You are viewing a plain text version of this content. The canonical link for it is here.
Posted to site-commits@maven.apache.org by sv...@apache.org on 2019/06/09 13:59:37 UTC
svn commit: r1860906 [20/22] - in /maven/website/content: ./
apache-resource-bundles/ archives/maven-2.x/ background/ developers/
developers/conventions/ developers/release/ developers/website/ docs/
docs/2.0.1/ docs/2.0.10/ docs/2.0.11/ docs/2.0.2/ do...
Modified: maven/website/content/pom/index.html
==============================================================================
--- maven/website/content/pom/index.html (original)
+++ maven/website/content/pom/index.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/apt/pom/index.apt.vm at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/apt/pom/index.apt.vm at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -122,7 +122,7 @@ Karl Heinz Marbaise" />
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Parent_POMs"></a>Parent POMs</h2>
<p>Common configurations are provided in parent POMs</p>
<table border="1" class="table table-striped">
@@ -134,7 +134,7 @@ Karl Heinz Marbaise" />
<th align="left"><b>Source Repository</b></th>
<th align="left"><b>Issue Tracking</b></th></tr>
<tr class="b">
-<td align="left"><a href="./asf/"> <tt>ASF</tt></a></td>
+<td align="left"><a href="./asf/"> <code>ASF</code></a></td>
<td align="left">21</td>
<td align="left">2018-08-22</td>
<td align="left">ASF wide configuration.</td>
@@ -148,41 +148,41 @@ Karl Heinz Marbaise" />
<td align="left"><a class="externalLink" href="http://gitbox.apache.org/repos/asf/maven-parent/">Git</a> / <a class="externalLink" href="https://github.com/apache/maven-parent/">GitHub</a></td>
<td align="left"></td></tr>
<tr class="b">
-<td align="left"><a href="./maven/"> <tt>Maven</tt></a></td>
+<td align="left"><a href="./maven/"> <code>Maven</code></a></td>
<td align="left"></td>
<td align="left"></td>
<td align="left">Maven wide configuration.</td>
<td align="left"></td>
<td align="left"><a class="externalLink" href="https://issues.apache.org/jira/browse/MPOM/component/12314371">Jira MPOM</a></td></tr>
<tr class="a">
-<td align="left"><a href="./maven-plugins/"> <tt>Maven Plugins</tt></a></td>
+<td align="left"><a href="./maven-plugins/"> <code>Maven Plugins</code></a></td>
<td align="left"></td>
<td align="left"></td>
<td align="left"><a href="/plugins/">Maven plugins</a> configuration.</td>
<td align="left"></td>
<td align="left"><a class="externalLink" href="https://issues.apache.org/jira/browse/MPOM/component/12314501">Jira MPOM</a></td></tr>
<tr class="b">
-<td align="left"><a href="./maven-shared-components/"> <tt>Maven Shared Components</tt></a></td>
+<td align="left"><a href="./maven-shared-components/"> <code>Maven Shared Components</code></a></td>
<td align="left"></td>
<td align="left"></td>
<td align="left"><a href="/shared/">Maven shared components</a> configuration.</td>
<td align="left"></td>
<td align="left"><a class="externalLink" href="https://issues.apache.org/jira/browse/MPOM/component/12314801">Jira MPOM</a></td></tr>
<tr class="a">
-<td align="left"><a href="./skins/"> <tt>Maven Skins</tt></a></td>
+<td align="left"><a href="./skins/"> <code>Maven Skins</code></a></td>
<td align="left"></td>
<td align="left"></td>
<td align="left"><a href="/skins/">Maven skins</a> configuration.</td>
<td align="left"></td>
<td align="left"><a class="externalLink" href="https://issues.apache.org/jira/browse/MPOM/component/12317104">Jira MPOM</a></td></tr>
<tr class="b">
-<td align="left"><a href="/apache-resource-bundles/"> <tt>Apache Resource Bundles</tt></a></td>
+<td align="left"><a href="/apache-resource-bundles/"> <code>Apache Resource Bundles</code></a></td>
<td align="left"></td>
<td align="left"></td>
<td align="left">A set of resources to help you building Java resources compliant with Apache rules.</td>
<td align="left"></td>
<td align="left"><a class="externalLink" href="https://issues.apache.org/jira/browse/MASFRES">Jira MASFRES</a></td></tr></table>
-<p>Parent POMs reference documentations are <a href="../pom-archives/">archived here</a>.</p></div>
+<p>Parent POMs reference documentations are <a href="../pom-archives/">archived here</a>.</p></section>
</div>
</div>
</div>
Modified: maven/website/content/privacy-policy.html
==============================================================================
--- maven/website/content/privacy-policy.html (original)
+++ maven/website/content/privacy-policy.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/privacy-policy.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/privacy-policy.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -118,7 +118,7 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Privacy_Policy"></a>Privacy Policy</h2>
<p>Information about your use of this website is collected using server access logs and a tracking cookie. The collected information consists of the following:</p>
<ol style="list-style-type: decimal">
@@ -131,7 +131,7 @@
</ol>
<p>Part of this information is gathered using a tracking cookie set by the <a class="externalLink" href="https://www.google.com/analytics/">Google Analytics</a> service and handled by Google as described in their <a class="externalLink" href="https://www.google.com/privacy.html">privacy policy</a>. See your browser documentation for instructions on how to disable the cookie if you prefer not to share this data with Google.</p>
<p>We use the gathered information to help us make our site more useful to visitors and to better understand how and when our site is used. We do not track or collect personally identifiable information or associate gathered data with any personally identifying information from other sources.</p>
-<p>By using this website, you consent to the collection of this data in the manner and for the purpose described above.</p></div>
+<p>By using this website, you consent to the collection of this data in the manner and for the purpose described above.</p></section>
</div>
</div>
</div>
Modified: maven/website/content/project-faq.html
==============================================================================
--- maven/website/content/project-faq.html (original)
+++ maven/website/content/project-faq.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/fml/project-faq.fml at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/fml/project-faq.fml at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -125,12 +125,12 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Frequently_Asked_Questions_About_Project_Metadata"></a><a name="top">Frequently Asked Questions About Project Metadata</a></h2>
<ol style="list-style-type: decimal">
<li><a href="#why-care">Why do I care?</a></li>
<li><a href="#how-to-improve-metadata">How do I make sure my project's dependency metadata is correct?</a></li>
-<li><a href="#how-to-automatically-sync">How do I ensure my latest releases automatically appear in the Central Maven repository?</a></li></ol></div>
+<li><a href="#how-to-automatically-sync">How do I ensure my latest releases automatically appear in the Central Maven repository?</a></li></ol></section>
<dl>
<dt><a name="why-care">Why do I care?</a></dt>
<dd>
Modified: maven/website/content/project-info.html
==============================================================================
--- maven/website/content/project-info.html (original)
+++ maven/website/content/project-info.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from org.apache.maven.plugins:maven-site-plugin:3.7.1:CategorySummaryDocumentRenderer at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from org.apache.maven.plugins:maven-site-plugin:3.7.1:CategorySummaryDocumentRenderer at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -127,10 +127,9 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Project_Information"></a>Project Information</h2>
-<p>This document provides an overview of the various documents and links that are part of this project's general information. All of this content is automatically generated by <a class="externalLink" href="http://maven.apache.org">Maven</a> on behalf of the project.</p>
-<div class="section">
+<p>This document provides an overview of the various documents and links that are part of this project's general information. All of this content is automatically generated by <a class="externalLink" href="http://maven.apache.org">Maven</a> on behalf of the project.</p><section>
<h3><a name="Overview"></a>Overview</h3>
<table border="0" class="table table-striped">
<tr class="a">
@@ -153,7 +152,7 @@
<td>This document provides information on the issue management system used in this project.</td></tr>
<tr class="a">
<td><a href="ci-management.html">CI Management</a></td>
-<td>This is a link to the definitions of all continuous integration processes that builds and tests code on a frequent, regular basis.</td></tr></table></div></div>
+<td>This is a link to the definitions of all continuous integration processes that builds and tests code on a frequent, regular basis.</td></tr></table></section></section>
</div>
</div>
</div>
Modified: maven/website/content/project-roles.html
==============================================================================
--- maven/website/content/project-roles.html (original)
+++ maven/website/content/project-roles.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/project-roles.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/project-roles.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -140,14 +140,11 @@ under the License.
