2.5.0

❗ NOTICE

Due to Doxia 2.x stack maven-site-plugin 3.20+ is required.
https://cwiki.apache.org/confluence/display/MAVEN/Towards+Doxia+2.0.0+Stack

🚀 New features and improvements

• Update Doxia to 2.x stack (#603) @slawekjaranowski
• Added an option to control if output directory is added as resource directory (#580) @AB-xdev
• Enhance exception handling for license execution when the URL tag of the license is empty. (#588) @djjeon
• Parallel processing of files (#568) @mkarg

🐛 Bug Fixes

• Manage open streams in correct way (#609) @slawekjaranowski
• licenseName is required (#607) @vitalijr2
• Fix issue #560: fail to download license file because license name contains invalid characters (#561) @nhuongmh
• Generate latest version of mvnw with no additional resources (#551) @VonUniGE

📦 Dependency updates

• Bump org.apache.logging.log4j:log4j-to-slf4j from 2.24.1 to 2.24.2 (#612) @dependabot
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#611) @dependabot
• Update Doxia to 2.x stack (#603) @slawekjaranowski
• Bump org.codehaus.mojo:mojo-parent from 85 to 86 (#590) @dependabot
• Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#594) @dependabot
• Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#592) @dependabot
• Bump commons-logging:commons-logging from 1.3.3 to 1.3.4 (#584) @dependabot
• Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0 (#585) @dependabot
• Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.0 (#582) @dependabot
• Bump org.codehaus.mojo:mojo-parent from 84 to 85 (#583) @dependabot
• Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 (#578) @dependabot
• Bump commons-logging:commons-logging from 1.3.2 to 1.3.3 (#577) @dependabot
• Bump org.apache.poi:poi-ooxml from 5.2.5 to 5.3.0 (#576) @dependabot
• Bump org.codehaus.mojo:mojo-parent from 80 to 84 (#573) @dependabot
• Bump org.freemarker:freemarker from 2.3.32 to 2.3.33 (#570) @dependabot
• Bump commons-logging:commons-logging from 1.3.1 to 1.3.2 (#565) @dependabot
• Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 (#566) @dependabot
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#559) @dependabot
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#558) @dependabot
• Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#556) @dependabot
• Bump commons-logging:commons-logging from 1.3.0 to 1.3.1 (#555) @dependabot
• Bump org.codehaus.mojo:mojo-parent from 78 to 80 (#548) @dependabot

👻 Maintenance

• Replace deprecated Component annotation (#613) @slawekjaranowski
• Use WireMock in integration test (#610) @slawekjaranowski
• Move to jUnit5 (#608) @vitalijr2
• Add Log4j2 to SLF4J Adapter (#605) @slawekjaranowski
• Drop Maven wrapper from project (#602) @slawekjaranowski
• Re-enable checkstyle plugin (#589) @slawekjaranowski
• Prepare for doxia 2.0 (#575) @slawekjaranowski
• Bump apache/maven-gh-actions-shared from 3 to 4 (#550) @dependabot

🔧 Build

• Build with Maven 4 (#574) @slawekjaranowski

2.4.0

🚀 New features and improvements

• Require Maven 3.6.3 as minimum (#543) @slawekjaranowski
• Get rid usage of MavenSession#lookup (#541) @slawekjaranowski
• Deploy snapshot version to oss.sonatype.org (#539) @slawekjaranowski
• Write Excel files with extensive License Information (inc. infos from the JARs) (#527) @Master-Code-Programmer

🐛 Bug Fixes

• update xsd to match generated xmls (#528) @amanica

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 77 to 78 (#542) @dependabot
• Bump org.apache.poi:poi-ooxml from 5.2.4 to 5.2.5 (#537) @dependabot
• Bump commons-io:commons-io from 2.13.0 to 2.15.1 (#535) @dependabot
• Bump commons-logging:commons-logging from 1.2 to 1.3.0 (#532) @dependabot
• Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#530) @dependabot
• Bump commons-io:commons-io from 2.15.0 to 2.15.1 (#531) @dependabot
• Bump commons-io:commons-io from 2.14.0 to 2.15.0 (#526) @dependabot

👻 Maintenance

• Execute download-licenses-proxy test at the end (#545) @slawekjaranowski
• Added extended-info and spreadsheet-report author to the contributor list (#534) @Master-Code-Programmer

