| CARVIEW |
Select Language
HTTP/2 200
date: Fri, 26 Dec 2025 07:02:39 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"3aff458a6605f3158111ad34293a7cb1"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=9K4Ql9UKfh0IiYeZb4JYwZrJK%2Fnj%2BJyxFB51BzUUaNbdcC%2BpjGSPtRr4xHRDbB758HeNqA9dWE%2BP3g8iqzIBQvikBfiV3GrQmlpHDCDUJTd15nPG7iY5yCPmiEA%2FlVN3CHXs2L%2FVogsnfqfgmqQYdQRjtxz3EWj7VSKYhD0SZijRd4orqbSAvS2DKKbuvIm2UAL91Ou5i8Z%2FBgBUCHwMs4EjreggQsLHM1lK2B9HQYoEZek3ZGsLekiUGlDo1vWQeDM6dpjypgbZygwNO3wJuQ%3D%3D--qwkIrnM5CF058Q3B--atdTDIIfBIS97MLBRFmfcA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1513101703.1766732558; Path=/; Domain=github.com; Expires=Sat, 26 Dec 2026 07:02:38 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sat, 26 Dec 2026 07:02:38 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 8296:2D8E00:338418C:3DF352E:694E330E
Releases · apache/maven-gpg-plugin · GitHub
02 Jul 07:21
slawekjaranowski
Slawomir Jaranowski
slawekjaranowski
Slawomir Jaranowski
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 27
Releases: apache/maven-gpg-plugin
Releases · apache/maven-gpg-plugin
3.2.8
maven-gpg-plugin-3.2.8
This tag was signed with the committer’s verified signature.
slawekjaranowski
Slawomir Jaranowski
8a46455
This commit was signed with the committer’s verified signature.
slawekjaranowski
Slawomir Jaranowski
🐛 Bug Fixes
📝 Documentation updates
- [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#129) @Bukama
- Describe how to prime a specific GPG key (#128) @kwin
👻 Maintenance
📦 Dependency updates
- Update parent POM to 45 (#284) @cstamas
- Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) @dependabot[bot]
- Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) @dependabot[bot]
- Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 (#131) @dependabot[bot]
- Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#124) @dependabot[bot]
Contributors
cstamas, kwin, and 2 other contributors
Assets 2
3.2.7
Fixes a lingering issue affecting whole 3.2.x lineage, that resulted in "bad passphrase" on Windows OS with GPG signer (see MGPG-136 for details).
What's Changed
- [MGPG-136] Windows passphrase corruption by @cstamas in #120
- Bump com.kohlschutter.junixsocket:junixsocket-core from 2.10.0 to 2.10.1 by @dependabot in #121
- Bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in #119
Full Changelog: maven-gpg-plugin-3.2.6...maven-gpg-plugin-3.2.7
Contributors
cstamas and dependabot
Assets 2
2 people reacted
3.2.6
Release Notes - Maven GPG Plugin - Version 3.2.6
Improvement
- [MGPG-135] - Support Overriding / Enhance the signer in AbstractGpgMojo
- [MGPG-138] - Drop use of plexus-cipher and sec dispatcher, use proper API
- [MGPG-141] - Move off deprecated classes
Dependency upgrade
- [MGPG-139] - (build) Bump org.apache.maven.plugins:maven-invoker-plugin from 3.7.0 to 3.8.0
- [MGPG-140] - Update to Maven 3.9.9
- [MGPG-142] - Move to plexus-utils 4.0.1 and plexus-xml 3.0.1
What's Changed
- [MGPG-135] Support Overriding / Enhance the signer in AbstractGpgMojo by @laeubi in #112
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.7.0 to 3.8.0 by @dependabot in #114
- [MGPG-140] Update Maven to 3.9.9 by @cstamas in #116
- [MGPG-138] Drop direct use of plexus-cipher and secdispatcher by @cstamas in #115
- [MGPG-141] Remove use of deprecated classes by @cstamas in #117
- Add FAQ for "no pinentry" issue by @cstamas in #118
New Contributors
Full Changelog: maven-gpg-plugin-3.2.5...maven-gpg-plugin-3.2.6
Contributors
cstamas, laeubi, and dependabot
Assets 2
3.2.5
Release Notes - Maven GPG Plugin - Version 3.2.5
Sub-task
- [MGPG-130] - Update sigstore extension to ".sigstore.json"
Dependency upgrade
- [MGPG-127] - Bump bouncycastleVersion from 1.78 to 1.78.1
- [MGPG-128] - Update to parent POM 42, prerequisite 3.6.3
- [MGPG-131] - (build) Bump org.apache.maven.plugins:maven-plugins from 42 to 43
- [MGPG-132] - Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0
- [MGPG-133] - (build) Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2
- [MGPG-134] - (build) Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
- [MGPG-134] - Update maven-invoker (#110) @cstamas
- [MGPG-130] - Update sigstore extension to ".sigstore.json" (#109) @loosebazooka
- [MGPG-128] - Parent POM 42, prerequisite 3.6.3 (#100) @cstamas
📦 Dependency updates
- Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2 (#105) @dependabot
- Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0 (#107) @dependabot
- Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108) @dependabot
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#103) @dependabot
- Bump bouncycastleVersion from 1.78 to 1.78.1 (#98) @dependabot
Contributors
cstamas, loosebazooka, and dependabot
Assets 2
3.2.4
Release Notes - Maven GPG Plugin - Version 3.2.4
Bug
- [MGPG-125] - Due to default value of gpg.passphraseServerId, bestPractices=true will always fail
