You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by "P. Ottlinger" <po...@apache.org> on 2022/06/13 15:10:12 UTC
[ANNOUNCE] Apache Creadur RAT 0.14 is released

The Apache Creadur Rat team is pleased to announce the release of Apache 
Creadur Rat 0.14

Apache Rat is a release audit tool. It improves accuracy and efficiency 
when checking releases. It is heuristic in nature: making guesses about 
possible problems. It will produce false positives and cannot find every 
possible issue with a release.
Its reports require interpretation.

In response to demands from project quality tool developers, Rat is 
available as a library suitable for inclusion in tools. This POM 
describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.

Apache Rat is developed by the Apache Creadur project, a language and 
build agnostic home for software distribution comprehension and audit tools.

This release contains dependency updates, bugfixes and many improvements 
apart from infrastructure updates at ASF.

Changes in this version include:

New features:
o RAT-288:  Adapt logging output to be more compliant with future Maven 
versions as debug is deprecated and verbose is the recommended way to 
go. Thanks to Michael Osipov.
o RAT-297:  Update maven-reporting-api from 3.0 to 3.1.0 and remove 
usage of deprecated Sink API. Thanks to Michael Osipov.
o RAT-289:  Enable dependabot integration - write access is forbidden, 
but email alerts and pull requests should be ok.
o RAT-279:  Migrate vom Travis CI.org to Travis-ci.com.
o RAT-271:  Move all Creadur projects to new Jenkins infrastructure at 
ASF and migrate from Subversion to Gitbox/Github. Please update your 
repository URLs and use the new default branch master in all projects.
o RAT-270:  Change default behaviour to output erroneous files to 
console. Can be disabled by setting rat.consoleOutput to false.
o RAT-266:  Add .factorypath to Eclipse-default exclusions. Thanks to 
Michael Osipov.
o RAT-254:  Properly finish move to gitbox/github, get rid of SVN 
references and adapt main branch to master and fix all Jenkins build 
jobs for RAT.
o RAT-244:  Update compiler level to 1.7 to allow building with more 
recent JDKs. Update plugins and dependencies to more modern versions to 
fix security issues (CVE-warnings).
o RAT-212:  Add alternative https URLs in Apache License, Version 2.0 to 
allow automatic recognition as valid ASF2.0. Thanks to Niels Basjes.
o RAT-250:  Update to latest available and compatible Apache ANT 1.9.14 
to get bugfixes.
o INFRA-17348: SCM repository has been moved from svn.apache.org 
(Subversion) to gitbox.apache.org (Git)