🔧 Build

• Use Shared ASF Action from Release Drafter (#544) @slawekjaranowski

2.3.0

🚀 New features and improvements

• #519 minor updates to reduce verbosity of standard execution (#520) @d-ryan-ashcraft
• #517: optionally support copyright values that only contain inception year rather than year range (#518) @d-ryan-ashcraft

🐛 Bug Fixes

• Fix #508 - Avoid NPE in AggregatorAddThirdPartyMojo (#512) @slawekjaranowski

📦 Dependency updates

• Downgrade plexus-xml to version 3.0.0 (#523) @slawekjaranowski
• Bump org.codehaus.mojo:mojo-parent from 76 to 77 (#516) @dependabot
• Bump commons-io:commons-io from 2.13.0 to 2.14.0 (#515) @dependabot
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#514) @dependabot
• Bump plexus-xml from 4.0.1 to 4.0.2 (#510) @dependabot

👻 Maintenance

• Build improvements - one profile for ITs (#525) @slawekjaranowski
• Cleanups in FileUtil - direct use methods from NIO (#513) @slawekjaranowski

2.2.0

🚀 New features and improvements

• Switch components to JSR-330, Require JDK 1.8 (#501) @slawekjaranowski
• Log message about skip due to packaging in info level (#499) @slawekjaranowski

🐛 Bug Fixes

• Fix #358, #352 NPE on site generation caused by null returned by deprecated MavenProject.getDependencyArtifacts() (#373) @tomred-net
• Fix #413 Use 'GAV' for result keys in LicensedArtifactResolver (#414) @attilapuskas
• Fix #498 add-third-party should not override third-party file with the same content (#500) @slawekjaranowski
• Fix #351 License override does not work for third-party dependencies with multiple licenses (#374) @lama0206
• Fixed '[WARNING] There were 0 download errors - check the warnings above to not log warning unless download errors > 0 (#402) @blekinge

📦 Dependency updates

• Bump mojo-parent from 75 to 76 (#504) @dependabot
• Bump json from 20070829 to 20230227 in /src/it/add-third-party-missing-file (#460) @dependabot
• Bump plexus-xml from 4.0.0 to 4.0.1 (#496) @dependabot
• Bump commons-io from 2.12.0 to 2.13.0 (#493) @dependabot

👻 Maintenance

• Use project.version instead of pom.version in ITs (#507) @slawekjaranowski
• Use JDK 1.8 in ITs - allow build on JDK 20 (#506) @slawekjaranowski
• Enable spotless for automatic code formatting (#505) @slawekjaranowski
• Add LICENSE.txt file (#503) @slawekjaranowski
• Fix formatting in example-thirdparty document (#502) @slawekjaranowski

2.1.0

🚀 New features and improvements

• Fix #379 allow users to customize the copyright string format (#380) @davenice
• Update GPL licenses (#362) @camlloyd
• Recognize classpath protocol as external (#486) @slawekjaranowski

🐛 Bug Fixes

• fix #361 - sortArtifactByName: artifacts with the same name are lost (#363) @lrozenblyum
• Fix #354 Make artifact cache safe for concurrent access (#355) @Stephan202
• Fix cookie header warning (#472) @danHayworth

📦 Dependency updates

• Bump maven-reporting-impl from 3.0.0 to 3.2.0 (#452) @dependabot
• Bump maven-reporting-api from 3.0 to 3.1.1 (#456) @dependabot
• Bump plexus-utils from 3.5.1 to 4.0.0 (#481) @dependabot
• Bump mojo-parent from 74 to 75 (#488) @dependabot
• Bump plexus-container-default from 2.0.0 to 2.1.1 (#487) @dependabot
• Bump build-helper-maven-plugin from 1.10 to 3.4.0 (#483) @dependabot
• Bump slf4j-api from 1.7.26 to 1.7.36 (#485) @dependabot
• Bump doxia-site-renderer from 1.8.1 to 1.11.1 (#482) @dependabot
• Bump httpclient from 4.5.13 to 4.5.14 (#478) @dependabot
• Bump commons-io from 2.6 to 2.12.0 (#477) @dependabot
• Bump doxiaVersion from 1.8 to 1.12.0 (#475) @dependabot
• Bump commons-lang3 from 3.7 to 3.12.0 (#467) @dependabot
• Bump httpcore from 4.4.8 to 4.4.16 (#473) @dependabot
• Bump plexus-utils from 3.1.0 to 3.5.1 (#469) @dependabot
• Bump plexusComponentVersion from 1.7.1 to 2.1.1 (#453) @dependabot

