chore: resolve false negative suppression @SuppressWarnings("checkstyle:UnusedLocalVariable") (#2369) @Pankraz76
• [chore] Modernize codebase with Java improvements - Replace custom null checks with Objects.requireNonNull (#2290) @Pankraz76
• Symbolic change (no issue) (#2383) @cstamas
• [MNG-8713] - SourceRoot.directory() default value should include the module when present (#2278) @desruisseaux
• [MNG-8727] - Prepare for Java 24 (#2328) @cstamas
• [MNG-8686] - Add SourceRoot.matcher(boolean) method (#2236) @desruisseaux
• Remove unused private methods (#2310) @Pankraz76
• Improve invoker test (#2308) @cstamas
• Pull #2282: Add project icon for IntelliJ IDEA (#2283) @Pankraz76
• [MNG-8718] - Restore Maven 3 compat: ProjectBuilder is unusable for legacy code (#2285) @cstamas
• Test MavenITmng7587Jsr330 should be executed on every JDK (#2298) @slawekjaranowski
• [MNG-8719] - Restore Maven3 compat: model setInherited(boolean) (#2288) @cstamas
• [MNG-8614] - Maven Sisu in Maven 4 same as in Maven 3 (#2284) @cstamas
• [MNG-8712] - dependency version is a requirement, not effective (#2286) @hboutemy
• [MNG-8670] - Fix concurrent builder missing/wrong project events (#2251) @oehme
• [MNG-8674] - Deprecate mergeId in the Maven 3 model and remove it in the new model (#2233) @gnodet
• [MNG-8694] - Fix version interpolation and ternary operator (#2272) @kamilkrzywanski
• [MNGSITE-393] - Remove Maven 1 and 2 references (#2276) @elharo
• Remove unneeded toString and valueOf calls (#2230) @elharo
• Drop unused assembly exclude (#2266) @cstamas
• aether repository system isn't used (#2237) @elharo
• remove unused field (#2238) @elharo
• Cleanup extra semicolons (#2229) @elharo
• [MNG-8676] - Improve model builder error messages (#2257) @cstamas
• Avoid warning about unthrown exception (#2217) @elharo
• [MNG-8687] - Restore ability to run on JIMFS ([#2256](https://github.co...

3.9.10

Release Notes - Maven - Version 3.9.10

Bug

• [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
• [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
• [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
• [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
• [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
• [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
• [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
• [MNG-8396] - Maven takes forever to resume
• [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

• [MNG-8370] - Introduce maven.repo.local.head
• [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
• [MNG-8707] - Add methods to remove compile and test source roots
• [MNG-8712] - improve dependency version explanation: it's a requirement, not always effective version
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
• [MNG-8722] - Use a single standalone version of asm
• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
• [MNG-8734] - Simplify scripting like "get project version" cases

Task

• [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

• [MNG-8289] - Update Plexus annotations to 2.2.0
• [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
• [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
• [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
• [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
• [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
• [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
• [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
• [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
• [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
• [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
• [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
• [MNG-8716] - Bump resolver to 1.9.23
• [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

• [MNG-8211] Fail the build if CI Friendly revision used without value by @cstamas in #1656
• Add missing since by @cstamas in #1682
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @cstamas in #1724
• [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @fmarot in #1806
• [MNG-8289] Update Plexus Annotations to 2.2.0 by @dependabot in #1666
• [MNG-8370] Add maven.repo.local.head by @slawekjaranowski in #1915
• [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @dependabot in #1991
• [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @dependabot in #2013
• [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @dependabot in #1926
• [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @dependabot in #1699
• Add PR Automation action by @slawekjaranowski in #2113
• Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @dependabot in #2167
• Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @dependabot in #2168
• [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @dependabot in #2163
• Use Maven 3.9.9 for build maven-3.9.x branch by @slawekjaranowski in #2177
• [MNG-8248] Add enable-native-access to startup scripts by @slawekjaranowski in #2171
• [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @dependabot in #2185
• Use dedicated local repo for ITs on Jenkins by @slawekjaranowski in #2255
• [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @dependabot in #2240
• [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @dependabot in #2241
• [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @dependabot in #2258
• [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @dependabot in #2264
• [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @dependabot in #2270
• [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @dependabot in #1665
• [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @dependabot in #2280
• [MNG-8707] Add methods to remove compile and test source roots by @gnodet in #2275
• [MNG-8712] dependency version is a requirement, not effective by @hboutemy in #2279
• [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @slawekjaranowski in #2295
• [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @slawekjaranowski in #2296
• [MNG-8722] Use a single standalone version of asm by @slawekjaranowski in #2297
• [MNG-8716] Bump resolver to 1.9.23 by @slawekjaranowski in #2282
• [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @slawekjaranowski in #2343
• [MNG-8711] Fix concurrent cache acc...

Maven 4.0.0-rc-3

Release notes

Maven has entered the release candidate phase and aims to be finally released in a few weeks. Please give it a try and report errors.

Upgrading from Maven 3

Maven 4 brings a tons of changes. We've tried hard to maximise compatibility with Maven 3.x, but in order to have your build work with Maven 4, you will need to upgrade some plugins (such as maven-enforcer-plugin, maven-remote-resources-plugin, maven-shade-plugin, etc...) to their most recent versions.

