You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by "P. Ottlinger" <po...@apache.org> on 2022/06/13 15:10:12 UTC
[ANNOUNCE] Apache Creadur RAT 0.14 is released
The Apache Creadur Rat team is pleased to announce the release of Apache
Creadur Rat 0.14
Apache Rat is a release audit tool. It improves accuracy and efficiency
when checking releases. It is heuristic in nature: making guesses about
possible problems. It will produce false positives and cannot find every
possible issue with a release.
Its reports require interpretation.
In response to demands from project quality tool developers, Rat is
available as a library suitable for inclusion in tools. This POM
describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.
Apache Rat is developed by the Apache Creadur project, a language and
build agnostic home for software distribution comprehension and audit tools.
This release contains dependency updates, bugfixes and many improvements
apart from infrastructure updates at ASF.
Changes in this version include:
New features:
o RAT-288: Adapt logging output to be more compliant with future Maven
versions as debug is deprecated and verbose is the recommended way to
go. Thanks to Michael Osipov.
o RAT-297: Update maven-reporting-api from 3.0 to 3.1.0 and remove
usage of deprecated Sink API. Thanks to Michael Osipov.
o RAT-289: Enable dependabot integration - write access is forbidden,
but email alerts and pull requests should be ok.
o RAT-279: Migrate vom Travis CI.org to Travis-ci.com.
o RAT-271: Move all Creadur projects to new Jenkins infrastructure at
ASF and migrate from Subversion to Gitbox/Github. Please update your
repository URLs and use the new default branch master in all projects.
o RAT-270: Change default behaviour to output erroneous files to
console. Can be disabled by setting rat.consoleOutput to false.
o RAT-266: Add .factorypath to Eclipse-default exclusions. Thanks to
Michael Osipov.
o RAT-254: Properly finish move to gitbox/github, get rid of SVN
references and adapt main branch to master and fix all Jenkins build
jobs for RAT.
o RAT-244: Update compiler level to 1.7 to allow building with more
recent JDKs. Update plugins and dependencies to more modern versions to
fix security issues (CVE-warnings).
o RAT-212: Add alternative https URLs in Apache License, Version 2.0 to
allow automatic recognition as valid ASF2.0. Thanks to Niels Basjes.
o RAT-250: Update to latest available and compatible Apache ANT 1.9.14
to get bugfixes.
o INFRA-17348: SCM repository has been moved from svn.apache.org
(Subversion) to gitbox.apache.org (Git)
Fixed Bugs:
o RAT-290: Update maven-jxr-plugin from 2.5 to 3.2.0. Thanks to dependabot.
o RAT-290: Update maven-antrun-plugin from 3.0.0 to 3.1.1. Thanks to
dependabot.
o RAT-290: Update github actions/checkout from 2 to 3. Thanks to
dependabot.
o RAT-290: Update github actions/setup-java from 2.5.0 to 3.3.0. Thanks
to dependabot.
o RAT-290: Update maven-pmd-plugin from 3.14.0 to 3.16.0. Thanks to
dependabot.
o RAT-290: Update maven-javadoc-plugin from 3.3.1 to 3.4.0. Thanks to
dependabot.
o RAT-290: Update maven-compiler-plugin from 3.8.1 to 3.10.1. Thanks to
dependabot.
o RAT-290: Update wagon-ssh from 3.5.0 to 3.5.1. Thanks to dependabot.
o RAT-290: Update maven-site-plugin from 3.9.1 to 3.12.0. Thanks to
dependabot.
o RAT-290: Update maven-project-info-reports-plugin from 3.1.1 to
3.3.0. Thanks to dependabot.
o RAT-290: Update mockito-core from 3.11.2 to 4.6.0. Thanks to dependabot.
o RAT-290: Update ASF parent from 23 to 26. Thanks to dependabot.
o RAT-273: Some tests were based on the assumption, that the value of
file.encoding
can be changed on runtime. (Won't work nowadays, beginning
with Java 16.)
Removed this assumption in favour of a proper surefire
configuration.
o RAT-273: Workaround for an incompatibility in the
java.io.LineNumberReader, which is
being replaced by the org.apache.rat.header.LineNumberReader.
o RAT-290: Update animal-sniffer-maven-plugin from 1.20 to 1.21. Thanks
to Jin Xu/Xeno Amess.
o RAT-296: Use Github Actions for matrix builds on Windows and ubuntu
with JDK 8,11,12,13,14,15. Simplify Travis integration to avoid
dockerhub-related build failures.
o RAT-274: Update to latest Apache Ant 1.10.12.
o RAT-291: Fix links to Travis builds for all creadur projects.
o RAT-290: Update maven-dependency-plugin from 3.1.1 to 3.2.0. Thanks
to dependabot.
o RAT-290: Update plexus-utils from 3.0.21 to 3.4.1. Thanks to dependabot.
o RAT-290: Update commons-cli from 1.4 to 1.5.0. Thanks to dependabot.
o RAT-290: Update maven-plugin-annotation and maven-plugin-plugin from
3.6.1 to 3.6.2. Thanks to dependabot.
o RAT-275: Update to doxia 1.11.1 in order to get
CVE-2020-13956-httpclient problem fixes in doxia.
o RAT-283: Update plugin versions and dependencies in order to run
properly with Java8 as minimal compiler level.
o RAT-286: Update to maven-plugin-plugin v3.6.1 in order to circumvent
error during maven site builds.
o RAT-285: Update to latest Apache Ant 1.10.11 in order to fix issues
related to dependency commons-compress in Ant itself.
o RAT-207: Properly report thread-safeness to Maven. Thanks to Xavier Dury.
o RAT-281: Update to latest Commons IO to fix CVE-2021-29425 (Moderate
severity).
o RAT-274: Update to latest Apache Ant 1.10.10.
o RAT-277: Update to junit 4.13.1 to fix CVE-2020-15250.
o RAT-158: Update to new ASF parent 23 in order to get rid of doxia
version management that generated warnings.
o RAT-274: Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979.
Update to JDK8 as minimal version/compiler version.
o RAT-269: Update to latest Apache Ant to fix CVE-2020-1945.
o RAT-268: Allow handling of pom-file-only projects by not assuming
that all modules are in directories. Thanks to Robert Scholte.
o RAT-267: Report ignored lines from exclusion file to stderr instead
of std to not generate erroneous JSON. Thanks to Fabio Utzig.
o RAT-262: Treat JSON data as binary to avoid reports of missing licenses.
o RAT-260: Change to docker image when building on Travis to avoid JDK
version mixup in traditional build setup. Thanks to Kamil Breguła.
o RAT-258: Update to latest commons-compress to fix CVE-2019-12402.
o RAT-257: Adapt help text for CLI usage of RAT.
Historical list of changes:
https://creadur.apache.org/rat/changes-report.html
=WEBPAGE=
For complete information on Apache Creadur Rat, including instructions
on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Creadur
Rat website:
https://creadur.apache.org/rat/
=DOWNLOAD=
Direct download (source, binary and signature files) can be found here:
https://creadur.apache.org/rat/download_rat.cgi
=VERIFICATION=
The KEYS file https://downloads.apache.org/creadur/KEYS links to the
code signing keys used to sign the product:
https://creadur.apache.org/rat/download_rat.cgi
The PGP link downloads the OpenPGP compatible signature.
The SHA512 links download the checksum.
Enjoy and thanks for your patience
-The Apache Creadur team