You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@maven.apache.org by Olivier Lamy <ol...@apache.org> on 2013/02/23 15:58:54 UTC

[ANN] Apache Maven 3.0.5 released

Hello,

The Apache Maven team is pleased to announce the release of Apache Maven 3.0.5

Release notes available: http://maven.apache.org/docs/3.0.5/release-notes.html .

Maven is a project comprehension and build tool, designed to simplify
the process of maintaining a healthy development lifecycle for your
project.

You can read more here:

    http://maven.apache.org/

Downloads of source and binary distributions are listed in our
download  section:

    http://maven.apache.org/download.html

A major goal of Maven 3.0.x is to be compatible, to the extent
possible, with existing plugins and projects designed for Maven 2.x.
Users interested in upgrading to 3.x should have a glance at the
compatibility notes for known differences between Maven 3.0 and Maven
2.x:

    http://cwiki.apache.org/MAVEN/maven-3x-compatibility-notes.html

Users who already use Maven 3.0.x are encouraged to update to this new
maintenance release.

If you encounter unexpected problems while using Apache Maven 3.0.5,
please feel free to contact us via the Maven developer list:

    http://maven.apache.org/mail-lists.html

Release Notes - Apache Maven 2 & 3 - Version 3.0.5

** Bug
  * [MNG-5430] - use wagon 2.4


Have Fun!

-- The Apache Maven Team.

Re: [ANN] Apache Maven 3.0.5 released

Posted by Brian Fox <br...@infinity.nu>.

Just wanted to bring this to the users list and ensure that those reading
the release notes see the security alert for 3.0.4:

CVE-2013-0253 Apache Maven

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Maven 3.0.4
- Apache Maven Wagon 2.1, 2.2, 2.3

 Description:
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure
SSL mode by default. This mode disables all SSL certificate checking,
including: host name verification , date validity,  and certificate
chain. Not validating the certificate introduces the possibility of a
man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5 and Apache
Maven Wagon 2.4.

 Credit
This issue was identified by Graham Leggett

--
The Apache Maven Team


On Sat, Feb 23, 2013 at 9:58 AM, Olivier Lamy <ol...@apache.org> wrote:

> Hello,
>
> The Apache Maven team is pleased to announce the release of Apache Maven
> 3.0.5
>
> Release notes available:
> http://maven.apache.org/docs/3.0.5/release-notes.html .
>
> Maven is a project comprehension and build tool, designed to simplify
> the process of maintaining a healthy development lifecycle for your
> project.
>
> You can read more here:
>
>     http://maven.apache.org/
>
> Downloads of source and binary distributions are listed in our
> download  section:
>
>     http://maven.apache.org/download.html
>
> A major goal of Maven 3.0.x is to be compatible, to the extent
> possible, with existing plugins and projects designed for Maven 2.x.
> Users interested in upgrading to 3.x should have a glance at the
> compatibility notes for known differences between Maven 3.0 and Maven
> 2.x:
>
>     http://cwiki.apache.org/MAVEN/maven-3x-compatibility-notes.html
>
> Users who already use Maven 3.0.x are encouraged to update to this new
> maintenance release.
>
> If you encounter unexpected problems while using Apache Maven 3.0.5,
> please feel free to contact us via the Maven developer list:
>
>     http://maven.apache.org/mail-lists.html
>
> Release Notes - Apache Maven 2 & 3 - Version 3.0.5
>
> ** Bug
>   * [MNG-5430] - use wagon 2.4
>
>
> Have Fun!
>
> -- The Apache Maven Team.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>

Re: [ANN] Apache Maven 3.0.5 released

Posted by Olivier Lamy <ol...@apache.org>.

Fixed

--
Olivier
Le 23 févr. 2013 21:37, "Mirko Friedenhagen" <mf...@gmail.com> a
écrit :

> Hello Olivier,
>
> Looking at:
> http://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html
> lifecylce phase in "Invokes the execution of the lifecycle phase
> generate-sources prior to executing itself." links to
>
> http://maven.apache.org/ref/current/maven-core/lifecycles.html
>
> which redirects to:
>
> http://maven.apache.org/ref/3.0.5/maven-core/lifecycles.html
>
> which is not present.
>
> Regards Mirko
>
> On Sat, Feb 23, 2013 at 3:58 PM, Olivier Lamy <ol...@apache.org> wrote:
> > Hello,
> >
> > The Apache Maven team is pleased to announce the release of Apache Maven
> 3.0.5
> >
> > Release notes available:
> http://maven.apache.org/docs/3.0.5/release-notes.html .
> >
> > Maven is a project comprehension and build tool, designed to simplify
> > the process of maintaining a healthy development lifecycle for your
> > project.
> >
> > You can read more here:
> >
> >     http://maven.apache.org/
> >
> > Downloads of source and binary distributions are listed in our
> > download  section:
> >
> >     http://maven.apache.org/download.html
> >
> > A major goal of Maven 3.0.x is to be compatible, to the extent
> > possible, with existing plugins and projects designed for Maven 2.x.
> > Users interested in upgrading to 3.x should have a glance at the
> > compatibility notes for known differences between Maven 3.0 and Maven
> > 2.x:
> >
> >     http://cwiki.apache.org/MAVEN/maven-3x-compatibility-notes.html
> >
> > Users who already use Maven 3.0.x are encouraged to update to this new
> > maintenance release.
> >
> > If you encounter unexpected problems while using Apache Maven 3.0.5,
> > please feel free to contact us via the Maven developer list:
> >
> >     http://maven.apache.org/mail-lists.html
> >
> > Release Notes - Apache Maven 2 & 3 - Version 3.0.5
> >
> > ** Bug
> >   * [MNG-5430] - use wagon 2.4
> >
> >
> > Have Fun!
> >
> > -- The Apache Maven Team.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
>

Re: [ANN] Apache Maven 3.0.5 released

Posted by Mirko Friedenhagen <mf...@gmail.com>.