If your build is leveraging Maven extensions, you may very well expect some breakage. Some extensions may need to be updated:

• the useful, but unmaintained, os-maven-plugin extension has been replaced with at nisse extension.

Contact the extensions' developers team to know their plans regarding supporting to Maven 4.

Upgrading from Maven 4.0.0-rc-2

Important note about breaking changes: Maven 4.0.0-rc-3 includes changes in the new API that will require updates in plugin targeting the new API, especially relating to [MNG-8395] which adds a new <source> element to the model and redirects the <sourceDirectory> element. Plugin developers will need to update their code to work with these changes.

Change log

What's Changed

• [MNG-8437] mvnsh by @cstamas in #1982
• [MNG-8438] maven-jline: Migrate to Maven DI (off javax.inject) by @cstamas in #1987
• [MNG-8433] Use the switch expressions syntax by @CrazyHZM in #1983
• [MNG-8436] Fix wrong transfer rates displayed in console by @gnodet in #1985
• Exclude maven-xml and maven-xml-impl (the artifact has been renamed) by @gnodet in #1992
• [MNG-8446] Project cannot start due to too many warnings by @gnodet in #1993
• [MNG-8447] Lossy ProblemCollector by @cstamas in #1994
• [MNG-8454] Force the FileSizeFormat UT to US Locale by @cstamas in #2003
• [MNG-8460] Implement flush() by @cstamas in #2006
• [MNG-8463] Update plugins by @cstamas in #2005
• [MNG-8461] Initial settings method must restore context state by @cstamas in #2004
• [MNG-8465] Add support for project.rootDirectory in repositories and fix other expressions by @gnodet in #2007
• [MNG-8461] Integrate reproducer as IT by @cstamas in #2009
• [MNG-8469] Fix interpolation precedence order by @cstamas in #2011
• [MNG-8487] Completely isolate UTs by @cstamas in #2021
• MNG-8479 - Use 'ejb' not 'ejb3' as type in ReactorReader artifact resolution for compile phase by @scottkurz in #2016
• Copy edits in comments, API doc, and messages by @elharo in #2020
• Fix comparisons against null in PathSource.equals by @elharo in #2026
• [MNG-8502] Embedded executor should obey MAVEN_ARGS env variable by @cstamas in #2032
• [MNG-8475] In the loop scenario, StringBuilder is used instead of concatenation by @CrazyHZM in #2014
• [MNG-8473] Site fixes by @cstamas in #2010
• [MNG-8494] Restore Maven 3 compatibility by @gnodet in #2031
• [MNG-8482] Use instanceof assignments to get rid of casting expressions by @breun in #2018
• [MNG-8483] Prefer Objects.requireNonNull by @elharo in #2019
• [MNG-8493] 'serialVersionUID' can be annotated with '@serial' annotation by @Stellar1999 in #2034
• [MNG-8513] Be stricter about xml combination modes by @gnodet in #2038
• [MNG-8514] Improve VersionRangeResolverResult by @gnodet in #2039
• [MNG-8510] Remove Utils class from maven-di by @gnodet in #2040
• [MNG-8515] Use internal interpolator by @gnodet in #2044
• [MNG-8478] Fix formatting of timestamp in logger by @gnodet in #2046
• [MNG-8522] Deprecate maven-builder-support artifact and its classes by @gnodet in #2043
• [MNG-6113] Restore 'Maven Central Repository' name (lost with #1139) by @gnodet in #2054
• [MNGSITE-393] Remove references to Maven 2.x by @elharo in #2024
• [MNG-8512] Fix org.slf4j.simpleLogger.defaultLogLevel Configuration conflict by @CrazyHZM in #2042
• [MNG-8520] Add cache for model resolution during project building by @gnodet in #2047
• [MNG-8508] Move content of maven-impl to the org.apache.maven.impl package by @gnodet in #2060
• [MNG-8524] DefaultInterpolator should be used by injection by @CrazyHZM in #2049
• [MNG-8395] [BREAKING CHANGE] Add a element in the model. Plugins will need to be updated to work with this new API. by @desruisseaux in #1936
• [MNG-8503] Configure logging using maven.logger.* properties rather than org.slf4j.simpleLogger.* by @gnodet in #2048
• [MNG-8477] Fix problems with file activation being wrongly cached by @gnodet in #2062
• [MNG-8525] Add an integration test with Maven 4 Plugin Sample by @sparsick in #2055
• [MNG-8527] Re-enable consumer POM, trim down the consumer pom further by @gnodet in #2058
• [MNG-8544] Conflicting extensions went unnoticed by @cstamas in #2063
• [MNG-8545] Use of RemoteRepository in keys w/o equals/hashes by @cstamas in #2064
• [MNG-8523] Make sure user properties override model properties by @gnodet in #2059
• [MNG-8519] Introduce Request / Results / RequestTrace by @gnodet in #2050
• [MNG-8541] Support throwing Exception from Mojo#execute by @laeubi in #2066
• [MNG-8545] More repository handling fixes by @cstamas in #2067
• Just some details i spotted during debug by @cstamas in #2068
• [MNG-8513] Move xml combination mode validation to validator by @cstamas in #2069
• [MNG-8395] [BREAKING CHANGE] Redirect the element to by @desruisseaux in #2061
• Add javadoc to DI by @gnodet in #2072
• ProjectManager cleanup by @gnodet in #2073
• Simplify and complete method implementation by @cstamas in #2075
• [MNG-8550] Update JLine3 to 3.29.0 by @cstamas in #2074
• [MNG-8551] Improve early error reporting by @cstamas in #2076
• [MNG-8554] Fix UT suite for CLI by @cstamas in #2078
• [MNG-8555] Use plexus-sec-dispatcher 4.1.0 by @kwin in #2080
• [MNG-8241] Test comparing letters to numbers by @elharo in #2081
• [MNG-7592] String deduplication in model building by @gnodet in #2083
• [MNG-8530] Prompter fixes by @cstamas in #2086
• [MNG-8561] SourceRoot should be more lenient wrt duplicates by @gnodet in #2085
• [MNG-8563] Provide a weak cache for objects from the main model by @gnodet in #2087
• [MNG-8564] Move to maven-compat Plexus legacy by @cstamas in #2088
• Make full build upload surefire logs in case of failure. by @cstamas in #2089
• [MNG-8565] Thread leaks in maven-cli by @cstamas in #2090
• [MNG-8540] Add cache to API requests by @gnodet in #2051
• [MNG-8553] Resolver 2.0.6 by @cstamas in #2079
• [MNG-8535] Full std stream support for executor by @cstamas in #2082
• Add badge for 3.x version by @slawekjaranowski in #2094
• [MNG-8241] Handle non-BMP characters when comparing versions by @elharo in #2071
• Align Toolbox versions by @cstamas in #2096
• Fix links to Settings Descriptor Reference by @kwin in #2095
• [MNG-8573] OS Service by @cstamas in #2099
• [MNG-8517] Cleanup dependencies by @cstamas in #2098
• [MNG-8571] Sisu @priority annotation is not honoured by @gnodet in #2097
• [MNG-8562] remove "child" attributes from by @gnodet in #2101
• [MNG-8575] Replace a list with O(N²) performance by O(N) at least during iter...