Dependency upgrade
- [MGPG-126] - Commons IO 2.16.1 (test dependency)
- [MGPG-125] - Fix "bestPractices" (#95) @cstamas
📦 Dependency updates
- Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94) @dependabot
Contributors
cstamas and dependabot
Assets 2
3.2.3
Release Notes - Maven GPG Plugin - Version 3.2.3
Bug
- [MGPG-121] - Signing fails with 3.2.2: "/Users/stevenobelia/.settings-security.xml (No such file or directory)"
New Feature
- [MGPG-120] - Add new mojo: sign-deployed
Improvement
Dependency upgrade
- [MGPG-118] - Update to Commons IO 2.16.0
- [MGPG-122] - Update build dependency m-invoker-p to 3.6.1
- [MGPG-123] - Update to Bouncycastle 1.78
- [MGPG-124] - Update to junixsocket 2.9.1
- [MGPG-123][MGPG-124] - Dependency upgrades (#93) @cstamas
- [MGPG-120] - New mojo sign-deployed (#88) @cstamas
- [MGPG-121] - Return the workaround for pseudo security (#90) @cstamas
- [MGPG-117] - Improve passphrase handling (#86) @cstamas
- [MGPG-116] - Up max key file size to 64K (#85) @cstamas
📦 Dependency updates
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3.6.1 (#89) @dependabot
- Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#87) @dependabot
Contributors
cstamas and dependabot
Assets 2
3.2.2
Release Notes - Maven GPG Plugin - Version 3.2.2
Bug
- [MGPG-113] - Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
Improvement
- [MGPG-114] - BC Allow key size greater than 5KB from file
- [MGPG-115] - Show more information about key used to sign
What's Changed
- [MGPG-113] SignAndDeployFileMojo results in 401 by @cstamas in #82
- [MGPG-114] Allow max key size of 16KB by @cstamas in #83
- [MGPG-115] Show more info about key used to sign by @cstamas in #84
Full Changelog: maven-gpg-plugin-3.2.1...maven-gpg-plugin-3.2.2
Contributors
cstamas
Assets 2
3.2.1
Release Notes - Maven GPG Plugin - Version 3.2.1
Bug
- [MGPG-112] - Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"
Dependency upgrade
- [MGPG-111] - Clean up dependency declarations
What's Changed
- [MGPG-112] serverId def value was unintentionally dropped by @cstamas in #80
- [MGPG-111] Fix dependencies by @cstamas in #81
Full Changelog: maven-gpg-plugin-3.2.0...maven-gpg-plugin-3.2.1
Contributors
cstamas
Assets 2
3.2.0
Release Notes - Maven GPG Plugin - Version 3.2.0
Bug
- [MGPG-85] - Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
- [MGPG-98] - non-reproducible pom.xml
- [MGPG-99] - Passcode byte array provided to gpg executable on stdin is not terminated
- [MGPG-100] - Fix Temporary File Information Disclosure Vulnerability
New Feature
- [MGPG-106] - Introduce second signer implementation based on Bouncy Castle
Improvement
- [MGPG-101] - Switch to Junit5
- [MGPG-102] - Drop maven-artifact-transfer used by sign-and-deploy-file
- [MGPG-105] - Stop propagating bad practices; but allow for "compat mode"
- [MGPG-110] - The sign-and-deploy-file mojo POM validation is off
Task
- [MGPG-103] - Fix Windows CI
- [MGPG-107] - Settle on JUnit 5 assertions
- [MGPG-108] - Update plugin site doco
Dependency upgrade
- [MGPG-104] - Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5
What's Changed
- javadoc nits by @elharo in #51
- [MNG-6829] Replace StringUtils#isEmpty(String) and #isNotEmpty(String) by @timtebeek in #50
- Bump plexus-utils from 3.4.2 to 3.5.1 by @dependabot in #39
- [MGPG-101] Switch to JUnit 5 by @slachiewicz in #52
- Bump org.junit:junit-bom from 5.10.0 to 5.10.1 by @dependabot in #53
- Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.0 by @dependabot in #57
- Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 by @dependabot in #55
- Bump org.apache.maven.plugins:maven-plugins from 39 to 41 by @dependabot in #56
- Bump org.assertj:assertj-core from 3.24.2 to 3.25.2 by @dependabot in #62
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 by @dependabot in #63
- [MGPG-103] Fix Windows CI by @cstamas in #67
- [MGPG-104] Update to 3.9.6, drop the cruft, minimum baseline remains 3.2.5 by @cstamas in #68
- [MGPG-102] Drop MAT used in sign-and-deploy-file by @cstamas in #69
- [MGPG-107] Settle on JUnit 5 by @cstamas in #70
- [MGPG-105] Stop propagating bad practices by @cstamas in #71
- [MGPG-106] Introduce new signer: BC by @cstamas in #72
- Bump apache/maven-gh-actions-shared from 3 to 4 by @dependabot in #75
- [MGPG-105] Make possible backward compatibility by @cstamas in #74
- [MGPG-99] Make sure newline is added to input stream by @cstamas in #76
- [MGPG-110] SignAndDeployFileMojo validation is off by @cstamas in #78
- [MGPG-105] [MGPG-108] Make plugin backward compat and update site and doco by @cstamas in #77
New Contributors
- @timtebeek made their first contribution in #50
- @cstamas made their first contribution in #67
Full Changelog: maven-gpg-plugin-3.1.0...maven-gpg-plugin-3.2.0
Contributors
cstamas, elharo, and 3 other contributors
Assets 2
You can’t perform that action at this time.