<p>The Apache Maven project is not just the software it produces. The Apache Foundation has a phrase: “Community over code” which is about how it is the community that grows around a project that is the most important thing.</p>
<p>Everyone reading this is part of the Apache Maven community, and even if you are an invisible part of the Apache Maven community you are still part of the community.</p>
<p>There are many ways we can sort the people in our community, we present the following as one such way. Please do not take offence if you disagree with this categorisation. It is important to remember that we are a <i>community</i> not a <i>clique</i> so you are entitled to disagree with others in the community.</p>
-<p><i>Note:</i> the right to disagree with other people’s opinions comes with the responsibility not to deliberately cause offence or discord.</p>
-<div class="section">
-<h2><a name="Informal_roles"></a>Informal roles</h2>
-<div class="section">
+<p><i>Note:</i> the right to disagree with other people’s opinions comes with the responsibility not to deliberately cause offence or discord.</p><section>
+<h2><a name="Informal_roles"></a>Informal roles</h2><section>
<h3><a name="Lurkers"></a>Lurkers</h3>
<p>People who do not use Maven at all, but have an interest in the project. This can include people who are developing competing software tools to Apache Maven.</p>
-<p>It would be great if the lurkers would come out of the shadows and make themselves visible, but every community needs its lurkers, so if you are a lurker sulking about on the fringes of the Apache Maven project, know that you are a valued member of our community. If you ever feel the need to change your role, we will welcome you with open arms… (and if we don’t welcome you with open arms, please advise the <a class="externalLink" href="mailto:private@maven.apache.org">Project management committee</a> who are responsible for ensuring that the community is a healthy one)</p></div>
-<div class="section">
+<p>It would be great if the lurkers would come out of the shadows and make themselves visible, but every community needs its lurkers, so if you are a lurker sulking about on the fringes of the Apache Maven project, know that you are a valued member of our community. If you ever feel the need to change your role, we will welcome you with open arms… (and if we don’t welcome you with open arms, please advise the <a class="externalLink" href="mailto:private@maven.apache.org">Project management committee</a> who are responsible for ensuring that the community is a healthy one)</p></section><section>
<h3><a name="Consumers"></a>Consumers</h3>
<p>People who use Maven, but do not actively join the community. This does not include people who are: subscribed to one of the Maven mailing lists; active in a Maven user community (e.g. something like <a class="externalLink" href="https://stackoverflow.com/questions/tagged/maven">stackoverflow</a>; submitting bug reports; etc.).</p>
<p>Maybe Apache Maven is the perfect product for you and does exactly what you need and want, and you never have a need to ask questions about how to use Maven as it is immediately obvious to you how one is supposed to use Maven… If that is the case, could you please consider taking a more active role in our community, as Maven is none of the above to our minds and you might have a point of view that we have missed.</p>
@@ -157,8 +154,7 @@ under the License.
<li>Submitting bug reports is the best way to let us know about bugs,</li>
<li>Asking questions on the <a class="externalLink" href="mailto:users@maven.apache.org">Users Mailing List</a> is the best way get answers to questions.</li>
</ul>
-<p>As a last resort, other Maven user communities are another route to getting more involved in the Maven community, but keep in mind that Apache Foundation projects are supposed to encourage the community at the ASF, so you will get more eyes and a quicker response if you engage directly with the ASF hosted community.</p></div>
-<div class="section">
+<p>As a last resort, other Maven user communities are another route to getting more involved in the Maven community, but keep in mind that Apache Foundation projects are supposed to encourage the community at the ASF, so you will get more eyes and a quicker response if you engage directly with the ASF hosted community.</p></section><section>
<h3><a name="Users"></a>Users</h3>
<p>People who use Maven and have joined the community. This includes people who have:</p>
<ul>
@@ -169,8 +165,7 @@ under the License.
</ul>
<p>We hope your bug report has received some attention. If it hasn’t, why don’t you see if you can fix the issue yourself and submit a patch?</p>
<p>We hope your question was answered. If it hasn’t, think of all the other users who’s questions sit unanswered, how many of them do you know an answer for (even if only a partial answer)? Why don’t you respond to their questions with the answers you know? If everybody did that, your question would have an answer. Pay it forward!</p>
-<p>We hope your experience in one of the other Maven user communities is a positive one, so why not join the canonical Maven user community and subscribe to the <a class="externalLink" href="mailto:users@maven.apache.org">Maven user list</a>?</p></div>
-<div class="section">
+<p>We hope your experience in one of the other Maven user communities is a positive one, so why not join the canonical Maven user community and subscribe to the <a class="externalLink" href="mailto:users@maven.apache.org">Maven user list</a>?</p></section><section>
<h3><a name="Contributors"></a>Contributors</h3>
<p>People who use Maven, have joined the Maven community and contribute back to the community. This includes people who:</p>
<ul>
@@ -181,20 +176,16 @@ under the License.
<li>Help curate bug reports by identifying duplicate reports, or related issues.</li>
</ul>
<p>We wrote <a href="/guides/development/guide-helping.html">a guide for contributors</a>.</p>
-<p>Keep up the contributions, you are a critical member of our community. If we like what we see, we may even ask you to consider taking a formal role in our project.</p></div></div>
-<div class="section">
-<h2><a name="Formal_roles"></a>Formal roles</h2>
-<div class="section">
+<p>Keep up the contributions, you are a critical member of our community. If we like what we see, we may even ask you to consider taking a formal role in our project.</p></section></section><section>
+<h2><a name="Formal_roles"></a>Formal roles</h2><section>
<h3><a name="Committers"></a><a class="externalLink" href="https://www.apache.org/foundation/how-it-works.html#committers">Committers</a></h3>
<p>These are those people who have been given write access to the Apache Maven code repository and have a signed <a class="externalLink" href="https://www.apache.org/licenses/#clas">Contributor License Agreement (CLA)</a> on file with the ASF.</p>
<p>The Apache Maven project uses a Commit then Review policy and has <a href="/developers/index.html#Developers_Conventions">a number of conventions</a> which should be followed.</p>
<p>Committers are responsible for ensuring that every file they commit is covered by a valid CLA.</p>
-<p>Committers who would like to become PMC members should try to find ways to demonstrate the responsibilities listed in the PMC Members section in order to make it easier for PMC members to decide that the committer is ready for the responsibility.</p></div>
-<div class="section">
+<p>Committers who would like to become PMC members should try to find ways to demonstrate the responsibilities listed in the PMC Members section in order to make it easier for PMC members to decide that the committer is ready for the responsibility.</p></section><section>
<h3><a name="Emeritus_committers"></a>Emeritus committers</h3>
<p>If a committer decides that they cannot currently continue with the responsibilities of a committer, they may elect to go emeritus.</p>
-<p>At any time, an emeritus committer for the Apache Maven project may decide that they want to become an active committer again by informing the <a class="externalLink" href="mailto:private@maven.apache.org">project management committee</a>. The current policy is that committer role reinstatement is automatic.</p></div>
-<div class="section">
+<p>At any time, an emeritus committer for the Apache Maven project may decide that they want to become an active committer again by informing the <a class="externalLink" href="mailto:private@maven.apache.org">project management committee</a>. The current policy is that committer role reinstatement is automatic.</p></section><section>
<h3><a name="Project_Management_Committee"></a><a class="externalLink" href="https://www.apache.org/foundation/how-it-works.html#pmc-members">Project Management Committee</a></h3>
<p>The Project Management Committee as a whole is the entity that controls the project. Membership of the Project Management Committee is decided by the board of the Apache Software Foundation, based on nominations from the Project Management Committee.</p>
<p>It is a long standing tradition of the Apache Maven Project that the Project Management Committee reviews the active committers approximately every 6 months with a view to determining whether any of those committers would be suitable candidates to recommend to the board for inclusion on the PMC. It should be noted that this is simply a tradition and not a right. There are significant responsibilities that accompany the PMC role and as such, if a person is not demonstrating those responsibilities, they may not be nominated or their nomination may be rejected by the board. Such decisions are not a reflection of the technical competence of the person, and indeed the person themselves may even decide to turn down the nomination. For that reason the results of such periodic reviews are kept confidential.</p>
@@ -213,11 +204,9 @@ under the License.