4.0.0-rc-2

Release notes

Maven has entered the release candidate phase and aims to be finally released in a few weeks. Please give it a try and report errors.

Upgrading from Maven 3

Maven 4 brings a tons of changes. We've tried hard to maximise compatibility with Maven 3.x, but in order to have your build work with Maven 4, you will need to upgrade some plugins (such as maven-enforcer-plugin, maven-remote-resources-plugin, maven-shade-plugin, etc...) to their most recent versions.

If your build is leveraging Maven extensions, you may very well expect some breakage. Some extensions may need to be updated:

• the useful, but unmaintained, os-maven-plugin extension has been forked and now maintained at os-detector-maven-plugin

Contact the extensions' developers team to know their plans regarding supporting to Maven 4.

Known issues

• the mvnenc tool used to encrypt passwords in settings is broken
• download rates appearing in the console display wrong values

Change log

Improvements

• [MNG-5729] Use monotonic time measurements by @gnodet in #1965
• [MNG-8394] Event bridge and properties fix by @cstamas in #1937
• [MNG-8403] Maven ITs use maven-executor by @cstamas in #1940
• [MNG-8407] Add target attribute to SVG links by @kwin in #1954
• [MNG-8415] Add constant for the security settings xml file by @gnodet in #1956
• [MNG-8419][MNG-8424] Too aggressive warning for pre-Maven4 passwords by @cstamas in #1970

Bug fixes

• IT: Move ITs off maven-shared-utils by @cstamas in #1941
• [MNG-8389] MavenExReq lacks u/p/i settings file paths by @cstamas in #1939
• [MNG-8391] Wrong effective model when conflicting values come from parents and profiles by @gnodet in #1942
• [MNG-8396] Add a cache layer to the filtered dependency graph by @gnodet in #1944
• [MNG-8400] Make sure base parser uses canonical maven.home by @cstamas in #1945
• [MNG-8402] System properties can take precedence over builtin expressions by @gnodet in #1947
• [MNG-8405] Fail On Severity, when set, is not reset (in resident instances) by @gnodet in #1950
• [MNG-8403] Collapse IT utils and helpers by @cstamas in #1949
• IT: Drop dead stuff by @cstamas in #1951
• [MNG-8404] ModelValidator: add unit tests and simplify a bit by @gnodet in #1948
• IT: Streamline ITs more by @cstamas in #1952
• [MNG-8388] Fix escape characters being replaced to change the original configuration by @CrazyHZM in #1946
• Use https for www.apache.org/licenses/ by @slawekjaranowski in #1955
• [MNG-8401] Reference global Maven download page by @kwin in #1953
• [MNG-8410] API cleanup by @gnodet in #1957
• [MNG-8411][MNG-8412][MNG-8416] mvnenc fixes by @cstamas in #1959
• [MNG-8393] Enable consumer pom by default for 4.1.0 model version only by @gnodet in #1963
• [MNG-8421] Move all of logging setup to LookupInvoker; mvnenc IT by @cstamas in #1964
• [MNG-8423] mvnenc -h by @cstamas in #1971
• [MNG-8406] Proper IT isolation by @cstamas in #1968
• Add missing package infos by @gnodet in #1980
• [MNG-5729] Fix possible NPE with introduction of mononic clock by @gnodet in #1972
• [MNG-5729] Fix transfer rate computation by @gnodet in #1969
• [MNG-8244] Using before:all / all / after:all is not triggered by @gnodet in #1973
• [MNG-8245][MNG-8246] Warn when calling before: or after: phases by @gnodet in #1974
• [MNG-3282] Docgen: remove property numbering, they are misleading and properties are "floating" anyway (alphabetically) by @gnodet in #1979
• [MNG-8414] The consumer pom should warn if not able to downgrade the model version to 4.0.0 by @gnodet in #1981