👻 Maintenance

• Update plugins in ITs and cleanups (#492) @slawekjaranowski
• Use license plugin version from parent, update THIRD-PARTY.properties (#491) @slawekjaranowski
• fix copy&paste issue in property description (#376) @CCFenner
• Get rid of plexus-container-default from dependencies (#490) @slawekjaranowski
• Get rid of localRepository parameter (#489) @slawekjaranowski

🔧 Build

• Add release-drafter (#484) @slawekjaranowski

2.0.1

What's Changed

• Fix #228 Add .gitattributes by @kingle in #344
• Fix broken OpenJDK installation on TravisCI by @ppalaga in #349
• Fix #139 - "Can't find license-maven-plugin" by @AndyGee in #348
• Update FreeMarker version to 2.3.31 by @kyra-ohare in #406
• Bump commons-collections from 3.2.1 to 3.2.2 by @dependabot in #377
• Bump junit from 4.8.1 to 4.13.1 in /src/it/aggregate-add-third-party-multimodule-filters/child2 by @dependabot in #394
• Bump junit from 4.8.2 to 4.13.1 in /src/it/MLICENSE-24 by @dependabot in #392
• Bump junit from 4.12 to 4.13.1 in /src/it/ISSUE-40 by @dependabot in #391
• Bump junit from 4.12 to 4.13.1 in /src/it/download-licenses-include-exclude-types by @dependabot in #388
• Bump commons-beanutils from 1.9.3 to 1.9.4 in /src/it/download-licenses-file-names by @dependabot in #422
• Bump junit from 4.8.1 to 4.13.1 in /src/it/aggregate-third-party-report/child2 by @dependabot in #421
• Bump junit from 4.8.1 to 4.13.1 in /src/it/aggregate-add-third-party-exclude-transitive-deps/child2 by @dependabot in #395
• Bump junit from 4.8.1 to 4.13.1 in /src/it/aggregate-add-third-party-simple/child2 by @dependabot in #390
• Bump junit from 4.8.2 to 4.13.1 in /src/it/add-third-party-excluded-included by @dependabot in #389
• Bump junit from 4.12 to 4.13.1 in /src/it/download-licenses-basic by @dependabot in #393
• Bump httpclient from 4.5.4 to 4.5.13 by @dependabot in #420
• Fix #345 Only log override warning if licenseMerges provided. by @tpage-alfresco in #425
• Fix #423 Don't log warning for unused overrides in remote override file. by @tpage-alfresco in #424
• Fix build failure by configuring and upgrading editorconfig by @VonUniGE in #435
• Fix IT test add-third-party-excluded-included by @VonUniGE in #436
• Fix IT test download-licenses-file-names by @VonUniGE in #437
• Fix IT test download-licenses-basic by @VonUniGE in #438
• Add GH verify action by @slawekjaranowski in #439
• Add dependabot and release drafter file by @olamy in #450
• Fix two IT tests aggregate-add-third-party-* by @VonUniGE in #441
• Fix IT - ISSUE-324, use newer m-compiler-p by @slawekjaranowski in #459
• Fix IT - download-licenses-file-names-bad-sha1-force by @slawekjaranowski in #464
• Bump parent to 74 and cleanups by @slawekjaranowski in #465
• Bump jettison from 1.1 to 1.5.4 in /src/it/add-third-party-missing-file by @dependabot in #463
• Bump freemarker from 2.3.31 to 2.3.32 by @dependabot in #455
• Fixes issue #312: Don't overwrite existing license file by @Vlatombe in #360

New Contributors

• @kingle made their first contribution in #344
• @AndyGee made their first contribution in #348
• @kyra-ohare made their first contribution in #406
• @dependabot made their first contribution in #377
• @tpage-alfresco made their first contribution in #425
• @VonUniGE made their first contribution in #435
• @slawekjaranowski made their first contribution in #439
• @olamy made their first contribution in #450
• @Vlatombe made their first contribution in #360

Full Changelog: license-maven-plugin-2.0.0...2.0.1

2.0.0

What's Changed

• Fix #324 Remove unnecessary manual dependency resolution by @srdo in #325
• Fix #328 Publish integration test build directory when Appveyor build… by @srdo in #329
• Fix #326 Migrate to using Maven 3 APIs and Aether for dependency resolution by @srdo in #327
• Fix #331 overrideUrl doesn't work by @digulla in #333
• Fix #337 Use slf4j over old logging APIs in Maven by @ppalaga in #342