<li>Voting on release artifacts;</li>
<li>Ensure <a href="/developers/index.html#Developers_Conventions">Developers Conventions</a> are followed, or updated/improved if necessary;</li>
<li>Knows and respects the goals and processes of the community and helps educate newer members about them.</li>
-</ul>
-<div class="section">
+</ul><section>
<h4><a name="Standards_for_Community_Commitment"></a>Standards for Community Commitment</h4>
-<p>In the spirit of supporting the health of our community, Project Management Committee members refrain from actions that subvert the functioning of the committee itself.</p></div>
-<div class="section">
+<p>In the spirit of supporting the health of our community, Project Management Committee members refrain from actions that subvert the functioning of the committee itself.</p></section><section>
<h4><a name="Promotion_of_other_projects"></a>Promotion of other projects</h4>
<p>The Apache Foundation currently does not have a policy requiring projects to cross-promote. For example Subversion is an Apache project, yet projects are free to choose from Subversion and Git (a non-Apache project) for source control.</p>
<p>When considering integration of technologies within Maven, there is thus no requirement that other Apache projects be picked over non-Apache projects.</p>
@@ -229,8 +218,7 @@ under the License.
<li>A strong preference on behalf of the portion of the community that will be doing the integration.</li>
</ul>
<p>Where a PMC member is advocating a specific technology, they should declare any interest / involvement that they have in that technology or a competing technology - irrespective of whether the project is an Apache project or a project hosted elsewhere.</p>
-<p>PMC members with a stated interest / involvement should try to abstain from making binding votes in either direction with respect to the relevant technology choices.</p></div>
-<div class="section">
+<p>PMC members with a stated interest / involvement should try to abstain from making binding votes in either direction with respect to the relevant technology choices.</p></section><section>
<h4><a name="Forks_of_the_project_codebase"></a>Forks of the project codebase</h4>
<p>All code that gets released by the community should have sufficient opportunity for review both:</p>
<ul>
@@ -241,13 +229,12 @@ under the License.
<p>It is self evident that the opportunity for review is much greater if the code is committed to the project’s source control as early as possible. Similarly small commits are easier to review than large commits.</p>
<p>There is nothing inherently wrong with maintaining a fork of the Maven codebase outside of the Apache Foundation. Individual developers can have their own style of working and may prefer to work in a fork so that they can throw away failed experiments with less visibility (though it could be argued that the visibility of such failed experiments can be valuable documentation for others). As soon as changes in that fork are identified (by the people maintaining the fork) which should be brought back to the project those changes should be introduced into at least a branch hosted on the Apache Maven source control in order to facilitate the easier review by the community. The PMC should encourage by example the early committing of such changes from a fork (that they are involved in maintaining) back to Apache Maven source control.</p>
<p>Similarly, if a fork is being hosted elsewhere in order to get contributions from other talented individuals, the PMC members should endeavour to bring those individuals and their talent to the project as committers.</p>
-<p>Finally, where a fork is hosted outside of Apache hardware, there is less traceability of the code provenance, for example Git commits can be squashed and history re-written to mask or otherwise hide the source of contributions. This does not mean that code coming from an external fork inherently has such issues, instead it means that the requirements for review and verification of provenance grow exponentially when dealing with large sets of changes originating from a long running fork hosted outside of Apache foundation source control. Anybody maintaining a long running fork should be aware of the risk that review obligations may grow above the time capabilities of the PMC and committers such that when they eventually decide to try and bring the changes in their fork back to the Apache Maven project their contribution may end up being rejected on the basis of the review of a large set of changes being too difficult/time-consuming.</p></div></div>
-<div class="section">
+<p>Finally, where a fork is hosted outside of Apache hardware, there is less traceability of the code provenance, for example Git commits can be squashed and history re-written to mask or otherwise hide the source of contributions. This does not mean that code coming from an external fork inherently has such issues, instead it means that the requirements for review and verification of provenance grow exponentially when dealing with large sets of changes originating from a long running fork hosted outside of Apache foundation source control. Anybody maintaining a long running fork should be aware of the risk that review obligations may grow above the time capabilities of the PMC and committers such that when they eventually decide to try and bring the changes in their fork back to the Apache Maven project their contribution may end up being rejected on the basis of the review of a large set of changes being too difficult/time-consuming.</p></section></section><section>
<h3><a name="Project_Management_Chair"></a><a class="externalLink" href="https://www.apache.org/foundation/how-it-works.html#pmc-chair">Project Management Chair</a></h3>
<p>For various legal reasons, there are certain things that the Apache Software Foundation can only delegate to an officer of the foundation.</p>
<p>The Project Management Committee is responsible for nominating the lucky victim who gets made an officer of the foundation (subject to the approval of the board).</p>
<p>This person then becomes the interface between the board and the project management committee. They do not have any other additional gravitas in the project, it is the Project Management Committee as a whole that is responsible for the direction of the project.</p>
-<p>If things break down and there is no consensus and there is no clear ability to reach any conclusion <i>and</i> it is in the interest of the foundation because damage is done and the board expects the chair to act as an officer of the foundation and clean things up, then the chair can act as an ultimate decision maker, however, by this point the board of the foundation must already be well aware of the situation and should be actively monitoring the chair.</p></div></div>
+<p>If things break down and there is no consensus and there is no clear ability to reach any conclusion <i>and</i> it is in the interest of the foundation because damage is done and the board expects the chair to act as an officer of the foundation and clean things up, then the chair can act as an ultimate decision maker, however, by this point the board of the foundation must already be well aware of the situation and should be actively monitoring the chair.</p></section></section>
</div>
</div>
</div>
Modified: maven/website/content/reference/maven-classloading.html
==============================================================================
--- maven/website/content/reference/maven-classloading.html (original)
+++ maven/website/content/reference/maven-classloading.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/reference/maven-classloading.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/reference/maven-classloading.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -119,21 +119,18 @@
</div>
<div id="bodyColumn" class="span10" >
<h1>Maven classloading</h1>
-<p><img src="maven-classloading.png" alt="" /></p>
-<div class="section">
+<p><img src="maven-classloading.png" alt="" /></p><section>
<h2><a name="ClassWorlds_bootstrap_classloader"></a>ClassWorlds bootstrap classloader</h2>
<p>This classloader is created and managed by the calling environment: JVM launcher, integration testing harness, etc.</p>
-<p>During normal command line Maven invocation this is the JVM System classloader and contains classes from <tt>${maven.home}/boot/plexus-classworlds-*.jar</tt> and classes from <tt>-javaagent</tt>.</p></div>
-<div class="section">
+<p>During normal command line Maven invocation this is the JVM System classloader and contains classes from ${maven.home}/boot/plexus-classworlds-*.jar and classes from -javaagent.</p></section><section>
<h2><a name="Maven_Core_classloader"></a>Maven Core classloader</h2>
<p>This classloader contains core Maven runtime classes like MavenProject, AsbtractMojo and so on. This is the classloader set as the “container realm” in the Plexus container instance unless Maven Extensions classloader is created (see below).</p>
-<p>Contents of this classloader are configured in <tt>${maven.home}/bin/m2.conf</tt> and typically contains <tt>${maven.home}/lib/ext/*.jar</tt> and <tt>${maven.home}/lib/*.jar</tt>.</p></div>
-<div class="section">
+<p>Contents of this classloader are configured in ${maven.home}/bin/m2.conf and typically contains ${maven.home}/lib/ext/*.jar and ${maven.home}/lib/*.jar.</p></section><section>