Hello Olivier,

Looking at: http://maven.apache.org/plugins/maven-javadoc-plugin/javadoc-mojo.html
lifecylce phase in "Invokes the execution of the lifecycle phase
generate-sources prior to executing itself." links to

http://maven.apache.org/ref/current/maven-core/lifecycles.html

which redirects to:

http://maven.apache.org/ref/3.0.5/maven-core/lifecycles.html

which is not present.

Regards Mirko

On Sat, Feb 23, 2013 at 3:58 PM, Olivier Lamy <ol...@apache.org> wrote:
> Hello,
>
> The Apache Maven team is pleased to announce the release of Apache Maven 3.0.5
>
> Release notes available: http://maven.apache.org/docs/3.0.5/release-notes.html .
>
> Maven is a project comprehension and build tool, designed to simplify
> the process of maintaining a healthy development lifecycle for your
> project.
>
> You can read more here:
>
>     http://maven.apache.org/
>
> Downloads of source and binary distributions are listed in our
> download  section:
>
>     http://maven.apache.org/download.html
>
> A major goal of Maven 3.0.x is to be compatible, to the extent
> possible, with existing plugins and projects designed for Maven 2.x.
> Users interested in upgrading to 3.x should have a glance at the
> compatibility notes for known differences between Maven 3.0 and Maven
> 2.x:
>
>     http://cwiki.apache.org/MAVEN/maven-3x-compatibility-notes.html
>
> Users who already use Maven 3.0.x are encouraged to update to this new
> maintenance release.
>
> If you encounter unexpected problems while using Apache Maven 3.0.5,
> please feel free to contact us via the Maven developer list:
>
>     http://maven.apache.org/mail-lists.html
>
> Release Notes - Apache Maven 2 & 3 - Version 3.0.5
>
> ** Bug
>   * [MNG-5430] - use wagon 2.4
>
>
> Have Fun!
>
> -- The Apache Maven Team.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org

Re: [ANN] Apache Maven 3.0.5 released

Posted by Brian Fox <br...@infinity.nu>.

Just wanted to bring this to the users list and ensure that those reading
the release notes see the security alert for 3.0.4:

CVE-2013-0253 Apache Maven

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Maven 3.0.4
- Apache Maven Wagon 2.1, 2.2, 2.3

 Description:
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure
SSL mode by default. This mode disables all SSL certificate checking,
including: host name verification , date validity,  and certificate
chain. Not validating the certificate introduces the possibility of a
man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5 and Apache
Maven Wagon 2.4.

 Credit
This issue was identified by Graham Leggett

--
The Apache Maven Team


On Sat, Feb 23, 2013 at 9:58 AM, Olivier Lamy <ol...@apache.org> wrote:

> Hello,
>
> The Apache Maven team is pleased to announce the release of Apache Maven
> 3.0.5
>
> Release notes available:
> http://maven.apache.org/docs/3.0.5/release-notes.html .
>
> Maven is a project comprehension and build tool, designed to simplify
> the process of maintaining a healthy development lifecycle for your
> project.
>
> You can read more here:
>
>     http://maven.apache.org/
>
> Downloads of source and binary distributions are listed in our
> download  section:
>
>     http://maven.apache.org/download.html
>
> A major goal of Maven 3.0.x is to be compatible, to the extent
> possible, with existing plugins and projects designed for Maven 2.x.
> Users interested in upgrading to 3.x should have a glance at the
> compatibility notes for known differences between Maven 3.0 and Maven
> 2.x:
>
>     http://cwiki.apache.org/MAVEN/maven-3x-compatibility-notes.html
>
> Users who already use Maven 3.0.x are encouraged to update to this new
> maintenance release.
>
> If you encounter unexpected problems while using Apache Maven 3.0.5,
> please feel free to contact us via the Maven developer list:
>
>     http://maven.apache.org/mail-lists.html
>
> Release Notes - Apache Maven 2 & 3 - Version 3.0.5
>
> ** Bug
>   * [MNG-5430] - use wagon 2.4
>
>
> Have Fun!
>
> -- The Apache Maven Team.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>

Re: [ANN] Apache Maven 3.0.5 released

Posted by Jesse Glick <jg...@cloudbees.com>.

FYI, I have found what is for me at least a critical regression in 3.0.5 relating to HTTPS deployment:

https://jira.codehaus.org/browse/MNG-5443

(Sorry for not testing during voting period.)


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org