New Contributors

• @digulla made their first contribution in #333

Full Changelog: license-maven-plugin-1.20...license-maven-plugin-2.0.0

1.20

What's Changed

• Fix #303 Aggregate-add-third-party mojo is not including optional dependencies by default by @elballa in #304
• Fix #302 Introduce ContentSanitizers by @ppalaga in #305
• Fix #306 Introduce AbstractDownloadLicensesMojo.useDefaultUrlReplacem… by @ppalaga in #307
• Fix #308 Dependencies with broken POMs ignored by @ppalaga in #309
• Fix #314 ErrorRemedy.xmlOutput should log the issues on error level r… by @ppalaga in #315
• Fix #319 Proxy configuration ignored for download licenses by @ppalaga in #320
• Fix #321 Regenerate SpdxLicenseListData from SPDX 3.5 by @ppalaga in #322

Full Changelog: license-maven-plugin-1.19...license-maven-plugin-1.20

1.19

What's Changed

• Fix #253 Add licenseMergesUrl also in report goals by @elballa in #290
• Fix #288 aggregate-third-party-report integration test fails with non… by @ppalaga in #289
• Fix #292 Allow exclusion of optional dependencies by @ppalaga in #293
• Prepare #294 common parent for LicensesXmlInsertVersionsMojo and Abst… by @ppalaga in #295
• Fix #296 AbstractDownloadLicensesMojo should not download available f… by @ppalaga in #297
• Fix #298 Add removeOrphanLicenseFiles param to AbstractDownloadLicens… by @ppalaga in #299

Full Changelog: license-maven-plugin-1.18...license-maven-plugin-1.19

1.18

What's Changed

• Fix #223 Upgrade to mojo-parent 50 by @ppalaga in #224
• Upgrade to doxia 1.8 by @Tibor17 in #225
• Fix #166 update-file-header changes file permissions: clears executab… by @hithran in #226
• Fix #229 Structured output for failed license downloads by @ppalaga in #230
• Fix #231 Make sure the directory of licenses-errors.xml exists by @ppalaga in #232
• Fix #233 Follow redirects more than once by @ppalaga in #234
• Fix #235 NPE when there is no under by @ppalaga in #238
• Fix #240 Introduce url -> file name mapping by @ppalaga in #241
• Fix #242 Proxy settings ignored after #233 by @ppalaga in #243
• Fix #247 Add SPDX license list by @ppalaga in #248
• Fix #250 Use SPDX license IDs to determine local file names when by @ppalaga in #254
• Fix #251 Add cleanLicensesOutputDirectory parameter to AbstractDownlo… by @ppalaga in #255
• Fix #252 Add writeVersions parameter to AbstractDownloadLicensesMojo by @ppalaga in #257
• Fix #259 Move classes used solely by download mojos to by @ppalaga in #260
• Fix #258 aggregate-third-party-report goal fails when licenseMerges by @nfalco79 in #261
• Fix #134 Support generic URL in attributes that ask for URLs by @nfalco79 in #249
• Fix #253 Add licenseMergesUrl also in report goals by @elballa in #262
• Fix #265 Let AbstractDownloadLicensesMojo.licensesConfigFile match by… by @ppalaga in #266
• Fix #268 Make sure license file name has only one extension by @ppalaga in #269
• Fix #270 Introduce license file name sanitizers by @ppalaga in #272
• Fix #274 Missing license downloads due to return from a loop in Abstr… by @ppalaga in #275
• Fix #134 when missingFileUrl contains more lines by @nfalco79 in #276
• Fix #278 Add timeout parameters to AbstractDownloadLicensesMojo by @ppalaga in #279
• Fix #282 Better document include* and exclude* parameters in AbstractAddThirdPartyMojo by @nfalco79 in #273
• Fix #283 Add artifactFiltersUrl parameter to all mojos that support artifact includes/excludes by @ppalaga in #285
• Fix #277 aggregate-add-third-party does not use missingFileUrl parameter by @ppalaga in #286
• Fix #271 aggregate-add-third-party evaluate acceptPomPackage also for… by @ppalaga in #287

New Contributors

• @Tibor17 made their first contribution in #225
• @hithran made their first contribution in #226
• @nfalco79 made their first contribution in #261

Full Changelog: license-maven-plugin-1.17...license-maven-plugin-1.18