<h2><a name="Maven_Core_Extensions_classloaders"></a>Maven Core Extensions classloaders</h2>
<p>Core Extensions is a new mechanism introduced in Maven 3.3.0 which allows additional components to be loaded into Maven Core as part of a build session.</p>
<p>Each core extension is loaded in a separate classloader and there is no mechanism to share classes among core extensions. Core extensions classloaders use Maven Core classloader as the parent and have access to both exported and internal Maven Core classes.</p>
-<p>Core extension can use <tt>META-INF/maven/extension.xml</tt> descriptor to declare packages and artifacts exported by the extension. If the descriptor is not present, no packages or artifacts are exported, but the extension can still contribute components to Maven Core extension points.</p>
-<p>Core extensions are configured in <tt>${maven.projectBasedir}/.mvn/extensions.xml</tt> configuration file.</p>
+<p>Core extension can use META-INF/maven/extension.xml descriptor to declare packages and artifacts exported by the extension. If the descriptor is not present, no packages or artifacts are exported, but the extension can still contribute components to Maven Core extension points.</p>
+<p>Core extensions are configured in ${maven.projectBasedir}/.mvn/extensions.xml configuration file.</p>
<div>
<div>
@@ -149,35 +146,29 @@
</extensions>
</pre></div></div>
-<p>Core extensions are loaded as part of Maven runtime startup and disposed of as part of Maven runtime shutdown.</p></div>
-<div class="section">
+<p>Core extensions are loaded as part of Maven runtime startup and disposed of as part of Maven runtime shutdown.</p></section><section>
<h2><a name="Maven_extensions_classloader"></a>Maven extensions classloader</h2>
-<p>Maven extensions classloader aggregates packages exported by core extensions realms. It also loads additional classpath entries specified in <tt>-Dmaven.ext.class.path</tt> command line parameter.</p>
-<p>Maven extensions classloader is created only when core extensions are configured for the build. If created, it will be set as “container realm” in the Plexus container.</p></div>
-<div class="section">
+<p>Maven extensions classloader aggregates packages exported by core extensions realms. It also loads additional classpath entries specified in -Dmaven.ext.class.path command line parameter.</p>
+<p>Maven extensions classloader is created only when core extensions are configured for the build. If created, it will be set as “container realm” in the Plexus container.</p></section><section>
<h2><a name="Maven_API_classloader"></a>Maven API classloader</h2>
<p>Maven API classloader aggregates exported packages from Maven Core and Maven Core Extensions classloaders. Maven API classloader does not include any classes directly.</p>
-<p>Maven API uses approximate JVM Bootstrap classloader as its parent. (there is no API to access JVM Bootstrap classloader, implementation uses <tt>ClassLoader.getSystemClassLoader().getParent()</tt>). The parent classloader does not contain any application or javaagent classes, which allows for consistent Maven API classpath regardless how Maven JVM was launched.</p></div>
-<div class="section">
+<p>Maven API uses approximate JVM Bootstrap classloader as its parent. (there is no API to access JVM Bootstrap classloader, implementation uses ClassLoader.getSystemClassLoader().getParent()). The parent classloader does not contain any application or javaagent classes, which allows for consistent Maven API classpath regardless how Maven JVM was launched.</p></section><section>
<h2><a name="Build_Extension_classloaders"></a>Build Extension classloaders</h2>
-<p>Modern Maven 3.x build extensions are build extensions that either consist of multiple artifacts or have <tt>META-INF/maven/extension.xml</tt>. Each modern build extension is loaded in a a fully isolated classloader, i.e. it is not possible to share classes or inject components among extensions.</p>
+<p>Modern Maven 3.x build extensions are build extensions that either consist of multiple artifacts or have META-INF/maven/extension.xml. Each modern build extension is loaded in a a fully isolated classloader, i.e. it is not possible to share classes or inject components among extensions.</p>
<p>Maven guarantees that each distinct modern build extension (as identified by plugin groupId, artifactId, version and set of dependecies) is loaded by one and only one extensions classloader and the classloader is wired to all projects that use the extension.</p>
-<p>Build extension classloaders use ClassWorld bootstrap classloader as the parent, which allows build extensions access to <tt>-javaagent</tt> classes.</p></div>
-<div class="section">
+<p>Build extension classloaders use ClassWorld bootstrap classloader as the parent, which allows build extensions access to -javaagent classes.</p></section><section>
<h2><a name="Project_classloaders"></a>Project classloaders</h2>
<p>Project classloader aggregates Maven API packages, packages exported by project build extensions.</p>
-<p>Project classloaders use Maven API classloader as the parent and import exported classes from project build extension realms. Legacy Maven 2.x build extensions, i.e. extensions that consist of single artifact which does not include <tt>META-INF/maven/extension.xml</tt> descriptor, are directly in project classloaders.</p>
-<p>Maven guarantees there will be one and only one project classloader for each unique set of project build extensions and the same classloader will be used by all projects that have the set of build extensions.</p></div>
-<div class="section">
+<p>Project classloaders use Maven API classloader as the parent and import exported classes from project build extension realms. Legacy Maven 2.x build extensions, i.e. extensions that consist of single artifact which does not include META-INF/maven/extension.xml descriptor, are directly in project classloaders.</p>
+<p>Maven guarantees there will be one and only one project classloader for each unique set of project build extensions and the same classloader will be used by all projects that have the set of build extensions.</p></section><section>
<h2><a name="Plugin_classloaders"></a>Plugin classloaders</h2>
<p>Plugin classloaders are wired differently for projects with and without build extensions.</p>
<p>For projects without build extensions, single classloader is created for each plugin identified by groupId:artifactId:version and the classloader imports API packages from Maven API classloader. Maven will create one and only one classloader for each unique plugin+dependency combination.</p>
<p>For projects that use build extensions, plugin classloaders are wired to project classloaders. This gives plugin code access to both Maven API packages and packages exported by the project build extensions. Maven will create one and only one classlaoder for each unique plugin+dependencies+build-extensions combination.</p>
-<p>All plugin classloaders use ClassWorlds bootstrap classloader as the parent. This provides relatively clean and therefore consistent plugin classpath, while still allowing plugins access to <tt>-javaagent</tt> classes (see <a class="externalLink" href="https://issues.apache.org/jira/browse/MNG-4747">MNG-4747</a>).</p>
-<p>Reporting plugins are wired differently still, but reporting plugins are a special case and are outside of the scope of this document.</p></div>
-<div class="section">
+<p>All plugin classloaders use ClassWorlds bootstrap classloader as the parent. This provides relatively clean and therefore consistent plugin classpath, while still allowing plugins access to -javaagent classes (see <a class="externalLink" href="https://issues.apache.org/jira/browse/MNG-4747">MNG-4747</a>).</p>
+<p>Reporting plugins are wired differently still, but reporting plugins are a special case and are outside of the scope of this document.</p></section><section>
<h2><a name="Exported_artifacts_and_packages"></a>Exported artifacts and packages</h2>
-<p>Maven Core, Session and Build Extensions use <tt>META-INF/maven/extension.xml</tt> descriptor to declare API packages and artifacts exported by the classloader.</p>
+<p>Maven Core, Session and Build Extensions use META-INF/maven/extension.xml descriptor to declare API packages and artifacts exported by the classloader.</p>
<div>
<div>
@@ -197,7 +188,7 @@
<exportedArtifact>org.company:myextension</exportedArtifact>
</exportedArtifacts>
</extension>
-</pre></div></div></div>
+</pre></div></div></section>
</div>
</div>
</div>
Modified: maven/website/content/release-notes-all.html
==============================================================================
--- maven/website/content/release-notes-all.html (original)
+++ maven/website/content/release-notes-all.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/release-notes-all.md.vm at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/release-notes-all.md.vm at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
Modified: maven/website/content/repository-management.html
==============================================================================
--- maven/website/content/repository-management.html (original)
+++ maven/website/content/repository-management.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/repository-management.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/repository-management.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -118,19 +118,17 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Best_Practice_-_Using_a_Repository_Manager"></a>Best Practice - Using a Repository Manager</h2>