Fixed Bugs:
o RAT-290:  Update maven-jxr-plugin from 2.5 to 3.2.0. Thanks to dependabot.
o RAT-290:  Update maven-antrun-plugin from 3.0.0 to 3.1.1. Thanks to 
dependabot.
o RAT-290:  Update github actions/checkout from 2 to 3. Thanks to 
dependabot.
o RAT-290:  Update github actions/setup-java from 2.5.0 to 3.3.0. Thanks 
to dependabot.
o RAT-290:  Update maven-pmd-plugin from 3.14.0 to 3.16.0. Thanks to 
dependabot.
o RAT-290:  Update maven-javadoc-plugin from 3.3.1 to 3.4.0. Thanks to 
dependabot.
o RAT-290:  Update maven-compiler-plugin from 3.8.1 to 3.10.1. Thanks to 
dependabot.
o RAT-290:  Update wagon-ssh from 3.5.0 to 3.5.1. Thanks to dependabot.
o RAT-290:  Update maven-site-plugin from 3.9.1 to 3.12.0. Thanks to 
dependabot.
o RAT-290:  Update maven-project-info-reports-plugin from 3.1.1 to 
3.3.0. Thanks to dependabot.
o RAT-290:  Update mockito-core from 3.11.2 to 4.6.0. Thanks to dependabot.
o RAT-290:  Update ASF parent from 23 to 26. Thanks to dependabot.
o RAT-273:  Some tests were based on the assumption, that the value of 
file.encoding
             can be changed on runtime. (Won't work nowadays, beginning 
with Java 16.)
             Removed this assumption in favour of a proper surefire 
configuration.
o RAT-273:  Workaround for an incompatibility in the 
java.io.LineNumberReader, which is
             being replaced by the org.apache.rat.header.LineNumberReader.
o RAT-290:  Update animal-sniffer-maven-plugin from 1.20 to 1.21. Thanks 
to Jin Xu/Xeno Amess.
o RAT-296:  Use Github Actions for matrix builds on Windows and ubuntu 
with JDK 8,11,12,13,14,15. Simplify Travis integration to avoid 
dockerhub-related build failures.
o RAT-274:  Update to latest Apache Ant 1.10.12.
o RAT-291:  Fix links to Travis builds for all creadur projects.
o RAT-290:  Update maven-dependency-plugin from 3.1.1 to 3.2.0. Thanks 
to dependabot.
o RAT-290:  Update plexus-utils from 3.0.21 to 3.4.1. Thanks to dependabot.
o RAT-290:  Update commons-cli from 1.4 to 1.5.0. Thanks to dependabot.
o RAT-290:  Update maven-plugin-annotation and maven-plugin-plugin from 
3.6.1 to 3.6.2. Thanks to dependabot.
o RAT-275:  Update to doxia 1.11.1 in order to get 
CVE-2020-13956-httpclient problem fixes in doxia.
o RAT-283:  Update plugin versions and dependencies in order to run 
properly with Java8 as minimal compiler level.
o RAT-286:  Update to maven-plugin-plugin v3.6.1 in order to circumvent 
error during maven site builds.
o RAT-285:  Update to latest Apache Ant 1.10.11 in order to fix issues 
related to dependency commons-compress in Ant itself.
o RAT-207:  Properly report thread-safeness to Maven. Thanks to Xavier Dury.
o RAT-281:  Update to latest Commons IO to fix CVE-2021-29425 (Moderate 
severity).
o RAT-274:  Update to latest Apache Ant 1.10.10.
o RAT-277:  Update to junit 4.13.1 to fix CVE-2020-15250.
o RAT-158:  Update to new ASF parent 23 in order to get rid of doxia 
version management that generated warnings.
o RAT-274:  Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979. 
Update to JDK8 as minimal version/compiler version.
o RAT-269:  Update to latest Apache Ant to fix CVE-2020-1945.
o RAT-268:  Allow handling of pom-file-only projects by not assuming 
that all modules are in directories. Thanks to Robert Scholte.
o RAT-267:  Report ignored lines from exclusion file to stderr instead 
of std to not generate erroneous JSON. Thanks to Fabio Utzig.
o RAT-262:  Treat JSON data as binary to avoid reports of missing licenses.
o RAT-260:  Change to docker image when building on Travis to avoid JDK 
version mixup in traditional build setup. Thanks to Kamil BreguÅ‚a.
o RAT-258:  Update to latest commons-compress to fix CVE-2019-12402.
o RAT-257:  Adapt help text for CLI usage of RAT.


Historical list of changes: 
https://creadur.apache.org/rat/changes-report.html

=WEBPAGE=
For complete information on Apache Creadur Rat, including instructions 
on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Creadur 
Rat website:

https://creadur.apache.org/rat/

=DOWNLOAD=
Direct download (source, binary and signature files) can be found here:
https://creadur.apache.org/rat/download_rat.cgi

=VERIFICATION=
The KEYS file https://downloads.apache.org/creadur/KEYS links to the 
code signing keys used to sign the product:
https://creadur.apache.org/rat/download_rat.cgi

The PGP link downloads the OpenPGP compatible signature.
The SHA512 links download the checksum.


Enjoy and thanks for your patience

-The Apache Creadur team