Dependency upgrade

• [MNG-8420] Bump jlineVersion from 3.27.1 to 3.28.0 by @dependabot in #1962
• [MNG-8430] Resolver 2.0.5 by @cstamas in #1975
• [MNG-8427] Bump PlexusSecDispatcher to 4.0.3 by @cstamas in #1959

Full changelog

maven-4.0.0-rc-1...maven-4.0.0-rc-2

maven-4.0.0-rc-1

What's Changed

• [MNG-8335] The mvnenc command is busted by @cstamas in #1825
• Tidy up generated BOMs by @cstamas in #1828
• [MNG-8334] Fix output redirection by @gnodet in #1826
• [MNG-8342] Add command line and terminal information when verbose by @gnodet in #1840
• [MNG-8348] Fix typos in deprecation warning message by @gnodet in #1844
• [MNG-8330] Enforce attached artifacts to have the same GAV than their project by @gnodet in #1838
• [MNG-8344] Support multiple operators in variable expansion by @gnodet in #1832
• [MNG-8354] Bump org.junit:junit-bom from 5.11.2 to 5.11.3 by @dependabot in #1830
• [MNG-8355] Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 by @dependabot in #1831
• [MNG-8357] Bump org.codehaus.mojo:exec-maven-plugin from 3.4.1 to 3.5.0 by @dependabot in #1833
• [MNG-8353] Bump com.fasterxml.woodstox:woodstox-core from 7.0.0 to 7.1.0 by @dependabot in #1834
• [MNG-8352] Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.15.7 by @dependabot in #1845
• [MNG-8358] Semi-generated dependency graph by @gnodet in #1829
• [MNG-8328] Clean up assembly from Jansi remains and add JLine native libraries by @gnodet in #1839
• [MNG-8339] An error during transfer output seems to freeze the output by @gnodet in #1842
• [MNG-8350] Improve storage and computation of locations in model objects by @gnodet in #1847
• [MNG-8349] Avoid exceptions with invalid modelVersion by @gnodet in #1848
• [MNG-8189] Warn about plugin versions not pinned for all lifecycles by @gnodet in #1846
• [MNG-8345] Maven generates both settings 1.3.0 and 2.0.0 by @gnodet in #1835
• [MNG-8341] Fix possible deadlock in ModelBuilder by @gnodet in #1843
• [MNG-8361][MNG-8300] Fix color styles" by @gnodet in #1851
• [MNG-8346] Reorganize subprojects by @gnodet in #1837
• [MNG-8347] Resolver 2.0.3 by @cstamas in #1850
• Better subproject names by @cstamas in #1853
• [MNG-8347] Resolver 2.0.3 by @cstamas in #1855
• [MNG-8360] Fix parent profiles not reported as activated by @gnodet in #1852
• Remove unused files by @gnodet in #1854
• [MNG-8329] ArtifactInstallerRequest and ArtifactDeployerRequest should use Collection by @gnodet in #1836
• Drop staging repository for Resolver 2.0.3 by @cstamas in #1860
• Bump net.bytebuddy:byte-buddy from 1.15.7 to 1.15.10 by @dependabot in #1863
• Bump ch.qos.logback:logback-classic from 1.5.11 to 1.5.12 by @dependabot in #1859
• [MNG-8367] Merge ITs into Maven by @gnodet in #1858
• Remove unused class by @gnodet in #1866
• [MNG-8368] Fix dependency resolver not using project repositories by @gnodet in #1865
• [MNG-8362] Adding some missing config properties by @cstamas in #1861
• Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.3 by @dependabot in #1877
• Bump org.apache.maven.plugins:maven-scm-publish-plugin from 1.1 to 3.3.0 by @dependabot in #1876
• Bump org.ow2.asm:asm from 7.3.1 to 9.7.1 by @dependabot in #1875
• Bump org.eclipse.jetty:jetty-server from 9.4.53.v20231009 to 9.4.55.v20240627 in /its/core-it-suite by @dependabot in #1872
• Bump org.apache.maven:maven-core from 3.6.0 to 3.8.1 in /its/core-it-support/core-it-plugins/mng7529-plugin by @dependabot in #1871