<p>A repository manager is a dedicated server application designed to manage repositories of binary components.</p>
-<p>The usage of a repository manager is considered an essential best practice for any significant usage of Maven.</p>
-<div class="section">
+<p>The usage of a repository manager is considered an essential best practice for any significant usage of Maven.</p><section>
<h3><a name="Purpose"></a>Purpose</h3>
<p>A repository manager serves these essential purposes:</p>
<ul>
<li>act as dedicated proxy server for public Maven repositories (see <a href="./guides/mini/guide-mirror-settings.html">Maven Guide to Mirror Settings</a>)</li>
<li>provide repositories as a deployment destination for your Maven project outputs</li>
-</ul></div>
-<div class="section">
+</ul></section><section>
<h3><a name="Benefits_and_Features"></a>Benefits and Features</h3>
<p>Using a repository manager provides the following benefits and features:</p>
<ul>
@@ -141,8 +139,7 @@
<li>potential for control of consumed and provided artifacts</li>
<li>creates a central storage and access to artifacts and meta data about them exposing build outputs to consumer such as other projects and developers, but also QA or operations teams or even customers</li>
<li>provides an effective platform for exchanging binary artifacts within your organization and beyond without the need for building artifact from source</li>
-</ul></div>
-<div class="section">
+</ul></section><section>
<h3><a name="Available_Repository_Managers"></a>Available Repository Managers</h3>
<p>The following list (alphabetical order) of open source and commercial repository managers are known to support the repository format used by Maven. Please refer to the respective linked web sites for further information about repository management in general and the features provided by these products.</p>
<ul>
@@ -155,7 +152,7 @@
<li><a class="externalLink" href="https://www.sonatype.org/nexus/go/" target="_blank" rel="nofollow">Sonatype Nexus OSS</a> (open source)</li>
<li><a class="externalLink" href="https://links.sonatype.com/products/nexus/pro/home" target="_blank" rel="nofollow">Sonatype Nexus Pro</a> (commercial)</li>
<li><a class="externalLink" href="https://packagecloud.io" target="_blank" rel="nofollow">packagecloud.io</a> (commercial)</li>
-</ul></div></div>
+</ul></section></section>
</div>
</div>
</div>
Modified: maven/website/content/repository/central-index.html
==============================================================================
--- maven/website/content/repository/central-index.html (original)
+++ maven/website/content/repository/central-index.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/apt/repository/central-index.apt at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/apt/repository/central-index.apt at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -127,20 +127,19 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Central_Index"></a>Central Index</h2>
-<p>Central repository provides <a class="externalLink" href="https://repo.maven.apache.org/maven2/.index/">an index</a> that is updated weekly as full (<tt>nexus-maven-repository-index.gz</tt>) and incremental (<tt>nexus-maven-repository-index.<n>.gz</tt> + <tt>nexus-maven-repository-index.properties</tt>).</p>
+<p>Central repository provides <a class="externalLink" href="https://repo.maven.apache.org/maven2/.index/">an index</a> that is updated weekly as full (<code>nexus-maven-repository-index.gz</code>) and incremental (<code>nexus-maven-repository-index.<n>.gz</code> + <code>nexus-maven-repository-index.properties</code>).</p>
<p>This index is build using <a href="/maven-indexer/">Maven Indexer</a>: see <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-core/">LATEST indexer-core documentation</a> for more details on the fields that are available.</p>
-<p>You can use <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-core/apidocs/">Maven Indexer API</a> (see <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-examples/">examples</a>) to use this index with a dedicated API, or use <a class="externalLink" href="http://lucene.apache.org/">Apache Lucene</a> indexes browsers like <a class="externalLink" href="https://github.com/DmitryKey/luke">Luke</a> or <a class="externalLink" href="https://github.com/flaxsearch/marple">Marple</a> after unpacking the index (see <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-cli/"><tt>-u</tt> CLI option</a>).</p>
-<div class="section">
+<p>You can use <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-core/apidocs/">Maven Indexer API</a> (see <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-examples/">examples</a>) to use this index with a dedicated API, or use <a class="externalLink" href="http://lucene.apache.org/">Apache Lucene</a> indexes browsers like <a class="externalLink" href="https://github.com/DmitryKey/luke">Luke</a> or <a class="externalLink" href="https://github.com/flaxsearch/marple">Marple</a> after unpacking the index (see <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-cli/"><code>-u</code> CLI option</a>).</p><section>
<h3><a name="Digging_Into_Central_Index_with_Luke"></a>Digging Into Central Index with Luke</h3>
<ul>
-<li>download <a class="externalLink" href="https://repo.maven.apache.org/maven2/.index/">the Central index: <tt>nexus-maven-repository-index.gz</tt></a></li>
+<li>download <a class="externalLink" href="https://repo.maven.apache.org/maven2/.index/">the Central index: <code>nexus-maven-repository-index.gz</code></a></li>
<li>download <a class="externalLink" href="https://repo.maven.apache.org/maven2/org/apache/maven/indexer/indexer-cli/5.1.1/indexer-cli-5.1.1.jar">Maven Indexer CLI</a> and <a href="/maven-indexer-archives/maven-indexer-LATEST/indexer-cli/">unpack</a> the index to raw Lucene index directory:
<div class="source"><pre class="prettyprint linenums">java -jar indexer-cli-5.1.1.jar --unpack nexus-maven-repository-index.gz --destination central-lucene-index --type full</pre></div></li>
<li>download and extract <a class="externalLink" href="https://github.com/DmitryKey/luke/releases/download/luke-4.10.4/luke-with-deps.tar.gz">Luke binary tarball</a> and launch it on the Central index with Lucene format:
<div class="source"><pre class="prettyprint linenums">luke.sh -ro -index central-lucene-index</pre></div>
-<p>You need an old Luke version using an old Lucene version, since Maven Indexer 5.5.1 uses Lucene 3.6.2: for this tutorial, we chose Luke version 4.10.4, but you may choose another version.</p></li></ul></div></div>
+<p>You need an old Luke version using an old Lucene version, since Maven Indexer 5.5.1 uses Lucene 3.6.2: for this tutorial, we chose Luke version 4.10.4, but you may choose another version.</p></li></ul></section></section>
</div>
</div>
</div>
Modified: maven/website/content/repository/central-metadata.html
==============================================================================
--- maven/website/content/repository/central-metadata.html (original)
+++ maven/website/content/repository/central-metadata.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/apt/repository/central-metadata.apt at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/apt/repository/central-metadata.apt at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -127,18 +127,16 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
-<h2><a name="Guide_to_add.2C_improve_or_fix_metadata_in_the_Central_Maven_Repository"></a>Guide to add, improve or fix metadata in the Central Maven Repository</h2>
-<div class="section">
+<section>
+<h2><a name="Guide_to_add.2C_improve_or_fix_metadata_in_the_Central_Maven_Repository"></a>Guide to add, improve or fix metadata in the Central Maven Repository</h2><section>
<h3><a name="POM_Metadata"></a>POM Metadata</h3>
<p>There are artifacts in the <a href="./">Central Maven repository</a> that don't have POMs. They come from projects with repositories that have been synced into central without extra checks (particularly historical ones that were in <i>Maven 1</i> format). We know about the problems but can't do anything unless you provide a POM for it or you ask the project in question to add the POM when they add the artifacts.</p>
<p>We don't change dependencies in POMs already in the repository anymore as builds need to be reproducible. Same applies to POMs that don't exist. We can only add a POM with no dependencies, because doing any other way would break previous builds that were using that artifact.</p>
-<p>An alternative is to create a new version with the fixes. If the broken artifact is <tt>org.foo/bar/1.0</tt> you can provide a fixed POM, JAR,... under <tt>org.foo/bar/1.0-1</tt> (add a comment to the POM explaining what is being fixed and why). See <a href="./guide-central-repository-upload.html">Maven Repository Upload</a> for the instructions to get this new version in the repository.</p>
-<p>You need to contact the original publisher of the metadata to make sure in next versions it will be fixed or improved before getting it into the repository.</p></div>
-<div class="section">
+<p>An alternative is to create a new version with the fixes. If the broken artifact is <code>org.foo/bar/1.0</code> you can provide a fixed POM, JAR,... under <code>org.foo/bar/1.0-1</code> (add a comment to the POM explaining what is being fixed and why). See <a href="./guide-central-repository-upload.html">Maven Repository Upload</a> for the instructions to get this new version in the repository.</p>
