4.2.1

Bugs

• Fix compatibility with Groovy 4.0.27 and 5.0.0-beta-1 which changed (GROOVY-11668) the signature of the GroovyDocTool constructor (#335).

Enhancements

None.

Potentially breaking changes

None.

Notes

None.

4.2.0

Bugs

None

Enhancements

Support Java 24 and 25 (#330)
Support Maven 4 (#328) Thanks to @gnodet for this PR!

Potentially breaking changes

None

Notes

None

4.1.1

Bugs

• Accidentally changed required Maven version from >=3.6.3 to >=3.9.9 (#324).

Enhancements

None

Potentially breaking changes

None

Notes

None

4.1.0

Bugs

None

Enhancements

• Add a property for scripts parameter, so it can be specified from the command line (#316).
• Add timeouts for connecting and reading from scripts URLs (#317).

Potentially breaking changes

None

Notes

None

4.0.1

Bugs

• Fix broken plugin due to problems encountered during release process (#314)

Enhancements

None

Potentially breaking changes

None

Notes

None

4.0.0

Bugs

None

Enhancements

• Support Java 22 and 23 (#302)
• Multiple dependency upgrades, including some that fixed CVEs
• Added a warning about using SecurityManager to prevent System.exit() calls. JEP 411 deprecated SecurityManager in Java 17, for future removal. It is unclear what it will be replaced with for the use case of preventing System.exit() usages. JDK-8199704 is one possibility.

Potentially breaking changes

• Updated the required Maven version to 3.6.3 to conform to the compatibility plan (#309)

Notes

None

3.0.2

Bugs

[#280] The 3.0.1 jar was corrupt (thanks @eugene-sadovsky for reporting this!).

Enhancements

• [#279] Fix CVE-2023-42503.

Potentially breaking changes

None.

Notes

The CVE fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

3.0.1

Bugs

• [#276] Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @jgenoctr!).

Enhancements

• [#264] Support targeting Java 21 bytecode (thanks @bmarwell!).
• [#253] Fix CVE-2020-8908 and CVE-2023-2976.
• Fix CVE-2023-37460 (242baa8 and 623a56f).

Potentially breaking changes

None.

Notes

The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.

3.0.0

Bugs

• [#244] Fix Maven plugin validation warnings (thanks @hazendaz!).

Enhancements

• [#239] Require Maven 3.2.5.

Potentially breaking changes

Maven's compatibility plan marked Maven versions older than 3.2.5 as EOL in March 2023. Therefore, we now require 3.2.5 to move forward with the rest of the ecosystem.

Notes

Fixing the validation warnings removed some Maven dependencies from the plugin's classpath (instead of using the ones from Maven itself). I'm not aware of any negative consequences of this, but it's possible certain specialized use cases might encounter changes in behavior.

2.1.0

Bugs

None.

Enhancements

• [#230] Recognize JDK 19 as a valid target bytecode.
• [#232] Recognize JDK 20 as a valid target bytecode.

Potentially breaking changes

None.

Notes

None.