• Bump org.apache.maven.shared:maven-shared-utils from 0.1 to 3.3.3 in /its/core-it-support/maven-it-helper by @dependabot in #1869
• Bump commons-io:commons-io from 1.4 to 2.14.0 in /its/core-it-support/core-it-plugins/maven-it-plugin-plexus-utils-new by @dependabot in #1868
• Bump org.codehaus.plexus:plexus-utils from 1.1 to 3.0.24 in /its/core-it-support/core-it-plugins/maven-it-plugin-plexus-utils-11 by @dependabot in #1867
• IT: Ant update by @cstamas in #1879
• [MNG-8370] Add maven.repo.local.head by @cstamas in #1881
• IT: cleanup by @cstamas in #1886
• CLIng: finish TODO by @cstamas in #1888
• IT fix: Drop ancient reporting, use latest by @cstamas in #1887
• [MNG-8332] Detach CLIng from deprecated Embedder by @cstamas in #1882
• Bump junit:junit from 3.8.1 to 4.13.2 by @dependabot in #1892
• Bump org.codehaus.plexus:plexus-container-default from 1.0-alpha-9 to 2.1.1 by @dependabot in #1891
• Bump log4j:log4j from 1.2.14 to 1.2.17 by @dependabot in #1890
• Bump org.apache.maven.shared:maven-shared-utils from 0.9 to 3.4.2 by @dependabot in #1896
• Bump org.junit.jupiter:junit-jupiter from 5.8.0 to 5.11.3 by @dependabot in #1894
• Bump org.hamcrest:hamcrest from 2.2 to 3.0 by @dependabot in #1900
• Bump commons-io:commons-io from 2.14.0 to 2.17.0 by @dependabot in #1899
• Bump org.codehaus.plexus:plexus-velocity from 1.1.7 to 2.2.0 by @dependabot in #1901
• CLIng diet by @cstamas in #1897
• [MNG-8372] Augment error message to give users more context when running into deprecated encryption warning by @ottlinger in #1898
• IT: update archaic deps by @cstamas in #1903
• Bump org.codehaus.plexus:plexus-component-annotations from 2.1.1 to 2.2.0 by @dependabot in #1878
• [MNG-8340] Resolve parent according to the exact model location by @gnodet in #1857
• [MNG-8336] Only inject plugins information if requested by @gnodet in #1904
• Cleanup file access and assertions in ITs by @gnodet in #1912
• [MNG-8379] Decrypt all of settings on building it by @cstamas in #1913
• Move everything out of bootstrap by @gnodet in #1909
• Exception usage cleanup by @cstamas in #1910
• Add CI cache by @gnodet in #1914
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.6.4 to 3.15.1 by @dependabot in #1908
• Bump org.codehaus.plexus:plexus-component-metadata from 2.1.1 to 2.2.0 by @dependabot in #1905
• Bump org.sonatype.maven.plugin:emma4it-maven-plugin from 1.2 to 1.3 by @dependabot in #1918
• [MNG-8376] Exit with a nicer error message when running on JDK < 17 by @gnodet in #1916
• [MNG-8378] Upgrade to Resolver 2.0.4 by @cstamas in #1919
• Rename versionFilter property and tidy up documentation by @cstamas in #1920
• [MNG-8383] Fix unsupported type dependencies put on classpath by @gnodet in #1921
• Bump org.apache.maven.wagon:wagon-webdav-jackrabbit from 3.0.0 to 3.5.3 by @dependabot in #1923
• IT: Consolidate ITs somewhat by @cstamas in #1924
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 by @dependabot in #1927
• [MNG-8384] Make sure plugin's artifacts have a scope by @gnodet in #1928
• [MNG-8385] Introduce proto session by @cstamas in #1929
• [MNG-8286] Add a condition profile based on a simple expressions by @gnodet in #1771
• CLIng+resident: logging subsystem still needs an update by @cstamas in #1931
• Post merge fix by @cstamas in #1933
• Fix CI cache for ITs by @gnodet in #1934
• [MNG-8386] Pull out executor by @cstamas in #1932
• The IT properties creeped in into main build by @cstamas in #1935