+<p>You need to contact the original publisher of the metadata to make sure in next versions it will be fixed or improved before getting it into the repository.</p></section><section>
<h3><a name="Other_Issues"></a>Other Issues</h3>
-<p>For any other types of issues related to metadata in the repository (POM related, or <a href="/ref/current/maven-repository-metadata/"><tt>maven-metadata.xml</tt></a>, or anything else), open an issue at <a class="externalLink" href="https://issues.sonatype.org/browse/MVNCENTRAL">MVNCENTRAL</a> with the relevant information and explain the reasons why it is an issue.</p>
-<p><b>Important:</b> by default assume that we won't trust your info, so you must provide all links to the project documentation you can to convince us that your solution is right.</p></div></div>
+<p>For any other types of issues related to metadata in the repository (POM related, or <a href="/ref/current/maven-repository-metadata/"><code>maven-metadata.xml</code></a>, or anything else), open an issue at <a class="externalLink" href="https://issues.sonatype.org/browse/MVNCENTRAL">MVNCENTRAL</a> with the relevant information and explain the reasons why it is an issue.</p>
+<p><b>Important:</b> by default assume that we won't trust your info, so you must provide all links to the project documentation you can to convince us that your solution is right.</p></section></section>
</div>
</div>
</div>
Modified: maven/website/content/repository/guide-central-repository-upload.html
==============================================================================
--- maven/website/content/repository/guide-central-repository-upload.html (original)
+++ maven/website/content/repository/guide-central-repository-upload.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/apt/repository/guide-central-repository-upload.apt at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/apt/repository/guide-central-repository-upload.apt at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -128,10 +128,9 @@ Brian Fox" />
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Guide_to_uploading_artifacts_to_the_Central_Repository"></a>Guide to uploading artifacts to the Central Repository</h2>
-<p>In order for users of Maven to utilize artifacts produced by your project, you must deploy them to a remote repository. Many open source projects want to allow users of their projects who build with Maven to have transparent access to their project's artifacts. In order to allow for this, a project must have their artifacts deployed to <a href="/repository/">the Central Repository</a>.</p></div>
-<div class="section">
+<p>In order for users of Maven to utilize artifacts produced by your project, you must deploy them to a remote repository. Many open source projects want to allow users of their projects who build with Maven to have transparent access to their project's artifacts. In order to allow for this, a project must have their artifacts deployed to <a href="/repository/">the Central Repository</a>.</p></section><section>
<h2><a name="Requirements"></a>Requirements</h2>
<ol style="list-style-type: decimal">
<li><b>releases</b>: Only <i>releases</i> can be uploaded to the Central Repository, that means files that won't change and that only depend on other files already released and available in the repository,</li>
@@ -139,13 +138,11 @@ Brian Fox" />
<li><b>PGP signature</b>,</li>
<li><b>minimum POM information</b>: There are some requirements for the minimal information in the POMs that are in the Central Repository, see <a class="externalLink" href="https://central.sonatype.org/pages/requirements.html#sufficient-metadata">here</a>, </li>
<li><b>coordinates</b>: Picking the appropriate coordinates for your project is important. See the guidelines <a class="externalLink" href="https://central.sonatype.org/pages/choosing-your-coordinates.html">here</a>, particularly on <a class="externalLink" href="https://central.sonatype.org/pages/producers.html#individual-projects-open-source-software-repository-hosting-ossrh">groupId and domain ownership</a>.</li></ol>
-<p>The updated list of requirements can be found <b><a class="externalLink" href="https://central.sonatype.org/pages/requirements.html">here</a></b>.</p>
-<div class="section">
+<p>The updated list of requirements can be found <b><a class="externalLink" href="https://central.sonatype.org/pages/requirements.html">here</a></b>.</p><section>
<h3><a name="Explanation"></a>Explanation</h3>
<p>Some folks have asked <i>"why do we require all this information in the POM for deployed artifacts?"</i>, so here's a small explanation.</p>
<p>The POM being deployed with the artifact is part of the process to make transitive dependencies a reality in Maven. The logic for getting transitive dependencies working is really not that hard, the problem is getting the data. The other applications that are made possible by having all the POMs available for artifacts are vast, so by placing them into the Central Repository as part of the process we open up the doors to new ideas that involve unified access to project POMs.</p>
-<p>We ask for the license because it is possible that your project's license may change in the course of its lifetime, and we are trying to create tools to help sort out licensing issues. For example, knowing all the licenses for a particular graph of artifacts, we could have some strategies that would identify potential licensing problems.</p></div>
-<div class="section">
+<p>We ask for the license because it is possible that your project's license may change in the course of its lifetime, and we are trying to create tools to help sort out licensing issues. For example, knowing all the licenses for a particular graph of artifacts, we could have some strategies that would identify potential licensing problems.</p></section><section>
<h3><a name="A_basic_sample:"></a>A basic sample:</h3>
<div class="source"><pre class="prettyprint linenums">
<project>
@@ -186,25 +183,21 @@ Brian Fox" />
<pluginRepositories></pluginRepositories>
-->
</project>
-</pre></div></div>
-<div class="section">
+</pre></div></section><section>
<h3><a name="PGP_Signature"></a>PGP Signature</h3>
<p>When people download artifacts from the Central Repository, they might want to verify these artifacts' PGP signatures against a public key server. If there are no signatures, then users have no guarantee that they are downloading the original artifact.</p>
-<p>To improve the quality of the Central Repository, we require you to provide PGP signatures for all your artifacts (all files except checksums), and distribute your public key to a key server like <a class="externalLink" href="http://pgp.mit.edu">http://pgp.mit.edu</a>. Read <a class="externalLink" href="http://central.sonatype.org/pages/working-with-pgp-signatures.html">Working with PGP Signatures</a> for more information.</p></div>
-<div class="section">
+<p>To improve the quality of the Central Repository, we require you to provide PGP signatures for all your artifacts (all files except checksums), and distribute your public key to a key server like <a class="externalLink" href="http://pgp.mit.edu">http://pgp.mit.edu</a>. Read <a class="externalLink" href="http://central.sonatype.org/pages/working-with-pgp-signatures.html">Working with PGP Signatures</a> for more information.</p></section><section>
<h3><a name="FAQ_and_common_mistakes"></a>FAQ and common mistakes</h3>
<ul>
-<li>I have other <tt>repositories</tt> or <tt>pluginRepositories</tt> listed in my POM, is that a problem?
+<li>I have other <code>repositories</code> or <code>pluginRepositories</code> listed in my POM, is that a problem?
<p>At present, this won't preclude your project from being included, but we do strongly encourage making sure all your dependencies are included in the Central Repository. If you rely on sketchy repositories that have junk in them or disappear, it just creates havok for downstream users. Try to keep your dependencies among reliable repos like Central, Jboss, etc.</p></li>
<li>What about artifacts that can't be distributed because of their license?
<p>In that case only the POM for that dependency is required, listing where the dependency can be downloaded from. <a class="externalLink" href="http://repo.maven.apache.org/maven2/javax/activation/activation/1.0.2/activation-1.0.2.pom">See an example</a>.</p></li>
-<li>I have a patched version of the foo project developed at foo.com, what <tt>groupId</tt> should I use?
-<p>When you patch / modify a third party project, that patched version becomes your project and therefore should be distributed under a <tt>groupId</tt> you control as any project you would have developed, never under <tt>com.foo</tt>. See above considerations about <tt>groupId</tt>.</p></li>
+<li>I have a patched version of the foo project developed at foo.com, what <code>groupId</code> should I use?
+<p>When you patch / modify a third party project, that patched version becomes your project and therefore should be distributed under a <code>groupId</code> you control as any project you would have developed, never under <code>com.foo</code>. See above considerations about <code>groupId</code>.</p></li>
<li>My project is hosted at a project hosting service like SourceForge or Github, what should I use as groupId?
