Maven 3.9.13 Release Notes
The Apache Maven team would like to announce the release of Maven 3.9.13.
Maven 3.9.13 is available for download.
The core release is independent of plugin releases. Further releases of plugins will be made separately. See the Plugin list for more information.
If you have any questions, please consult:
- the website: https://maven.apache.org/
- the maven-user mailing list: https://maven.apache.org/mailing-lists.html
- the reference documentation: https://maven.apache.org/ref/3.9.13/
Overview About the Changes
Regression fixes and other improvements from Maven 3.9.12. All users already on Maven 3.9.x are advised to upgrade.
The majority of fixed issues are bug and regression fixes for user reported problems.
Notable Changes in Maven 3.9.13
- Maven plugin prerequisites check now properly supports ranges when Java 8 (or 1.8) is specified.
- Plexus Security Dispatcher was still enlisted as Plexus component in Maven
components.xml, while it was migrated to JSR330. This caused warnings on Java 26+ as Plexus did field injection intofinalfields of it. - Plugin versions in default bindings are updated.
This release updates Resolver to version 1.9.27.
Notable Changes in Resolver 1.9.27
- Parallel PUT change happened in Resolver 1.9.25 was undone, as many MRM struggle with concurrent HTTP requests.
- Treat HTTP 410 status code as 404 in artifact resolution. Resolver will by default now cache 410 response in same way as 404 is cached.
- Apache HTTP transport got fixes regarding proxy support.
- Locally cached artifacts were “escaping” RRF.
Full changelog
For a full list of changes, please refer to the GitHub release page.
Known issues
After the release, we discovered that the distribution contains several testing libraries, see GH-11762.
While this is not an issue per se (maven-core does not export these dependencies, they are “confined” in core classloader), in case you perform
dependency analysis (ie using Enforcer) and you depend on maven-core or any artifact that has maven-core in its tree, you may hit issues.
In this case, remaining on 3.9.12 release is the recommended workaround.
We are working on 3.9.14 release with this issue fixed, and it will happen as soon as possible.
Potentially Breaking Core Changes (if migrating from 3.8.x)
- The Maven Resolver transport has changed from Wagon to “native HTTP”, see Resolver Transport guide.
- Maven 2.x was auto-injecting an ancient version of
plexus-utilsdependency into the plugin classpath, and Maven 3.x continued doing this to preserve backward compatibility. Starting with Maven 3.9, it does not happen anymore. This change may lead to plugin breakage. The fix for affected plugin maintainers is to explicitly declare a dependency onplexus-utils. The workaround for affected plugin users is to add this dependency to plugin dependencies until issue is fixed by the affected plugin maintainer. See MNG-6965. - Mojos are prevented to bootstrap new instance of
RepositorySystem(for example by using deprecatedServiceLocator), they should reuseRepositorySysteminstance provided by Maven instead. See MNG-7471. - Each line in
.mvn/maven.configis now interpreted as a single argument. That is, if the file contains multiple arguments, these must now be placed on separate lines, see MNG-7684. - System and user properties handling cleanup, see MNG-7556. As a consequence, this may introduce breakage in environments where the user properties were used to set system properties or other way around, for example see MNG-7887.
- Plugins and extensions used by your build are checked against Maven supported APIs and conventions: this “plugin validation” may report WARNINGs at the end of your build. See plugin validation documentation to better understand what to do when your build suffers from such warnings.