New Contributors

• @ottlinger made their first contribution in #1898

Full Changelog: https://github.com/apache/maven/compare...

4.0.0-beta-5

What's Changed

• Disable automated JIRA comments from GitHub by @kwin in #1689
• [MNG-8255] Bump ch.qos.logback:logback-classic from 1.5.7 to 1.5.8 by @dependabot in #1709
• Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0 by @dependabot in #1691
• Bump net.bytebuddy:byte-buddy from 1.15.0 to 1.15.1 by @dependabot in #1692
• Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @dependabot in #1698
• [MNG-8249] Provide an annotation processor for DI by @gnodet in #1704
• [MNG-8210] Fix broken inference of version when using -f option by @gnodet in #1720
• [MNG-8252] Fully infer the parent coordinates if the location points to a valid model by @gnodet in #1706
• [MNG-8190] Restrict build pom feature to 4.1.0 model version by @gnodet in #1707
• [MNG-8252] Fully infer the parent coordinates if the location points to a valid model (#1706) by @gnodet in #1721
• [MNG-8237] Option deprecation notices cleanup by @gnodet in #1713
• DI improvements by @gnodet in #1717
• [MNG-8232] Introduce ModelTransformer by @gnodet in #1702
• [MNG-8234] Revert the addition of the priority tag by @gnodet in #1711
• [MNG-8235] Move remote repositories into requests by @gnodet in #1712
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @cstamas in #1723
• [MNG-8259] Improve Sisu / DI bridge by @gnodet in #1722
• [MNG-8239] Add missing ModelCacheFactory by @gnodet in #1728
• [MNG-8260] Fix warning on latest JDK 24.ea by @gnodet in #1718
• [MNG-7255] Infer groupId for intra-reactor dependencies by @gnodet in #1696
• [MNG-8242] Cache flattened parents during model building by @gnodet in #1703
• [MNG-8233] Client should handle modelIds as "opaque" by @cstamas in #1701
• Simple typo bugfix (NPE) by @cstamas in #1731
• [MNG-8263] Remove last remnants of wrapper integration by @cstamas in #1736
• No issue, no change by @cstamas in #1745
• [MNG-8120] Refactor ModelBuilder and ProjectBuilder by @gnodet in #1700
• [MNG-8261] Remove jline-terminal-ffm direct dependency by @gnodet in #1719
• [MNG-8264] Deprecate maven 3 specific modules by @gnodet in #1739
• More readable formatting of the warning about automatic modules by @desruisseaux in #1733
• Disable parallelism by @gnodet in #1760
• Disable Jenkins temporarily by @gnodet in #1761
• [MNG-8274] Bump net.bytebuddy:byte-buddy from 1.15.1 to 1.15.3 by @dependabot in #1749
• [MNG-8277] Bump org.junit:junit-bom from 5.11.0 to 5.11.1 by @dependabot in #1747
• [MNG-8273] Bump mockitoVersion from 5.13.0 to 5.14.1 by @dependabot in #1762
• [MNG-8276] Bump org.apache.velocity:velocity-engine-core from 2.3 to 2.4 by @dependabot in #1741
• [MNG-8275] Bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre by @dependabot in #1740
• Fix possible NPE during project building by @gnodet in #1759
• Cleanup assembly rat plugin config by @gnodet in #1758
• Improve model validator wrt modelVersion which is now set in the file model by @gnodet in #1757
• Use Version and Severity directly by @gnodet in #1756
• [MNG-8278] Improve speed in stax readers by @gnodet in #1748
• [MNG-8230] Rewrite CI friendly versions by @gnodet in #1710
• Remove a module-related exception which is not used anywhere. by @desruisseaux in #1734
• [MNG-8280] Bump jlineVersion from 3.26.3 to 3.27.0 by @dependabot in #1764
• [MNG-8258] activate Reproducible Builds by default by @hboutemy in #1726
• Probable bug: method that nullifies model by @cstamas in #1735
• [MNG-8281] Interpolator service by @gnodet in #1769
• [MNG-8279] The project local repository and project collectors are using maven.multiModuleProjectDirectory instead of rootDirectory by @gnodet in #1767
• Restore the default parallelism in the model builder by @gnodet in #1768
• [MNG-8283] Maven CLIng by @cstamas in #1750
• Fix phaser by @gnodet in #1770
• [MNG-8283] Maven CLIng smaller bugfixes and improvements by @cstamas in #1772
• [MNG-8283] More mvnd related changes by @cstamas in #1775
• [MNG-8283] Parser must not alter global state by @cstamas in #1776
• [MNG-8283] Make resident able to restore state by @cstamas in #1779
• [MNG-8291] Bump org.junit:junit-bom from 5.11.1 to 5.11.2 by @dependabot in #1780
• [MNG-8290] Bump org.ow2.asm:asm from 9.7 to 9.7.1 by @dependabot in #1781
• [MNG-8288] "path cannot be null" by @cstamas in #1782
• [MNG-8293] Fix resolution of reactor models by @gnodet in #1783
• Fix concurrency issue in DefaultModelValidator by @gnodet in #1786
• Cut link between maven-core maven-resolver-provider by @gnodet in #1777
• [MNG-5910] Warn if both exists and missing file activation are set by @gnodet in #1773
• Make rootDirectory mandatory by @cstamas in #1787
• [MNG-8294] Consistency checks when loading parent by @gnodet in #1784
• [MNG-8305] Fix MER showErrors setting by @cstamas in #1795
• [MNG-8285] Implement mvnenc CLI tool by @cstamas in #1793
• [MNG-8303] Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.10 by @dependabot in #1794
• [MNG-8304] Bump net.bytebuddy:byte-buddy from 1.15.3 to 1.15.4 by @dependabot in #1791
• [MNG-8295] Dependency Manager Transitivity (now default) handles dependency management inconsistently by @gnodet in #1788
• [MNG-8309] Improve log infrastructure (first step toward multi-threading log view support) by @gnodet in #1792
• Cleanup after last commit by @cstamas in #1798
• Minor fixes: proper help syntax and ability to extend core exports by @cstamas in #1799
• [MNG-8296] Support creating unknown Language on the fly by @gnodet in #1809
• [MNG-8041] Move PathScope into the dependency collection request by @gnodet in #1807
• [MNG-8318] Bump mockitoVersion from 5.14.1 to 5.14.2 by @dependabot in #1805
• [MNG-8316] Bump jlineVersion from 3.27.0 to 3.27.1 by @dependabot in #1803
• [MNG-8317] Bump ch.qos.logback:logback-classic from 1.5.10 to 1.5.11 by @dependabot in #1804
• [MNG-8299] Fix ordering of phases from custom lifecycles by @gnodet in #1802
• [MNG-8311] empty but existing in settings.xml by @danthe1st in #1801
• [MNG-8302] Revert "Make rootDirectory really mandatory" by @gnodet in #1800
• [MNG-8320] Bump jakarta.inject:jakarta.inject-api from 2.0.1 to 2.0.1.MR by @dependabot in #1729
• [MNG-8313] Upgrade to Resolver 2.0.2 by @cstamas in #1796
• [MNG-8302] Warn when appropriate by @cstamas in #1810
• [MNG-8322] Use the new ToolchainsBuilder and SettingsBuilder by @gnodet in #1778
• [MNG-8315] Fix MAVEN_PROJECTBASEDIR in mvn.cmd when .mvn is at drive root by @gnodet in #1808
• Remove unused exclusions by @cstamas in #1814
• Get rid of slf4j warning by @cstamas in #1816
• [MNG-8306] Fix wrong order in merged xml nodes and double profile injection by @gnodet in #1811
• [MNG-8258] Change the fixed reproducible build outputTimestamp to 1 Feb 1980 by @st...

