3.0.2

Bugs

[#280] The 3.0.1 jar was corrupt (thanks @eugene-sadovsky for reporting this!).

Enhancements

• [#279] Fix CVE-2023-42503.

Potentially breaking changes

None.

Notes

The CVE fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

3.0.1

Bugs

• [#276] Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @jgenoctr!).

Enhancements

• [#264] Support targeting Java 21 bytecode (thanks @bmarwell!).
• [#253] Fix CVE-2020-8908 and CVE-2023-2976.
• Fix CVE-2023-37460 (242baa8 and 623a56f).

Potentially breaking changes

None.

Notes

The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

3.0.0

Bugs

• [#244] Fix Maven plugin validation warnings (thanks @hazendaz!).

Enhancements

• [#239] Require Maven 3.2.5.

Potentially breaking changes

Maven's compatibility plan marked Maven versions older than 3.2.5 as EOL in March 2023. Therefore, we now require 3.2.5 to move forward with the rest of the ecosystem.

Notes

Fixing the validation warnings removed some Maven dependencies from the plugin's classpath (instead of using the ones from Maven itself). I'm not aware of any negative consequences of this, but it's possible certain specialized use cases might encounter changes in behavior.

2.1.0

Bugs

None.

Enhancements

• [#230] Recognize JDK 19 as a valid target bytecode.
• [#232] Recognize JDK 20 as a valid target bytecode.

Potentially breaking changes

None.

Notes

None.

2.0.0

Bugs

None.

Enhancements

• [#210] Improve error messages when Groovy classes can't be located (avoiding the NullPointerExceptions that were causing confusion and instead throwing our own exception).
• [#221] apache/groovy@8d19017#diff-5522480b605c81fc7dd50f58b857f5fc8802ea69229742441c6fdef328846062 caused an exception to be thrown for Groovy 4.0.0-RC-1 and newer when binding properties in a script/console/shell and bindPropertiesToSeparateVariables is false. The error logging when this happens has been improved.
• [#223] Support 5, 6, 7, 8, and 1.9 arguments to targetBytecode so that validation doesn't unexpectedly fail since it uses the maven.compiler.target property and these arguments are valid for javac.

Potentially breaking changes

This release requires Java 8 and drops support for Java 7. This was necessary to update dependencies which fix vulnerabilities. Specifically, in maven-archiver. At the time of release, the following dependencies were not compatible with Java 7

• org.apache.commons:commons-compress
• org.codehaus.plexus:plexus-archiver
• org.apache.maven:maven-archiver
• org.codehaus.plexus:plexus-io
• org.codehaus.plexus:plexus-utils

This is not the first breaking release, but it is the first breaking release to follow the semver conventions.

Notes

None.

1.13.1

Bugs

• [#203] Using bindAllProjectProperties and bindSessionUserOverrideProperties together can cause an NPE (thanks for reporting this @sebthom!).

Enhancements

None

Potentially breaking changes

None.

Notes

None.

1.13.0

Bugs

None.

Enhancements

• [#196] Add support for targetting Java 17 (thanks @chiquitinxx!).
• [#198] Add support for targetting Java 18.
• [#188/#193] Update Ant from 1.10.8 to 1.10.11.

Potentially breaking changes

None.

Notes

None.

1.12.1

Bugs

• [#186] Certain AST transformations had classloader issues because 1.12.0 was no longer setting the context classloader.

Enhancements

• Update Jansi to 2.x.

Potentially breaking changes

The Jansi upgrade should generally be compatible, but could cause issues with scripts that were using Jansi 1.x specific classes.

Notes

None.

1.12.0

Bugs

• [#183] The classloader project dependencies are loaded onto is reused between modules, so each module was a superset of all modules that preceded it. Also, the console, execute, and shell mojos didn't pass the classloader to use into the instantiated GroovyConsole/GroovyShell, so it accidentally was using the plugin classloader, even when configured to use PROJECT_ONLY classpath. Thanks for reporting this @TobiX!

Enhancements

None

Potentially breaking changes

This should be a non-breaking change (except for unusual situations that were relying on the previous incorrect behavior). However, since it's a significant change, I'm bumping the version by more than just the patch version.

Notes

This potentially runs slower than before, since a new classloader is instantiated each execution, rather than resuing the same classloader, so the classes referenced will have to be reinitialized.

1.11.1

Bugs

• Fixes IllegalArgumentException when consoleScript parameter was loaded from POM rather than command line property.

Enhancements

None

Potentially breaking changes

None

Notes

None