-<p>If your project name is <tt>foo</tt> at SourceForge, you can use <tt>net.sf.foo</tt>. If your username is <tt>bar</tt> on Github, you can use <tt>com.github.bar</tt>. You can also use another reversed domain name you control. The group ID does not have to reflect the project host.</p></li></ul></div></div>
-<div class="section">
-<h2><a name="Publishing_your_artifacts_to_the_Central_Repository"></a>Publishing your artifacts to the Central Repository</h2>
-<div class="section">
+<p>If your project name is <code>foo</code> at SourceForge, you can use <code>net.sf.foo</code>. If your username is <code>bar</code> on Github, you can use <code>com.github.bar</code>. You can also use another reversed domain name you control. The group ID does not have to reflect the project host.</p></li></ul></section></section><section>
+<h2><a name="Publishing_your_artifacts_to_the_Central_Repository"></a>Publishing your artifacts to the Central Repository</h2><section>
<h3><a name="Approved_Repository_Hosting"></a>Approved Repository Hosting</h3>
<p>Instead of maintaining repository rsync feeds for each projects, we now encourage projects to use an approved repository hosting location.</p>
<p>Currently approved repository hosting locations:</p>
@@ -212,15 +205,13 @@ Brian Fox" />
<li><a class="externalLink" href="http://www.apache.org/">Apache Software Foundation</a> (for all Apache projects)</li>
<li><a class="externalLink" href="http://www.fusesource.org/forge/">FuseSource Forge</a> (focused on FUSE related projects)</li>
<li><a class="externalLink" href="http://www.nuiton.org">Nuiton.org</a></li></ul>
-<p>Automatic publication will be provided for Forges that provide hosting services for OSS projects and other large project repositories that meet certain minimum criteria such as validation of PGP keys and pom contents as defined above. If you are interested in becoming an approved Forge, contact us at <tt>repo-maintainers@maven.apache.org</tt>.</p></div>
-<div class="section">
+<p>Automatic publication will be provided for Forges that provide hosting services for OSS projects and other large project repositories that meet certain minimum criteria such as validation of PGP keys and pom contents as defined above. If you are interested in becoming an approved Forge, contact us at <code>repo-maintainers@maven.apache.org</code>.</p></section><section>
<h3><a name="Other_Projects"></a>Other Projects</h3>
-<p>The easiest way to upload another project is to use the <a class="externalLink" href="http://central.sonatype.org/pages/ossrh-guide.html">Open Source Software Repository Hosting (OSSRH)</a>, which is an approved repository provided by Sonatype for <i>any</i> OSS Project that want to get their artifacts into the Central Repository.</p></div>
-<div class="section">
+<p>The easiest way to upload another project is to use the <a class="externalLink" href="http://central.sonatype.org/pages/ossrh-guide.html">Open Source Software Repository Hosting (OSSRH)</a>, which is an approved repository provided by Sonatype for <i>any</i> OSS Project that want to get their artifacts into the Central Repository.</p></section><section>
<h3><a name="Explanations"></a>Explanations</h3>
<p>Having each project maintain its own repository with rsync to the Central Repository was the preferred process until January 2010. However, we are no longer accepting rsync requests on a per project basis.</p>
<p>Over time, we have learned that this process is not scalable. Many of the projects being synced release very infrequently, yet we have to hit hundreds of servers several times a day looking for artifacts that don't change. Additionally, there is no good mechanism currently for validating the incoming data via the rsync, and this leads to bad metadata that affects everyone. </p>
-<p>The aggregation of projects into larger feeds allows us to sync faster and more often, and ensuring these locations perform sufficient checks increases the quality of metadata for everyone.</p></div></div>
+<p>The aggregation of projects into larger feeds allows us to sync faster and more often, and ensuring these locations perform sufficient checks increases the quality of metadata for everyone.</p></section></section>
</div>
</div>
</div>
Modified: maven/website/content/repository/index.html
==============================================================================
--- maven/website/content/repository/index.html (original)
+++ maven/website/content/repository/index.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/xdoc/repository/index.xml at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/xdoc/repository/index.xml at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -131,13 +131,13 @@
- <div class="section">
+ <section>
<h2><a name="Maven_Central_Repository"></a>Maven Central Repository</h2>
-<p>This documentation is for those that need to use or contribute to the Maven <tt>central</tt> repository. This includes those
+<p>This documentation is for those that need to use or contribute to the Maven central repository. This includes those
that need dependencies for their own build or projects that wish to have
- their releases added to the Maven <tt>central</tt> repository, even if they don't use Maven as their build tool.</p>
+ their releases added to the Maven central repository, even if they don't use Maven as their build tool.</p>
<p><img src="../images/icon_warning_sml.gif" alt="" />
@@ -181,7 +181,7 @@
<area shape="rect" coords="407,589,628,653" alt="pom.xml <repository>" href="/guides/mini/guide-multiple-repositories.html" />
</map>
</p>
- </div>
+ </section>
</div>
Modified: maven/website/content/run-maven/index.html
==============================================================================
--- maven/website/content/run-maven/index.html (original)
+++ maven/website/content/run-maven/index.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/apt/run-maven/index.apt at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/apt/run-maven/index.apt at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -135,22 +135,19 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Building_a_Project_with_Maven"></a>Building a Project with Maven</h2>
<p>The vast majority of Maven-built projects can be built with the following command:</p>
<div>
<pre>mvn verify</pre></div>
<p>This command tells Maven to build all the modules, and to check if all integration tests succeeded (when any was defined)</p>
-<p>That's it! If you look in the <tt>target</tt> subdirectory, you should find the build output and the final library or application that was being built.</p>
+<p>That's it! If you look in the <code>target</code> subdirectory, you should find the build output and the final library or application that was being built.</p>
<p><b>Note:</b> Some projects have multiple modules, so the library or application you are looking for may be in a module subdirectory.</p>
-<p>While this will build most projects and Maven encourages this standard convention, builds can be customisable. If this does not suffice, please consult the project's documentation.</p>
-<div class="section">
+<p>While this will build most projects and Maven encourages this standard convention, builds can be customisable. If this does not suffice, please consult the project's documentation.</p><section>
<h3><a name="More_than_just_the_Build"></a>More than just the Build</h3>
-<p>Maven can do more than just build software - it can assist with testing, run web applications and produce reports on projects, as well as any number of other tasks provided by plug-ins.</p></div>
-<div class="section">
+<p>Maven can do more than just build software - it can assist with testing, run web applications and produce reports on projects, as well as any number of other tasks provided by plug-ins.</p></section><section>
<h3><a name="When_Things_go_Wrong"></a>When Things go Wrong</h3>
-<p>The following are some common problems when building with Maven, and how to resolve them.</p>
-<div class="section">
+<p>The following are some common problems when building with Maven, and how to resolve them.</p><section>
<h4><a name="Missing_Dependencies"></a>Missing Dependencies</h4>
<p>A missing dependency presents with an error like the following:</p>
<div class="source"><pre class="prettyprint linenums">[INFO] Failed to resolve artifact.
@@ -177,12 +174,11 @@ for artifact:
from the specified remote repositories:
central (https://repo.maven.apache.org/maven2)</pre></div>
-<p>To resolve this issue, it depends on what the dependency is and why it is missing. The most common cause is because it can not be redistributed from the repository and must be manually installed using the instructions given in the message. This is most common with some older JARs from Sun (usually <tt>javax.*</tt> group IDs), and is further documented in the <a href="../guides/mini/guide-coping-with-sun-jars.html"> Guide to Coping with Sun JARs</a>.</p>
+<p>To resolve this issue, it depends on what the dependency is and why it is missing. The most common cause is because it can not be redistributed from the repository and must be manually installed using the instructions given in the message. This is most common with some older JARs from Sun (usually <code>javax.*</code> group IDs), and is further documented in the <a href="../guides/mini/guide-coping-with-sun-jars.html"> Guide to Coping with Sun JARs</a>.</p>
<p>You can check the list of repositories at the end of the error to ensure that the expected ones are listed - it may be that the project requires an alternative repository that has not been declared properly or is not accessible with your Maven configuration.</p>
-<p>In other cases, it may be an incorrectly declared dependency (like the typo in the example above) which the project would need to fix, like a compilation error.</p></div>
-<div class="section">
+<p>In other cases, it may be an incorrectly declared dependency (like the typo in the example above) which the project would need to fix, like a compilation error.</p></section><section>
<h4><a name="Inconsistent_output"></a>Inconsistent output</h4>
-<p>Most plugins are optimized to know if they have to execute their task. In some cases the output can be polluted from a previous build and the end result is not what you expected. In such rare situations you can call the <tt>clean</tt> phase which means: remove the output directory. You can also call it as <tt>mvn clean verify</tt> which means: first clean up the output directory, next build the project and verify the outcome.</p></div></div></div>
+<p>Most plugins are optimized to know if they have to execute their task. In some cases the output can be polluted from a previous build and the end result is not what you expected. In such rare situations you can call the <code>clean</code> phase which means: remove the output directory. You can also call it as <code>mvn clean verify</code> which means: first clean up the output directory, next build the project and verify the outcome.</p></section></section></section>
</div>
</div>
</div>
Modified: maven/website/content/run.html
==============================================================================
--- maven/website/content/run.html (original)
+++ maven/website/content/run.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/run.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/run.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
Modified: maven/website/content/scm.html
==============================================================================
--- maven/website/content/scm.html (original)
+++ maven/website/content/scm.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/xdoc/scm.xml at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/xdoc/scm.xml at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -130,7 +130,7 @@
<div id="bodyColumn" class="span10" >
- <div class="section">
+ <section>
<h2><a name="Source_Repository"></a>Source Repository</h2>
<p>
@@ -144,8 +144,7 @@
Instructions for using the Apache Software Foundation Git repositories are at <a class="externalLink" href="https://git-wip-us.apache.org/">https://git-wip-us.apache.org</a>.
</p>
-
-<div class="section">
+ <section>
<h3><a name="Full_Maven_Sources"></a>Full Maven Sources</h3>
<p>
@@ -186,10 +185,9 @@ repo start master --all</pre></div>
<li>In your IDE, import the projects you're interested in from the repo workspace. Or directly build with command line the component you want.</li>
</ol>
- </div>
+ </section>
-
-<div class="section">
+ <section>
<h3><a name="Maven_Sources_Overview"></a>Maven Sources Overview</h3>
<p align="center">
@@ -225,10 +223,9 @@ repo start master --all</pre></div>
<p>Each component has its own Jira project or component for issue tracking:
see the <a href="/issue-management.html">Issue Management report</a> to get a summary.