4.0.0-beta-4

What's Changed

• [MNG-7902] Sort plugins in the validation report by @yuehcw in #1510
• Allow to manually execute GitHub Action by @slawekjaranowski in #1552
• Use Maven Wrapper to build by @slawekjaranowski in #1550
• [MNG-5693] Remove unhelpful links that don't describe failure reasons from output by @elharo in #1545
• [MNG-8136] Update Eclipse Sisu to 0.9.0.M3 by @cstamas in #1546
• [MNG-8135] Fix capital OS name can not activate profile by @liutang123 in #1549
• Fix grammar in validation message by @Bananeweizen in #1544
• Move modelVersion inference to model builder so that it is also effective on consumer models by @gnodet in #1566
• [MNG-8141] Model Builder report issues during build by @cstamas in #1569
• [MNG-8153] Add back missing classes from the v3 api by @gnodet in #1577
• [MNG-8134] Add a @resolution annotation to mojos to inject project dependencies collection / resolution result by @gnodet in #1559
• Remove commons-io:commons-io dependency by @gnodet in #1578
• [MNG-8150] Handle absent source/target files in transfer listener by @pshevche in #1575
• [MNG-8150] Remove unused locale argument from FileSizeFormat by @pshevche in #1579
• [MNG-7758] Report dependency problems for all repository by @slawekjaranowski in #1563
• Remove hardcoded references to woodstox stax implementation by @gnodet in #1585
• [MNG-8160] Recreate the transformed artifact if it has been deleted (by the clean goal for example) by @gnodet in #1587
• [MNG-8164] Session#collectDependencies(Project) does not obey exclusions by @gnodet in #1591
• [MNG-7194] Test missing property evaluation by @pzygielo in #1573
• Fix Toolchain toString() method by @gnodet in #1593
• [MNG-8155] Improve not built error message by @elharo in #1599
• Fix Maven 4 extensions by @gnodet in #1601
• [MNG-8179] Upgrade Parent to 43 by @slawekjaranowski in #1605
• [MNG-8178] Fall back to system properties for missing profile activation context properties by @gnodet in #1609
• [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @cstamas in #1612
• [4.0.x][MNG-8194] Update to Resolver 2.0.1 by @cstamas in #1626
• [MNG-8182] Resolved errors were created based on collect exceptions by @cstamas in #1635
• [MNG-8192] Consistently throw InvalidArtifactRTException for invalid by @kwin in #1637
• [MNG-8197] Use default classifier when Eclipse Aether specifies none by @desruisseaux in #1621
• [API] Expose InputLocation formatter in the XmlFactory by @gnodet in #1616
• [MNG-8132] Fix BOM dependency exclusions by @gnodet in #1622
• [MNG-8180] Handle NPE due non-existent tags by @cstamas in #1639
• [MNG-8180] Back out from failing the build by @cstamas in #1645
• [MNG-8206] Remove bad plugin.xml in maven-compat by @gnodet in #1644
• [MNG-8177] Add contextual info for model warnings by @cstamas in #1636
• [MNG-8010]: Minimize and make generic the README.txt by @hiufung-kwok in #1624
• Fix StringIndexOutOfBoundsException by @gnodet in #1618
• [MNG-8176] Restrict classloader for Maven 4 plugins by @gnodet in #1336
• [MNG-8165] Align mvn.sh script with mvn.cmd by @cstamas in #1648
• [MNG-8165] Get rid of bashism creeped in by @cstamas in #1652
• [MPLUGIN-530] Deprecate requirements in plugin descriptor 1.1.0 by @kwin in #1638
• [MNG-7344] track dependencyManagement import location in effective Model for MPH-183 by @jjkester in #603
• [MNG-8195] Add DependencyResolverResult.getModuleName(Path) method by @desruisseaux in #1625
• [MNG-8196] Make exception messages match Maven 3 again by @oehme in #1628
• [MNG-8172] Fix site building by @gnodet in #1594
• [MNG-8215] Add location tracking for toolchains by @gnodet in #1608
• [MNG-8211] Fail the build if project effective version has expression by @cstamas in #1673
• [MNG-7914] Provide a single entry point for configuration by @gnodet in #1595
• Document that V4 mojo are supposed to be threadsafe by @gnodet in #1675
• [MNG-8181] Provide a variable for maven central repo url, backed by an environment variable by @gnodet in #1615
• [MNG-8214] Improve model velocity template to support subclasses by @kwin in #1660
• [MNG-7914] Add doc for the new maven.properties file by @gnodet in #1674
• Renaming of ArtifactCoordinate.getVersion() + documentation by @gnodet in #1662
• [MNG-8052] New lifecycle for Maven 4 by @gnodet in #1448
• [MNG-8220] Fix loading DI-powered beans from extensions by @gnodet in #1683
• [MNG-7897] Support ${project.rootDirectory} in file profile activation by @gnodet in #1687
• [MNG-8228] Enable Sisu Plexus strict classpath scanning by @kwin in #1688
• [MNG-8218] Always normalize Path in PathSource by @gnodet in #1684
• [MNG-8225] Fully concurrent builder for Maven 4 by @gnodet in #1429
• [MNG-8210] Replace Maven "module" term by "subproject" by @gnodet in #1651
• [MNG-7838] Fix usage of older packaged artifacts from project local repository by @gnodet in #1199
• [MNG-8229][MNG-8090] Fix jenkins build by @gnodet in #1693

