Release Notes – Maven 3.9.7

The Apache Maven team would like to announce the release of Maven 3.9.7.

Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting, and documentation from a central place.

The core release is independent of plugin releases. Further releases of plugins will be made separately. See the PluginList for more information.

If you have any questions, please consult:

the web site: https://maven.apache.org/
the maven-user mailing list: https://maven.apache.org/mailing-lists.html
the reference documentation: https://maven.apache.org/ref/3.9.7/

Overview About the Changes

Regression fixes and other improvements from Maven 3.9.6. All users already on Maven 3.9.x are advised to upgrade.

This release updates Resolver to version 1.9.20 (includes fixes from 1.9.19 as well). Resolver upgrade includes two critical fixes, one related to “file locking” and other to “Maven metadata corruption”.

Maven Core also got bug fixes, focusing on remote repository metadata handling, see MNG-8106 and MNG-8121. Latter issue should improve compatibility with some Maven Plugin projects that had no prefix, that is now mandatory.

Maven itself received new features (backports from Maven 4.x) as ability to ignore transitive dependency introduced repositories and profile activation improvements.

The full list of changes can be found in our issue management system.

Known issues

During release an issue MNG-8116 was discovered: Maven can randomly fail in case of overloaded Mojo configuration. Preliminary analysis shows this was the case for whole Maven 3.x line, and fix is being prepared and will be published in upcoming release.

Potentially Breaking Core Changes (if migrating from 3.8.x)

The Maven Resolver transport has changed from Wagon to “native HTTP”, see Resolver Transport guide.
Maven 2.x was auto-injecting an ancient version of plexus-utils dependency into the plugin classpath, and Maven 3.x continued doing this to preserve backward compatibility. Starting with Maven 3.9, it does not happen anymore. This change may lead to plugin breakage. The fix for affected plugin maintainers is to explicitly declare a dependency on plexus-utils. The workaround for affected plugin users is to add this dependency to plugin dependencies until issue is fixed by the affected plugin maintainer. See MNG-6965.
Mojos are prevented to bootstrap new instance of RepositorySystem (for example by using deprecated ServiceLocator), they should reuse RepositorySystem instance provided by Maven instead. See MNG-7471.
Each line in .mvn/maven.config is now interpreted as a single argument. That is, if the file contains multiple arguments, these must now be placed on separate lines, see MNG-7684.
System and user properties handling cleanup, see MNG-7556. As a consequence, this may introduce breakage in environments where the user properties were used to set system properties or other way around, for example see MNG-7887.
Plugins and extensions used by your build are checked against Maven supported APIs and conventions: this “plugin validation” may report WARNINGs at the end of your build. See plugin validation documentation to better understand what to do when your build suffers from such warnings.

Complete Release Notes

See complete release notes for all versions