</p>
- </div>
+ </section>
-
-<div class="section">
+ <section>
<h3><a name="Maven_Site"></a>Maven Site</h3>
<p>
@@ -249,10 +246,9 @@ repo start master --all</pre></div>
</tr>
</table>
- </div>
+ </section>
-
-<div class="section">
+ <section>
<h3><a name="Maven_Core"></a>Maven Core</h3>
<p>
@@ -284,10 +280,9 @@ repo start master --all</pre></div>
</tr>
</table>
- </div>
+ </section>
-
-<div class="section">
+ <section>
<h3><a name="Other_Components"></a>Other Components</h3>
<p>
@@ -299,8 +294,7 @@ repo start master --all</pre></div>
There are also many shared components and subsystems with their own source repositories, mainly in Git, some in Subversion.
</p>
-
-<div class="section">
+ <section>
<h4><a name="Components_in_Git"></a>Components in Git</h4>
<p>
@@ -1226,8 +1220,7 @@ repo start master --all</pre></div>
</table>
- </div>
-<div class="section">
+ </section><section>
<h4><a name="Components_in_Subversion"></a>Components in Subversion</h4>
<p>
@@ -1282,9 +1275,9 @@ repo start master --all</pre></div>
</tr>
</table>
- </div></div>
+ </section></section>
- </div>
+ </section>
</div>
Modified: maven/website/content/security-plexus-archiver.html
==============================================================================
--- maven/website/content/security-plexus-archiver.html (original)
+++ maven/website/content/security-plexus-archiver.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/security-plexus-archiver.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/security-plexus-archiver.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -120,8 +120,7 @@
<div id="bodyColumn" class="span10" >
<h1>Zip Slip Vulnerability</h1>
<p>As part of <a class="externalLink" href="https://snyk.io/research/zip-slip-vulnerability">a broader research</a>, the Snyk Security Research Team discovered an arbitrary file write generic vulnerability, that can be achieved using a specially crafted zip (or bzip2, gzip, tar, xz, war) archive, that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, if the extraction tool used does not make sufficient checks, the final path ends up outside of the target folder.</p>
-<p>The Apache Maven team has been informed because the plexus-archiver library did not make sufficient checks and it is a library used by most of the packaging plugins. Affected versions of plexus-archiver are [,3.4]+[3.5], fixed versions are 3.4.1 & 3.6.0, with issue management <a class="externalLink" href="https://github.com/codehaus-plexus/plexus-archiver/pull/87">plexus-archiver #87</a> and Snyk vulnerability report <a class="externalLink" href="https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680">SNYK-JAVA-ORGCODEHAUSPLEXUS-31680</a></p>
-<div class="section">
+<p>The Apache Maven team has been informed because the plexus-archiver library did not make sufficient checks and it is a library used by most of the packaging plugins. Affected versions of plexus-archiver are [,3.4]+[3.5], fixed versions are 3.4.1 & 3.6.0, with issue management <a class="externalLink" href="https://github.com/codehaus-plexus/plexus-archiver/pull/87">plexus-archiver #87</a> and Snyk vulnerability report <a class="externalLink" href="https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680">SNYK-JAVA-ORGCODEHAUSPLEXUS-31680</a></p><section>
<h2><a name="What_parts_of_Maven_are_vulnerable.3F"></a>What parts of Maven are vulnerable?</h2>
<p>Apache Maven itself is not vulnerable, since Maven doesn’t unpack by itself: unpacking actions are done by plugins.</p>
<p>Reading malicious archives in memory is also not an issue, only when unpacking such archives to disk may cause issues, however in general Maven plugins don’t unpack archives.</p>
@@ -266,8 +265,7 @@
<li>maven-repository-plugin</li>
<li>maven-site-plugin</li>
<li>maven-source-plugin</li>
-</ul></div>
-<div class="section">
+</ul></section><section>
<h2><a name="When_are_you_affected_by_this_vulnerability.3F"></a>When are you affected by this vulnerability?</h2>
<p>The vulnerability is like a Trojan Horse, the malicious archive must first enter the system, normally achieved with a downloaded of a dependency. Once downloaded there’s no direct danger, the user must take some specific actions before becoming a victim. This only happens when all of the following criteria are met:</p>
<ul>
@@ -278,7 +276,7 @@
<li>The OS must allow the unpack process to put the malicious file at the specified location.</li>
<li>The malicious file must be executed or used.</li>
</ul>
-<p>The cause can be described as a breach in the chain of trust. Adding a dependency does imply that you trust it, but also that you trust all of the indirect dependencies. If there’s no trust, you better not add that dependency.</p></div>
+<p>The cause can be described as a breach in the chain of trust. Adding a dependency does imply that you trust it, but also that you trust all of the indirect dependencies. If there’s no trust, you better not add that dependency.</p></section>
</div>
</div>
</div>
Modified: maven/website/content/security.html
==============================================================================
--- maven/website/content/security.html (original)
+++ maven/website/content/security.html Sun Jun 9 13:59:34 2019
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from content/markdown/security.md at 2019-06-09
+ | Generated by Apache Maven Doxia Site Renderer 1.9 from content/markdown/security.md at 2019-06-09
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -118,11 +118,10 @@
</div>
</div>
<div id="bodyColumn" class="span10" >
-<div class="section">
+<section>
<h2><a name="Security_Vulnerabilities"></a>Security Vulnerabilities</h2>
<p>Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular vulnerability you should upgrade to an Apache Maven version where that vulnerability has been fixed.</p>
-<p>For more information about reporting vulnerabilities, see the <a class="externalLink" href="https://www.apache.org/security/">Apache Security Team</a> page.</p>
-<div class="section">
+<p>For more information about reporting vulnerabilities, see the <a class="externalLink" href="https://www.apache.org/security/">Apache Security Team</a> page.</p><section>
<h3><a name="Maven_Dependency.2C_EAR.2C_Javadoc.2C_WAR_and_Plugin_Plugins"></a>Maven Dependency, EAR, Javadoc, WAR and Plugin Plugins</h3>
<p>Severity: Low</p>
<p>Vendor: The Apache Software Foundation</p>
@@ -137,8 +136,7 @@
</ul>
<p>Description: As part of a broader research, the Snyk Security Research Team discovered an arbitrary file write generic vulnerability, that can be achieved using a specially crafted zip (or bzip2, gzip, tar, xz, war) archive, that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, if the extraction tool used does not make sufficient checks, the final path ends up outside of the target folder. The affected plugins use plexus-archiver to unpack dependencies to disk and have been identified as potential triggers for exposing the vulnerability if dependencies are compromised.</p>
<p>See <a href="./security-plexus-archiver.html">full description</a> for more details.</p>
-<p>Credit: This issue was identified by the Snyk Security Research Team</p></div>
-<div class="section">
+<p>Credit: This issue was identified by the Snyk Security Research Team</p></section><section>
<h3><a name="CVE-2013-0253_Apache_Maven_3.0.4"></a>CVE-2013-0253 Apache Maven 3.0.4</h3>
<p>Severity: Medium</p>
<p>Vendor: The Apache Software Foundation</p>
@@ -151,8 +149,7 @@
<p>Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.</p>
<p><a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0253">CVE-2013-0253</a></p>
<p>All users are recommended to upgrade to <a href="./download.cgi">Apache Maven 3.0.5</a> and Apache Maven Wagon 2.4.</p>
-<p>Credit: This issue was identified by Graham Leggett</p></div>
-<div class="section">
+<p>Credit: This issue was identified by Graham Leggett</p></section><section>
<h3><a name="CVE-2012-6153_Apache_Maven_Wagon_::_WebDAV_Provider"></a>CVE-2012-6153 Apache Maven Wagon :: WebDAV Provider</h3>
<p>Severity: Medium</p>
<p>Vendor: The Apache Software Foundation</p>
@@ -163,7 +160,7 @@
</ul>
<p>Description: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field.</p>
<p><a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153">CVE-2012-6153</a></p>
-<p>Users of this provider are recommended to upgrade to <a href="./download.cgi">Apache Maven Wagon :: WebDAV Provider 3.0.0</a></p></div></div>
+<p>Users of this provider are recommended to upgrade to <a href="./download.cgi">Apache Maven Wagon :: WebDAV Provider 3.0.0</a></p></section></section>
</div>
</div>
</div>