Dependencies

• Bump commons-cli:commons-cli from 1.5.0 to 1.8.0 by @dependabot in #1537
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 by @dependabot in #1535
• Bump com.google.guava:guava from 33.2.0-jre to 33.2.1-jre by @dependabot in #1582
• Bump net.bytebuddy:byte-buddy from 1.14.15 to 1.14.17 by @dependabot in #1581
• Bump org.jline:jline from 3.26.1 to 3.26.2 by @dependabot in #1588
• Bump com.fasterxml.woodstox:woodstox-core from 6.6.2 to 7.0.0 by @dependabot in #1590
• Bump org.junit:junit-bom from 5.10.2 to 5.10.3 by @dependabot in #1592
• Bump org.codehaus.woodstox:stax2-api from 4.2.1 to 4.2.2 by @dependabot in #1583
• Bump org.codehaus.plexus:plexus-testing from 1.3.0 to 1.4.0 by @dependabot in #1596
• Bump net.bytebuddy:byte-buddy from 1.14.17 to 1.14.18 by @dependabot in #1602
• Bump resolverVersion from 2.0.0-alpha-11 to 2.0.0 by @dependabot in #1600
• Bump slf4jVersion from 2.0.13 to 2.0.14 by @dependabot in #1629
• Bump org.hamcrest:hamcrest from 2.2 to 3.0 by @dependabot in #1623
• Bump org.jline:jline from 3.26.2 to 3.26.3 by @dependabot in #1619
• Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.21.2 to 0.22.0 by @dependabot in #1620
• Bump slf4jVersion from 2.0.14 to 2.0.16 by @dependabot in #1643
• Bump org.junit:junit-bom from 5.10.3 to 5.11.0 by @dependabot in #1655
• Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @dependabot in #1654
• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 by @dependabot in #1657
• Bump org.assertj:assertj-core from 3.26.0 to 3.26.3 by @dependabot in #1658
• Bump net.bytebuddy:byte-buddy from 1.14.18 to 1.14.19 by @dependabot in #1659
• Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.22.0 to 0.23.0 by @dependabot in #1664
• Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.16.0 by @dependabot in #1677
• Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.1 by @dependabot in http...

3.9.9

Release Notes - Maven - Version 3.9.9

Bug

• [MNG-8159] - Fix search for topDirectory when using -f / --file for Maven 3.9.x
• [MNG-8165] - Maven does not find extensions for -f when current dir is root
• [MNG-8177] - Warning "'dependencyManagement.dependencies.dependency.systemPath' for com.sun:tools:jar refers to a non-existing file C:\Temp\jdk-11.0.23\..\lib\tools.jar"
• [MNG-8178] - Profile activation based on OS properties is broken for "mvn site"
• [MNG-8180] - Resolver will blindly assume it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
• [MNG-8182] - Missing or mismatching Trusted Checksum for some artifacts is not properly reported
• [MNG-8188] - [REGRESSION] Property not resolved in profile pluginManagement

Task

• [MNG-8206] - Remove Maven 2.1 (v 2.0) compatibility bits

Dependency upgrade

• [MNG-8175] - Resolver 1.9.21
• [MNG-8179] - Upgrade Parent to 43
• [MNG-8193] - Resolver 1.9.22
• [MNG-8198] - (build) Animal Sniffer 1.24
• [MNG-8199] - Hamcrest 3.0

What's Changed

• [MNG-8159] Fix search for topDirectory when using -f / --file by @gzm55 in #1589
• [MNG-7194] Test missing property evaluation by @pzygielo in #1570
• [3.9.x] [MNG-8175] Update Resolver to 1.9.21 by @cstamas in #1598
• [MNG-8178] Fall back to system properties for missing profile activation context properties by @kohlschuetter in #1603
• [MNG-8179] Upgrade Parent to 43 by @slawekjaranowski in #1610
• [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @cstamas in #1611
• [3.9.x][MNG-8193] Update to Resolver 1.9.22 by @cstamas in #1627
• [MNG-8199] Hamcrest 3.0 by @cstamas in #1631
• [MNG-8182] Resolved errors were created based on collect exceptions by @cstamas in #1632
• [MNG-8180] Handle NPE due non-existent tags by @cstamas in #1641
• [MNG-8180] Back out from failing the build by @cstamas in #1642
• [MNG-8206] Remove bad plugin.xml from maven-compat by @cstamas in #1646
• [MNG-8177] Add contextual info for model warnings by @cstamas in #1633
• [MNG-8188] Profile properties are not interpolated by @cstamas in #1634
• [MNG-8165] Align mvn.sh script with mvn.cmd by @cstamas in #1647
• [MNG-8165] Get rid of bashism creeped in by @cstamas in #1653

New Contributors

• @gzm55 made their first contribution in #1589
• @kohlschuetter made their first contribution in #1603

Full Changelog: maven-3.9.8...maven-3.9.9